last executing test programs: 16m58.012544314s ago: executing program 32 (id=429): brk$auto(0x7b5900000000) 12m47.894840951s ago: executing program 1 (id=4807): r0 = socket(0x2, 0x80002, 0x73) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x3ff, &(0x7f0000000180)={&(0x7f00000000c0), 0x434b}, 0x9, &(0x7f00000001c0), 0x3ff, 0x24000000}, 0xb6}, 0x2, 0x2) 12m47.705914648s ago: executing program 1 (id=4811): openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(0x3, 0x81484d11, 0x38) 12m47.516376873s ago: executing program 1 (id=4815): openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000b80), 0x80181, 0x0) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x4, 0x5, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x40, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x80080001]}, 0x0, 0x0) 12m47.372764039s ago: executing program 1 (id=4819): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x402, 0x8000) capget$auto(0x0, 0x0) 12m47.213496414s ago: executing program 1 (id=4821): ioperm$auto(0x7, 0x71, 0x863) tkill$auto(0x80000000000001, 0x7) 12m46.661288973s ago: executing program 1 (id=4829): setresuid$auto(0x0, 0x7, 0x8080) shmget$auto(0xa, 0x10563, 0x568d1af2) 12m46.287234743s ago: executing program 33 (id=4829): setresuid$auto(0x0, 0x7, 0x8080) shmget$auto(0xa, 0x10563, 0x568d1af2) 11m24.292938479s ago: executing program 4 (id=5971): openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f0000000600), 0x8000, 0x0) close_range$auto(0x2, 0x8, 0x0) 11m24.026178938s ago: executing program 4 (id=5975): r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/open_files\x00', 0x200, 0x0) read$auto_proc_single_file_operations_base(r0, &(0x7f0000000140)=""/4091, 0xffb) 11m23.886884164s ago: executing program 4 (id=5977): openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cmdline\x00', 0x240, 0x0) lseek$auto(0x3, 0x20000, 0x1) 11m23.645242041s ago: executing program 4 (id=5981): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/pcrypt/pencrypt/serial_cpumask\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000040)='\x01\x00^\xa2\x02\x00\x00\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xb2s\x83\xbd\xc5_%\xc1\xa3\xd0\x95Hq\xf4zG\x01[{\x17\x05I\xe0\xb1d)\x06z8L\xe6&[\xa9X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8a', 0x3) 11m23.42240331s ago: executing program 4 (id=5983): tkill$auto(0x1, 0x7) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79) 11m22.838215618s ago: executing program 4 (id=5990): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/bInterfaceSubClass\x00', 0x400, 0x0) read$auto(r0, &(0x7f0000002440)='&\x00', 0x9) 11m22.412204922s ago: executing program 34 (id=5990): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/bInterfaceSubClass\x00', 0x400, 0x0) read$auto(r0, &(0x7f0000002440)='&\x00', 0x9) 6m19.066124799s ago: executing program 5 (id=10208): timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) exit$auto(0x6) timer_delete$auto(0x0) 6m18.036045733s ago: executing program 5 (id=10225): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x881}, 0x8000) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8) 6m16.581335367s ago: executing program 2 (id=10246): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) ioctl$auto(r0, 0x5646, r0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f0000000080)=""/27, 0x1b) 6m16.092988478s ago: executing program 2 (id=10253): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x109001, 0x0) bpf$auto(0x9, &(0x7f00000000c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x2, 0x5, 0x8007, 0x101, 0xffffffffffffffff, 0x0, 0x9d}, 0x7f) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r0, 0x1, &(0x7f00000000c0)) 6m15.958481146s ago: executing program 2 (id=10256): prctl$auto(0x1000000001c, 0x5, 0x4, 0x8, 0x80002) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) setresuid$auto(0xf5, 0x8000, 0x67) 6m15.772387153s ago: executing program 2 (id=10260): mmap$auto(0x0, 0x2020009, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r0, 0x0, 0x27, 0x0, 0xc) 6m15.644425474s ago: executing program 2 (id=10263): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 6m15.218462042s ago: executing program 2 (id=10268): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x454, 0x9) 6m14.939386034s ago: executing program 35 (id=10268): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x454, 0x9) 6m14.815189288s ago: executing program 5 (id=10273): r0 = socket(0xa, 0x3, 0xff) connect$auto(r0, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_FLUSH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000940)=ANY=[@ANYBLOB='\x00', @ANYRES16, @ANYRESHEX, @ANYRES32], 0x2b04}, 0x1, 0x0, 0x0, 0x1051}, 0x44844) 6m14.614079557s ago: executing program 5 (id=10275): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x2c, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x11e789c}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) 6m14.425269144s ago: executing program 5 (id=10277): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 6m12.526760874s ago: executing program 5 (id=10290): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, &(0x7f0000000000)={0x7fff, 0x7, 0x9, 0x10001, 0x10, 0x6, "20eebb12087f66a453ce234620609b9caedd7f557b50b79cd9ff1819877c6ad09255176c80b5ce074615e9481ebde10e666cea1cb7195b9c4a6db82d136b0bec"}) 6m12.014467937s ago: executing program 36 (id=10290): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, &(0x7f0000000000)={0x7fff, 0x7, 0x9, 0x10001, 0x10, 0x6, "20eebb12087f66a453ce234620609b9caedd7f557b50b79cd9ff1819877c6ad09255176c80b5ce074615e9481ebde10e666cea1cb7195b9c4a6db82d136b0bec"}) 4m33.663762519s ago: executing program 7 (id=10998): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000000c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337", 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x100) 4m33.456379932s ago: executing program 7 (id=10999): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x1b, 0x0) r0 = socket(0xa, 0x801, 0x100) setsockopt$auto(r0, 0x6, 0x2, 0x0, 0xfb3) 4m32.758353925s ago: executing program 7 (id=11008): accept$auto(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fstat$auto(r0, 0x0) 4m32.545406824s ago: executing program 7 (id=11010): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) write$auto(0x3, 0x0, 0x100082) 4m32.384639695s ago: executing program 7 (id=11012): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) tkill$auto(0x80000000000001, 0x7) 4m31.55409728s ago: executing program 7 (id=11018): socket(0xa, 0x6, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000002180)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR32(r0, 0xc0844123, 0x0) 4m31.148629879s ago: executing program 37 (id=11018): socket(0xa, 0x6, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000002180)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR32(r0, 0xc0844123, 0x0) 3m1.071681984s ago: executing program 9 (id=11811): mlockall$auto(0x7) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b46, 0x1) 3m0.864835964s ago: executing program 9 (id=11815): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fcdbdf25140000000c00018008000100", @ANYRES32=r2, @ANYBLOB="080003"], 0x28}, 0x1, 0x0, 0x0, 0x4805}, 0x0) 3m0.7076826s ago: executing program 9 (id=11817): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x40146f2c, 0x0) close_range$auto(0x2, 0x8, 0x0) 3m0.501864125s ago: executing program 9 (id=11820): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mincore$auto(0x0, 0x10000, 0x0) prctl$auto(0x53564d41, 0x0, 0x0, 0xd, 0x3) 3m0.266993096s ago: executing program 9 (id=11822): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xffffffffffff0001, 0x15) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 2m59.27862279s ago: executing program 9 (id=11832): mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/controlC1\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, 0x0) 2m59.025490569s ago: executing program 38 (id=11832): mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/controlC1\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, 0x0) 3.376950397s ago: executing program 0 (id=13223): mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x8}) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x100, 0x0) pread64$auto(r0, 0x0, 0x40000000f42c, 0x2) 3.322697395s ago: executing program 3 (id=13224): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x19, 0x0, 0x0) 3.148949495s ago: executing program 6 (id=13225): mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400028, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) pselect6$auto(0xe6d8, 0x0, 0x0, 0x0, 0x0, 0x0) 3.106717564s ago: executing program 0 (id=13227): mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x5, 0x84) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) getsockopt$auto(r0, 0x84, 0x1d, 0x0, 0x0) 2.864436921s ago: executing program 3 (id=13229): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NBD_CMD_CONNECT(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000009400)={0x30, r0, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x9}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmsg$auto_BATADV_CMD_SET_HARDIF(r1, 0x0, 0xc4) 2.567136294s ago: executing program 8 (id=13230): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x1f53, 0x2000000000002) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4242, 0x0) fanotify_mark$auto(0x0, 0x1, 0x3a, r0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22200, 0x154) 2.325371975s ago: executing program 0 (id=13231): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/security/tomoyo/version\x00', 0x140, 0x0) r0 = epoll_create$auto(0x3e) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) 2.318392837s ago: executing program 3 (id=13232): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mtd0\x00', 0x8080, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x280, 0x0) ioctl$auto(0x3, 0xc0485619, 0x38) 2.222787297s ago: executing program 8 (id=13233): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000040)='/dev/media11\x00', 0x28800, 0x0) ioctl$auto(0x3, 0xc1007c01, 0x38) 1.723688146s ago: executing program 0 (id=13234): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x11, 0x80003, 0x300) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x28, 0x0, 0x808) syz_genetlink_get_family_id$auto_netdev(&(0x7f00000000c0), 0xffffffffffffffff) 1.663745459s ago: executing program 6 (id=13235): close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001) setreuid$auto(0x0, 0xee00) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/security/tomoyo/query\x00', 0x80402, 0x0) write$auto_tomoyo_operations_securityfs_if(r0, &(0x7f00000012c0)='\n', 0x1) 1.640669668s ago: executing program 3 (id=13236): close_range$auto(0x2, 0x8000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29e, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x51, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_enter$auto(r0, 0x9, 0x820e, 0x4, 0x0, 0x18) 1.602349926s ago: executing program 8 (id=13237): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0xa, 0x2, 0x0) socket(0x840000000002, 0x3, 0xff) setsockopt$auto(0x6, 0xff, 0x1, 0xfffffffffffffffc, 0x0) 1.41067354s ago: executing program 6 (id=13238): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x202, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd2/queue/max_sectors_kb\x00', 0x181040, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 1.35288608s ago: executing program 8 (id=13239): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x8, 0x0) chdir$auto(&(0x7f00000001c0)='}[,&*}\x00') pkey_mprotect$auto(0x80000000, 0xffffffffffffacad, 0x7, 0x4) umount2$auto(&(0x7f0000000200)='.