last executing test programs: 16m45.632073455s ago: executing program 1 (id=250): futex$auto(&(0x7f0000000100)=0x80000000, 0x6, 0x10000, &(0x7f0000000140)={0x4f, 0x1}, 0x0, 0x3) 16m45.357197023s ago: executing program 1 (id=255): pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0xe, 0x3) 16m45.200618615s ago: executing program 1 (id=258): signalfd$auto(0xffffffffffffffff, 0x0, 0xb) 16m45.000326347s ago: executing program 1 (id=261): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) 16m44.757292936s ago: executing program 1 (id=265): rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 16m44.312952388s ago: executing program 1 (id=271): futex_wake$auto(0x0, 0xffffffffffffffff, 0xfffffffb, 0x2) 16m43.669809631s ago: executing program 32 (id=271): futex_wake$auto(0x0, 0xffffffffffffffff, 0xfffffffb, 0x2) 12m54.886862341s ago: executing program 3 (id=3658): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto_FIONREAD(r0, 0x541b, 0xffffffffffffffff) 12m54.586132215s ago: executing program 3 (id=3662): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mac80211_hwsim/hwsim0/net/wlan0/threaded\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000140)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) 12m54.408946268s ago: executing program 3 (id=3664): r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x802, 0x0) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f0000000040)=""/4096, 0x1000) 12m54.221164526s ago: executing program 3 (id=3667): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:00.0/driver_override\x00', 0xa000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/4096, 0x1000) 12m54.107868185s ago: executing program 3 (id=3670): setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) tkill$auto(0x80000000000001, 0x7) 12m53.70561227s ago: executing program 3 (id=3675): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/irq/12/per_cpu_count\x00', 0x8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000700)=""/4096, 0x1000) 12m53.29167873s ago: executing program 33 (id=3675): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/irq/12/per_cpu_count\x00', 0x8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000700)=""/4096, 0x1000) 6m7.141203001s ago: executing program 0 (id=9928): mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) setresuid$auto(0x2, 0x7, 0x8080) clock_nanosleep$auto(0x8, 0x1, 0x0, 0xffffffffffffffff) 6m6.952180514s ago: executing program 0 (id=9931): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PHY_GET(r0, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f00000000c0)={0x14, r1, 0x301, 0x70bd26, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x2404c012}, 0x80) 6m6.723767314s ago: executing program 0 (id=9934): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000b80), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={0x18, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x200400d0) 6m6.546732807s ago: executing program 0 (id=9937): futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, 0x0, 0x0, 0x5) futex$auto(&(0x7f0000000080)=0x1, 0x9, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(&(0x7f0000000080)=0x3, 0x5, 0x8, 0x0, &(0x7f0000000100)=0x314, 0x440a48d3) 6m6.319298123s ago: executing program 0 (id=9940): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 6m5.592085121s ago: executing program 0 (id=9949): socket(0xa, 0x801, 0x84) listen$auto(0x3, 0x81) listen$auto(0x3, 0x81) 6m5.288809093s ago: executing program 34 (id=9949): socket(0xa, 0x801, 0x84) listen$auto(0x3, 0x81) listen$auto(0x3, 0x81) 4m22.665296745s ago: executing program 6 (id=10959): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x8, 0x0) io_uring_register$auto(0x2, 0x13, &(0x7f0000000000), 0x1000) 4m22.514753877s ago: executing program 6 (id=10960): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) lseek$auto(0x0, 0x57, 0x1) getdents$auto(r0, 0x0, 0xffffffff) 4m22.326996717s ago: executing program 6 (id=10962): madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) mlockall$auto(0x7) 4m21.957768282s ago: executing program 6 (id=10967): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x18000) mbind$auto(0xf000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) 4m20.95775743s ago: executing program 6 (id=10977): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) tkill$auto(0x80000000000001, 0x7) 4m20.05070467s ago: executing program 6 (id=10989): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) setsockopt$auto(r0, 0x114, 0x1, 0x0, 0x1b) 4m19.726215971s ago: executing program 35 (id=10989): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) setsockopt$auto(r0, 0x114, 0x1, 0x0, 0x1b) 2m46.234440994s ago: executing program 2 (id=11862): close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x84) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @multicast1}, 0x54) 2m46.075614187s ago: executing program 2 (id=11865): mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000100)=':,\x00', 0x0, 0x0) mknod$auto(&(0x7f0000000b00)='X))\x00', 0x63c1, 0x7ff) mknod$auto(&(0x7f0000000340)='\xe1\x9eHU\x00', 0x67c1, 0x7fc) 2m45.877788714s ago: executing program 2 (id=11866): r0 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast1}, 0x6a) sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x5}, 0x0) 2m45.565613707s ago: executing program 2 (id=11870): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x0, 0x53, 0x0, 0x0) 2m45.413477835s ago: executing program 2 (id=11873): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xffffffffffff0001, 0x15) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 2m44.408502015s ago: executing program 2 (id=11885): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) ioctl$auto(0x3, 0x80000541b, 0x38) 2m44.024845585s ago: executing program 36 (id=11885): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) ioctl$auto(0x3, 0x80000541b, 0x38) 4.916791486s ago: executing program 5 (id=13121): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x2) socket(0x21, 0x2, 0xa) getsockopt$auto(0x6, 0x110, 0x6, 0xffffffffffffffff, 0x0) 4.604025449s ago: executing program 5 (id=13123): close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000001180)='/dev/snd/pcmC1D1p\x00', 0x20080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) setsockopt$auto(0x4, 0x0, 0x3, 0x0, 0x800000e) 4.565674352s ago: executing program 4 (id=13124): setfsuid$auto(0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) unshare$auto(0x40000080) madvise$auto(0x0, 0x20200, 0x15) 4.307850905s ago: executing program 5 (id=13126): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) semctl$auto_SEM_INFO(0x5, 0xf9, 0x13, 0x8) ioctl$auto(r0, 0x2, 0x9) ioctl$auto(0x3, 0x400c4d05, 0x5) 4.045901984s ago: executing program 5 (id=13127): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, r0) 3.768401557s ago: executing program 5 (id=13129): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r0 = memfd_create$auto(0x0, 0xb) write$auto(r0, 0x0, 0x5) fcntl$auto(0xff80000000000000, 0x409, 0x3f) 3.457562994s ago: executing program 5 (id=13131): openat$auto_generic(0xffffffffffffff9c, &(0x7f0000001500)='/proc/kpagecgroup\x00', 0x101000, 0x0) move_pages$auto(0x1, 0x233, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) keyctl$auto(0x17, 0x4, 0x7fffffffefff, 0x400, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x80000000}, 0x1) 3.241770566s ago: executing program 4 (id=13134): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) 2.642081318s ago: executing program 4 (id=13135): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_PPPIOCSDEBUG(r0, 0x40047440, 0x0) 2.641985208s ago: executing program 8 (id=13136): open(&(0x7f0000000800)='./file0\x00', 0x1636c0, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x10677d, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.894656968s ago: executing program 4 (id=13139): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/ipc\x00') setns(r0, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb5, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x20000010) semtimedop$auto(0x0, &(0x7f00000001c0)={0x7, 0x82, 0x1}, 0x5, 0x0) unshare$auto(0x8000000) 1.894544819s ago: executing program 8 (id=13140): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r0 = memfd_create$auto(0x0, 0xb) write$auto(r0, 0x0, 0x5) fcntl$auto(0xff80000000000000, 0x409, 0x3f) 1.490791278s ago: executing program 7 (id=13141): socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x1, 0x0, 0x9) 1.392104353s ago: executing program 8 (id=13142): r0 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0xc8b, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x8000005}, 0x3b8b, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) recvmmsg$auto(0x3, 0x0, 0x4, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) 1.365901937s ago: executing program 4 (id=13143): ioperm$auto(0x4, 0xbc6, 0x81) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) flistxattr$auto(0x3, 0x0, 0x3) 1.174536955s ago: executing program 7 (id=13144): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) socket(0x11, 0x80003, 0x304) semctl$auto(0x1ff, 0x2, 0x13, 0x1) rename$auto(0x0, 0x0) 865.789646ms ago: executing program 7 (id=13145): open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x20) chmod$auto(&(0x7f00000000c0)='./file0\x00', 0xf4ba) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000b00)={'veth0_to_bridge\x00'}) 746.201308ms ago: executing program 8 (id=13146): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram2/queue/discard_max_bytes\x00', 0x40082, 0x0) r1 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r1, 0x0, 0x1) write$auto(r0, 0x0, 0x5) 588.402384ms ago: executing program 7 (id=13147): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd7100f9db5f250200000008000300", @ANYRES32=r2, @ANYBLOB="05003d0036"], 0x24}, 0x1, 0x0, 0x0, 0x404c0c1}, 0x80) 309.051812ms ago: executing program 8 (id=13148): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/blkio.bfq.io_merged_recursive\x00', 0x141402, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x80800, 0x0) socket(0x1d, 0x2, 0x2) sendfile$auto(0x6, 0x3, 0x0, 0x8000) 289.579646ms ago: executing program 7 (id=13149): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = open(0x0, 0x22040, 0x75) r1 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) copy_file_range$auto(r0, 0x0, r1, 0x0, 0x21c1, 0x0) 109.655281ms ago: executing program 4 (id=13150): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x202, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd2/queue/max_sectors_kb\x00', 0x181040, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 71.395414ms ago: executing program 7 (id=13151): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/kernel/shm_rmid_forced\x00', 0x141241, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 0s ago: executing program 8 (id=13152): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013bbc40a8e71953412f0d"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) kernel console output (not intermixed with test programs): devsim0/psample/latency_max (pid: 11507 comm: syz.2.2622) [ 287.850898][T11514] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11514 comm: syz.2.2626) [ 287.864723][T11516] Process accounting resumed [ 288.094031][T11518] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11518 comm: syz.2.2627) [ 288.300002][T11530] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 288.334599][T11525] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11525 comm: syz.2.2631) [ 288.620107][T11533] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11533 comm: syz.2.2636) [ 288.771867][ T29] audit: type=1800 audit(1086.890:20): pid=11544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2639" name="lu_gp_id" dev="configfs" ino=25019 res=0 errno=0 [ 288.808400][T11544] kstrtoul() returned -22 for lu_gp_id [ 289.361045][T11557] Process accounting resumed [ 289.876021][T11542] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11542 comm: syz.2.2640) [ 291.645373][T11638] Process accounting paused [ 293.905069][T11727] ICMPv6: process `syz.0.2730' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 295.680541][T11798] syz.2.2765: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 295.721377][T11798] CPU: 1 UID: 0 PID: 11798 Comm: syz.2.2765 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 295.721420][T11798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 295.721448][T11798] Call Trace: [ 295.721457][T11798] [ 295.721473][T11798] dump_stack_lvl+0x16c/0x1f0 [ 295.721530][T11798] warn_alloc+0x24d/0x3a0 [ 295.721571][T11798] ? __pfx_warn_alloc+0x10/0x10 [ 295.721619][T11798] ? lock_acquire.part.0+0x11b/0x380 [ 295.721676][T11798] __vmalloc_node_range_noprof+0x10dc/0x1530 [ 295.721713][T11798] ? rcu_is_watching+0x12/0xc0 [ 295.721761][T11798] ? trace_contention_end+0xee/0x140 [ 295.721803][T11798] ? __mutex_lock+0x1cc/0xb10 [ 295.721830][T11798] ? tomoyo_path_number_perm+0x46d/0x5b0 [ 295.721866][T11798] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 295.721912][T11798] ? dvb_dvr_do_ioctl+0x7e/0x290 [ 295.721959][T11798] ? __pfx___mutex_lock+0x10/0x10 [ 295.721997][T11798] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 295.722033][T11798] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 295.722071][T11798] ? do_vfs_ioctl+0x513/0x1950 [ 295.722122][T11798] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 295.722182][T11798] vmalloc_noprof+0x6b/0x90 [ 295.722215][T11798] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 295.722265][T11798] dvb_dvr_do_ioctl+0x15d/0x290 [ 295.722317][T11798] dvb_usercopy+0x165/0x320 [ 295.722357][T11798] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 295.722405][T11798] ? __pfx_dvb_usercopy+0x10/0x10 [ 295.722446][T11798] ? __pfx_lock_release+0x10/0x10 [ 295.722500][T11798] ? __fget_files+0x206/0x3a0 [ 295.722542][T11798] dvb_dvr_ioctl+0x29/0x40 [ 295.722583][T11798] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 295.722627][T11798] __x64_sys_ioctl+0x190/0x200 [ 295.722681][T11798] do_syscall_64+0xcd/0x250 [ 295.722714][T11798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.722760][T11798] RIP: 0033:0x7f284a78cde9 [ 295.722791][T11798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.722823][T11798] RSP: 002b:00007f284b581038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 295.722851][T11798] RAX: ffffffffffffffda RBX: 00007f284a9a5fa0 RCX: 00007f284a78cde9 [ 295.722872][T11798] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003 [ 295.722891][T11798] RBP: 00007f284a80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 295.722908][T11798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.722924][T11798] R13: 0000000000000000 R14: 00007f284a9a5fa0 R15: 00007ffc9fc57588 [ 295.722963][T11798] [ 295.723073][T11798] Mem-Info: [ 295.997752][T11805] tipc: Can't bind to reserved service type 2 [ 296.123766][T11798] active_anon:5298 inactive_anon:0 isolated_anon:0 [ 296.123766][T11798] active_file:18484 inactive_file:38214 isolated_file:0 [ 296.123766][T11798] unevictable:768 dirty:275 writeback:0 [ 296.123766][T11798] slab_reclaimable:10061 slab_unreclaimable:96308 [ 296.123766][T11798] mapped:23411 shmem:1611 pagetables:941 [ 296.123766][T11798] sec_pagetables:0 bounce:0 [ 296.123766][T11798] kernel_misc_reclaimable:0 [ 296.123766][T11798] free:1342818 free_pcp:282 free_cma:0 [ 296.169041][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.228871][T11798] Node 0 active_anon:21272kB inactive_anon:0kB active_file:73936kB inactive_file:152848kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:93636kB dirty:1108kB writeback:0kB shmem:4908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10840kB pagetables:3824kB sec_pagetables:0kB all_unreclaimable? no [ 296.261245][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.300263][T11798] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 296.330531][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.407695][T11798] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 296.435033][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.462729][T11798] lowmem_reserve[]: 0 2490 2491 0 0 [ 296.468430][T11798] Node 0 DMA32 free:1450056kB boost:0kB min:34416kB low:43020kB high:51624kB reserved_highatomic:0KB active_anon:21200kB inactive_anon:0kB active_file:73936kB inactive_file:152540kB unevictable:1536kB writepending:1112kB present:3129332kB managed:2550580kB mlocked:0kB bounce:0kB free_pcp:2116kB local_pcp:1440kB free_cma:0kB [ 296.660255][T11798] lowmem_reserve[]: 0 0 0 0 0 [ 