\x00', 0x0) 1.166232528s ago: executing program 6 (id=13240): mmap$auto(0x0, 0x401, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x10000, 0x7, 0xc) futex$auto(0x0, 0x7, 0x9, 0x0, 0x0, 0x80000001) 1.136057037s ago: executing program 3 (id=13241): ioperm$auto(0x3, 0xe, 0x2000000000000149) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) clock_nanosleep$auto(0x1, 0x200, &(0x7f0000000140)={0x0, 0x2800000a}, 0x0) 1.084092806s ago: executing program 0 (id=13242): fcntl$auto_F_SETSIG(0xffffffffffffffff, 0xa, 0x0) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PHY_GET(r0, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000000000)={0x14, r1, 0x301, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x2404c012}, 0x80) 1.083512614s ago: executing program 8 (id=13250): mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) sysfs$auto(0x2, 0x17, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) 348.132377ms ago: executing program 0 (id=13243): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/kernel/shm_rmid_forced\x00', 0x141241, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 343.802397ms ago: executing program 6 (id=13252): openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x68182, 0x0) mmap$auto(0x0, 0x8, 0x6, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0xa, 0x0) readv$auto(0x3, &(0x7f0000000000)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) 150.034756ms ago: executing program 3 (id=13244): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013bbc40a8e71953412f0d"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) 26.757921ms ago: executing program 8 (id=13245): openat$auto_generic(0xffffffffffffff9c, &(0x7f0000001500)='/proc/kpagecgroup\x00', 0x101000, 0x0) move_pages$auto(0x1, 0x233, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) keyctl$auto(0x17, 0x4, 0x7fffffffefff, 0x400, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x80000000}, 0x1) 0s ago: executing program 6 (id=13246): mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) pipe2$auto(0x0, 0x80) close_range$auto(0x2, 0x8000, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) ioctl$auto(r0, 0x4004510d, r0) kernel console output (not intermixed with test programs): t 1(bridge_slave_0) entered blocking state [ 462.878182][ T1132] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.949450][ T1132] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.956737][ T1132] bridge0: port 2(bridge_slave_1) entered forwarding state [ 463.515804][T18949] Format for deleting device is "id" (uint). [ 463.631057][T18618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 464.271079][ T29] audit: type=1800 audit(4294967465.165:31): pid=18977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.6141" name="dbroot" dev="configfs" ino=49631 res=0 errno=0 [ 464.284342][T18977] db_root: cannot open: [ 464.398247][T18618] veth0_vlan: entered promiscuous mode [ 464.460072][T18618] veth1_vlan: entered promiscuous mode [ 464.528521][T18618] veth0_macvtap: entered promiscuous mode [ 464.559835][T18618] veth1_macvtap: entered promiscuous mode [ 464.628552][T18618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.665909][T18618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.705929][T18618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.745997][T18618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.776047][T18618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.816571][T18618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.857337][T18618] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 464.890454][T18618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.926453][T18618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.966034][T18618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.016091][T18618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.053797][T18618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.086129][T18618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.117879][T18618] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 465.158122][T18618] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.192475][T18618] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.226272][T18618] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.272061][T18618] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.574172][T18797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.603771][T18797] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.691596][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.729755][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 472.088764][T19266] zram: Added device: zram1 [ 472.935710][T19301] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 481.774034][T19544] : Can't lookup blockdev [ 481.874045][T19548] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6358'. [ 482.598700][T19576] ima: Unable to open file: /suritRy/integrity?iqa/policy (-2) [ 482.601695][T19574] ima: policy update failed [ 482.652578][ T29] audit: type=1802 audit(4294967483.536:32): pid=19574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.6373" res=0 errno=0 [ 483.625360][T19620] ptrace attach of "./syz-executor exec"[6163] was attempted by "./syz-executor exec"[19620] [ 483.836584][T19625] ICMPv6: process `syz.3.6390' is using deprecated sysctl (syscall) net.ipv6.neigh.macsec0.base_reachable_time - use net.ipv6.neigh.macsec0.base_reachable_time_ms instead [ 484.912713][T19671] Setting dangerous option i915.mitigations - tainting kernel [ 489.335075][T19854] Process accounting paused [ 490.454664][T19904] nfs: Unknown parameter 'w`_I+; HY Lu>>uh*C<+ ' [ 491.267758][T19937] usb usb15: usbfs: process 19937 (syz.3.6506) did not claim interface 0 before use [ 494.181011][ T5150] Bluetooth: hci1: command 0x0406 tx timeout [ 496.794933][T20094] kmem.limit_in_bytes is deprecated and will be removed. Writing any value to this file has no effect. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 497.115116][ T29] audit: type=1800 audit(4294967497.998:33): pid=20102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.6584" name="members" dev="configfs" ino=53428 res=0 errno=0 [ 501.801355][T20245] rtc_cmos 00:00: Alarms can be up to one day in the future [ 502.691151][T20284] ptrace attach of "./syz-executor exec"[18618] was attempted by ""[20284] [ 510.234932][ T29] audit: type=1807 audit(4294967511.112:34): UNKNOWN= res=0 [ 510.235605][T20575] ima: policy update failed [ 510.263307][ T29] audit: type=1802 audit(4294967511.112:35): pid=20576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.6765" res=0 errno=0 [ 510.312116][ T29] audit: type=1802 audit(4294967511.132:36): pid=20575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.6765" res=0 errno=0 [ 511.436855][T20622] kAFS: unparsable volume name [ 513.674300][T20699] program syz.5.6826 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 513.700890][T20699] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 515.204884][T20755] usb usb15: usbfs: process 20755 (syz.6.6852) did not claim interface 0 before use [ 515.231649][T20758] synth uevent: /devices/platform/dummy_hcd.3/usb4/ep_00: unknown uevent action string [ 515.250714][T20758] ep_00: uevent: failed to send synthetic uevent: -22 [ 516.369391][T20799] Process accounting resumed [ 520.160117][T20939] ceph: Failed to parse sending metrics switch value 'P^' [ 520.604006][T20959] syz_tun: tun_chr_ioctl cmd 1074025698 [ 524.873617][T21100] program syz.3.7021 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 525.711464][T21132] ubi0: attaching mtd0 [ 525.724928][T21132] ubi0: scanning is finished [ 525.742414][T21132] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 525.972471][T21132] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 526.380915][T21156] usbip-vudc usbip-vudc.0: gadget not bound [ 527.730468][T21201] bcache: register_bcache() error : Not a bcache superblock (bad offset) [ 527.921345][T21206] synth uevent: /devices/virtual/misc/rdma_cm: unknown uevent action string [ 527.937163][T21206] misc rdma_cm: uevent: failed to send synthetic uevent: -22 [ 529.479594][T21259] Process accounting resumed [ 534.031041][ T29] audit: type=1800 audit(4294967534.890:37): pid=21437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.7183" name="members" dev="configfs" ino=56733 res=0 errno=0 [ 537.400955][T21546] kAFS: Invalid Command on /proc/fs/afs/cells file [ 538.112788][T21569] futex_wake_op: syz.6.7246 tries to shift op by 64; fix this program [ 538.886548][T21597] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5) [ 539.740091][T21631] syz_tun: tun_chr_ioctl cmd 35111 [ 542.187068][ T29] audit: type=1400 audit(4294967543.036:38): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=21702 comm="syz.3.7311" [ 544.378198][T21768] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 546.003642][T21835] sg_write: data in/out 2059/169 bytes for SCSI command 0x57-- guessing data in; [ 546.003642][T21835] program syz.6.7354 not setting count and/or reply_len properly [ 550.203152][T22014] ubi13: attaching mtd0 [ 550.207428][T22014] ubi13 error: ubi_attach_mtd_dev: bad VID header (13) or data offsets (77) [ 551.271061][T22057] QAT: Invalid ioctl 21531 [ 551.328932][T22061] block2mtd: device name too long [ 552.102364][T22093] scsi_dev_info_list_add_str: bad dev info string '' '' '' [ 553.996703][T22178] usb usb15: usbfs: process 22178 (syz.2.7482) did not claim interface 0 before use [ 558.973660][T22383] netlink: 'syz.5.7551': attribute type 1 has an invalid length. [ 559.285388][T22395] HSR: entered promiscuous mode [ 562.751789][T22498] HSR: entered promiscuous mode [ 565.383297][T22576] nbd: must specify a device to reconfigure [ 569.166913][T22678] CIFS mount error: No usable UNC path provided in device string! [ 569.166913][T22678] [ 569.188184][T22678] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 569.683982][T22686] HSR: entered promiscuous mode [ 570.944154][T22732] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 570.986164][T22732] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 571.961011][T22766] netlink: 'syz.5.7657': attribute type 11 has an invalid length. [ 571.985456][T22766] netlink: 'syz.5.7657': attribute type 11 has an invalid length. [ 572.196267][T22775] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7660'. [ 573.211589][T22804] openvswitch: netlink: IP tunnel dst address not specified [ 573.746965][T22820] openvswitch: netlink: Missing valid actions attribute. [ 574.339134][T22840] netlink: Conntrack attr type has unexpected length (type=0, length=3, expected=0) [ 576.157837][T22832] Bluetooth: hci0: command 0x0406 tx timeout [ 576.703335][T22890] netlink: del zone limit has 8 unknown bytes [ 576.893552][T22895] netlink: 172 bytes leftover after parsing attributes in process `syz.6.7710'. [ 577.521103][T22912] cifs: Unknown parameter '' [ 577.715697][T22919] tipc: Enabling of bearer rejected, media not registered [ 577.736744][T22921] openvswitch: netlink: nsh attr 160 is out of range max 3 [ 579.680149][T22976] Zero length message leads to an empty skb [ 580.272375][T22998] openvswitch: netlink: Message has 4 unknown bytes. [ 580.444749][T23001] Process accounting resumed [ 582.265061][T23056] netlink: 16 bytes leftover after parsing attributes in process `syz.6.7786'. [ 583.289101][T23071] rnbd_client L213: map_device: Parameters missing [ 585.748825][T23143] netlink: 'syz.3.7823': attribute type 2 has an invalid length. [ 585.963539][T23148] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 586.529853][T23164] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7833'. [ 587.865394][T23217] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 587.904338][T23219] netlink: 306 bytes leftover after parsing attributes in process `syz.5.7860'. [ 592.966440][T23366] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 593.615037][T23393] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 594.800959][T23433] Process accounting resumed [ 597.207127][T23521] Setting dangerous option i915.mitigations - tainting kernel [ 597.442439][T23531] ubi0: attaching mtd0 [ 597.464848][T23531] ubi0: scanning is finished [ 597.469595][T23531] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 597.654555][T23531] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 598.001683][T23541] ima: policy update failed [ 598.022570][ T29] audit: type=1802 audit(4294968621.844:39): pid=23541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.8012" res=0 errno=0 [ 601.653116][T23649] unsupported nla_type 32969 [ 604.509052][T23728] rtc_cmos 00:00: Alarms can be up to one day in the future [ 605.088652][ T6257] rtc_cmos 00:00: Alarms can be up to one day in the future [ 605.099886][ T6257] rtc_cmos 00:00: Alarms can be up to one day in the future [ 605.126418][ T6257] rtc_cmos 00:00: Alarms can be up to one day in the future [ 605.134896][ T6257] rtc_cmos 00:00: Alarms can be up to one day in the future [ 605.168661][ T6257] rtc rtc0: __rtc_set_alarm: err=-22 [ 606.103759][ T6164] Bluetooth: hci3: unexpected event 0x03 length: 725 > 11 [ 606.138897][T23773] random: crng reseeded on system resumption [ 607.303249][T23792] netlink: Unknown conntrack attr (0) [ 607.536508][T23798] netlink: 206 bytes leftover after parsing attributes in process `syz.2.8125'. [ 607.537071][T23796] nbd: couldn't find device at index 33904 [ 608.017938][T23814] delete_channel: no stack [ 608.288059][T23820] netlink: 'syz.2.8135': attribute type 11 has an invalid length. [ 608.296289][T23820] netlink: 'syz.2.8135': attribute type 11 has an invalid length. [ 608.366833][T23820] netlink: 'syz.2.8135': attribute type 11 has an invalid length. [ 608.379115][T23820] netlink: 'syz.2.8135': attribute type 11 has an invalid length. [ 608.627128][T23829] syz_tun: tun_chr_ioctl cmd 2147767519 [ 612.098083][T23923] openvswitch: netlink: IP tunnel dst address not specified [ 612.413479][T23937] openvswitch: netlink: Message has 4 unknown bytes. [ 613.514283][T23968] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 614.188187][T23988] Process accounting resumed [ 614.981803][T24010] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 615.519836][T24026] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 616.582836][T24055] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 616.756344][T24063] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 618.007118][T24101] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8261'. [ 619.635070][T24154] : entered promiscuous mode [ 619.995549][T24169] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 620.019161][T24169] CPU: 1 UID: 0 PID: 24169 Comm: syz.5.8291 Tainted: G U 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 620.019216][T24169] Tainted: [U]=USER [ 620.019226][T24169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 620.019260][T24169] Call Trace: [ 620.019270][T24169] [ 620.019294][T24169] dump_stack_lvl+0x16c/0x1f0 [ 620.019359][T24169] sysfs_warn_dup+0x7f/0xa0 [ 620.019412][T24169] sysfs_do_create_link_sd+0x124/0x140 [ 620.019465][T24169] sysfs_create_link+0x61/0xc0 [ 620.019514][T24169] device_add+0x62e/0x1a70 [ 620.019566][T24169] ? __pfx_device_add+0x10/0x10 [ 620.019609][T24169] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 620.019655][T24169] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 620.019701][T24169] wiphy_register+0x1c7a/0x2860 [ 620.019745][T24169] ? netdev_run_todo+0x877/0x1320 [ 620.019794][T24169] ? __pfx_wiphy_register+0x10/0x10 [ 620.019864][T24169] ieee80211_register_hw+0x23ff/0x3ff0 [ 620.019924][T24169] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 620.019964][T24169] ? net_generic+0xea/0x2a0 [ 620.020017][T24169] ? lockdep_init_map_type+0x16d/0x7d0 [ 620.020083][T24169] ? rcu_is_watching+0x12/0xc0 [ 620.020137][T24169] ? trace_hrtimer_init+0x1a6/0x230 [ 620.020185][T24169] ? __hrtimer_init+0x106/0x2c0 [ 620.020233][T24169] mac80211_hwsim_new_radio+0x2c47/0x56d0 [ 620.020327][T24169] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 620.020387][T24169] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 620.020453][T24169] hwsim_new_radio_nl+0xb42/0x12b0 [ 620.020511][T24169] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 620.020580][T24169] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 620.020639][T24169] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 620.020708][T24169] genl_family_rcv_msg_doit+0x202/0x2f0 [ 620.020764][T24169] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 620.020819][T24169] ? trace_cap_capable+0x1a2/0x210 [ 620.020882][T24169] ? bpf_lsm_capable+0x9/0x10 [ 620.020927][T24169] ? security_capable+0x7e/0x260 [ 620.020980][T24169] ? ns_capable+0xd7/0x110 [ 620.021027][T24169] genl_rcv_msg+0x565/0x800 [ 620.021064][T24169] ? __pfx_genl_rcv_msg+0x10/0x10 [ 620.021098][T24169] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 620.021169][T24169] netlink_rcv_skb+0x165/0x410 [ 620.021218][T24169] ? __pfx_genl_rcv_msg+0x10/0x10 [ 620.021254][T24169] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 620.021331][T24169] ? down_read+0xc9/0x330 [ 620.021367][T24169] ? __pfx_down_read+0x10/0x10 [ 620.021403][T24169] ? netlink_deliver_tap+0x1ae/0xca0 [ 620.021456][T24169] genl_rcv+0x28/0x40 [ 620.021505][T24169] netlink_unicast+0x53c/0x7f0 [ 620.021559][T24169] ? __pfx_netlink_unicast+0x10/0x10 [ 620.021609][T24169] ? __phys_addr_symbol+0x30/0x80 [ 620.021660][T24169] ? __check_object_size+0x488/0x710 [ 620.021710][T24169] netlink_sendmsg+0x8b8/0xd70 [ 620.021766][T24169] ? __pfx_netlink_sendmsg+0x10/0x10 [ 620.021832][T24169] ____sys_sendmsg+0x9ae/0xb40 [ 620.021880][T24169] ? copy_msghdr_from_user+0x10b/0x160 [ 620.021915][T24169] ? __pfx_____sys_sendmsg+0x10/0x10 [ 620.021983][T24169] ___sys_sendmsg+0x135/0x1e0 [ 620.022021][T24169] ? __pfx____sys_sendmsg+0x10/0x10 [ 620.022077][T24169] ? __pfx_lock_release+0x10/0x10 [ 620.022116][T24169] ? trace_lock_acquire+0x14e/0x1f0 [ 620.022163][T24169] ? __fget_files+0x206/0x3a0 [ 620.022211][T24169] __sys_sendmsg+0x16e/0x220 [ 620.022248][T24169] ? __pfx___sys_sendmsg+0x10/0x10 [ 620.022282][T24169] ? __x64_sys_futex+0x1e1/0x4c0 [ 620.022353][T24169] do_syscall_64+0xcd/0x250 [ 620.022390][T24169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.022437][T24169] RIP: 0033:0x7fd4f938cde9 [ 620.022464][T24169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.022496][T24169] RSP: 002b:00007fd4fa158038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 620.022528][T24169] RAX: ffffffffffffffda RBX: 00007fd4f95a5fa0 RCX: 00007fd4f938cde9 [ 620.022551][T24169] RDX: 0000000004000800 RSI: 00004000000000c0 RDI: 0000000000000003 [ 620.022570][T24169] RBP: 00007fd4f940e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 620.022589][T24169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 620.022607][T24169] R13: 0000000000000000 R14: 00007fd4f95a5fa0 R15: 00007ffdb80a9c28 [ 620.022649][T24169] [ 620.845116][ T6164] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 620.852848][ T6164] Bluetooth: hci1: Invalid handle: 0x1e1a > 0x0eff [ 622.557591][T24245] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 622.575408][T24245] CPU: 1 UID: 0 PID: 24245 Comm: syz.3.8325 Tainted: G U 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 622.575468][T24245] Tainted: [U]=USER [ 622.575479][T24245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 622.575500][T24245] Call Trace: [ 622.575510][T24245] [ 622.575524][T24245] dump_stack_lvl+0x16c/0x1f0 [ 622.575591][T24245] sysfs_warn_dup+0x7f/0xa0 [ 622.575648][T24245] sysfs_do_create_link_sd+0x124/0x140 [ 622.575706][T24245] sysfs_create_link+0x61/0xc0 [ 622.575759][T24245] device_add+0x62e/0x1a70 [ 622.575817][T24245] ? __pfx_device_add+0x10/0x10 [ 622.575862][T24245] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 622.575912][T24245] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 622.575976][T24245] wiphy_register+0x1c7a/0x2860 [ 622.576025][T24245] ? netdev_run_todo+0x877/0x1320 [ 622.576077][T24245] ? __pfx_wiphy_register+0x10/0x10 [ 622.576143][T24245] ieee80211_register_hw+0x23ff/0x3ff0 [ 622.576204][T24245] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 622.576242][T24245] ? net_generic+0xea/0x2a0 [ 622.576392][T24245] ? lockdep_init_map_type+0x16d/0x7d0 [ 622.576445][T24245] ? rcu_is_watching+0x12/0xc0 [ 622.576499][T24245] ? trace_hrtimer_init+0x1a6/0x230 [ 622.576545][T24245] ? __hrtimer_init+0x106/0x2c0 [ 622.576595][T24245] mac80211_hwsim_new_radio+0x2c47/0x56d0 [ 622.576679][T24245] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 622.576738][T24245] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 622.576804][T24245] hwsim_new_radio_nl+0xb42/0x12b0 [ 622.576865][T24245] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 622.576944][T24245] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 622.577013][T24245] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 622.577083][T24245] genl_family_rcv_msg_doit+0x202/0x2f0 [ 622.577144][T24245] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 622.577202][T24245] ? trace_cap_capable+0x1a2/0x210 [ 622.577271][T24245] ? bpf_lsm_capable+0x9/0x10 [ 622.577321][T24245] ? security_capable+0x7e/0x260 [ 622.577376][T24245] ? ns_capable+0xd7/0x110 [ 622.577426][T24245] genl_rcv_msg+0x565/0x800 [ 622.577465][T24245] ? __pfx_genl_rcv_msg+0x10/0x10 [ 622.577503][T24245] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 622.577575][T24245] netlink_rcv_skb+0x165/0x410 [ 622.577629][T24245] ? __pfx_genl_rcv_msg+0x10/0x10 [ 622.577666][T24245] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 622.577734][T24245] ? down_read+0xc9/0x330 [ 622.577770][T24245] ? __pfx_down_read+0x10/0x10 [ 622.577808][T24245] ? netlink_deliver_tap+0x1ae/0xca0 [ 622.577861][T24245] genl_rcv+0x28/0x40 [ 622.577910][T24245] netlink_unicast+0x53c/0x7f0 [ 622.578029][T24245] ? __pfx_netlink_unicast+0x10/0x10 [ 622.578087][T24245] ? __phys_addr_symbol+0x30/0x80 [ 622.578146][T24245] ? __check_object_size+0x488/0x710 [ 622.578198][T24245] netlink_sendmsg+0x8b8/0xd70 [ 622.578257][T24245] ? __pfx_netlink_sendmsg+0x10/0x10 [ 622.578326][T24245] ____sys_sendmsg+0x9ae/0xb40 [ 622.578373][T24245] ? copy_msghdr_from_user+0x10b/0x160 [ 622.578410][T24245] ? __pfx_____sys_sendmsg+0x10/0x10 [ 622.578482][T24245] ___sys_sendmsg+0x135/0x1e0 [ 622.578522][T24245] ? __pfx____sys_sendmsg+0x10/0x10 [ 622.578579][T24245] ? __pfx_lock_release+0x10/0x10 [ 622.578619][T24245] ? trace_lock_acquire+0x14e/0x1f0 [ 622.578668][T24245] ? __fget_files+0x206/0x3a0 [ 622.578718][T24245] __sys_sendmsg+0x16e/0x220 [ 622.578757][T24245] ? __pfx___sys_sendmsg+0x10/0x10 [ 622.578792][T24245] ? __x64_sys_futex+0x1e1/0x4c0 [ 622.578853][T24245] do_syscall_64+0xcd/0x250 [ 622.578890][T24245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.578951][T24245] RIP: 0033:0x7f69c138cde9 [ 622.578980][T24245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.579015][T24245] RSP: 002b:00007f69c2136038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 622.579049][T24245] RAX: ffffffffffffffda RBX: 00007f69c15a5fa0 RCX: 00007f69c138cde9 [ 622.579071][T24245] RDX: 0000000004000800 RSI: 00004000000000c0 RDI: 0000000000000003 [ 622.579090][T24245] RBP: 00007f69c140e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 622.579109][T24245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 622.579127][T24245] R13: 0000000000000000 R14: 00007f69c15a5fa0 R15: 00007ffe736c5288 [ 622.579171][T24245] [ 624.359190][T24282] netlink: 'syz.6.8338': attribute type 1 has an invalid length. [ 625.871955][T24326] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8359'. [ 626.498070][T24346] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 627.450309][T24377] netlink: zone id is out of range [ 627.472200][T24377] netlink: set zone limit has 4 unknown bytes [ 631.351912][T24512] openvswitch: netlink: IP tunnel dst address not specified [ 631.587051][T22832] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 631.587190][T22832] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 634.121782][T24608] delete_channel: no stack [ 634.295807][T24614] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8497'. [ 635.200628][T24645] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8509'. [ 635.504384][T24648] rnbd_client L213: map_device: Parameters missing [ 635.954895][T22832] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 635.992313][ T29] audit: type=1800 audit(4294967311.439:40): pid=24671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.8520" name="discovery_nqn" dev="configfs" ino=66419 res=0 errno=0 [ 636.612945][T24683] netlink: 'syz.2.8525': attribute type 1 has an invalid length. [ 637.593706][T24717] openvswitch: netlink: Flow actions attr not present in new flow. [ 637.787803][T24723] netlink: 'syz.3.8542': attribute type 10 has an invalid length. [ 638.463970][T24746] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8551'. [ 638.719328][T24755] netlink: 'syz.2.8556': attribute type 1 has an invalid length. [ 639.047875][T24768] openvswitch: netlink: Message has 4 unknown bytes. [ 639.170174][T24773] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 640.098686][T24807] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(4.128.1), cmd(5) [ 640.140312][T24808] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 640.147883][T24808] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 641.513654][T24852] netlink: 'syz.6.8597': attribute type 11 has an invalid length. [ 643.513885][T24854] kexec: Could not allocate control_code_buffer [ 644.638529][T24923] netlink: 'syz.5.8630': attribute type 1 has an invalid length. [ 647.734427][T25004] netlink: 'syz.3.8668': attribute type 2 has an invalid length. [ 648.283535][T25023] netlink: 'syz.2.8675': attribute type 1 has an invalid length. [ 649.523247][T25046] could not allocate digest TFM handle [ 649.862568][T25050] could not allocate digest TFM handle [ 651.232102][T25113] openvswitch: netlink: Multiple metadata blocks provided [ 651.555401][T25125] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 651.561930][T25125] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 651.772960][T25131] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 652.075198][T25141] openvswitch: netlink: VXLAN extension 64 out of range max 1 [ 654.258486][ T29] audit: type=1800 audit(4294967329.709:41): pid=25220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.8765" name="SYSV00000014" dev="hugetlbfs" ino=0 res=0 errno=0 [ 655.922057][T25279] netlink: 'syz.3.8793': attribute type 1 has an invalid length. [ 658.386506][T25355] netlink: get zone limit has 4 unknown bytes [ 658.396255][T25356] batman_adv: Routing algorithm '' is not supported [ 659.508412][T25396] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8846'. [ 660.062118][T25408] MTRR 1 not used [ 662.747249][T25486] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8884'. [ 664.039422][T25528] openvswitch: netlink: IP tunnel dst address not specified [ 664.147489][T25532] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8904'. [ 664.671884][T25549] openvswitch: netlink: Key type 29 is not supported [ 665.035211][T25564] netlink: 'syz.2.8919': attribute type 2 has an invalid length. [ 667.313845][T25646] openvswitch: netlink: Duplicate key (type 15). [ 669.803709][T25730] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 669.994901][T25737] netlink: get zone limit has 8 unknown bytes [ 670.344614][T25747] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 670.835636][T25771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 672.117090][T25820] netlink: get zone limit has 8 unknown bytes [ 677.843702][T25999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 677.882741][T25999] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 677.923879][T25999] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 677.966732][T25999] page_type: f5(slab) [ 677.984305][T25999] raw: 00fff00000000040 ffff88814040aa00 dead000000000122 0000000000000000 [ 678.024041][T25999] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 678.074909][T25999] head: 00fff00000000040 ffff88814040aa00 dead000000000122 0000000000000000 [ 678.181643][T25999] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 678.205607][T25999] head: 00fff00000000002 ffffea0001ff8001 ffffffffffffffff 0000000000000000 [ 678.239822][T25999] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 678.276421][T25999] page dumped because: unmovable page [ 678.281916][T25999] page_owner tracks the page as allocated [ 678.314654][T25999] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5225, tgid 5225 (udevadm), ts 40393417546, free_ts 34772152509 [ 678.404506][T25999] post_alloc_hook+0x181/0x1b0 [ 678.415610][T25999] get_page_from_freelist+0xfce/0x2f80 [ 678.428398][T25999] __alloc_frozen_pages_noprof+0x221/0x2470 [ 678.443681][T25999] alloc_pages_mpol+0x1fc/0x540 [ 678.471098][T25999] new_slab+0x23d/0x330 [ 678.492502][T25999] ___slab_alloc+0xbfa/0x1600 [ 678.524233][T25999] __slab_alloc.constprop.0+0x56/0xb0 [ 678.763507][T25999] kmem_cache_alloc_lru_noprof+0xf0/0x3b0 [ 678.794107][T25999] alloc_inode+0xbf/0x230 [ 678.798661][T25999] iget_locked+0x2ee/0x8a0 [ 678.803184][T25999] kernfs_get_inode+0x48/0x460 [ 678.861299][T25999] kernfs_iop_lookup+0x1ec/0x330 [ 678.905415][T25999] __lookup_slow+0x24f/0x470 [ 678.910164][T25999] walk_component+0x350/0x5b0 [ 678.961849][T25999] link_path_walk.part.0.constprop.0+0x669/0xd40 [ 678.984341][T25999] path_lookupat+0x93/0x770 [ 678.988990][T25999] page last free pid 1 tgid 1 stack trace: [ 679.034269][T25999] free_frozen_pages+0x6db/0xfb0 [ 679.039687][T25999] free_contig_range+0x133/0x3f0 [ 679.200476][T25999] destroy_args+0x66f/0x830 [ 679.205810][ T29] audit: type=1800 audit(4294967354.649:42): pid=26032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.9132" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 679.226292][T25999] debug_vm_pgtable+0x149c/0x2f20 [ 679.231422][T25999] do_one_initcall+0x128/0x630 [ 679.295585][T25999] kernel_init_freeable+0x58f/0x8b0 [ 679.300916][T25999] kernel_init+0x1c/0x2b0 [ 679.334368][T25999] ret_from_fork+0x45/0x80 [ 679.354308][T25999] ret_from_fork_asm+0x1a/0x30 [ 680.557800][T26067] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 681.163590][T26084] netlink: 'syz.2.9155': attribute type 1 has an invalid length. [ 682.110606][T26113] openvswitch: netlink: Flow key attr not present in new flow. [ 683.169580][T26139] netlink: 206 bytes leftover after parsing attributes in process `syz.5.9178'. [ 684.246229][T26170] sd 0:0:1:0: PR command failed: 1026 [ 684.251755][T26170] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 684.264319][T26170] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 684.548450][T26177] netlink: 'syz.2.9197': attribute type 4 has an invalid length. [ 686.906531][T26233] svc: failed to register nfsdv3 RPC service (errno 111). [ 686.943383][T26233] svc: failed to register nfsaclv3 RPC service (errno 111). [ 687.436631][T26248] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 692.282660][T26403] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 693.510864][T26446] Process accounting resumed [ 694.233955][T26469] svc: failed to register nfsdv3 RPC service (errno 111). [ 694.250517][T26469] svc: failed to register nfsaclv3 RPC service (errno 111). [ 695.523168][T26520] netlink: 5 bytes leftover after parsing attributes in process `syz.5.9354'. [ 695.994446][T26536] svc: failed to register nfsdv3 RPC service (errno 111). [ 696.023258][T26536] svc: failed to register nfsaclv3 RPC service (errno 111). [ 698.118027][T26615] openvswitch: netlink: nsh attr 1 has unexpected len 14 expected 8 [ 698.480387][T26631] netlink: ct family unspecified [ 698.776748][T26643] svc: failed to register nfsdv3 RPC service (errno 111). [ 698.802726][T26643] svc: failed to register nfsaclv3 RPC service (errno 111). [ 699.561735][T26671] svc: failed to register nfsdv3 RPC service (errno 111). [ 699.577178][T26671] svc: failed to register nfsaclv3 RPC service (errno 111). [ 699.699014][T26677] openvswitch: netlink: Flow key attribute not present in set flow. [ 700.508503][T26707] svc: failed to register nfsdv3 RPC service (errno 111). [ 700.525840][T26707] svc: failed to register nfsaclv3 RPC service (errno 111). [ 701.284625][T26716] netlink: 'syz.3.9447': attribute type 1 has an invalid length. [ 702.401901][T26756] netlink: 5 bytes leftover after parsing attributes in process `syz.3.9466'. [ 702.708009][T26764] netlink: 'syz.3.9469': attribute type 2 has an invalid length. [ 703.162069][T26780] netlink: 'syz.5.9478': attribute type 1 has an invalid length. [ 703.397418][T26790] netlink: 'syz.5.9482': attribute type 2 has an invalid length. [ 704.254469][T26813] openvswitch: netlink: Duplicate or invalid key (type 1). [ 704.841506][T26833] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 705.645535][T26860] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 705.664072][T26863] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9517'. [ 707.551386][T26907] svc: failed to register nfsdv3 RPC service (errno 111). [ 707.568026][T26907] svc: failed to register nfsaclv3 RPC service (errno 111). [ 707.638889][T26913] openvswitch: netlink: nsh attribute has 2 unknown bytes. [ 710.398424][T26986] Process accounting resumed [ 711.582443][T27020] openvswitch: HSR: Dropping previously announced user features [ 712.728155][T27050] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 712.749258][T27050] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 713.138024][T27062] sctp: [Deprecated]: syz.3.9604 (pid 27062) Use of int in max_burst socket option deprecated. [ 713.138024][T27062] Use struct sctp_assoc_value instead [ 714.708286][T27109] openvswitch: netlink: Key 23 has unexpected len 16 expected 2 [ 714.916003][T27117] netlink: 'syz.3.9629': attribute type 1 has an invalid length. [ 715.223411][T22832] Bluetooth: hci2: unexpected event 0x14 length: 18 > 6 [ 716.354947][T27167] netlink: 28 bytes leftover after parsing attributes in process `syz.6.9651'. [ 716.944419][T27186] syz_tun: tun_chr_ioctl cmd 1074025684 [ 718.423133][T27235] netlink: 'syz.6.9685': attribute type 1 has an invalid length. [ 718.855299][T27249] zero sized request [ 719.712316][T27282] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 720.849714][T27326] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 725.051206][T27446] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 725.162376][T27448] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 725.219936][T27448] CPU: 0 UID: 0 PID: 27448 Comm: syz.6.9784 Tainted: G U 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 725.219994][T27448] Tainted: [U]=USER [ 725.220005][T27448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 725.220027][T27448] Call Trace: [ 725.220036][T27448] [ 725.220049][T27448] dump_stack_lvl+0x16c/0x1f0 [ 725.220113][T27448] sysfs_warn_dup+0x7f/0xa0 [ 725.220164][T27448] sysfs_do_create_link_sd+0x124/0x140 [ 725.220220][T27448] sysfs_create_link+0x61/0xc0 [ 725.220270][T27448] device_add+0x62e/0x1a70 [ 725.220320][T27448] ? __pfx_device_add+0x10/0x10 [ 725.220363][T27448] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 725.220411][T27448] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 725.220458][T27448] wiphy_register+0x1c7a/0x2860 [ 725.220502][T27448] ? netdev_run_todo+0x877/0x1320 [ 725.220552][T27448] ? __pfx_wiphy_register+0x10/0x10 [ 725.220619][T27448] ieee80211_register_hw+0x23ff/0x3ff0 [ 725.220679][T27448] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 725.220725][T27448] ? net_generic+0xea/0x2a0 [ 725.220774][T27448] ? lockdep_init_map_type+0x16d/0x7d0 [ 725.220814][T27448] ? rcu_is_watching+0x12/0xc0 [ 725.220856][T27448] ? trace_hrtimer_init+0x1a6/0x230 [ 725.220892][T27448] ? __hrtimer_init+0x106/0x2c0 [ 725.220931][T27448] mac80211_hwsim_new_radio+0x2c47/0x56d0 [ 725.221002][T27448] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 725.221070][T27448] hwsim_new_radio_nl+0xb42/0x12b0 [ 725.221128][T27448] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 725.221192][T27448] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 725.221248][T27448] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 