296.680493][T11798] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:308kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 296.707442][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.733417][T11798] lowmem_reserve[]: 0 0 0 0 0 [ 296.751332][T11798] Node 1 Normal free:3904632kB boost:0kB min:55476kB low:69344kB high:83212kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 296.823735][T11798] lowmem_reserve[]: 0 0 0 0 0 [ 296.833855][T11798] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 296.862180][T11798] Node 0 DMA32: 413*4kB (UME) 1503*8kB (UM) 758*16kB (UM) 347*32kB (UME) 438*64kB (UME) 238*128kB (UME) 121*256kB (UM) 69*512kB (UME) 45*1024kB (UM) 7*2048kB (UM) 300*4096kB (M) = 1450924kB [ 296.891840][T11798] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 296.904346][T11798] Node 1 Normal: 252*4kB (UM) 67*8kB (UME) 39*16kB (UME) 192*32kB (UME) 72*64kB (UME) 26*128kB (UME) 13*256kB (UME) 8*512kB (UME) 4*1024kB (UM) 5*2048kB (UE) 944*4096kB (M) = 3904632kB [ 296.923841][T11798] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 296.934613][T11798] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 296.951065][T11798] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 296.961325][T11798] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 296.985331][T11798] 58310 total pagecache pages [ 296.990083][T11798] 0 pages in swap cache [ 296.994276][T11798] Free swap = 124588kB [ 296.999753][T11798] Total swap = 124996kB [ 297.004209][T11798] 2097051 pages RAM [ 297.008744][T11798] 0 pages HighMem/MovableOnly [ 297.013614][T11798] 427684 pages reserved [ 297.018800][T11798] 0 pages cma reserved [ 305.037641][T12124] block2mtd: Using custom MTD label '' for dev [ 305.044510][T12124] block2mtd: error: cannot open device [ 305.413534][T12139] Debayer A: ================= START STATUS ================= [ 305.433790][T12139] Debayer A: Debayer Mean Window Size: 3 [ 305.442459][T12139] Debayer A: ================== END STATUS ================== [ 308.877842][T12289] uvcvideo: [Deprecated]: nodrop parameter will be eventually removed. [ 310.883165][T12371] kAFS: Invalid Command on /proc/fs/afs/cells file [ 311.328625][T12387] CIFS: VFS: Invalid SecurityFlags: # [ 312.655574][T12441] block nbd8: NBD_DISCONNECT [ 314.639071][T12504] Invalid ELF header magic: != ELF [ 314.855949][T12512] < [ 321.659375][T12729] Process accounting resumed [ 321.664229][T12729] warn_unsupported: 9 callbacks suppressed [ 321.664247][T12729] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 12729 comm: syz.2.3204) [ 321.930951][T12737] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 12737 comm: syz.2.3209) [ 322.135350][T12745] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 12745 comm: syz.2.3213) [ 322.183492][T12752] ecryptfs_miscdev_write: memdup_user returned error [-14] [ 322.349907][T12753] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 12753 comm: syz.2.3217) [ 322.786178][T12748] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 322.820404][T12759] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 12759 comm: syz.2.3220) [ 323.017374][T12770] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 12770 comm: syz.2.3225) [ 323.176812][T12779] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 12779 comm: syz.2.3230) [ 323.431601][T12785] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 12785 comm: syz.2.3232) [ 323.944126][ T55] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 323.944172][ T55] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 323.959805][ T55] Bluetooth: hci3: Dropping invalid advertising data [ 323.966782][ T55] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 324.482295][T12796] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 324.640205][T12796] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 12796 comm: syz.2.3236) [ 324.826573][T12829] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 12829 comm: syz.2.3254) [ 325.129077][T12846] nvme_fcloop: unknown parameter or missing value '' [ 326.663340][T12904] Process accounting resumed [ 327.735518][T12900] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 334.658650][T13211] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 334.929770][T13186] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 335.536863][T13242] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 335.536863][T13242] M' is too long [ 335.552774][T13242] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 335.552774][T13242] W ' is too long [ 337.757621][T13283] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 337.915178][T13311] Line length is too long: Should be less than 4094 [ 338.889752][T13348] ubi0: attaching mtd0 [ 339.117194][T13358] program syz.3.3513 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 339.146537][T13358] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 341.520925][ T29] audit: type=1800 audit(4294967339.543:21): pid=13447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3556" name="dbroot" dev="configfs" ino=31027 res=0 errno=0 [ 341.549935][ T29] audit: type=1804 audit(4294967339.553:22): pid=13447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.3556" name="/newroot/sys/kernel/config/target/dbroot" dev="configfs" ino=31027 res=1 errno=0 [ 344.013329][ T55] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 348.713167][ T2999] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.842113][ T2999] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.079268][ T2999] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.391941][ T2999] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.640304][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 349.651543][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 349.660136][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 349.670110][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 349.690614][ T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 349.706475][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 349.793860][ T2999] bridge_slave_1: left allmulticast mode [ 349.802847][ T2999] bridge_slave_1: left promiscuous mode [ 349.817089][ T2999] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.880089][ T2999] bridge_slave_0: left allmulticast mode [ 349.885821][ T2999] bridge_slave_0: left promiscuous mode [ 349.916623][ T2999] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.414026][ T2999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 351.440745][ T2999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 351.464588][ T2999] bond0 (unregistering): Released all slaves [ 351.767699][ T5150] Bluetooth: hci3: command tx timeout [ 352.608654][T13713] chnl_net:caif_netlink_parms(): no params data found [ 352.661700][T13800] Process accounting resumed [ 352.903537][ T2999] hsr_slave_0: left promiscuous mode [ 352.980021][ T2999] hsr_slave_1: left promiscuous mode [ 353.008994][ T2999] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 353.041680][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 353.062443][ T2999] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 353.070028][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 353.140050][ T2999] veth1_macvtap: left promiscuous mode [ 353.151241][ T2999] veth0_macvtap: left promiscuous mode [ 353.175596][ T2999] veth1_vlan: left promiscuous mode [ 353.201306][ T2999] veth0_vlan: left promiscuous mode [ 353.209154][T13814] QAT: failed to copy from user. [ 353.838060][ T5150] Bluetooth: hci3: command tx timeout [ 355.235967][T13870] cifs: Unknown parameter '#ʑC ˀH/R{<' [ 355.313572][ T2999] team0 (unregistering): Port device team_slave_1 removed [ 355.405089][T13874] warn_unsupported: 10 callbacks suppressed [ 355.405115][T13874] kernel read not supported for file /Pr ^!8;n~ZJp-v<)R_WtakG6h mD|vQ (pid: 13874 comm: syz.2.3750) [ 355.497925][ T29] audit: type=1800 audit(4294967353.589:23): pid=13874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3750" name=5002B9D50272BCD0095EC0217FC0DD38B080FA3B97056EF47E5A05F1EFD1F108D94A9B70DFE7CD1F842DBB05A5B8FCF7763C29DD5202D80D5F03E78E577461FABDAF066B47F7AA361C680B6D44FC7C76D451 dev="mqueue" ino=31725 res=0 errno=0 [ 355.531562][ C0] vkms_vblank_simulate: vblank timer overrun [ 355.560380][ T2999] team0 (unregistering): Port device team_slave_0 removed [ 355.914335][ T5150] Bluetooth: hci3: command tx timeout [ 357.538115][T13713] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.571983][T13713] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.579261][T13713] bridge_slave_0: entered allmulticast mode [ 357.612317][T13713] bridge_slave_0: entered promiscuous mode [ 357.647218][T13713] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.664956][T13713] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.678232][T13713] bridge_slave_1: entered allmulticast mode [ 357.711023][T13713] bridge_slave_1: entered promiscuous mode [ 357.882640][T13713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 357.918176][T13713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 357.978545][ T5150] Bluetooth: hci3: command tx timeout [ 358.084535][T13713] team0: Port device team_slave_0 added [ 358.114453][T13713] team0: Port device team_slave_1 added [ 358.248011][T13713] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 358.255025][T13713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 358.372003][T13713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 358.435774][T13713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 358.466843][T13713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 358.524985][T13713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 358.675944][T13713] hsr_slave_0: entered promiscuous mode [ 358.683242][T13713] hsr_slave_1: entered promiscuous mode [ 358.721592][T13713] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 358.754951][T13713] Cannot create hsr debugfs directory [ 359.324237][T13713] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 359.375926][T13713] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 359.510910][T13713] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 359.560180][T13713] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 359.888768][T13713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.942418][T13713] 8021q: adding VLAN 0 to HW filter on device team0 [ 359.962002][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.969258][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 360.017136][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.024524][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 360.307521][T14001] Setting dangerous option i915.mitigations - tainting kernel [ 360.315093][T14001] Bad "i915.mitigations=!}", '}' is unknown [ 360.680717][T13713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 361.350352][T13713] veth0_vlan: entered promiscuous mode [ 361.395976][T13713] veth1_vlan: entered promiscuous mode [ 361.508937][T13713] veth0_macvtap: entered promiscuous mode [ 361.538878][T13713] veth1_macvtap: entered promiscuous mode [ 361.587112][T13713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 361.630357][T13713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.660719][T13713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 361.676010][T13713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.688807][T13713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 361.707364][T13713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.720406][T13713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 361.746071][T13713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.765003][T13713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.776932][T13713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.797216][T13713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.823187][T13713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.837596][T13713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.867966][T13713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 361.918700][T13713] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.940399][T13713] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.955399][T13713] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.970054][T13713] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.171036][ T2999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.201998][ T2999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.212451][ T5150] Bluetooth: hci0: unexpected event 0x3d length: 726 > 14 [ 362.341554][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.369040][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.612957][T14063] udc dummy_udc.0: soft-connect without a gadget driver [ 363.062317][ T5150] Bluetooth: hci3: Zero size dump init pkt [ 367.055443][T13894] Process accounting paused [ 367.925409][ T29] audit: type=1800 audit(4294967366.087:24): pid=14245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3876" name="SYSV00000014" dev="hugetlbfs" ino=0 res=0 errno=0 [ 368.446076][T14267] kAFS: No cell specified [ 369.907604][T14322] misc userio: Invalid payload size [ 370.345555][T14340] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582) [ 375.286495][T14528] queue_state_write: unsupported operation '' [ 375.297078][T14528] queue_state_write: use 'run', 'start' or 'kick' [ 377.833357][T14627] i2c i2c-0: new_device: Missing parameters [ 378.233284][T14644] nvme_fcloop: unknown parameter or missing value '-' [ 387.028089][T15017] kAFS: Invalid Command on /proc/fs/afs/cells file [ 389.260338][T15102] i2c i2c-0: delete_device: Can't parse I2C address [ 394.842125][T15315] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7fe00 [ 394.869649][T15315] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 394.894447][T15315] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 394.915291][T15315] raw: ffff888000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 394.950047][T15315] page dumped because: unmovable page [ 394.961669][T15315] page_owner tracks the page as allocated [ 394.982027][T15315] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 13692, tgid 13692 (syz-executor), ts 349154222430, free_ts 346030444595 [ 395.010104][T15315] post_alloc_hook+0x181/0x1b0 [ 395.016858][T15315] get_page_from_freelist+0xfce/0x2f80 [ 395.028495][T15315] __alloc_frozen_pages_noprof+0x221/0x2470 [ 395.040919][T15315] alloc_pages_mpol+0x1fc/0x540 [ 395.054284][T15315] alloc_pages_noprof+0x131/0x390 [ 395.073470][T15315] __vmalloc_node_range_noprof+0x721/0x1530 [ 395.083584][T15315] vmalloc_user_noprof+0x6b/0x90 [ 395.104437][T15315] kcov_ioctl+0x4c/0x730 [ 395.108792][T15315] __x64_sys_ioctl+0x190/0x200 [ 395.113637][T15315] do_syscall_64+0xcd/0x250 [ 395.147816][T15315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.193535][T15315] page last free pid 11 tgid 11 stack trace: [ 395.199614][T15315] free_frozen_pages+0x6db/0xfb0 [ 395.233692][T15315] tlb_remove_table_rcu+0x116/0x1a0 [ 395.239014][T15315] rcu_core+0x79d/0x14d0 [ 395.252785][T15315] handle_softirqs+0x213/0x8f0 [ 395.257780][T15315] do_softirq+0xb2/0xf0 [ 395.262026][T15315] __local_bh_enable_ip+0x100/0x120 [ 395.278673][T15315] batadv_nc_purge_paths+0x1c6/0x390 [ 395.293053][T15315] batadv_nc_worker+0x913/0x1060 [ 395.303841][T15315] process_one_work+0x958/0x1b30 [ 395.308879][T15315] worker_thread+0x6c8/0xf00 [ 395.343056][T15315] kthread+0x3af/0x750 [ 395.347333][T15315] ret_from_fork+0x45/0x80 [ 395.351846][T15315] ret_from_fork_asm+0x1a/0x30 [ 396.260880][T15354] QAT: Device 2 not found [ 396.497695][ T5150] Bluetooth: hci0: Malformed HCI Event: 0x22 [ 397.171699][T15386] Process accounting resumed [ 397.349593][ T29] audit: type=1800 audit(4294967395.646:25): pid=15394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4370" name="lu_gp_id" dev="configfs" ino=37308 res=0 errno=0 [ 399.312897][T15448] delete_channel: no stack [ 400.008568][ T29] audit: type=1800 audit(4294967398.318:26): pid=15473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4409" name="features" dev="configfs" ino=38135 res=0 errno=0 [ 401.835795][T15534] Process accounting resumed [ 403.056933][T15579] Process accounting resumed [ 403.166320][T15585] Scaler: ================= START STATUS ================= [ 403.192414][T15585] Scaler: ================== END STATUS ================== [ 406.171701][T15697] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1048706]. [ 407.714959][T15756] usb usb24: check_ctrlrecip: process 15756 (syz.5.4548) requesting ep 01 but needs 81 [ 407.734658][T15756] usb usb24: usbfs: process 15756 (syz.5.4548) did not claim interface 0 before use [ 410.435644][ T29] audit: type=1800 audit(4294967408.797:27): pid=15852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4594" name="discovery_nqn" dev="configfs" ino=38696 res=0 errno=0 [ 411.154475][T15873] ima: policy update failed [ 411.170242][ T29] audit: type=1802 audit(4294967409.521:28): pid=15873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.4606" res=0 errno=0 [ 411.575251][T15890] block2mtd: illegal erase size [ 413.586824][T15970] syz.4.4651 (15970): attempted to duplicate a private mapping with mremap. This is not supported. [ 415.666383][T16052] bond0: option mode: invalid value () [ 416.304389][T16077] CIFS mount error: No usable UNC path provided in device string! [ 416.304389][T16077] [ 416.334301][T16077] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 416.975901][T16105] QAT: Stopping all acceleration devices. [ 420.128330][T16182] RDS: rds_bind could not find a transport for 7bc:c94c:4e37:70c4::, load rds_tcp or rds_rdma? [ 421.446170][T16225] QAT: failed to copy from user cfg_data. [ 422.242558][T16251] aoe: could not set interface list: too many interfaces [ 426.670285][T16401] program syz.4.4865 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 429.949244][T16528] afs: Unknown parameter 'P4' [ 430.528733][T16549] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 432.954609][T16623] kfence: disabled [ 439.335103][T16793] usb usb32: usbfs: process 16793 (syz.2.5056) did not claim interface 0 before use [ 440.796230][T16823] : Can't lookup blockdev [ 444.749223][T16939] Process accounting resumed [ 445.353026][T16957] warning: `syz.4.5137' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 446.970133][T17001] queue_state_write: operation too long [ 446.975769][T17001] queue_state_write: use 'run', 'start' or 'kick' [ 446.999147][T17003] Process accounting resumed [ 451.082281][T17134] Invalid input. Must be >= 4608 [ 451.818197][T17162] usb usb15: usbfs: interface 0 claimed by hub while 'syz.2.5238' sets config #5 [ 459.505125][ T29] audit: type=1806 audit(4294967458.088:29): xattr="." res=0 [ 461.671824][T17465] Format for deleting device is "id" (uint). [ 462.396303][T17494] vivid-010: ================= START STATUS ================= [ 462.414922][T17494] vivid-010: Generate PTS: true [ 462.427425][T17494] vivid-010: Generate SCR: true [ 462.432393][T17494] tpg source WxH: 640x360 (Y'CbCr) [ 462.472323][T17494] tpg field: 1 [ 462.475824][T17494] tpg crop: 640x360@0x0 [ 462.499308][T17494] tpg compose: 640x360@0x0 [ 462.517162][T17494] tpg colorspace: 8 [ 462.527131][T17494] tpg transfer function: 0/0 [ 462.535656][ T29] audit: type=1800 audit(4294967461.132:30): pid=17502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.5406" name="dbroot" dev="configfs" ino=42834 res=0 errno=0 [ 462.546943][T17494] tpg Y'CbCr encoding: 0/0 [ 462.564998][T17502] db_root: cannot open: [ 462.600671][T17494] tpg quantization: 0/0 [ 462.626538][T17494] tpg RGB range: 0/2 [ 462.630633][T17494] vivid-010: ================== END STATUS ================== [ 463.675172][T17547] Ignoring unsupported numa_zonelist_order value: [ 463.675172][T17547] [ 471.369292][ T55] Bluetooth: hci3: command 0x0406 tx timeout [ 472.277851][T17794] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 472.707680][T17811] zram: Added device: zram1 [ 477.309093][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 477.315687][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 479.253483][ T29] audit: type=1800 audit(4294967477.921:31): pid=18069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5684" name="discovery_nqn" dev="configfs" ino=45722 res=0 errno=0 [ 481.001443][T18140] syz.0.5720 (18140): drop_caches: 0 [ 481.813916][T18169] : Can't lookup blockdev [ 482.246233][T18182] ICMPv6: process `syz.0.5739' is using deprecated sysctl (syscall) net.ipv6.neigh.macsec0.base_reachable_time - use net.ipv6.neigh.macsec0.base_reachable_time_ms instead [ 482.907471][T18206] sysfs_service_op_store: Client not running :-5: [ 484.036473][T18243] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5771'. [ 484.911071][T18273] ima: Unable to open file: /suritRy/integrity?iqa/policy (-2) [ 484.911609][T18272] ima: policy update failed [ 484.925577][ T29] audit: type=1802 audit(4294967483.637:32): pid=18272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.5786" res=0 errno=0 [ 485.445778][T18292] Setting dangerous option i915.mitigations - tainting kernel [ 485.874078][T18308] ptrace attach of "./syz-executor exec"[13713] was attempted by "./syz-executor exec"[18308] [ 494.332808][T18557] usb usb15: usbfs: process 18557 (syz.4.5925) did not claim interface 0 before use [ 495.350913][ T29] audit: type=1800 audit(4294967494.106:33): pid=18582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5938" name="members" dev="configfs" ino=48262 res=0 errno=0 [ 496.432446][T18618] kmem.limit_in_bytes is deprecated and will be removed. Writing any value to this file has no effect. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 497.596753][T18658] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.223540][ T29] audit: type=1800 audit(4294967497.994:34): pid=18718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.6003" name="members" dev="configfs" ino=48544 res=0 errno=0 [ 500.414798][T18759] ptrace attach of "./syz-executor exec"[5883] was attempted by "./syz-executor exec"[18759] [ 501.718402][T18814] rtc_cmos 00:00: Alarms can be up to one day in the future [ 501.914023][T18822] ptrace attach of "./syz-executor exec"[6494] was attempted by ""[18822] [ 504.971818][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 504.980870][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 505.516249][T18972] sysfs_service_op_show: Client not running :-5: [ 511.425894][T19200] kAFS: unparsable volume name [ 512.633293][T19241] ima: policy update failed [ 512.638298][ T29] audit: type=1807 audit(4294967511.467:35): UNKNOWN= res=0 [ 512.682129][ T29] audit: type=1802 audit(4294967511.467:36): pid=19244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.0.6258" res=0 errno=0 [ 512.750929][ T29] audit: type=1802 audit(4294967511.478:37): pid=19241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.6258" res=0 errno=0 [ 515.061826][T19332] usb usb15: usbfs: process 19332 (syz.4.6303) did not claim interface 0 before use [ 515.743571][T19356] Process accounting resumed [ 518.054022][T19450] synth uevent: /devices/platform/dummy_hcd.3/usb4/ep_00: unknown uevent action string [ 518.079091][T19450] ep_00: uevent: failed to send synthetic uevent: -22 [ 521.032498][T19559] ceph: Failed to parse sending metrics switch value 'P^' [ 522.847871][T19631] synth uevent: /bus/usb/drivers/cdc_eem: unknown uevent action string [ 525.678366][T19751] program syz.5.6508 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 526.447640][T19783] ubi0: attaching mtd0 [ 526.459762][T19783] ubi0: scanning is finished [ 526.465138][T19783] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 526.618989][T19783] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 529.687622][T19917] ima: policy update failed [ 529.701565][ T29] audit: type=1802 audit(4294967528.628:38): pid=19917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.6589" res=0 errno=0 [ 530.431037][T19943] bcache: register_bcache() error : Not a bcache superblock (bad offset) [ 530.672538][T19956] synth uevent: /devices/virtual/misc/rdma_cm: unknown uevent action string [ 530.726114][T19956] misc rdma_cm: uevent: failed to send synthetic uevent: -22 [ 533.440837][T20070] synth uevent: /devices/virtual/misc/rdma_cm: unknown uevent action string [ 533.468220][T20070] misc rdma_cm: uevent: failed to send synthetic uevent: -22 [ 535.109810][T20127] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 536.132217][ T29] audit: type=1800 audit(4294967535.088:39): pid=20164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.6710" name="members" dev="configfs" ino=52754 res=0 errno=0 [ 536.152534][ C0] vkms_vblank_simulate: vblank timer overrun [ 538.111768][T20250] kAFS: Invalid Command on /proc/fs/afs/cells file [ 539.703755][T20305] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5) [ 540.221435][T20326] futex_wake_op: syz.2.6791 tries to shift op by 64; fix this program [ 542.150052][T20398] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.377061][T20398] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.528920][T20398] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.682755][T20398] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.922020][T20495] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 545.010753][T20498] delete_channel: no stack [ 548.242003][T20632] sg_write: data in/out 2059/169 bytes for SCSI command 0x57-- guessing data in; [ 548.242003][T20632] program syz.4.6940 not setting count and/or reply_len properly [ 549.505998][T20684] usbcore.quirks: string doesn't fit in 127 chars. [ 550.906513][T20743] ubi13: attaching mtd0 [ 550.931296][T20743] ubi13 error: ubi_attach_mtd_dev: bad VID header (13) or data offsets (77) [ 551.022771][T20746] QAT: Invalid ioctl 21531 [ 551.965977][T20788] block2mtd: device name too long [ 552.758211][T20816] scsi_dev_info_list_add_str: bad dev info string '' '' '' [ 553.138616][T20831] usb usb15: usbfs: process 20831 (syz.0.7039) did not claim interface 0 before use [ 557.891079][T21032] HSR: entered promiscuous mode [ 558.007979][T21038] netlink: 'syz.2.7140': attribute type 1 has an invalid length. [ 560.565004][T21096] dyndbg: expected <4096 bytes into control [ 562.427510][T21152] sysfs_service_op_show: Client not running :-5: [ 564.083589][T21192] netlink: 'syz.0.7207': attribute type 1 has an invalid length. [ 565.350864][T21222] nbd: must specify a device to reconfigure [ 566.126370][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 566.132867][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.446247][T21290] CIFS mount error: No usable UNC path provided in device string! [ 567.446247][T21290] [ 567.473957][T21290] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 567.886524][T21301] nbd: couldn't find a device at index 3723 [ 568.191613][T21310] netlink: zone id is out of range [ 568.878046][T21328] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 570.193044][T21368] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 570.636588][T21382] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 570.653724][T21382] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 571.327892][T21410] netlink: 'syz.0.7308': attribute type 11 has an invalid length. [ 571.335997][T21410] netlink: 'syz.0.7308': attribute type 11 has an invalid length. [ 572.431066][T21439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7323'. [ 572.760742][T21447] openvswitch: netlink: IP tunnel dst address not specified [ 573.428329][T21466] openvswitch: netlink: IP tunnel dst address not specified [ 573.671680][T21474] openvswitch: netlink: Missing valid actions attribute. [ 573.833235][T21477] Zero length message leads to an empty skb [ 576.783091][T21541] netlink: Conntrack attr type has unexpected length (type=0, length=3, expected=0) [ 577.447325][T21552] cifs: Unknown parameter '' [ 578.386412][T21575] tipc: Enabling of bearer rejected, media not registered [ 578.447059][T21577] openvswitch: netlink: nsh attr 160 is out of range max 3 [ 582.949604][T21679] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7433'. [ 582.994306][T21682] Process accounting resumed [ 586.134007][T21758] netlink: 'syz.5.7469': attribute type 2 has an invalid length. [ 587.015000][T21773] rnbd_client L213: map_device: Parameters missing [ 587.094256][T21778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7479'. [ 588.785169][T21840] netlink: 306 bytes leftover after parsing attributes in process `syz.2.7507'. [ 589.820891][T21861] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 592.800529][T21911] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 595.532537][T21966] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 597.289388][T22018] Process accounting resumed [ 602.537376][T22140] ubi0: attaching mtd0 [ 602.560405][T22140] ubi0: scanning is finished [ 602.565209][T22140] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 602.697610][T22140] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 604.356681][T22187] ima: policy update failed [ 604.380401][ T29] audit: type=1802 audit(4294968626.644:40): pid=22187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.7663" res=0 errno=0 [ 604.469943][ T5150] Bluetooth: hci1: unexpected event 0x03 length: 725 > 11 [ 604.490276][T22198] random: crng reseeded on system resumption [ 608.050563][T22287] netlink: 206 bytes leftover after parsing attributes in process `syz.2.7706'. [ 609.759997][T22341] netlink: Unknown conntrack attr (0) [ 610.480249][T22364] block nbd0: not configured, cannot reconfigure [ 610.748554][T22371] netlink: 'syz.2.7741': attribute type 11 has an invalid length. [ 610.773032][T22371] netlink: 'syz.2.7741': attribute type 11 has an invalid length. [ 610.789101][T22371] netlink: 'syz.2.7741': attribute type 11 has an invalid length. [ 610.799199][T22371] netlink: 'syz.2.7741': attribute type 11 has an invalid length. [ 611.074165][T22380] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 611.449227][T22395] delete_channel: no stack [ 611.589943][T22399] nbd: couldn't find device at index 33904 [ 613.011185][T22445] openvswitch: netlink: Message has 4 unknown bytes. [ 614.632284][T22492] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 614.985223][T22504] Process accounting resumed [ 617.415029][T22591] netlink: zone id is out of range [ 617.427185][T22591] netlink: zone id is out of range [ 617.437943][T22591] netlink: zone id is out of range [ 617.444223][T22591] netlink: zone id is out of range [ 617.481021][T22591] netlink: zone id is out of range [ 617.495820][T22591] netlink: zone id is out of range [ 617.508629][T22591] netlink: zone id is out of range [ 617.516490][T22591] netlink: zone id is out of range [ 617.529769][T22591] netlink: zone id is out of range [ 617.536577][T22591] netlink: zone id is out of range [ 618.489387][T22629] netlink: 342 bytes leftover after parsing attributes in process `syz.0.7859'. [ 618.921702][T22644] nbd: must specify a size in bytes for the device [ 619.199238][T22653] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 619.810490][T22672] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 622.613454][T22756] : entered promiscuous mode [ 623.484632][ T5150] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 623.495223][ T5150] Bluetooth: hci1: Invalid handle: 0x1e1a > 0x0eff [ 624.079552][T22808] netlink: 'syz.0.7941': attribute type 1 has an invalid length. [ 626.265907][T22893] net_ratelimit: 23 callbacks suppressed [ 626.265936][T22893] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 626.560171][T22903] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7985'. [ 627.277278][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 627.292577][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.333728][T22928] netlink: zone id is out of range [ 627.343724][T22928] netlink: zone id is out of range [ 627.348901][T22928] netlink: zone id is out of range [ 627.354309][T22928] netlink: zone id is out of range [ 627.359467][T22928] netlink: zone id is out of range [ 627.372203][T22928] netlink: zone id is out of range [ 627.377377][T22928] netlink: zone id is out of range [ 627.399665][T22928] netlink: zone id is out of range [ 627.409807][T22928] netlink: zone id is out of range [ 632.045305][T23092] net_ratelimit: 5 callbacks suppressed [ 632.045329][T23092] openvswitch: netlink: IP tunnel dst address not specified [ 632.200184][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 632.200230][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 632.852208][T23113] rnbd_client L213: map_device: Parameters missing [ 634.596835][ T55] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 634.956085][T23187] delete_channel: no stack [ 635.157424][T23196] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8121'. [ 636.766175][T23251] netlink: 'syz.0.8144': attribute type 1 has an invalid length. [ 638.191639][ T29] audit: type=1800 audit(4294968660.623:41): pid=23301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.8166" name="discovery_nqn" dev="configfs" ino=63024 res=0 errno=0 [ 638.259090][T23304] openvswitch: netlink: Message has 4 unknown bytes. [ 638.561215][ T55] Bluetooth: hci3: unexpected subevent 0x04 length: 122 > 11 [ 638.912742][T23325] netlink: 'syz.0.8177': attribute type 1 has an invalid length. [ 