725.221310][T27448] genl_family_rcv_msg_doit+0x202/0x2f0 [ 725.221364][T27448] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 725.221415][T27448] ? trace_cap_capable+0x1a2/0x210 [ 725.221480][T27448] ? bpf_lsm_capable+0x9/0x10 [ 725.221528][T27448] ? security_capable+0x7e/0x260 [ 725.221580][T27448] ? ns_capable+0xd7/0x110 [ 725.221626][T27448] genl_rcv_msg+0x565/0x800 [ 725.221663][T27448] ? __pfx_genl_rcv_msg+0x10/0x10 [ 725.221704][T27448] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 725.221767][T27448] netlink_rcv_skb+0x165/0x410 [ 725.221809][T27448] ? __pfx_genl_rcv_msg+0x10/0x10 [ 725.221838][T27448] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 725.221894][T27448] ? down_read+0xc9/0x330 [ 725.221922][T27448] ? __pfx_down_read+0x10/0x10 [ 725.221951][T27448] ? netlink_deliver_tap+0x1ae/0xca0 [ 725.221996][T27448] genl_rcv+0x28/0x40 [ 725.222036][T27448] netlink_unicast+0x53c/0x7f0 [ 725.222081][T27448] ? __pfx_netlink_unicast+0x10/0x10 [ 725.222125][T27448] ? __phys_addr_symbol+0x30/0x80 [ 725.222176][T27448] ? __check_object_size+0x488/0x710 [ 725.222226][T27448] netlink_sendmsg+0x8b8/0xd70 [ 725.222282][T27448] ? __pfx_netlink_sendmsg+0x10/0x10 [ 725.222347][T27448] ____sys_sendmsg+0x9ae/0xb40 [ 725.222394][T27448] ? copy_msghdr_from_user+0x10b/0x160 [ 725.222430][T27448] ? __pfx_____sys_sendmsg+0x10/0x10 [ 725.222498][T27448] ___sys_sendmsg+0x135/0x1e0 [ 725.222538][T27448] ? __pfx____sys_sendmsg+0x10/0x10 [ 725.222591][T27448] ? __pfx_lock_release+0x10/0x10 [ 725.222631][T27448] ? trace_lock_acquire+0x14e/0x1f0 [ 725.222678][T27448] ? __fget_files+0x206/0x3a0 [ 725.222741][T27448] __sys_sendmsg+0x16e/0x220 [ 725.222781][T27448] ? __pfx___sys_sendmsg+0x10/0x10 [ 725.222820][T27448] ? __x64_sys_futex+0x1e1/0x4c0 [ 725.222882][T27448] do_syscall_64+0xcd/0x250 [ 725.222919][T27448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.222970][T27448] RIP: 0033:0x7f38f438cde9 [ 725.222997][T27448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 725.223030][T27448] RSP: 002b:00007f38f51db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 725.223061][T27448] RAX: ffffffffffffffda RBX: 00007f38f45a5fa0 RCX: 00007f38f438cde9 [ 725.223083][T27448] RDX: 0000000004000800 RSI: 00004000000000c0 RDI: 0000000000000003 [ 725.223104][T27448] RBP: 00007f38f440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 725.223123][T27448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 725.223143][T27448] R13: 0000000000000000 R14: 00007f38f45a5fa0 R15: 00007ffe3954de08 [ 725.223185][T27448] [ 726.333526][ T29] audit: type=1804 audit(4294967307.460:43): pid=27466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.9792" name="/newroot/2422/file0" dev="tmpfs" ino=12170 res=1 errno=0 [ 726.392114][ T29] audit: type=1800 audit(4294967307.490:44): pid=27466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.9792" name="file0" dev="tmpfs" ino=12170 res=0 errno=0 [ 726.817150][T27484] nbd: illegal input index -33554433 [ 728.980968][T27550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9831'. [ 729.541019][T27570] nl80211: entered promiscuous mode [ 729.870668][T27583] .SR: entered promiscuous mode [ 730.068399][T27587] svc: failed to register nfsdv3 RPC service (errno 111). [ 730.094848][T27587] svc: failed to register nfsaclv3 RPC service (errno 111). [ 730.539518][T27601] nl80211: entered promiscuous mode [ 730.893415][T27613] MTRR 1 not used [ 731.021574][T27618] openvswitch: netlink: Key type 261 is out of range max 32 [ 732.297420][T27658] netlink: 'syz.5.9880': attribute type 1 has an invalid length. [ 734.634596][T27722] svc: failed to register nfsdv3 RPC service (errno 111). [ 734.676836][T27722] svc: failed to register nfsaclv3 RPC service (errno 111). [ 736.907147][T27788] sd 0:0:1:0: PR command failed: 1026 [ 736.912689][T27788] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 736.924756][T27788] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 739.120811][T27838] openvswitch: netlink: IP tunnel TTL not specified. [ 739.581179][T27852] sctp: [Deprecated]: syz.3.9965 (pid 27852) Use of int in maxseg socket option. [ 739.581179][T27852] Use struct sctp_assoc_value instead [ 740.085005][T27875] openvswitch: netlink: IP tunnel dst address not specified [ 740.644537][T27893] nbd: must specify an index to disconnect [ 740.749630][T27898] openvswitch: netlink: IPv6 tunnel dst address is zero [ 741.275437][ T29] audit: type=1800 audit(4294967322.400:45): pid=27913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.9992" name="members" dev="configfs" ino=78940 res=0 errno=0 [ 741.567219][T27920] openvswitch: netlink: Missing valid actions attribute. [ 743.744881][T27985] netlink: 12 bytes leftover after parsing attributes in process `syz.5.10027'. [ 746.780685][T28101] openvswitch: netlink: IPv4 tunnel dst address is zero [ 749.870071][T28213] netlink: 'syz.6.10132': attribute type 1 has an invalid length. [ 750.614551][T28241] netlink: zone id is out of range [ 750.643542][T28241] netlink: zone id is out of range [ 750.663288][T28241] netlink: zone id is out of range [ 750.680374][T28241] netlink: zone id is out of range [ 750.704313][T28241] netlink: zone id is out of range [ 750.719985][T28241] netlink: zone id is out of range [ 750.750225][T28241] netlink: zone id is out of range [ 750.774215][T28241] netlink: zone id is out of range [ 750.786210][T28241] netlink: zone id is out of range [ 752.630821][T28305] netlink: 'syz.2.10172': attribute type 1 has an invalid length. [ 753.936470][T28353] net_ratelimit: 15 callbacks suppressed [ 753.936502][T28353] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 754.588664][T28374] openvswitch: netlink: Message has 1 unknown bytes. [ 755.038774][T28392] HfR: entered promiscuous mode [ 756.264448][T28438] CIFS: VFS: Invalid SecurityFlags: [ 757.327398][T28471] vivid-003: ================= START STATUS ================= [ 757.384440][T28471] vivid-003: Radio HW Seek Mode: Bounded [ 757.417427][T28471] vivid-003: Radio Programmable HW Seek: false [ 757.423737][T28471] vivid-003: RDS Rx I/O Mode: Block I/O [ 757.457762][T28471] vivid-003: Generate RBDS Instead of RDS: false [ 757.471612][T28471] vivid-003: RDS Reception: true [ 757.482283][T28471] vivid-003: RDS Program Type: 0 inactive [ 757.513033][T28471] vivid-003: RDS PS Name: inactive [ 757.518895][T28471] vivid-003: RDS Radio Text: inactive [ 757.532627][T28471] vivid-003: RDS Traffic Announcement: false inactive [ 757.540076][T28471] vivid-003: RDS Traffic Program: false inactive [ 757.554225][T28471] vivid-003: RDS Music: false inactive [ 757.559938][T28471] vivid-003: ================== END STATUS ================== [ 757.744005][T28485] program syz.2.10253 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 758.712477][ T3523] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 758.943058][ T3523] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 759.105827][ T3523] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 759.269427][ T3523] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 759.496898][ T6164] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 759.513020][ T6164] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 759.523383][ T6164] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 759.532498][ T6164] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 759.542239][ T6164] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 759.549961][ T6164] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 759.825979][ T3523] bridge_slave_1: left allmulticast mode [ 759.837073][ T3523] bridge_slave_1: left promiscuous mode [ 759.842940][ T3523] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.919800][ T3523] bridge_slave_0: left allmulticast mode [ 759.933891][ T3523] bridge_slave_0: left promiscuous mode [ 759.940535][ T3523] bridge0: port 1(bridge_slave_0) entered disabled state [ 761.031482][ T3523] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 761.043422][ T3523] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 761.061515][ T3523] bond0 (unregistering): Released all slaves [ 761.684332][ T6164] Bluetooth: hci2: command tx timeout [ 761.833314][T28533] chnl_net:caif_netlink_parms(): no params data found [ 762.394453][T28533] bridge0: port 1(bridge_slave_0) entered blocking state [ 762.417129][T28533] bridge0: port 1(bridge_slave_0) entered disabled state [ 762.435125][T28533] bridge_slave_0: entered allmulticast mode [ 762.450441][T28533] bridge_slave_0: entered promiscuous mode [ 762.463606][T28533] bridge0: port 2(bridge_slave_1) entered blocking state [ 762.472307][T28533] bridge0: port 2(bridge_slave_1) entered disabled state [ 762.480375][T28533] bridge_slave_1: entered allmulticast mode [ 762.489127][T28533] bridge_slave_1: entered promiscuous mode [ 762.537346][T28605] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 762.596658][T22832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 762.619613][T22832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 762.629408][T22832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 762.643335][T22832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 762.653890][T22832] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 762.661657][T22832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 762.846961][T28533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 762.897917][T28533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 762.990874][T28613] HfR: entered promiscuous mode [ 763.061115][T28533] team0: Port device team_slave_0 added [ 763.102350][ T3523] hsr_slave_0: left promiscuous mode [ 763.120899][ T3523] hsr_slave_1: left promiscuous mode [ 763.130829][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 763.151523][ T3523] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 763.166159][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 763.179400][ T3523] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 763.242375][ T3523] veth1_macvtap: left promiscuous mode [ 763.253061][ T3523] veth0_macvtap: left promiscuous mode [ 763.263400][ T3523] veth1_vlan: left promiscuous mode [ 763.278747][ T3523] veth0_vlan: left promiscuous mode [ 763.765190][ T6164] Bluetooth: hci2: command tx timeout [ 764.734433][ T6164] Bluetooth: hci1: command tx timeout [ 764.836539][ T3523] team0 (unregistering): Port device team_slave_1 removed [ 764.948472][ T3523] team0 (unregistering): Port device team_slave_0 removed [ 764.982789][T28645] kafs: addr_prefs: Invalid Command [ 765.864572][ T6164] Bluetooth: hci2: command tx timeout [ 766.290012][T28533] team0: Port device team_slave_1 added [ 766.507902][T28533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 766.526498][T28533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.594317][T28533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 766.617433][T28533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 766.644572][T28533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.704336][T28533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 766.806776][ T6164] Bluetooth: hci1: command tx timeout [ 767.038628][T28533] hsr_slave_0: entered promiscuous mode [ 767.061791][T28533] hsr_slave_1: entered promiscuous mode [ 767.079463][T28533] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 767.111766][T28533] Cannot create hsr debugfs directory [ 767.625210][ T3523] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.640884][T28685] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10320'. [ 767.683968][T28609] chnl_net:caif_netlink_parms(): no params data found [ 767.871587][ T3523] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.924324][ T6164] Bluetooth: hci2: command tx timeout [ 768.144012][ T3523] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 768.406315][ T3523] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 768.483029][T28713] netlink: 'syz.3.10325': attribute type 2 has an invalid length. [ 768.497187][T28609] bridge0: port 1(bridge_slave_0) entered blocking state [ 768.514873][T28609] bridge0: port 1(bridge_slave_0) entered disabled state [ 768.528593][T28609] bridge_slave_0: entered allmulticast mode [ 768.542388][T28609] bridge_slave_0: entered promiscuous mode [ 768.554378][T28609] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.561715][T28609] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.569771][T28609] bridge_slave_1: entered allmulticast mode [ 768.584730][T28609] bridge_slave_1: entered promiscuous mode [ 768.734365][T28533] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 768.775676][T28533] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 768.807118][T28533] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 768.841240][T28609] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 768.867296][T28609] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 768.887979][ T6164] Bluetooth: hci1: command tx timeout [ 768.895071][T28533] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 769.093053][T28609] team0: Port device team_slave_0 added [ 769.149951][T28609] team0: Port device team_slave_1 added [ 769.337204][T28609] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 769.359605][T28609] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 769.423124][T28609] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 769.452616][T28728] netlink: 18 bytes leftover after parsing attributes in process `syz.3.10332'. [ 769.464044][ T3523] bridge_slave_1: left allmulticast mode [ 769.470158][ T3523] bridge_slave_1: left promiscuous mode [ 769.494755][ T3523] bridge0: port 2(bridge_slave_1) entered disabled state [ 769.541968][ T3523] bridge_slave_0: left allmulticast mode [ 769.548281][ T3523] bridge_slave_0: left promiscuous mode [ 769.554166][ T3523] bridge0: port 1(bridge_slave_0) entered disabled state [ 769.648388][T28732] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input40 [ 770.673934][ T3523] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 770.689325][ T3523] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 770.700127][ T3523] bond0 (unregistering): Released all slaves [ 770.712968][T28609] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 770.722555][T28609] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 770.749625][T28609] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 770.877684][ T3523] HSR: left promiscuous mode [ 770.965418][ T6164] Bluetooth: hci1: command tx timeout [ 771.030518][T28609] hsr_slave_0: entered promiscuous mode [ 771.045094][T28756] netlink: 'syz.6.10342': attribute type 2 has an invalid length. [ 771.062673][T28609] hsr_slave_1: entered promiscuous mode [ 771.071554][T28609] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 771.087275][T28609] Cannot create hsr debugfs directory [ 771.092982][ T3523] nl80211: left promiscuous mode [ 771.709944][T28533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 771.856929][T28533] 8021q: adding VLAN 0 to HW filter on device team0 [ 771.927335][T18797] bridge0: port 1(bridge_slave_0) entered blocking state [ 771.934622][T18797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 772.040386][T18797] bridge0: port 2(bridge_slave_1) entered blocking state [ 772.047670][T18797] bridge0: port 2(bridge_slave_1) entered forwarding state [ 772.482146][T28609] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 772.532882][T28533] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 772.569119][T28609] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 772.585014][T28609] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 772.655976][T28609] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 773.368233][ T3523] hsr_slave_0: left promiscuous mode [ 773.400277][ T3523] hsr_slave_1: left promiscuous mode [ 773.424410][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 773.438810][ T3523] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 773.468367][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 773.485521][ T3523] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 773.585585][ T3523] veth1_macvtap: left promiscuous mode [ 773.591266][ T3523] veth0_macvtap: left promiscuous mode [ 773.597942][ T3523] veth1_vlan: left promiscuous mode [ 773.603614][ T3523] veth0_vlan: left promiscuous mode [ 774.626587][ T3523] team0 (unregistering): Port device team_slave_1 removed [ 774.740205][ T3523] team0 (unregistering): Port device team_slave_0 removed [ 775.983615][T28609] 8021q: adding VLAN 0 to HW filter on device bond0 [ 776.053582][T28533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 776.133616][T28609] 8021q: adding VLAN 0 to HW filter on device team0 [ 776.213394][ T2932] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.220717][ T2932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 776.263541][ T2932] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.270940][ T2932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 777.069291][ T3523] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.335629][ T3523] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.431057][T28609] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 777.432453][T22832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 777.471312][T22832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 777.481971][T22832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 777.499917][T22832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 777.509140][T22832] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 777.516956][T22832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 777.600886][ T3523] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.759476][ T3523] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.810084][T28533] veth0_vlan: entered promiscuous mode [ 777.832785][T28533] veth1_vlan: entered promiscuous mode [ 777.976173][T28533] veth0_macvtap: entered promiscuous mode [ 778.016746][T28533] veth1_macvtap: entered promiscuous mode [ 778.227832][ T3523] bridge_slave_1: left allmulticast mode [ 778.233566][ T3523] bridge_slave_1: left promiscuous mode [ 778.254640][ T3523] bridge0: port 2(bridge_slave_1) entered disabled state [ 778.277097][ T3523] bridge_slave_0: left allmulticast mode [ 778.282838][ T3523] bridge_slave_0: left promiscuous mode [ 778.304743][ T3523] bridge0: port 1(bridge_slave_0) entered disabled state [ 779.093270][ T3523] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 779.109342][ T3523] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 779.120524][ T3523] bond0 (unregistering): Released all slaves [ 779.180365][ T3523] HSR: left promiscuous mode [ 779.198646][T28533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 779.210232][T28533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.220912][T28533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 779.231659][T28533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.242809][T28533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 779.279603][T28533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 779.293877][T28533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.309931][T28533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 779.322911][T28533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.338423][T28533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 779.346936][ T3523] : left promiscuous mode [ 779.433988][T28609] veth0_vlan: entered promiscuous mode [ 779.470410][ T3523] nl80211: left promiscuous mode [ 779.504696][T28533] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.513496][T28533] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.531323][T28533] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.541135][T28533] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.590099][T28876] chnl_net:caif_netlink_parms(): no params data found [ 779.608723][T22832] Bluetooth: hci0: command tx timeout [ 779.620638][ T3523] HfR: left promiscuous mode [ 779.779846][T28609] veth1_vlan: entered promiscuous mode [ 779.913531][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 779.926320][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 780.046863][T28609] veth0_macvtap: entered promiscuous mode [ 780.070756][T28876] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.081123][T28876] bridge0: port 1(bridge_slave_0) entered disabled state [ 780.090768][T28876] bridge_slave_0: entered allmulticast mode [ 780.098655][T28876] bridge_slave_0: entered promiscuous mode [ 780.140821][T28609] veth1_macvtap: entered promiscuous mode [ 780.158178][T28876] bridge0: port 2(bridge_slave_1) entered blocking state [ 780.173451][T28876] bridge0: port 2(bridge_slave_1) entered disabled state [ 780.194568][T28876] bridge_slave_1: entered allmulticast mode [ 780.201971][T28876] bridge_slave_1: entered promiscuous mode [ 780.317723][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 780.326624][T28876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 780.348579][T28609] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.364421][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 780.390730][T28609] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.417544][T28609] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.432709][T28609] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.450877][T28609] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.462855][T28609] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.481687][T28609] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 780.549203][T28876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 780.654914][T28876] team0: Port device team_slave_0 added [ 780.675380][T28876] team0: Port device team_slave_1 added [ 780.699418][T28609] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.739242][T28609] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.757832][T28609] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.781014][T28609] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.794052][T28609] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.813733][T28609] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.828402][T28609] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 780.969517][T28609] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.000658][T28609] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.010511][T28609] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.028668][T28609] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.103945][T28876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 781.112082][T28876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 781.141522][T28876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 781.223914][T28876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 781.253340][T28876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 781.306393][T28876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 781.628896][T28876] hsr_slave_0: entered promiscuous mode [ 781.649189][T28876] hsr_slave_1: entered promiscuous mode [ 781.684651][T22832] Bluetooth: hci0: command tx timeout [ 781.737206][ T3523] hsr_slave_0: left promiscuous mode [ 781.747407][ T3523] hsr_slave_1: left promiscuous mode [ 781.774410][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 781.792236][ T3523] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 781.815489][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 781.844860][ T3523] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 781.895014][ T3523] veth1_macvtap: left promiscuous mode [ 781.900647][ T3523] veth0_macvtap: left promiscuous mode [ 781.931469][ T3523] veth1_vlan: left promiscuous mode [ 781.944470][ T3523] veth0_vlan: left promiscuous mode [ 783.764511][T22832] Bluetooth: hci0: command tx timeout [ 783.811025][ T3523] team0 (unregistering): Port device team_slave_1 removed [ 784.108528][ T3523] team0 (unregistering): Port device team_slave_0 removed [ 785.551936][T28989] block nbd0: Unsupported socket: shutdown callout must be supported. [ 785.847043][T22832] Bluetooth: hci0: command tx timeout [ 786.278339][ T2932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 786.294581][ T2932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 786.493038][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 786.526994][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 787.662237][T28876] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 787.728326][T28876] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 787.760207][T28876] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 787.814824][T28876] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 788.183556][T28876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 788.281743][T28876] 8021q: adding VLAN 0 to HW filter on device team0 [ 788.345755][ T3523] bridge0: port 1(bridge_slave_0) entered blocking state [ 788.353263][ T3523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 788.391341][ T3523] bridge0: port 2(bridge_slave_1) entered blocking state [ 788.399101][ T3523] bridge0: port 2(bridge_slave_1) entered forwarding state [ 789.146313][T28876] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 789.978855][T29090] netlink: 338 bytes leftover after parsing attributes in process `syz.8.10424'. [ 790.123916][T28876] veth0_vlan: entered promiscuous mode [ 790.203708][T28876] veth1_vlan: entered promiscuous mode [ 790.310200][T28876] veth0_macvtap: entered promiscuous mode [ 790.356511][T28876] veth1_macvtap: entered promiscuous mode [ 790.392956][T28876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 790.464377][T28876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 790.501196][T28876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 790.544181][T28876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 790.579439][T28876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 790.620869][T28876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 790.656153][T28876] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 790.677192][T28876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 790.717566][T28876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 790.752565][T28876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 790.777672][T28876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 790.814150][T28876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 790.856012][T28876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 790.925767][T28876] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 790.979362][T28876] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.007265][T28876] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.037345][T28876] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.068459][T28876] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.430033][ T2932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 791.473053][ T2932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 791.535673][ T2932] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 791.552801][ T2932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 792.354605][T29142] bridge0: port 3(netdevsim2) entered blocking state [ 792.361492][T29142] bridge0: port 3(netdevsim2) entered disabled state [ 792.394609][T29142] netdevsim netdevsim6 netdevsim2: entered allmulticast mode [ 792.416898][T29142] netdevsim netdevsim6 netdevsim2: entered promiscuous mode [ 792.454996][T29142] bridge0: port 3(netdevsim2) entered blocking state [ 792.464975][T29142] bridge0: port 3(netdevsim2) entered forwarding state [ 796.426861][T29250] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek 260 [ 844.228548][T22832] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 844.246420][T22832] Bluetooth: hci1: adv larger than maximum supported [ 844.246505][T22832] Bluetooth: hci1: Unknown advertising packet type: 0x20 [ 844.253784][T22832] Bluetooth: hci1: Unknown advertising packet type: 0x35 [ 844.266997][T22832] Bluetooth: hci1: Unknown advertising packet type: 0x20 [ 844.274315][T22832] Bluetooth: hci1: Unknown advertising packet type: 0x20 [ 844.281543][T22832] Bluetooth: hci1: Unknown advertising packet type: 0x20 [ 844.289129][T22832] Bluetooth: hci1: Unknown advertising packet type: 0x20 [ 845.154288][T30445] bridge0: port 5(team0) entered blocking state [ 845.195578][T30445] bridge0: port 5(team0) entered disabled state [ 845.216155][T30445] team0: entered allmulticast mode [ 845.251299][T30445] team_slave_0: entered allmulticast mode [ 845.270155][T30445] team_slave_1: entered allmulticast mode [ 845.311462][T30445] team0: entered promiscuous mode [ 845.355064][T30445] team_slave_0: entered promiscuous mode [ 845.402814][T30445] team_slave_1: entered promiscuous mode [ 845.420959][T30445] bridge0: port 5(team0) entered blocking state [ 845.427528][T30445] bridge0: port 5(team0) entered forwarding state [ 846.488610][T30468] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10854'. [ 847.245447][ T29] audit: type=1800 audit(4294967428.380:47): pid=30486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.10862" name="dbroot" dev="configfs" ino=87900 res=0 errno=0 [ 854.926278][T30675] input: f0?\hՐJL'$d)KLo1oN0ø.m)$cj@qwR=X as /devices/virtual/input/input45 [ 855.184424][T22832] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 855.495654][T22832] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 855.495707][T22832] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 855.510934][T22832] Bluetooth: hci0: adv larger than maximum supported [ 855.511020][T22832] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 855.518937][T22832] Bluetooth: hci0: Unknown advertising packet type: 0x36 [ 855.528749][T22832] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 855.536048][T22832] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 855.543160][T22832] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 855.550436][T22832] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 857.582664][T30736] ptrace attach of "./syz-executor exec"[28609] was attempted by ""[30736] [ 857.982123][T22832] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 857.982179][T22832] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 858.000695][T22832] Bluetooth: hci2: adv larger than maximum supported [ 858.000759][T22832] Bluetooth: hci2: Unknown advertising packet type: 0x20 [ 858.011592][T22832] Bluetooth: hci2: Unknown advertising packet type: 0x36 [ 858.324345][T30759] bridge0: port 3(bond0) entered blocking state [ 858.354766][T30759] bridge0: port 3(bond0) entered disabled state [ 858.364436][T30759] bond0: entered allmulticast mode [ 858.404376][T30759] bond_slave_0: entered allmulticast mode [ 858.410234][T30759] bond_slave_1: entered allmulticast mode [ 858.474362][T30759] bond0: entered promiscuous mode [ 858.479524][T30759] bond_slave_0: entered promiscuous mode [ 858.524457][T30759] bond_slave_1: entered promiscuous mode [ 858.536939][T30759] bridge0: port 3(bond0) entered blocking state [ 858.543413][T30759] bridge0: port 3(bond0) entered forwarding state [ 862.745567][ T12] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 862.935714][ T12] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 863.124999][ T12] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 863.360479][ T12] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 863.410276][ T6164] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 863.431497][ T6164] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 863.441877][ T6164] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 863.460819][ T6164] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 863.475714][ T6164] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 863.486406][ T6164] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 864.234231][ T12] bridge_slave_1: left allmulticast mode [ 864.239978][ T12] bridge_slave_1: left promiscuous mode [ 864.246440][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 864.310337][ T12] bridge_slave_0: left allmulticast mode [ 864.316290][ T12] bridge_slave_0: left promiscuous mode [ 864.322333][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 864.377415][T30884] vivid-003: ================= START STATUS ================= [ 864.414938][T30884] vivid-003: Radio HW Seek Mode: Bounded [ 864.479013][T30884] vivid-003: Radio Programmable HW Seek: false [ 864.513048][T30884] vivid-003: RDS Rx I/O Mode: Block I/O [ 864.533897][T30888] netlink: 350 bytes leftover after parsing attributes in process `syz.8.11029'. [ 864.548231][T30884] vivid-003: Generate RBDS Instead of RDS: false [ 864.574297][T30884] vivid-003: RDS Reception: true [ 864.596789][T30884] vivid-003: RDS Program Type: 0 inactive [ 864.634241][T30884] vivid-003: RDS PS Name: inactive [ 864.639695][T30884] vivid-003: RDS Radio Text: inactive [ 864.700009][T30884] vivid-003: RDS Traffic Announcement: false inactive [ 864.749352][T30884] vivid-003: RDS Traffic Program: false inactive [ 864.790307][T30884] vivid-003: RDS Music: false inactive [ 864.834616][T30884] vivid-003: ================== END STATUS ================== [ 865.604749][T22832] Bluetooth: hci2: command tx timeout [ 866.313325][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 866.337828][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 866.369422][ T12] bond0 (unregistering): Released all slaves [ 866.597000][T30874] chnl_net:caif_netlink_parms(): no params data found [ 867.684356][T22832] Bluetooth: hci2: command tx timeout [ 868.273503][ T12] hsr_slave_0: left promiscuous mode [ 868.334692][ T12] hsr_slave_1: left promiscuous mode [ 868.362088][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 868.373456][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 868.430027][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 868.474269][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 868.589971][ T12] veth1_macvtap: left promiscuous mode [ 868.614370][ T12] veth0_macvtap: left promiscuous mode [ 868.620075][ T12] veth1_vlan: left promiscuous mode [ 868.653891][ T12] veth0_vlan: left promiscuous mode [ 869.780248][T22832] Bluetooth: hci2: command tx timeout [ 870.565998][ T12] team0 (unregistering): Port device team_slave_1 removed [ 870.788485][ T12] team0 (unregistering): Port device team_slave_0 removed [ 871.848886][T22832] Bluetooth: hci2: command tx timeout [ 872.155535][T30874] bridge0: port 1(bridge_slave_0) entered blocking state [ 872.163015][T30874] bridge0: port 1(bridge_slave_0) entered disabled state [ 872.175425][T30874] bridge_slave_0: entered allmulticast mode [ 872.182417][T30874] bridge_slave_0: entered promiscuous mode [ 872.214012][T30874] bridge0: port 2(bridge_slave_1) entered blocking state [ 872.244374][T30874] bridge0: port 2(bridge_slave_1) entered disabled state [ 872.253493][T30874] bridge_slave_1: entered allmulticast mode [ 872.268538][T30874] bridge_slave_1: entered promiscuous mode [ 872.401352][T30874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 872.478711][T30874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 872.653475][T30874] team0: Port device team_slave_0 added [ 872.708959][T30874] team0: Port device team_slave_1 added [ 872.820646][T30874] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 872.838508][T30874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 872.893165][T30874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 872.980352][T30874] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 873.006138][T30874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 873.062549][T30874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 873.460015][T30874] hsr_slave_0: entered promiscuous mode [ 873.481233][T30874] hsr_slave_1: entered promiscuous mode [ 873.505882][T30874] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 873.522560][T30874] Cannot create hsr debugfs directory [ 874.044391][T30874] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 874.078007][T30874] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 874.137227][T30874] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 