639.914949][T23362] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 640.098282][T23366] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(4.128.1), cmd(5) [ 640.115044][T23367] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 640.122044][T23367] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 640.762746][T23383] openvswitch: netlink: Flow actions attr not present in new flow. [ 640.887719][T23388] netlink: 'syz.5.8204': attribute type 10 has an invalid length. [ 641.392985][T23407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8212'. [ 643.438057][T23471] sctp: [Deprecated]: syz.5.8241 (pid 23471) Use of int in maxseg socket option. [ 643.438057][T23471] Use struct sctp_assoc_value instead [ 643.866701][T23485] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 647.334525][T23589] netlink: 'syz.0.8295': attribute type 2 has an invalid length. [ 647.441726][T23550] kexec: Could not allocate control_code_buffer [ 648.138700][T23614] netlink: 'syz.0.8306': attribute type 1 has an invalid length. [ 649.487141][T23643] could not allocate digest TFM handle [ 649.816741][T23639] could not allocate digest TFM handle [ 649.950136][T23618] kexec: Could not allocate control_code_buffer [ 651.666575][T23699] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 652.159617][T23685] kexec: Could not allocate control_code_buffer [ 652.181934][T23710] openvswitch: netlink: VXLAN extension 64 out of range max 1 [ 654.869243][T23738] kexec: Could not allocate control_code_buffer [ 656.245553][T23819] openvswitch: netlink: Duplicate or invalid key (type 0). [ 658.071519][T23881] netlink: 'syz.0.8424': attribute type 1 has an invalid length. [ 658.834780][T23909] batman_adv: Routing algorithm '' is not supported [ 658.914513][T23911] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 659.745838][T23943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8453'. [ 662.211708][T24029] netlink: get zone limit has 4 unknown bytes [ 663.269047][T24068] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8507'. [ 664.330107][T24107] netlink: 'syz.5.8524': attribute type 2 has an invalid length. [ 664.848364][T24128] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8534'. [ 666.217725][T24183] openvswitch: netlink: IP tunnel dst address not specified [ 666.285221][T24185] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 666.935104][ T29] audit: type=1107 audit(4294968689.488:42): pid=24210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 669.578775][T24305] openvswitch: netlink: Duplicate key (type 15). [ 669.798971][T24312] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 670.449946][T24335] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8630'. [ 670.774032][T24352] netlink: get zone limit has 8 unknown bytes [ 671.786948][T24391] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 673.692626][T24464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8690'. [ 675.197662][T24507] netlink: 'syz.0.8708': attribute type 1 has an invalid length. [ 679.418180][T24639] netlink: zone id is out of range [ 679.423391][T24639] netlink: zone id is out of range [ 679.445284][T24639] netlink: zone id is out of range [ 679.454278][T24639] netlink: zone id is out of range [ 679.467511][T24639] netlink: zone id is out of range [ 679.471735][T24641] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 679.481296][T24639] netlink: zone id is out of range [ 679.481313][T24639] netlink: zone id is out of range [ 679.495190][T24639] netlink: zone id is out of range [ 679.511231][T24639] netlink: zone id is out of range [ 681.448412][T24709] nfs4: Unknown parameter 'nfsd' [ 682.631928][T24748] netlink: 206 bytes leftover after parsing attributes in process `syz.5.8818'. [ 682.954638][T24758] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7fe00 [ 682.975953][T24758] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 682.990106][T24758] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 683.012323][T24758] raw: ffff888000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 683.025624][T24758] page dumped because: unmovable page [ 683.033849][T24758] page_owner tracks the page as allocated [ 683.046582][T24758] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 13692, tgid 13692 (syz-executor), ts 349154222430, free_ts 346030444595 [ 683.082741][T24758] post_alloc_hook+0x181/0x1b0 [ 683.087715][T24758] get_page_from_freelist+0xfce/0x2f80 [ 683.105746][T24758] __alloc_frozen_pages_noprof+0x221/0x2470 [ 683.115960][T24758] alloc_pages_mpol+0x1fc/0x540 [ 683.132124][T24758] alloc_pages_noprof+0x131/0x390 [ 683.144751][T24758] __vmalloc_node_range_noprof+0x721/0x1530 [ 683.169990][T24758] vmalloc_user_noprof+0x6b/0x90 [ 683.175221][T24758] kcov_ioctl+0x4c/0x730 [ 683.179636][T24758] __x64_sys_ioctl+0x190/0x200 [ 683.199814][T24758] do_syscall_64+0xcd/0x250 [ 683.204584][T24758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.216009][T24758] page last free pid 11 tgid 11 stack trace: [ 683.227264][T24758] free_frozen_pages+0x6db/0xfb0 [ 683.229782][ T29] audit: type=1800 audit(4294968705.865:43): pid=24766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.8827" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 683.237391][T24758] tlb_remove_table_rcu+0x116/0x1a0 [ 683.309418][T24758] rcu_core+0x79d/0x14d0 [ 683.313936][T24758] handle_softirqs+0x213/0x8f0 [ 683.318879][T24758] do_softirq+0xb2/0xf0 [ 683.332357][T24758] __local_bh_enable_ip+0x100/0x120 [ 683.349150][T24758] batadv_nc_purge_paths+0x1c6/0x390 [ 683.359034][T24758] batadv_nc_worker+0x913/0x1060 [ 683.369039][T24758] process_one_work+0x958/0x1b30 [ 683.377942][T24758] worker_thread+0x6c8/0xf00 [ 683.388107][T24758] kthread+0x3af/0x750 [ 683.396733][T24758] ret_from_fork+0x45/0x80 [ 683.409990][T24758] ret_from_fork_asm+0x1a/0x30 [ 683.626914][T24775] netlink: 'syz.0.8830': attribute type 1 has an invalid length. [ 685.686833][T24841] net_ratelimit: 213 callbacks suppressed [ 685.686859][T24841] openvswitch: netlink: Flow key attr not present in new flow. [ 686.743151][T24884] sd 0:0:1:0: PR command failed: 1026 [ 686.748701][T24884] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 686.765773][T24884] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 686.808261][T24889] netlink: 'syz.5.8881': attribute type 4 has an invalid length. [ 687.171932][T24899] svc: failed to register nfsdv3 RPC service (errno 111). [ 687.200186][T24899] svc: failed to register nfsaclv3 RPC service (errno 111). [ 687.953092][T24929] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 688.428311][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 688.434789][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.804020][T24946] openvswitch: netlink: Multiple metadata blocks provided [ 689.127570][T24961] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7fe00 [ 689.147331][T24961] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 689.161947][T24961] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 689.170888][T24962] netlink: 'syz.0.8908': attribute type 3 has an invalid length. [ 689.189976][T24961] raw: ffff888000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 689.206438][T24962] netlink: 235 bytes leftover after parsing attributes in process `syz.0.8908'. [ 689.216009][T24961] page dumped because: unmovable page [ 689.226557][T24961] page_owner tracks the page as allocated [ 689.238370][T24961] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 13692, tgid 13692 (syz-executor), ts 349154222430, free_ts 346030444595 [ 689.258680][T24961] post_alloc_hook+0x181/0x1b0 [ 689.269048][T24961] get_page_from_freelist+0xfce/0x2f80 [ 689.279455][T24961] __alloc_frozen_pages_noprof+0x221/0x2470 [ 689.299694][T24961] alloc_pages_mpol+0x1fc/0x540 [ 689.305667][T24961] alloc_pages_noprof+0x131/0x390 [ 689.312811][T24961] __vmalloc_node_range_noprof+0x721/0x1530 [ 689.330651][T24961] vmalloc_user_noprof+0x6b/0x90 [ 689.360817][T24961] kcov_ioctl+0x4c/0x730 [ 689.371237][T24961] __x64_sys_ioctl+0x190/0x200 [ 689.381188][T24961] do_syscall_64+0xcd/0x250 [ 689.400640][T24961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.406747][T24961] page last free pid 11 tgid 11 stack trace: [ 689.420981][T24961] free_frozen_pages+0x6db/0xfb0 [ 689.426132][T24961] tlb_remove_table_rcu+0x116/0x1a0 [ 689.450191][T24961] rcu_core+0x79d/0x14d0 [ 689.454740][T24961] handle_softirqs+0x213/0x8f0 [ 689.460137][T24961] do_softirq+0xb2/0xf0 [ 689.490281][T24961] __local_bh_enable_ip+0x100/0x120 [ 689.500450][T24961] batadv_nc_purge_paths+0x1c6/0x390 [ 689.508749][T24961] batadv_nc_worker+0x913/0x1060 [ 689.522716][T24961] process_one_work+0x958/0x1b30 [ 689.527760][T24961] worker_thread+0x6c8/0xf00 [ 689.559921][T24961] kthread+0x3af/0x750 [ 689.564091][T24961] ret_from_fork+0x45/0x80 [ 689.571287][T24961] ret_from_fork_asm+0x1a/0x30 [ 693.090251][T25095] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 694.385861][T25144] openvswitch: netlink: ct_state flags 01001eac unsupported [ 694.406800][T25145] Process accounting resumed [ 695.805072][T25205] netlink: 5 bytes leftover after parsing attributes in process `syz.4.9019'. [ 696.538505][T25233] svc: failed to register nfsdv3 RPC service (errno 111). [ 696.559721][T25233] svc: failed to register nfsaclv3 RPC service (errno 111). [ 698.362776][T25308] openvswitch: netlink: nsh attr 1 has unexpected len 14 expected 8 [ 698.690531][T25321] netlink: ct family unspecified [ 700.813331][T25408] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9119'. [ 701.058978][T25418] netlink: Unknown conntrack attr (type=146, max=9) [ 702.517508][T25470] openvswitch: netlink: Flow key attribute not present in set flow. [ 702.680721][T25477] netlink: 'syz.5.9152': attribute type 2 has an invalid length. [ 703.180269][T25498] can: request_module (can-proto-5) failed. [ 703.241999][T25500] svc: failed to register nfsdv3 RPC service (errno 111). [ 703.281954][T25500] svc: failed to register nfsaclv3 RPC service (errno 111). [ 705.661135][T25568] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 706.512552][T25588] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9201'. [ 706.516701][T25587] netlink: 'syz.5.9200': attribute type 1 has an invalid length. [ 706.789113][T25596] openvswitch: netlink: Duplicate or invalid key (type 1). [ 707.912143][T25635] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 710.134883][T25697] openvswitch: HSR: Dropping previously announced user features [ 712.063306][T25767] openvswitch: netlink: nsh attribute has 2 unknown bytes. [ 715.010872][T25851] svc: failed to register nfsdv3 RPC service (errno 111). [ 715.045903][T25851] svc: failed to register nfsaclv3 RPC service (errno 111). [ 715.730540][T25876] sctp: [Deprecated]: syz.0.9330 (pid 25876) Use of int in max_burst socket option deprecated. [ 715.730540][T25876] Use struct sctp_assoc_value instead [ 715.923004][T25878] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 715.956053][T25878] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 717.065236][T25917] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9349'. [ 718.548825][T25972] openvswitch: netlink: Key 23 has unexpected len 16 expected 2 [ 721.315679][T26065] netlink: 'syz.4.9420': attribute type 1 has an invalid length. [ 721.726735][ T29] audit: type=1107 audit(4294967302.186:44): pid=26080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 721.828135][ T29] audit: type=1107 audit(4294967302.186:45): pid=26080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 722.330193][T26103] netlink: Conntrack attr has 16 unknown bytes [ 723.167164][T26137] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 723.191333][T26137] CPU: 1 UID: 0 PID: 26137 Comm: syz.0.9451 Tainted: G U 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 723.191381][T26137] Tainted: [U]=USER [ 723.191392][T26137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 723.191421][T26137] Call Trace: [ 723.191431][T26137] [ 723.191444][T26137] dump_stack_lvl+0x16c/0x1f0 [ 723.191503][T26137] sysfs_warn_dup+0x7f/0xa0 [ 723.191569][T26137] sysfs_do_create_link_sd+0x124/0x140 [ 723.191623][T26137] sysfs_create_link+0x61/0xc0 [ 723.191674][T26137] device_add+0x62e/0x1a70 [ 723.191724][T26137] ? __pfx_device_add+0x10/0x10 [ 723.191768][T26137] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 723.191814][T26137] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 723.191859][T26137] wiphy_register+0x1c7a/0x2860 [ 723.191903][T26137] ? netdev_run_todo+0x877/0x1320 [ 723.191953][T26137] ? __pfx_wiphy_register+0x10/0x10 [ 723.192019][T26137] ieee80211_register_hw+0x23ff/0x3ff0 [ 723.192074][T26137] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 723.192114][T26137] ? net_generic+0xea/0x2a0 [ 723.192167][T26137] ? lockdep_init_map_type+0x16d/0x7d0 [ 723.192214][T26137] ? rcu_is_watching+0x12/0xc0 [ 723.192263][T26137] ? trace_hrtimer_init+0x1a6/0x230 [ 723.192306][T26137] ? __hrtimer_init+0x106/0x2c0 [ 723.192353][T26137] mac80211_hwsim_new_radio+0x2c47/0x56d0 [ 723.192434][T26137] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 723.192502][T26137] hwsim_new_radio_nl+0xb42/0x12b0 [ 723.192571][T26137] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 723.192638][T26137] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 723.192696][T26137] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 723.192763][T26137] genl_family_rcv_msg_doit+0x202/0x2f0 [ 723.192821][T26137] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 723.192873][T26137] ? trace_cap_capable+0x1a2/0x210 [ 723.192937][T26137] ? bpf_lsm_capable+0x9/0x10 [ 723.192981][T26137] ? security_capable+0x7e/0x260 [ 723.193035][T26137] ? ns_capable+0xd7/0x110 [ 723.193082][T26137] genl_rcv_msg+0x565/0x800 [ 723.193119][T26137] ? __pfx_genl_rcv_msg+0x10/0x10 [ 723.193165][T26137] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 723.193230][T26137] netlink_rcv_skb+0x165/0x410 [ 723.193277][T26137] ? __pfx_genl_rcv_msg+0x10/0x10 [ 723.193310][T26137] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 723.193377][T26137] ? down_read+0xc9/0x330 [ 723.193408][T26137] ? __pfx_down_read+0x10/0x10 [ 723.193442][T26137] ? netlink_deliver_tap+0x1ae/0xca0 [ 723.193503][T26137] genl_rcv+0x28/0x40 [ 723.193656][T26137] netlink_unicast+0x53c/0x7f0 [ 723.193716][T26137] ? __pfx_netlink_unicast+0x10/0x10 [ 723.193768][T26137] ? __phys_addr_symbol+0x30/0x80 [ 723.193819][T26137] ? __check_object_size+0x488/0x710 [ 723.193867][T26137] netlink_sendmsg+0x8b8/0xd70 [ 723.193921][T26137] ? __pfx_netlink_sendmsg+0x10/0x10 [ 723.193985][T26137] ____sys_sendmsg+0x9ae/0xb40 [ 723.194030][T26137] ? copy_msghdr_from_user+0x10b/0x160 [ 723.194065][T26137] ? __pfx_____sys_sendmsg+0x10/0x10 [ 723.194131][T26137] ___sys_sendmsg+0x135/0x1e0 [ 723.194167][T26137] ? __pfx____sys_sendmsg+0x10/0x10 [ 723.194215][T26137] ? __pfx_lock_release+0x10/0x10 [ 723.194254][T26137] ? trace_lock_acquire+0x14e/0x1f0 [ 723.194299][T26137] ? __fget_files+0x206/0x3a0 [ 723.194344][T26137] __sys_sendmsg+0x16e/0x220 [ 723.194379][T26137] ? __pfx___sys_sendmsg+0x10/0x10 [ 723.194411][T26137] ? __x64_sys_futex+0x1e1/0x4c0 [ 723.194486][T26137] do_syscall_64+0xcd/0x250 [ 723.194522][T26137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.194565][T26137] RIP: 0033:0x7f08b298cde9 [ 723.194590][T26137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 723.194619][T26137] RSP: 002b:00007f08b37a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 723.194647][T26137] RAX: ffffffffffffffda RBX: 00007f08b2ba5fa0 RCX: 00007f08b298cde9 [ 723.194666][T26137] RDX: 0000000004000800 RSI: 00004000000000c0 RDI: 0000000000000003 [ 723.194684][T26137] RBP: 00007f08b2a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 723.194702][T26137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 723.194719][T26137] R13: 0000000000000000 R14: 00007f08b2ba5fa0 R15: 00007ffdea6300e8 [ 723.194760][T26137] [ 723.805775][T26148] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 725.397713][T26198] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 725.425114][T26198] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 725.433967][ T29] audit: type=1804 audit(4294967305.885:46): pid=26199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.9482" name="/newroot/1373/file0" dev="tmpfs" ino=6923 res=1 errno=0 [ 725.494442][ T29] audit: type=1800 audit(4294967305.895:47): pid=26199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.9482" name="file0" dev="tmpfs" ino=6923 res=0 errno=0 [ 726.762557][T26238] netlink: zone id is out of range [ 726.767901][T26238] netlink: zone id is out of range [ 726.773996][T26238] netlink: zone id is out of range [ 726.779301][T26238] netlink: zone id is out of range [ 726.785275][T26238] netlink: zone id is out of range [ 726.790850][T26238] netlink: zone id is out of range [ 726.796186][T26238] netlink: zone id is out of range [ 726.809749][T26238] netlink: zone id is out of range [ 726.817783][T26238] netlink: zone id is out of range [ 726.829647][T26238] netlink: zone id is out of range [ 727.027054][T26244] nl80211: entered promiscuous mode [ 727.595678][T26265] nbd: illegal input index -33554433 [ 729.101536][T26309] .SR: entered promiscuous mode [ 732.337950][T26394] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9571'. [ 733.483794][T26425] net_ratelimit: 27 callbacks suppressed [ 733.483823][T26425] openvswitch: netlink: Key type 261 is out of range max 32 [ 733.708146][T26431] svc: failed to register nfsdv3 RPC service (errno 111). [ 733.732432][T26431] svc: failed to register nfsaclv3 RPC service (errno 111). [ 734.373133][T26454] netlink: 'syz.4.9597': attribute type 1 has an invalid length. [ 734.420128][T26454] nbd: error processing sock list [ 734.489511][T26458] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd83 [ 734.588929][T26462] netlink: 'syz.4.9601': attribute type 1 has an invalid length. [ 735.519928][T26491] sd 0:0:1:0: PR command failed: 1026 [ 735.534519][T26491] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 735.541331][T26491] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 739.693618][T26622] openvswitch: netlink: IP tunnel TTL not specified. [ 740.058685][ T29] audit: type=1800 audit(4294967320.602:48): pid=26636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.9676" name="members" dev="configfs" ino=75088 res=0 errno=0 [ 740.923841][T26658] nbd: must specify an index to disconnect [ 741.368195][T26672] openvswitch: netlink: IPv6 tunnel dst address is zero [ 741.426932][T26674] openvswitch: netlink: Missing valid actions attribute. [ 741.924060][T26686] sctp: [Deprecated]: syz.2.9702 (pid 26686) Use of int in maxseg socket option. [ 741.924060][T26686] Use struct sctp_assoc_value instead [ 742.550438][T26709] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9713'. [ 744.193055][T26765] netlink: zone id is out of range [ 744.232577][T26767] openvswitch: netlink: IP tunnel dst address not specified [ 748.815859][T26936] openvswitch: netlink: IPv4 tunnel dst address is zero [ 749.564316][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 749.570806][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.813783][T27012] nfsd: Unknown parameter 'DJ' [ 751.019762][T27020] netlink: 'syz.2.9859': attribute type 2 has an invalid length. [ 752.111138][T27061] netlink: 'syz.2.9878': attribute type 1 has an invalid length. [ 752.984415][T27093] netlink: zone id is out of range [ 753.010741][T27093] netlink: zone id is out of range [ 753.024470][T27093] netlink: zone id is out of range [ 753.040467][T27093] netlink: zone id is out of range [ 753.046018][T27093] netlink: zone id is out of range [ 753.053469][T27093] netlink: zone id is out of range [ 753.061957][T27093] netlink: zone id is out of range [ 753.073338][T27093] netlink: zone id is out of range [ 753.102482][T27093] netlink: zone id is out of range [ 755.877007][T27195] netlink: 'syz.5.9939': attribute type 1 has an invalid length. [ 756.311102][T27209] net_ratelimit: 15 callbacks suppressed [ 756.311129][T27209] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 756.323208][T27211] netlink: 'syz.2.9946': attribute type 2 has an invalid length. [ 756.695915][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.923245][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.157536][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.579823][ T11] bridge_slave_1: left allmulticast mode [ 757.606149][ T11] bridge_slave_1: left promiscuous mode [ 757.627242][T27242] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 757.640927][T27242] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 757.654736][T27242] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 757.667120][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 757.695749][T27242] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 757.706659][T27242] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 757.719292][T27242] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 757.743074][ T11] bridge_slave_0: left allmulticast mode [ 757.767775][ T11] bridge_slave_0: left promiscuous mode [ 757.788933][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 758.620577][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 758.633954][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 758.644621][ T11] bond0 (unregistering): Released all slaves [ 758.665400][T27263] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 758.749141][ T11] : left promiscuous mode [ 758.946984][T27275] HfR: entered promiscuous mode [ 759.626585][T27241] chnl_net:caif_netlink_parms(): no params data found [ 759.748595][ T55] Bluetooth: hci1: command tx timeout [ 759.961343][T27241] bridge0: port 1(bridge_slave_0) entered blocking state [ 759.977326][T27241] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.984741][T27241] bridge_slave_0: entered allmulticast mode [ 759.997838][T27241] bridge_slave_0: entered promiscuous mode [ 760.086809][T27241] bridge0: port 2(bridge_slave_1) entered blocking state [ 760.094088][T27241] bridge0: port 2(bridge_slave_1) entered disabled state [ 760.136708][T27241] bridge_slave_1: entered allmulticast mode [ 760.154621][T27241] bridge_slave_1: entered promiscuous mode [ 760.311043][T27241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 760.501938][T27241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 760.601021][T27335] vivid-003: ================= START STATUS ================= [ 760.609180][T27335] vivid-003: Radio HW Seek Mode: Bounded [ 760.622198][T27335] vivid-003: Radio Programmable HW Seek: false [ 760.630214][ T11] hsr_slave_0: left promiscuous mode [ 760.636621][ T11] hsr_slave_1: left promiscuous mode [ 760.644023][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 760.652760][T27335] vivid-003: RDS Rx I/O Mode: Block I/O [ 760.659383][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 760.667572][T27335] vivid-003: Generate RBDS Instead of RDS: false [ 760.674202][T27335] vivid-003: RDS Reception: true [ 760.679547][T27335] vivid-003: RDS Program Type: 0 inactive [ 760.686591][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 760.694372][T27335] vivid-003: RDS PS Name: inactive [ 760.699816][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 760.707347][T27335] vivid-003: RDS Radio Text: inactive [ 760.713066][T27335] vivid-003: RDS Traffic Announcement: false inactive [ 760.725869][T27335] vivid-003: RDS Traffic Program: false inactive [ 760.738926][T27335] vivid-003: RDS Music: false inactive [ 760.750714][T27335] vivid-003: ================== END STATUS ================== [ 760.763645][ T11] veth1_macvtap: left promiscuous mode [ 760.769533][ T11] veth0_macvtap: left promiscuous mode [ 760.793213][ T11] veth1_vlan: left promiscuous mode [ 760.798674][ T11] veth0_vlan: left promiscuous mode [ 761.822649][ T55] Bluetooth: hci1: command tx timeout [ 762.047539][ T11] team0 (unregistering): Port device team_slave_1 removed [ 762.171086][ T11] team0 (unregistering): Port device team_slave_0 removed [ 762.927991][T27241] team0: Port device team_slave_0 added [ 762.965408][T27241] team0: Port device team_slave_1 added [ 763.128548][T27241] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 763.152367][T27241] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 763.261209][T27241] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 763.274573][T27241] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 763.283213][T27241] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 763.349790][T27241] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 763.654336][T27241] hsr_slave_0: entered promiscuous mode [ 763.671636][T27241] hsr_slave_1: entered promiscuous mode [ 763.700740][T27241] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 763.724391][T27241] Cannot create hsr debugfs directory [ 763.887108][ T55] Bluetooth: hci1: command tx timeout [ 764.460390][T27241] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 764.512215][T27241] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 764.544237][T27241] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 764.577211][T27241] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 764.870091][T27241] 8021q: adding VLAN 0 to HW filter on device bond0 [ 764.950460][T27241] 8021q: adding VLAN 0 to HW filter on device team0 [ 764.983732][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.990891][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 765.044798][ T2999] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.051989][ T2999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 765.219782][T27241] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 765.795125][T27241] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 765.956231][ T55] Bluetooth: hci1: command tx timeout [ 766.648965][T27241] veth0_vlan: entered promiscuous mode [ 766.711515][T27241] veth1_vlan: entered promiscuous mode [ 766.825065][T27241] veth0_macvtap: entered promiscuous mode [ 766.905559][T27241] veth1_macvtap: entered promiscuous mode [ 766.955549][T27241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.012842][T27241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.062659][T27241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.100156][T27241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.132214][T27241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.163674][T27241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.204045][T27241] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 767.246632][T27241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.283097][T27241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.313674][T27241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.347452][T27241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.377023][T27241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.423794][T27241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.511618][T27241] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 767.564339][T27241] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.606423][T27241] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.634313][T27241] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.657388][T27241] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.920190][ T2999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 767.959030][ T2999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 768.069126][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 768.089209][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 768.411025][T27511] netlink: 18 bytes leftover after parsing attributes in process `syz.4.10044'. [ 768.713407][T27527] netlink: 'syz.4.10047': attribute type 2 has an invalid length. [ 769.955523][T27578] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input43 [ 770.313679][T27593] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10066'. [ 775.514060][T27747] GUP no longer grows the stack in syz.2.10115 (27747): 14000-401000 (4000) [ 775.542132][T27747] CPU: 1 UID: 0 PID: 27747 Comm: syz.2.10115 Tainted: G U 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 775.542185][T27747] Tainted: [U]=USER [ 775.542195][T27747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 775.542214][T27747] Call Trace: [ 775.542223][T27747] [ 775.542236][T27747] dump_stack_lvl+0x16c/0x1f0 [ 775.542297][T27747] gup_vma_lookup+0x1d2/0x220 [ 775.542352][T27747] __get_user_pages+0x236/0x36f0 [ 775.542399][T27747] ? hlock_class+0x4e/0x130 [ 775.542447][T27747] ? __lock_acquire+0x15a9/0x3c40 [ 775.542487][T27747] ? __pfx___get_user_pages+0x10/0x10 [ 775.542539][T27747] __gup_longterm_locked+0x212/0x1870 [ 775.542577][T27747] ? __pfx___lock_acquire+0x10/0x10 [ 775.542625][T27747] ? __pfx___gup_longterm_locked+0x10/0x10 [ 775.542664][T27747] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 775.542714][T27747] ? rwsem_read_trylock+0x12d/0x250 [ 775.542762][T27747] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 775.542809][T27747] ? process_vm_rw_core.constprop.0+0x3ff/0x9c0 [ 775.542863][T27747] pin_user_pages_remote+0xee/0x150 [ 775.542902][T27747] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 775.542938][T27747] ? down_read+0xc9/0x330 [ 775.542987][T27747] process_vm_rw_core.constprop.0+0x42b/0x9c0 [ 775.543041][T27747] ? futex_wait_queue+0x103/0x1f0 [ 775.543093][T27747] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 775.543174][T27747] process_vm_rw+0x301/0x360 [ 775.543221][T27747] ? __pfx_process_vm_rw+0x10/0x10 [ 775.543314][T27747] ? xfd_validate_state+0x5d/0x180 [ 775.543359][T27747] ? rcu_is_watching+0x12/0xc0 [ 775.543412][T27747] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 775.543460][T27747] ? do_syscall_64+0x91/0x250 [ 775.543489][T27747] ? lockdep_hardirqs_on+0x7c/0x110 [ 775.543537][T27747] do_syscall_64+0xcd/0x250 [ 775.543571][T27747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.543617][T27747] RIP: 0033:0x7f284a78cde9 [ 775.543642][T27747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 775.543673][T27747] RSP: 002b:00007f284b581038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 775.543703][T27747] RAX: ffffffffffffffda RBX: 00007f284a9a5fa0 RCX: 00007f284a78cde9 [ 775.543731][T27747] RDX: 0000000000000004 RSI: 0000400000000040 RDI: 0000000000001688 [ 775.543751][T27747] RBP: 00007f284a80e2a0 R08: 0000000000000003 R09: 0000000000000000 [ 775.543769][T27747] R10: 00004000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 775.543789][T27747] R13: 0000000000000000 R14: 00007f284a9a5fa0 R15: 00007ffc9fc57588 [ 775.543831][T27747] [ 776.055361][T27759] ovs9: entered promiscuous mode [ 779.997208][T27870] hugetlbfs: syz.5.10164 (27870): Using mlock ulimits for SHM_HUGETLB is obsolete [ 781.701314][T27903] sctp: [Deprecated]: syz.6.10176 (pid 27903) Use of struct sctp_assoc_value in delayed_ack socket option. [ 781.701314][T27903] Use struct sctp_sack_info instead [ 784.748987][T27985] block nbd0: Unsupported socket: shutdown callout must be supported. [ 785.141930][T27998] kafs: addr_prefs: Invalid Command [ 789.279091][T28127] netlink: 338 bytes leftover after parsing attributes in process `syz.5.10237'. [ 790.598592][T28176] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 790.629340][T28176] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 790.778274][T28182] bridge0: port 3(netdevsim2) entered blocking state [ 790.785200][T28182] bridge0: port 3(netdevsim2) entered disabled state [ 790.801959][T28182] netdevsim netdevsim5 netdevsim2: entered allmulticast mode [ 790.823235][T28182] netdevsim netdevsim5 netdevsim2: entered promiscuous mode [ 790.847415][T28182] bridge0: port 3(netdevsim2) entered blocking state [ 790.854891][T28182] bridge0: port 3(netdevsim2) entered forwarding state [ 791.444037][T28210] kafs: addr_prefs: Invalid Command [ 794.251217][T28295] kafs: addr_prefs: Invalid Command [ 795.217798][T28320] IPVS: length: 150994944 != 25171704 [ 796.166854][T28348] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek 260 [ 828.150424][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 828.166795][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 828.166907][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 830.183990][T29119] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10626'. [ 830.199873][T29119] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 830.228848][T29119] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 830.802472][T29137] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10633'. [ 830.855969][T29133] Invalid ELF header magic: != ELF [ 835.362742][T29260] Invalid ELF header magic: != ELF [ 836.015636][T29281] input: f0?\hՐJL'$d)KLo1oN0ø.m)$cj@qwR=X as /devices/virtual/input/input45 [ 838.020842][T29318] zswap: compressor not available [ 838.636347][T29344] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10717'. [ 839.412692][T29369] netlink: 186 bytes leftover after parsing attributes in process `syz.2.10728'. [ 839.893366][T29380] bridge0: port 4(ipvlan1) entered blocking state [ 839.900137][T29380] bridge0: port 4(ipvlan1) entered disabled state [ 839.918122][T29380] ipvlan1: entered allmulticast mode [ 839.928061][T29380] veth0_vlan: entered allmulticast mode [ 839.939892][T29380] ipvlan1: left allmulticast mode [ 839.953663][T29380] veth0_vlan: left allmulticast mode [ 841.167617][T29375] kexec: Could not allocate control_code_buffer [ 841.860294][T29424] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10749'. [ 844.364858][T29483] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10772'. [ 845.138858][T29501] bridge0: port 3(team0) entered blocking state [ 845.155940][T29501] bridge0: port 3(team0) entered disabled state [ 845.162468][T29501] team0: entered allmulticast mode [ 845.196681][T29501] team_slave_0: entered allmulticast mode [ 845.212728][T29501] team_slave_1: entered allmulticast mode [ 845.238408][T29501] team0: entered promiscuous mode [ 845.243526][T29501] team_slave_0: entered promiscuous mode [ 845.273303][T29501] team_slave_1: entered promiscuous mode [ 845.295834][T29501] bridge0: port 3(team0) entered blocking state [ 845.302258][T29501] bridge0: port 3(team0) entered forwarding state [ 846.408879][T29518] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10788'. [ 847.730117][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 847.730166][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 847.746920][ T55] Bluetooth: hci2: adv larger than maximum supported [ 849.003016][ T29] audit: type=1800 audit(4294967430.118:50): pid=29596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.10828" name="dbroot" dev="configfs" ino=84176 res=0 errno=0 [ 849.052187][T29597] bridge0: port 3(team0) entered blocking state [ 849.064092][T29597] bridge0: port 3(team0) entered disabled state [ 849.070563][T29597] team0: entered allmulticast mode [ 849.080797][T29597] team_slave_0: entered allmulticast mode [ 849.086970][T29597] team_slave_1: entered allmulticast mode [ 849.098079][T29597] team0: entered promiscuous mode [ 849.103343][T29597] team_slave_0: entered promiscuous mode [ 849.109279][T29597] team_slave_1: entered promiscuous mode [ 849.115813][T29597] bridge0: port 3(team0) entered blocking state [ 849.122226][T29597] bridge0: port 3(team0) entered forwarding state [ 851.905392][T29680] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10857'. [ 852.917741][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 852.917789][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 852.934498][ T55] Bluetooth: hci1: adv larger than maximum supported [ 852.934556][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x20 [ 852.941609][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x35 [ 852.948829][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x20 [ 852.957804][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x20 [ 852.965148][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x32 [ 852.972986][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x32 [ 855.270554][T29788] input: f0?\hՐJL'$d)KLo1oN0ø.m)$cj@qwR=X as /devices/virtual/input/input46 [ 855.716581][ T55] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 858.724002][T29895] bridge0: port 4(bond0) entered blocking state [ 858.733860][T29895] bridge0: port 4(bond0) entered disabled state [ 858.751684][T29895] bond0: entered allmulticast mode [ 858.760171][T29895] bond_slave_0: entered allmulticast mode [ 858.773466][T29895] bond_slave_1: entered allmulticast mode [ 858.790504][T29895] bond0: entered promiscuous mode [ 858.803342][T29895] bond_slave_0: entered promiscuous mode [ 858.812987][T29895] bond_slave_1: entered promiscuous mode [ 858.821851][T29895] bridge0: port 4(bond0) entered blocking state [ 858.828324][T29895] bridge0: port 4(bond0) entered forwarding state [ 860.819681][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 860.819730][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 860.835927][ T55] Bluetooth: hci3: adv larger than maximum supported [ 860.835962][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x20 [ 860.845028][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x36 [ 860.854394][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x20 [ 860.861501][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x20 [ 860.869176][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x30 [ 860.876733][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x20 [ 861.129420][T29959] ptrace attach of "./syz-executor exec"[5883] was attempted by ""[29959] [ 862.306494][ T2955] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 862.532158][ T2955] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 862.662935][ T2955] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 863.023226][ T2955] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 863.128920][T27242] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 863.166047][T27242] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 863.179418][T27242] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 863.189517][T27242] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 863.197773][T27242] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 863.205618][T27242] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 863.661573][ T2955] team0: left allmulticast mode [ 863.666697][ T2955] team_slave_0: left allmulticast mode [ 863.676834][ T2955] team_slave_1: left allmulticast mode [ 863.683542][ T2955] team0: left promiscuous mode [ 863.689528][ T2955] team_slave_0: left promiscuous mode [ 863.695256][ T2955] team_slave_1: left promiscuous mode [ 863.701791][ T2955] bridge0: port 3(team0) entered disabled state [ 863.785362][ T2955] bridge_slave_1: left allmulticast mode [ 863.797414][ T2955] bridge_slave_1: left promiscuous mode [ 863.807828][ T2955] bridge0: port 2(bridge_slave_1) entered disabled state [ 863.837743][ T2955] bridge_slave_0: left allmulticast mode [ 863.843460][ T2955] bridge_slave_0: left promiscuous mode [ 863.867355][ T2955] bridge0: port 1(bridge_slave_0) entered disabled state [ 865.299540][T27242] Bluetooth: hci1: command tx timeout [ 865.581811][ T2955] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 865.618392][ T2955] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 865.640909][ T2955] bond0 (unregistering): Released all slaves [ 866.407654][T30000] chnl_net:caif_netlink_parms(): no params data found [ 867.269491][ T2955] hsr_slave_0: left promiscuous mode [ 867.283896][ T2955] hsr_slave_1: left promiscuous mode [ 867.290503][ T2955] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 867.297973][ T2955] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 867.364746][T27242] Bluetooth: hci1: command tx timeout [ 867.379688][ T2955] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 867.387147][ T2955] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 867.545560][ T2955] veth1_macvtap: left promiscuous mode [ 867.579503][ T2955] veth0_macvtap: left promiscuous mode [ 867.585439][ T2955] veth1_vlan: left promiscuous mode [ 867.598184][ T2955] veth0_vlan: left promiscuous mode [ 867.904994][T30118] netlink: 350 bytes leftover after parsing attributes in process `syz.5.11038'. [ 868.282417][T30120] vivid-003: ================= START STATUS ================= [ 868.339427][T30120] vivid-003: Radio HW Seek Mode: Bounded [ 868.360220][T30120] vivid-003: Radio Programmable HW Seek: false [ 868.395749][T30120] vivid-003: RDS Rx I/O Mode: Block I/O [ 868.401412][T30120] vivid-003: Generate RBDS Instead of RDS: false [ 868.491805][T30120] vivid-003: RDS Reception: true [ 868.497833][T30120] vivid-003: RDS Program Type: 0 inactive [ 868.512343][T30120] vivid-003: RDS PS Name: inactive [ 868.555897][T30120] vivid-003: RDS Radio Text: inactive [ 868.568444][T30120] vivid-003: RDS Traffic Announcement: false inactive [ 868.582625][T30120] vivid-003: RDS Traffic Program: false inactive [ 868.599100][T30120] vivid-003: RDS Music: false inactive [ 868.610948][T30120] vivid-003: ================== END STATUS ================== [ 869.433203][T27242] Bluetooth: hci1: command tx timeout [ 869.586020][ T2955] team0 (unregistering): Port device team_slave_1 removed [ 869.666021][ T2955] team0 (unregistering): Port device team_slave_0 removed [ 871.487476][T27242] Bluetooth: hci1: command tx timeout [ 871.808813][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 871.816729][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.842137][T30000] bridge0: port 1(bridge_slave_0) entered blocking state [ 871.849662][T30000] bridge0: port 1(bridge_slave_0) entered disabled state [ 871.865483][T30000] bridge_slave_0: entered allmulticast mode [ 871.888473][T30000] bridge_slave_0: entered promiscuous mode [ 871.952394][T30000] bridge0: port 2(bridge_slave_1) entered blocking state [ 871.963858][T30000] bridge0: port 2(bridge_slave_1) entered disabled state [ 871.979096][T30000] bridge_slave_1: entered allmulticast mode [ 871.990433][T30000] bridge_slave_1: entered promiscuous mode [ 872.199554][T30000] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 872.233076][T30000] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 872.446755][T30000] team0: Port device team_slave_0 added [ 872.485641][T30000] team0: Port device team_slave_1 added [ 872.641887][T30000] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 872.648896][T30000] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 872.689104][T30000] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 872.772046][T30000] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 872.779055][T30000] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 872.844583][T30000] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 873.025957][T30000] hsr_slave_0: entered promiscuous mode [ 873.041027][T30000] hsr_slave_1: entered promiscuous mode [ 873.047329][T30000] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 873.069065][T30000] Cannot create hsr debugfs directory [ 873.675075][T30000] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 873.763879][T30000] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 873.804567][T30000] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 873.856857][T30000] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 874.091741][T30000] 8021q: adding VLAN 0 to HW filter on device bond0 [ 874.162173][T30000] 8021q: adding VLAN 0 to HW filter on device team0 [ 874.200428][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state [ 874.207687][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 874.262522][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state [ 874.269704][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 874.942893][T30000] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 875.673233][T30000] veth0_vlan: entered promiscuous mode [ 875.736032][T30000] veth1_vlan: entered promiscuous mode [ 875.823481][T30000] veth0_macvtap: entered promiscuous mode [ 875.858865][T30000] veth1_macvtap: entered promiscuous mode [ 875.917178][T30000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 875.953125][T30000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 875.993426][T30000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 876.025731][T30000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.063677][T30000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 876.093410][T30000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.111108][T30000] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 876.132016][T30000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 876.173243][T30000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.212746][T30000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 876.247629][T30000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.269567][T30000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 876.302323][T30000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.353235][T30000] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 876.414537][T30000] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 876.441718][T30000] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 876.481327][T30000] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 876.491011][T30000] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 876.836276][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 876.869258][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 876.964791][ T2999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 877.004914][ T2999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 877.839346][T30329] bridge0: port 5(macvlan1) entered blocking state [ 877.892042][T30329] bridge0: port 5(macvlan1) entered disabled state [ 877.915709][T30329] macvlan1: entered allmulticast mode [ 877.921180][T30329] veth1_vlan: entered allmulticast mode [ 877.968924][T30329] macvlan1: entered promiscuous mode [ 877.987688][T30329] bridge0: port 5(macvlan1) entered blocking state [ 877.994451][T30329] bridge0: port 5(macvlan1) entered forwarding state [ 878.044837][T30335] netlink: 28 bytes leftover after parsing attributes in process `syz.7.11099'. [ 883.903678][T30527] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11157'. [ 885.868555][T30551] sctp: [Deprecated]: syz.7.11166 (pid 30551) Use of struct sctp_assoc_value in delayed_ack socket option. [ 885.868555][T30551] Use struct sctp_sack_info instead [ 888.629281][T30622] netlink: 346 bytes leftover after parsing attributes in process `syz.4.11193'. [ 894.947037][T27242] Bluetooth: hci2: ACL packet too small [ 896.560121][T30809] program syz.5.11250 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 902.354093][T30999] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 903.232984][T31032] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 905.916071][T31101] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11340'. [ 907.926245][T31155] netlink: 'syz.5.11365': attribute type 1 has an invalid length. [ 912.434730][T31258] device-mapper: ioctl: device name cannot contain '/' [ 912.702555][T31268] ptrace attach of "./syz-executor exec"[13713] was attempted by "e/%҉{\x22r2@IUZsEx\x0c|Fh샴Kk̒Mڗ'\x1b\x1bys4=ܘ2:\x5c-h+ָ\x5cle̙'N@G ^=e\x0d'9\x0dII辈#a\x0a$Ъ 260 [ 918.648231][T27242] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 918.664118][T27242] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 918.664162][T27242] Bluetooth: hci0: adv larger than maximum supported [ 918.671275][T27242] Bluetooth: hci0: Unknown advertising packet type: 0x7d [ 918.678510][T27242] Bluetooth: hci0: Unknown advertising packet type: 0x7d [ 918.687824][T27242] Bluetooth: hci0: Malformed LE Event: 0x0d [ 919.347309][T31390] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 926.925762][T31551] netlink: 342 bytes leftover after parsing attributes in process `syz.4.11526'. [ 928.144243][T31583] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11539'. [ 931.674664][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 932.514679][T31699] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 932.931057][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.938774][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.562473][ T29] audit: type=1800 audit(4294967516.123:51): pid=31770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.11619" name=03 dev="tmpfs" ino=16293 res=0 errno=0 [ 935.215672][T31793] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 936.456474][T31837] program syz.4.11650 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 938.889853][T31908] netlink: 28 bytes leftover after parsing attributes in process `syz.4.11681'. [ 939.833035][ T29] audit: type=1807 audit(4294967521.420:52): UNKNOWN= [ 939.833307][ T29] audit: type=1802 audit(4294967521.420:53): pid=31938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.4.11694" res=0 errno=0 [ 939.839217][T31936] ima: policy update failed [ 939.924630][ C0] vkms_vblank_simulate: vblank timer overrun [ 940.343089][ T29] audit: type=1802 audit(4294967521.933:54): pid=31936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.11694" res=0 errno=0 [ 948.657103][T32117] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 948.739473][T32117] svc: failed to register nfsdv3 RPC service (errno 111). [ 948.785465][T32117] svc: failed to register nfsaclv3 RPC service (errno 111). [ 951.058277][T32172] input: f0?\hՐJL'$d)KLo1oN0ø.m)$cj@qwR=X as /devices/virtual/input/input47 [ 952.204378][T32205] netlink: 346 bytes leftover after parsing attributes in process `syz.4.11812'. [ 953.667517][T32248] netlink: 8 bytes leftover after parsing attributes in process `syz.7.11831'. [ 954.640662][T32236] kexec: Could not allocate control_code_buffer [ 957.767195][ T3554] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.974717][ T3554] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 958.179007][ T3554] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 958.367709][ T3554] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 958.666629][ T3554] team0: left allmulticast mode [ 958.671567][ T3554] team_slave_0: left allmulticast mode [ 958.696813][ T3554] team_slave_1: left allmulticast mode [ 958.702390][ T3554] team0: left promiscuous mode [ 958.729136][ T3554] team_slave_0: left promiscuous mode [ 958.743782][ T3554] team_slave_1: left promiscuous mode [ 958.752837][ T3554] bridge0: port 3(team0) entered disabled state [ 958.788787][ T3554] bridge_slave_1: left allmulticast mode [ 958.805786][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 958.823040][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 958.840555][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 958.850526][ T3554] bridge_slave_1: left promiscuous mode [ 958.863463][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 958.872734][ T55] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 958.881184][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 958.893322][ T3554] bridge0: port 2(bridge_slave_1) entered disabled state [ 958.973073][ T3554] bridge_slave_0: left allmulticast mode [ 958.983478][ T3554] bridge_slave_0: left promiscuous mode [ 958.992908][ T3554] bridge0: port 1(bridge_slave_0) entered disabled state [ 959.888343][ T3554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 959.911492][ T3554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 959.940427][ T3554] bond0 (unregistering): Released all slaves [ 960.023256][ T3554] nl80211: left promiscuous mode [ 960.689008][T32383] chnl_net:caif_netlink_parms(): no params data found [ 960.943076][ T55] Bluetooth: hci2: command tx timeout [ 961.460967][T32383] bridge0: port 1(bridge_slave_0) entered blocking state [ 961.468160][T32383] bridge0: port 1(bridge_slave_0) entered disabled state [ 961.499704][T32383] bridge_slave_0: entered allmulticast mode [ 961.506901][T32383] bridge_slave_0: entered promiscuous mode [ 961.579583][T32383] bridge0: port 2(bridge_slave_1) entered blocking state [ 961.596890][T32383] bridge0: port 2(bridge_slave_1) entered disabled state [ 961.606616][T32383] bridge_slave_1: entered allmulticast mode [ 961.624657][T32383] bridge_slave_1: entered promiscuous mode [ 961.961308][T32383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 961.981430][T32383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 962.328349][T32383] team0: Port device team_slave_0 added [ 962.481729][T32482] ptrace attach of "./syz-executor exec"[30000] was attempted by "./syz-executor exec"[32482] [ 962.545955][T32383] team0: Port device team_slave_1 added [ 962.903503][T32441] kexec: Could not allocate control_code_buffer [ 962.910489][T32383] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 962.932300][T32383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 962.991600][T32383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 963.012000][ T55] Bluetooth: hci2: command tx timeout [ 963.126128][ T3554] hsr_slave_0: left promiscuous mode [ 963.143822][ T3554] hsr_slave_1: left promiscuous mode [ 963.159307][ T3554] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 963.187825][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 963.228552][ T3554] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 963.247252][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 963.338701][ T3554] veth1_macvtap: left promiscuous mode [ 963.369534][ T3554] veth0_macvtap: left promiscuous mode [ 963.379980][ T3554] veth1_vlan: left promiscuous mode [ 963.385463][ T3554] veth0_vlan: left promiscuous mode [ 964.871180][ T3554] team0 (unregistering): Port device team_slave_1 removed [ 965.047040][ T3554] team0 (unregistering): Port device team_slave_0 removed [ 965.080829][ T55] Bluetooth: hci2: command tx timeout [ 966.858962][T32383] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 966.867622][T32383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 966.903806][T32383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 967.152270][ T55] Bluetooth: hci2: command tx timeout [ 967.226213][T32383] hsr_slave_0: entered promiscuous mode [ 967.242596][T32383] hsr_slave_1: entered promiscuous mode [ 967.291175][T32383] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 967.328949][T32383] Cannot create hsr debugfs directory [ 967.934066][T32383] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 967.978517][T32383] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 968.067686][T32383] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 968.107143][T32383] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 968.407333][T32383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 968.481391][T32383] 8021q: adding VLAN 0 to HW filter on device team0 [ 968.521012][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 968.528192][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 968.576707][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 968.583902][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 968.735611][T32383] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 968.771356][T32383] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 968.927569][T32610] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 969.264941][T32383] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 970.041907][T32383] veth0_vlan: entered promiscuous mode [ 970.092350][T32383] veth1_vlan: entered promiscuous mode [ 970.188606][T32383] veth0_macvtap: entered promiscuous mode [ 970.226523][T32383] veth1_macvtap: entered promiscuous mode [ 970.261985][T32383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 970.287417][T32383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 970.329501][T32383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 970.360681][T32383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 970.392974][T32383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 970.432765][T32383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 970.473834][T32383] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 970.487535][T32383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 970.518881][T32383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 970.546646][T32383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 970.578028][T32383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 970.599532][T32383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 970.621253][T32383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 970.655225][T32383] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 970.706047][T32383] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.734019][T32383] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.771101][T32383] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.810026][T32383] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 971.035732][ T3554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 971.062038][ T3554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 971.125604][ T2955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 971.155491][ T2955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 971.737293][T32682] nbd: socks must be embedded in a SOCK_ITEM attr [ 971.744888][T32682] block nbd0: shutting down sockets [ 973.030332][T32719] netlink: 350 bytes leftover after parsing attributes in process `syz.7.11987'. [ 975.009166][ T312] nbd: socks must be embedded in a SOCK_ITEM attr [ 975.033372][ T312] block nbd0: shutting down sockets [ 977.230484][ T386] netlink: 20 bytes leftover after parsing attributes in process `syz.5.12025'. [ 979.100560][ T392] kexec: Could not allocate control_code_buffer [ 979.389099][ T448] batman_adv: Routing algorithm '0x00060000' is not supported [ 980.473132][ T471] bridge0: port 3(veth0_to_bridge) entered blocking state [ 980.490648][ T471] bridge0: port 3(veth0_to_bridge) entered disabled state [ 980.508771][ T471] veth0_to_bridge: entered allmulticast mode [ 980.519885][ T471] veth0_to_bridge: entered promiscuous mode [ 980.540953][ T471] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 980.570438][ T471] bridge0: port 3(veth0_to_bridge) entered blocking state [ 980.577758][ T471] bridge0: port 3(veth0_to_bridge) entered listening state [ 980.848989][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 980.863926][ C1] bridge0: port 3(veth0_to_bridge) entered blocking state [ 981.257915][ T484] sctp: [Deprecated]: syz.5.12062 (pid 484) Use of int in max_burst socket option deprecated. [ 981.257915][ T484] Use struct sctp_assoc_value instead [ 984.673828][ T581] netlink: 28 bytes leftover after parsing attributes in process `syz.8.12096'. [ 985.373903][ T599] TCP: TCP_TX_DELAY enabled [ 985.740211][ T607] sctp: [Deprecated]: syz.8.12107 (pid 607) Use of int in max_burst socket option deprecated. [ 985.740211][ T607] Use struct sctp_assoc_value instead [ 985.938273][ T55] Bluetooth: hci1: command 0x0406 tx timeout [ 988.219887][ T685] netlink: 280 bytes leftover after parsing attributes in process `syz.4.12133'. [ 988.956895][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 994.054075][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 994.063428][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.639647][ T1009] zswap: compressor not available [ 998.977781][ T1026] loop5: detected capacity change from 0 to 4194304 [ 1000.205940][ T1068] netlink: 74 bytes leftover after parsing attributes in process `syz.8.12233'. [ 1001.079641][ T1093] ICMPv6: process `syz.7.12239' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 1003.677673][ T1164] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12259'. [ 1003.697211][ T1165] netlink: 294 bytes leftover after parsing attributes in process `syz.7.12261'. [ 1007.798163][ T1271] ima: policy update failed [ 1007.819169][ T29] audit: type=1802 audit(4294967589.764:55): pid=1271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.12302" res=0 errno=0 [ 1010.252344][ T1332] netlink: 346 bytes leftover after parsing attributes in process `syz.4.12326'. [ 1011.222312][ T1360] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12337'. [ 1015.152642][ T1443] netlink: 28 bytes leftover after parsing attributes in process `syz.7.12369'. [ 1019.677035][ T1567] netlink: 160 bytes leftover after parsing attributes in process `syz.8.12421'. [ 1020.230483][ T29] audit: type=1800 audit(4294967602.239:56): pid=1588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.12426" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 1021.980620][ T1638] nbd0: detected capacity change from 0 to 68719476736 [ 1022.050646][T32580] block nbd0: Send control failed (result -22) [ 1022.094394][T32580] block nbd0: Request send failed, requeueing [ 1022.115486][T27242] block nbd0: Receive control failed (result -32) [ 1022.137774][ T41] block nbd0: Dead connection, failed to find a fallback [ 1022.149463][ T41] block nbd0: shutting down sockets [ 1022.162801][ T41] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1022.174946][ T41] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1022.184590][T32580] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1022.194648][T32580] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1022.202845][T32580] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1022.232477][T32580] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1022.309841][T32580] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1022.372684][T32580] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1022.380665][T32580] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1022.426685][T32580] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1022.459184][T32580] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1022.494455][T32580] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1022.528032][T32580] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1022.564178][T32580] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1022.588754][T32580] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1022.618920][T32580] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1022.637251][T32580] ldm_validate_partition_table(): Disk read failed. [ 1022.676650][T32580] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1022.695030][T32580] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1022.721109][T32580] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1022.755196][T32580] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1022.767975][ T1660] netlink: 28 bytes leftover after parsing attributes in process `syz.7.12449'. [ 1022.801003][T32580] Dev nbd0: unable to read RDB block 0 [ 1022.820979][T32580] nbd0: unable to read partition table [ 1023.164665][T32580] ldm_validate_partition_table(): Disk read failed. [ 1023.185247][T32580] Dev nbd0: unable to read RDB block 0 [ 1023.209660][T32580] nbd0: unable to read partition table [ 1024.412166][ T1696] sctp: [Deprecated]: syz.4.12465 (pid 1696) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1024.412166][ T1696] Use struct sctp_sack_info instead [ 1025.103934][ T1717] netlink: 342 bytes leftover after parsing attributes in process `syz.4.12472'. [ 1025.125087][ T1717] netlink: 342 bytes leftover after parsing attributes in process `syz.4.12472'. [ 1027.832996][ T1776] qrtr: Invalid version 0 [ 1031.072298][ T1881] netlink: 'syz.7.12542': attribute type 11 has an invalid length. [ 1031.495768][ T1891] nbd1: detected capacity change from 0 to 68719476736 [ 1031.525686][T32580] block nbd1: Send control failed (result -22) [ 1031.559436][T32580] block nbd1: Request send failed, requeueing [ 1031.600406][T27242] block nbd1: Receive control failed (result -32) [ 1031.624155][ T44] block nbd1: Dead connection, failed to find a fallback [ 1031.633353][ T44] block nbd1: shutting down sockets [ 1031.639307][ T44] blk_print_req_error: 24 callbacks suppressed [ 1031.639328][ T44] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.657987][ T44] buffer_io_error: 23 callbacks suppressed [ 1031.658010][ T44] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1031.676247][T32580] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.685731][T32580] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1031.693680][T32580] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.703655][T32580] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1031.712072][T32580] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.722250][T32580] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1031.730872][T32580] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.741196][T32580] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1031.749561][T32580] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.760499][T32580] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1031.768972][T32580] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.779700][T32580] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1031.788314][T32580] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.798077][T32580] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1031.806460][T32580] ldm_validate_partition_table(): Disk read failed. [ 1031.813205][T32580] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.835492][ T1898] tipc: Trying to set illegal importance in message [ 1031.853590][T32580] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1031.861544][T32580] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.886059][ T1900] netlink: 28 bytes leftover after parsing attributes in process `syz.8.12551'. [ 1031.896648][ T1900] veth1_macvtap: left promiscuous mode [ 1031.902251][ T1900] macsec0: entered allmulticast mode [ 1031.922071][T32580] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1031.961479][T32580] Dev nbd1: unable to read RDB block 0 [ 1031.994504][T32580] nbd1: unable to read partition table [ 1032.052557][ T1903] vivid-009: ================= START STATUS ================= [ 1032.053879][T32580] ldm_validate_partition_table(): Disk read failed. [ 1032.082010][ T1903] vivid-009: Enable Output Cropping: true grabbed [ 1032.089432][ T1903] vivid-009: Enable Output Composing: true grabbed [ 1032.117350][ T1903] vivid-009: Enable Output Scaler: true grabbed [ 1032.125736][T32580] Dev nbd1: unable to read RDB block 0 [ 1032.146901][ T1903] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 1032.155574][T32580] nbd1: unable to read partition table [ 1032.174882][ T1903] vivid-009: Transmit Mode: HDMI grabbed [ 1032.196537][ T1903] vivid-009: Hotplug Present: 0x00000000 [ 1032.227213][ T1903] vivid-009: RxSense Present: 0x00000000 [ 1032.245460][ T1903] vivid-009: EDID Present: 0x00000000 [ 1032.268127][ T1903] vivid-009: ================== END STATUS ================== [ 1032.865422][T25177] smpboot: CPU 1 is now offline [ 1032.936521][ T1931] Process accounting resumed [ 1035.764394][ T1984] zswap: compressor not available [ 1039.886183][ T2077] netlink: 8 bytes leftover after parsing attributes in process `syz.7.12621'. [ 1040.354599][ T2087] netlink: 194 bytes leftover after parsing attributes in process `syz.4.12626'. [ 1043.486577][ T2147] sock: sock_timestamping_bind_phc: sock not bind to device [ 1044.561032][ T2164] sg_write: process 966 (syz.7.12656) changed security contexts after opening file descriptor, this is not allowed. [ 1046.998838][ T2197] netlink: 342 bytes leftover after parsing attributes in process `syz.8.12667'. [ 1048.265302][ T2215] netlink: 16 bytes leftover after parsing attributes in process `syz.7.12677'. [ 1053.247616][ T2304] netlink: 'syz.7.12713': attribute type 1 has an invalid length. [ 1055.192266][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.198654][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1057.688542][ T2369] delete_channel: no stack [ 1057.937305][ T2371] svc: failed to register nfsdv3 RPC service (errno 111). [ 1058.033744][ T2371] svc: failed to register nfsaclv3 RPC service (errno 111). [ 1058.918014][ T2386] CIFS: VFS: Invalid SecurityFlags: 0 [ 1058.918014][ T2386] [ 1062.914810][ T2454] Process accounting paused [ 1063.447668][ T2464] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12768'. [ 1064.087219][ T2478] netlink: 342 bytes leftover after parsing attributes in process `syz.4.12773'. [ 1068.130349][ T2560] netlink: 4 bytes leftover after parsing attributes in process `syz.7.12801'. [ 1075.217954][ T2680] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12840'. [ 1075.227536][ T2680] veth1_macvtap: left promiscuous mode [ 1075.378853][ T2680] macsec0: entered allmulticast mode [ 1082.123494][ T2799] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12881'. [ 1082.716903][ T2774] Bluetooth: hci2: command 0x0406 tx timeout [ 1083.371214][ T2828] sd 0:0:1:0: PR command failed: 1026 [ 1083.400266][ T2828] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1083.445225][ T2828] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1083.670828][ T2830] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12890'. [ 1083.876313][ T2830] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1088.117530][ T2925] lo: entered allmulticast mode [ 1088.148819][ T2922] lo: left allmulticast mode [ 1093.277129][ T2998] Process accounting resumed [ 1093.970842][ T3021] nbd: socks must be embedded in a SOCK_ITEM attr [ 1094.020246][ T3021] block nbd4: shutting down sockets [ 1094.123576][ T3024] netlink: 350 bytes leftover after parsing attributes in process `syz.7.12964'. [ 1096.287738][ T3071] netlink: 12 bytes leftover after parsing attributes in process `syz.8.12983'. [ 1096.331674][ T3071] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1098.105744][ T3098] XFS: Clearing xfsstats [ 1099.859205][ T3135] misc userio: No port type given on /dev/userio [ 1100.105004][ T3141] netlink: 342 bytes leftover after parsing attributes in process `syz.8.13009'. [ 1100.745335][ T3156] netlink: 'syz.8.13016': attribute type 1 has an invalid length. [ 1100.799181][ T3156] netlink: 206 bytes leftover after parsing attributes in process `syz.8.13016'. [ 1102.959056][ T3196] qrtr: Invalid version 0 [ 1103.468652][ T3215] CIFS: VFS: Invalid SecurityFlags: 0 [ 1103.468652][ T3215] [ 1106.111143][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 1107.453248][ T3279] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13062'. [ 1108.231290][ T3285] netlink: 28 bytes leftover after parsing attributes in process `syz.8.13067'. [ 1110.297829][ T3317] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13078'. [ 1111.649284][ T3336] nbd: socks must be embedded in a SOCK_ITEM attr [ 1111.723895][ T3336] block nbd4: shutting down sockets [ 1113.467322][ T3362] erspan0: entered allmulticast mode [ 1113.655351][ T3365] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 1114.817429][ T3384] Invalid logical block size (4) [ 1116.307729][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.314354][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.538809][ T3415] Invalid logical block size (4) [ 1122.433836][ T3500] ================================================================== [ 1122.442027][ T3500] BUG: KASAN: slab-use-after-free in idr_for_each+0x252/0x270 [ 1122.449518][ T3500] Read of size 8 at addr ffff88804c69d630 by task syz.7.13151/3500 [ 1122.457589][ T3500] [ 1122.460013][ T3500] CPU: 0 UID: 0 PID: 3500 Comm: syz.7.13151 Tainted: G U 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 1122.460046][ T3500] Tainted: [U]=USER [ 1122.460054][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1122.460069][ T3500] Call Trace: [ 1122.460078][ T3500] [ 1122.460087][ T3500] dump_stack_lvl+0x116/0x1f0 [ 1122.460128][ T3500] print_report+0xc3/0x620 [ 1122.460159][ T3500] ? __virt_addr_valid+0x5e/0x590 [ 1122.460180][ T3500] ? __phys_addr+0xc6/0x150 [ 1122.460219][ T3500] kasan_report+0xd9/0x110 [ 1122.460247][ T3500] ? idr_for_each+0x252/0x270 [ 1122.460284][ T3500] ? idr_for_each+0x252/0x270 [ 1122.460321][ T3500] ? __pfx_shm_try_destroy_orphaned+0x10/0x10 [ 1122.460351][ T3500] idr_for_each+0x252/0x270 [ 1122.460387][ T3500] ? __pfx_idr_for_each+0x10/0x10 [ 1122.460424][ T3500] ? __pfx_down_write+0x10/0x10 [ 1122.460451][ T3500] shm_destroy_orphaned+0x85/0x90 [ 1122.460481][ T3500] proc_ipc_dointvec_minmax_orphans+0xca/0xe0 [ 1122.460518][ T3500] proc_sys_call_handler+0x3c6/0x5a0 [ 1122.460546][ T3500] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1122.460578][ T3500] vfs_write+0x5ae/0x1150 [ 1122.460601][ T3500] ? __pfx_proc_sys_write+0x10/0x10 [ 1122.460627][ T3500] ? __pfx___mutex_lock+0x10/0x10 [ 1122.460648][ T3500] ? __pfx_vfs_write+0x10/0x10 [ 1122.460678][ T3500] ksys_write+0x12b/0x250 [ 1122.460701][ T3500] ? __pfx_ksys_write+0x10/0x10 [ 1122.460728][ T3500] do_syscall_64+0xcd/0x250 [ 1122.460751][ T3500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.460786][ T3500] RIP: 0033:0x7f800658cde9 [ 1122.460803][ T3500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1122.460827][ T3500] RSP: 002b:00007f80073a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1122.460848][ T3500] RAX: ffffffffffffffda RBX: 00007f80067a5fa0 RCX: 00007f800658cde9 [ 1122.460864][ T3500] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1122.460878][ T3500] RBP: 00007f800660e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1122.460893][ T3500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1122.460907][ T3500] R13: 0000000000000000 R14: 00007f80067a5fa0 R15: 00007ffe1b1043b8 [ 1122.460929][ T3500] [ 1122.460936][ T3500] [ 1122.684950][ T3500] Allocated by task 822: [ 1122.689192][ T3500] kasan_save_stack+0x33/0x60 [ 1122.693882][ T3500] kasan_save_track+0x14/0x30 [ 1122.698566][ T3500] __kasan_slab_alloc+0x89/0x90 [ 1122.703439][ T3500] kmem_cache_alloc_noprof+0x1c8/0x3b0 [ 1122.708907][ T3500] radix_tree_node_alloc.constprop.0+0x1e8/0x350 [ 1122.715249][ T3500] idr_get_free+0x528/0xa40 [ 1122.719766][ T3500] idr_alloc_u32+0x191/0x2f0 [ 1122.724375][ T3500] idr_alloc_cyclic+0x10c/0x230 [ 1122.729242][ T3500] ipc_addid+0x697/0x1f50 [ 1122.733581][ T3500] newseg+0x674/0xe60 [ 1122.737571][ T3500] ipcget+0x866/0xd80 [ 1122.741558][ T3500] __x64_sys_shmget+0x13f/0x1b0 [ 1122.746420][ T3500] do_syscall_64+0xcd/0x250 [ 1122.751100][ T3500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.757057][ T3500] [ 1122.759384][ T3500] Freed by task 35: [ 1122.763215][ T3500] kasan_save_stack+0x33/0x60 [ 1122.767923][ T3500] kasan_save_track+0x14/0x30 [ 1122.772625][ T3500] kasan_save_free_info+0x3b/0x60 [ 1122.777675][ T3500] __kasan_slab_free+0x51/0x70 [ 1122.782473][ T3500] kmem_cache_free+0x2e2/0x4d0 [ 1122.787248][ T3500] rcu_core+0x79d/0x14d0 [ 1122.791597][ T3500] handle_softirqs+0x213/0x8f0 [ 1122.796378][ T3500] __irq_exit_rcu+0x109/0x170 [ 1122.801087][ T3500] irq_exit_rcu+0x9/0x30 [ 1122.805343][ T3500] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1122.811044][ T3500] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1122.817060][ T3500] [ 1122.819379][ T3500] Last potentially related work creation: [ 1122.825091][ T3500] kasan_save_stack+0x33/0x60 [ 1122.829778][ T3500] kasan_record_aux_stack+0xb8/0xd0 [ 1122.834998][ T3500] __call_rcu_common.constprop.0+0x9a/0x870 [ 1122.840903][ T3500] delete_node+0x1fc/0x8e0 [ 1122.845334][ T3500] __radix_tree_delete+0x193/0x3d0 [ 1122.850547][ T3500] radix_tree_delete_item+0xeb/0x230 [ 1122.855882][ T3500] ipc_rmid+0x10b/0x3e0 [ 1122.860152][ T3500] shm_destroy+0x2d7/0x6d0 [ 1122.864577][ T3500] shm_try_destroy_orphaned+0x1a8/0x270 [ 1122.870133][ T3500] idr_for_each+0x141/0x270 [ 1122.874664][ T3500] shm_destroy_orphaned+0x85/0x90 [ 1122.879874][ T3500] proc_ipc_dointvec_minmax_orphans+0xca/0xe0 [ 1122.885981][ T3500] proc_sys_call_handler+0x3c6/0x5a0 [ 1122.891294][ T3500] vfs_write+0x5ae/0x1150 [ 1122.895665][ T3500] ksys_write+0x12b/0x250 [ 1122.900015][ T3500] do_syscall_64+0xcd/0x250 [ 1122.904659][ T3500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.910575][ T3500] [ 1122.912897][ T3500] The buggy address belongs to the object at ffff88804c69d600 [ 1122.912897][ T3500] which belongs to the cache radix_tree_node of size 576 [ 1122.927326][ T3500] The buggy address is located 48 bytes inside of [ 1122.927326][ T3500] freed 576-byte region [ffff88804c69d600, ffff88804c69d840) [ 1122.941066][ T3500] [ 1122.943399][ T3500] The buggy address belongs to the physical page: [ 1122.949824][ T3500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c69c [ 1122.958702][ T3500] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1122.967238][ T3500] memcg:ffff888057d9f501 [ 1122.971495][ T3500] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1122.979059][ T3500] page_type: f5(slab) [ 1122.983051][ T3500] raw: 00fff00000000040 ffff88801b04fdc0 dead000000000100 dead000000000122 [ 1122.991663][ T3500] raw: 0000000000000000 0000000000170017 00000000f5000000 ffff888057d9f501 [ 1123.000271][ T3500] head: 00fff00000000040 ffff88801b04fdc0 dead000000000100 dead000000000122 [ 1123.008978][ T3500] head: 0000000000000000 0000000000170017 00000000f5000000 ffff888057d9f501 [ 1123.017694][ T3500] head: 00fff00000000002 ffffea000131a701 ffffffffffffffff 0000000000000000 [ 1123.026389][ T3500] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 1123.035068][ T3500] page dumped because: kasan: bad access detected [ 1123.041501][ T3500] page_owner tracks the page as allocated [ 1123.047239][ T3500] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x52810(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_RECLAIMABLE), pid 31420, tgid 31420 (syz.2.11461), ts 925693014901, free_ts 790119084887 [ 1123.067514][ T3500] post_alloc_hook+0x181/0x1b0 [ 1123.072292][ T3500] get_page_from_freelist+0xfce/0x2f80 [ 1123.077794][ T3500] __alloc_frozen_pages_noprof+0x221/0x2470 [ 1123.083716][ T3500] alloc_pages_mpol+0x1fc/0x540 [ 1123.088580][ T3500] new_slab+0x23d/0x330 [ 1123.092761][ T3500] ___slab_alloc+0xbfa/0x1600 [ 1123.097468][ T3500] __slab_alloc.constprop.0+0x56/0xb0 [ 1123.102853][ T3500] kmem_cache_alloc_lru_noprof+0xf0/0x3b0 [ 1123.108587][ T3500] xas_alloc+0x34f/0x460 [ 1123.112850][ T3500] xas_create+0x72b/0x1460 [ 1123.117277][ T3500] xas_store+0x8b/0x1930 [ 1123.121550][ T3500] shmem_add_to_page_cache+0x66a/0x9b0 [ 1123.127034][ T3500] shmem_alloc_and_add_folio+0x662/0xc10 [ 1123.132713][ T3500] shmem_get_folio_gfp+0x689/0x1530 [ 1123.137939][ T3500] shmem_write_begin+0x161/0x300 [ 1123.142906][ T3500] generic_perform_write+0x2ba/0x920 [ 1123.148224][ T3500] page last free pid 27241 tgid 27241 stack trace: [ 1123.154752][ T3500] free_frozen_pages+0x6db/0xfb0 [ 1123.159696][ T3500] __put_partials+0x14c/0x170 [ 1123.164379][ T3500] qlist_free_all+0x4e/0x120 [ 1123.168977][ T3500] kasan_quarantine_reduce+0x195/0x1e0 [ 1123.174451][ T3500] __kasan_slab_alloc+0x69/0x90 [ 1123.179313][ T3500] kmem_cache_alloc_noprof+0x1c8/0x3b0 [ 1123.184801][ T3500] getname_flags.part.0+0x4c/0x550 [ 1123.189931][ T3500] getname_flags+0x93/0xf0 [ 1123.194437][ T3500] __x64_sys_unlinkat+0xe4/0x130 [ 1123.199385][ T3500] do_syscall_64+0xcd/0x250 [ 1123.203897][ T3500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1123.209807][ T3500] [ 1123.212128][ T3500] Memory state around the buggy address: [ 1123.217768][ T3500] ffff88804c69d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1123.225833][ T3500] ffff88804c69d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1123.234007][ T3500] >ffff88804c69d600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1123.242068][ T3500] ^ [ 1123.247703][ T3500] ffff88804c69d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1123.255767][ T3500] ffff88804c69d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1123.263830][ T3500] ================================================================== [ 1123.407943][ T3497] Process accounting paused SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1125.294910][ T35] gretap0: left allmulticast mode [ 1125.327238][ T35] gretap0: left promiscuous mode [ 1125.332398][ T35] bridge0: port 3(gretap0) entered disabled state [ 1125.421681][ T35] bridge_slave_1: left allmulticast mode [ 1125.430829][ T35] bridge_slave_1: left promiscuous mode [ 1125.436635][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 1125.520694][ T35] bridge_slave_0: left allmulticast mode [ 1125.541790][ T35] bridge_slave_0: left promiscuous mode [ 1125.566139][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 1126.893077][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1126.924827][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1126.962511][ T35] bond0 (unregistering): Released all slaves [ 1127.044218][T29983] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 1127.089650][ T35] ovs9: left promiscuous mode [ 1127.564916][ T3500] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1127.572174][ T3500] CPU: 0 UID: 0 PID: 3500 Comm: syz.7.13151 Tainted: G U 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 1127.584437][ T3500] Tainted: [U]=USER [ 1127.588244][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1127.598312][ T3500] Call Trace: [ 1127.601595][ T3500] [ 1127.604531][ T3500] dump_stack_lvl+0x3d/0x1f0 [ 1127.609152][ T3500] panic+0x71d/0x800 [ 1127.613049][ T3500] ? __pfx_panic+0x10/0x10 [ 1127.617470][ T3500] ? preempt_schedule_thunk+0x1a/0x30 [ 1127.622860][ T3500] ? preempt_schedule_common+0x44/0xc0 [ 1127.628349][ T3500] check_panic_on_warn+0xab/0xb0 [ 1127.633354][ T3500] end_report+0x117/0x180 [ 1127.637742][ T3500] kasan_report+0xe9/0x110 [ 1127.642188][ T3500] ? idr_for_each+0x252/0x270 [ 1127.646925][ T3500] ? idr_for_each+0x252/0x270 [ 1127.651634][ T3500] ? __pfx_shm_try_destroy_orphaned+0x10/0x10 [ 1127.657763][ T3500] idr_for_each+0x252/0x270 [ 1127.662298][ T3500] ? __pfx_idr_for_each+0x10/0x10 [ 1127.667346][ T3500] ? __pfx_down_write+0x10/0x10 [ 1127.672245][ T3500] shm_destroy_orphaned+0x85/0x90 [ 1127.677382][ T3500] proc_ipc_dointvec_minmax_orphans+0xca/0xe0 [ 1127.683471][ T3500] proc_sys_call_handler+0x3c6/0x5a0 [ 1127.688772][ T3500] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1127.694686][ T3500] vfs_write+0x5ae/0x1150 [ 1127.699035][ T3500] ? __pfx_proc_sys_write+0x10/0x10 [ 1127.704237][ T3500] ? __pfx___mutex_lock+0x10/0x10 [ 1127.709267][ T3500] ? __pfx_vfs_write+0x10/0x10 [ 1127.714047][ T3500] ksys_write+0x12b/0x250 [ 1127.718381][ T3500] ? __pfx_ksys_write+0x10/0x10 [ 1127.723254][ T3500] do_syscall_64+0xcd/0x250 [ 1127.727766][ T3500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1127.733677][ T3500] RIP: 0033:0x7f800658cde9 [ 1127.738109][ T3500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1127.757730][ T3500] RSP: 002b:00007f80073a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1127.766163][ T3500] RAX: ffffffffffffffda RBX: 00007f80067a5fa0 RCX: 00007f800658cde9 [ 1127.774140][ T3500] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1127.782118][ T3500] RBP: 00007f800660e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1127.790098][ T3500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1127.798227][ T3500] R13: 0000000000000000 R14: 00007f80067a5fa0 R15: 00007ffe1b1043b8 [ 1127.806248][ T3500] [ 1127.809335][ T3500] Kernel Offset: disabled [ 1127.813669][ T3500] Rebooting in 86400 seconds..