874.165676][T30874] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 874.555022][T30874] 8021q: adding VLAN 0 to HW filter on device bond0 [ 874.626177][T30874] 8021q: adding VLAN 0 to HW filter on device team0 [ 874.671316][ T3523] bridge0: port 1(bridge_slave_0) entered blocking state [ 874.678562][ T3523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 874.709762][ T3523] bridge0: port 2(bridge_slave_1) entered blocking state [ 874.717016][ T3523] bridge0: port 2(bridge_slave_1) entered forwarding state [ 875.167268][T31055] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input46 [ 875.492831][T30874] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 876.187058][T30874] veth0_vlan: entered promiscuous mode [ 876.258704][T30874] veth1_vlan: entered promiscuous mode [ 876.341377][T30874] veth0_macvtap: entered promiscuous mode [ 876.409490][T30874] veth1_macvtap: entered promiscuous mode [ 876.488837][T30874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 876.509193][T30874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.562647][T30874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 876.604261][T30874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.634268][T30874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 876.661926][T30874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.685548][T30874] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 876.726696][T30874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 876.759220][T30874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.800749][T30874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 876.823504][T30874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.848713][T30874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 876.866145][T30874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 876.880671][T30874] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 876.918110][T30874] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 876.934911][T30874] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 876.943804][T30874] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 876.980494][T30874] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 877.249466][ T3523] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 877.270799][ T3523] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 877.356052][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 877.373010][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 877.901464][T31129] netlink: 28 bytes leftover after parsing attributes in process `syz.8.11093'. [ 882.963310][T31280] bridge0: port 4(macvlan1) entered blocking state [ 882.963498][T31280] bridge0: port 4(macvlan1) entered disabled state [ 882.963740][T31280] macvlan1: entered allmulticast mode [ 882.963766][T31280] veth1_vlan: entered allmulticast mode [ 882.977153][T31280] macvlan1: entered promiscuous mode [ 882.978188][T31280] bridge0: port 4(macvlan1) entered blocking state [ 882.978315][T31280] bridge0: port 4(macvlan1) entered forwarding state [ 886.972786][T31367] sctp: [Deprecated]: syz.6.11160 (pid 31367) Use of struct sctp_assoc_value in delayed_ack socket option. [ 886.972786][T31367] Use struct sctp_sack_info instead [ 888.484285][ T6164] Bluetooth: hci1: command 0x0406 tx timeout [ 888.830661][T31419] netlink: 346 bytes leftover after parsing attributes in process `syz.3.11177'. [ 897.619676][T31669] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 897.879964][T31678] program syz.3.11251 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 901.182135][T31785] netlink: 'syz.3.11279': attribute type 1 has an invalid length. [ 901.999528][T31802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11284'. [ 903.844417][ T6164] Bluetooth: hci0: command 0x0406 tx timeout [ 910.483011][T31992] [U] [ 910.486554][T31992] [U] [ 910.489342][T31992] [U] [ 910.492196][T31992] [U] [ 910.544489][T31992] [U] [ 910.547300][T31992] [U] [ 910.550073][T31992] [U] [ 910.552874][T31992] [U] [ 910.587154][T31992] [U] [ 910.589973][T31992] [U] [ 910.592754][T31992] [U] [ 910.595523][T31992] [U] [ 910.622179][T31992] [U] [ 910.625025][T31992] [U] [ 910.627818][T31992] [U] [ 910.630627][T31992] [U] [ 910.639818][T31992] [U] [ 910.642753][T31992] [U] C%-?( [ 910.646451][T31992] [U] 攜ba˱ڭ})չC€ F"<O2ryRhAEŸL0RʥJQB΃?ɨ+]NgRd>Ҝ`xjr=?,4%( [ 910.686103][T31992] [U] +FFq};X6F [ 910.692005][T31992] [U] 7|4t[aTz%W5[θӟ+k0)q Ahh7c`T+ώOs`췤:ռJM,Dn)qOSC [ 910.924344][T31992] [U] )v<}i795dvv0oUT0</\R7?tUJ">!d sy'8Øug8*:Rt_/ !O菆wl̡dc: 4ǾT6/=ִs,>) [ 911.045269][T31992] [U] )u:] [ 911.069566][T31992] [U] t [ 911.077428][T31992] [U] Db+I'򕘣M [ 911.093284][T31992] [U] ԢW/U^l&M n4(! [ 911.144281][T31992] [U] o#ѭO|̕Fy 3 5}'&m;O?u~֟ew0;>_k,pMWEe1Fx }8r#RVmo%%I%TegrF&S㪫{kCz]k=܏U+!)"ڗ2ǖ [ 911.210799][T31992] [U] YgR2 Tߞ}{)_QbS߬y!ٽ }CSPSi' thr:t7u ҄G'aH~lAC:zϑjq*?:>Mtk!ReHk;oΐ{. ~A ]S+ź2nz_dzKl3`6-AT|HME;FC܍U**ıfɉH6 [ 911.417663][T31992] [U] F%]6=xYUO|k [ 911.422539][T31992] [U] ɂ}cYo}cjr|xu{S͊_U1;:|` wC4՗D#o+cN|v\fD gFg\k;у5tSWܕd2SR3fD©|._=wv}L|{{hFCO’ >^r\I><NMNtUxs#j*oeɍݲ 6P|؟dBbV&=Ȓpz`gAԗ4svsumTBk T xg)k{zS'XyVɩ ί [ 911.544233][T31992] [U] h> Nݲ [ 911.563678][T31992] [U] >JmztMg¸R|?NqIdmy+5a D3sI7 `CfQFą%;a,UҜ%˓rW*ZqQ^Q d[һW~0iHYsAL*"r'"qtpMҸ1FGf-~ [ 911.779719][T31992] [U] I.^v'Y9Lo|oվv}H ?kJ3El7ھ4n:goR|ګ =7faH^WafB~j1'ÖVOqx1P1oޣC떑V8YT [ 911.814343][T31992] [U] :#Ҟ/S92M W2ƐF?tp2SrZzN(.멼ז|4Ti+ܒxn9"Ϛ1=6aK3l`o)Fa*@oj9 Cӆ]`78ڙ)#?_RZX7?d@o`lr~h*ZHCn\#?/AxT+(1s+ﺰoU- K{#rXQ-O U'8hd,!'wkh{[D( [ 911.839824][T31992] [U] &Pt,x [ 911.843425][T31992] [U] {ƃ4| [ 911.903660][T31992] [U] ݅?apԜd#08i@" 2fYK;}S4!%%)xCx^2=*TW̎3-|ӾKv ^2x :)&mAF(` [ 912.477111][T32027] device-mapper: ioctl: device name cannot contain '/' [ 914.677565][T22832] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 914.677622][T22832] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 914.692886][T22832] bt_err_ratelimited: 4 callbacks suppressed [ 914.692913][T22832] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 914.699300][T22832] Bluetooth: hci1: adv larger than maximum supported [ 914.706886][T22832] Bluetooth: hci1: Unknown advertising packet type: 0x7d [ 914.713649][T22832] Bluetooth: hci1: Unknown advertising packet type: 0x7d [ 914.721203][T22832] Bluetooth: hci1: Malformed LE Event: 0x0d [ 916.509818][T32109] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 919.235517][T32156] ptrace attach of "./syz-executor exec"[28876] was attempted by "qJ砪$شͳf\x072\x0b%uRXhukLuk\x0d:\x09)\x0am@Nh\x22%aJ,,W9q\x5cܹGbGceXGϴKOANk!',iHq##wqw-ßc\x22On.f\x1bNmVnp1۽LlXP!_샃Z^UQe:I7\x0ccjd9_RUZ䟂0P=ƃmh7jCgBH?D\x1b GEȆ^Jzz J޳w>%ʗ`!N4.jK7u\x09 _jV5.bRXM7O}icz<'1rW0&+M|R5o̺ `gCAs\x5cC N(qGs'\x1b_ U ;tmɫ#A'B0P}ުLX׳@].k9_Oޟ8;{Z$7I^*\x0c-A\x0b[U-xd\x22rMS&:0,иX\x1bQnU=7aҦֈsQgXFPџv$\x22g[][Rx!bJ}P%7sW\x07 $_cHR*W\x5cLܤDIrbN~T\x0d*zpAF_g p9\x22fc:3jmy,B|Ew\x5cqm [ 923.809452][T32243] ptrace attach of "./syz-executor exec"[6166] was attempted by "?T'-hִHcΰxNqP8YmZK[yrI*bpS{5ȓ&m-.KZu(*5Xb8EEhE\x0b1W/0k 9h4iyZ>8`A)BΞTu iϲO!jYyWtSe=7NgVU!!VCzFC=$\x0cnQ/QbOg6u;מZM}6lN ݘ*W5\x5cvsՐ'Wn,IJǀj6DI+ɊN֦}/7@X+c#8xLVEJUgH8MO*Ϣ֥.U5rAⶡu$EX\x09mD\x22d)C30qSczxMl$ܪnK\x22z|y\x0aqӔTI+N0cZ{&>5\x0cMz l|iW:~0X׍ \x0a9깝&\x09D!9^Lwhj\x0b\x0d?Йai_ˆ>-wk`okE=;'h\x5cj2nk.)b [ 924.106191][T32245] netlink: 342 bytes leftover after parsing attributes in process `syz.8.11465'. [ 926.153589][T32287] ptrace attach of "./syz-executor exec"[30874] was attempted by "I:9N.6G\x1b9.K܀H]zt9a9řR~ap\x07az)8L\x5cMfx^ͮ:p>Ӄ_WU\x0b\x09Q#톖Ł'^0sΙ'Z+KA\x09Rߙn2+t.k1,=\x0d{MQҬH5B'Mx>lǘ=_Z,܏\x5c a>ig\x22/zk?4ȎALܶSZJE߸]qS,*OϠb\x09GtG/QH&2')$l&\x0d~~k\x1bmÆ]鲩Df|J*hP˃@rMc;$\x0a#1pI2\x0cj3gN5_,uT\x1b#~-яHeEk\x0dm kl]y1Fx m 1l+N\x1b\x0c!DrXZĨ)Tm^u\x07Zgv\x22=KUbD,[dqc0\x07Y^vato/&oEM9tqLmhS\x5cğ܊>c\x0a.X\x09'sSz\x0bu*O}`[s[3{DAF\x0bmD(ѩp2:Ol.4ՓnΚ\x09-UZ⭣}X~ [ 926.668458][T32296] mtrr: base(0x40000000000) is not aligned on a size(0x0000) boundary [ 927.591487][T32321] netlink: 8 bytes leftover after parsing attributes in process `syz.9.11499'. [ 929.047501][T32363] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 932.363428][ T29] audit: type=1800 audit(4294967513.490:48): pid=32479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.11569" name=03 dev="tmpfs" ino=570 res=0 errno=0 [ 932.497261][T32482] netlink: 'syz.9.11570': attribute type 62 has an invalid length. [ 933.686787][T32527] program syz.6.11591 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 934.507868][T32553] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 934.704412][ T29] audit: type=1800 audit(4294967515.830:49): pid=32559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.11605" name=03 dev="tmpfs" ino=1583 res=0 errno=0 [ 935.448657][T32577] netlink: 28 bytes leftover after parsing attributes in process `syz.8.11612'. [ 936.150427][T32602] futex_wake_op: syz.3.11624 tries to shift op by 64; fix this program [ 939.900806][T32705] netlink: 206 bytes leftover after parsing attributes in process `syz.6.11665'. [ 948.375976][ T445] input: f0?\hՐJL'$d)KLo1oN0ø.m)$cj@qwR=X as /devices/virtual/input/input47 [ 949.980135][ T485] netlink: 346 bytes leftover after parsing attributes in process `syz.6.11770'. [ 950.832979][ T469] kexec: Could not allocate control_code_buffer [ 951.218875][ T510] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 951.229449][ T514] netlink: 24 bytes leftover after parsing attributes in process `syz.6.11785'. [ 951.263755][ T510] svc: failed to register nfsdv3 RPC service (errno 111). [ 951.305047][ T510] svc: failed to register nfsaclv3 RPC service (errno 111). [ 952.256871][ T549] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11804'. [ 952.266476][ T549] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11804'. [ 954.607819][ T3523] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 954.838208][ T3523] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.021336][ T3523] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.189574][ T3523] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.321306][ T6164] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 955.333815][ T6164] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 955.346651][ T6164] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 955.374442][ T6164] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 955.390931][ T6164] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 955.410859][ T6164] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 955.503849][ T3523] bridge_slave_1: left allmulticast mode [ 955.509837][ T3523] bridge_slave_1: left promiscuous mode [ 955.515987][ T3523] bridge0: port 2(bridge_slave_1) entered disabled state [ 955.595828][ T3523] bridge_slave_0: left allmulticast mode [ 955.601604][ T3523] bridge_slave_0: left promiscuous mode [ 955.620446][ T3523] bridge0: port 1(bridge_slave_0) entered disabled state [ 956.278492][ T3523] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 956.290034][ T3523] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 956.301175][ T3523] bond0 (unregistering): Released all slaves [ 956.951972][ T624] chnl_net:caif_netlink_parms(): no params data found [ 957.077511][ T3523] hsr_slave_0: left promiscuous mode [ 957.101957][ T3523] hsr_slave_1: left promiscuous mode [ 957.124985][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 957.132588][ T3523] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 957.159316][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 957.172511][ T3523] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 957.246827][ T3523] veth1_macvtap: left promiscuous mode [ 957.252469][ T3523] veth0_macvtap: left promiscuous mode [ 957.269189][ T3523] veth1_vlan: left promiscuous mode [ 957.277523][ T3523] veth0_vlan: left promiscuous mode [ 957.525308][T22832] Bluetooth: hci2: command tx timeout [ 958.661792][ T3523] team0 (unregistering): Port device team_slave_1 removed [ 958.826363][ T3523] team0 (unregistering): Port device team_slave_0 removed [ 958.836557][ T685] size and base must be multiples of 4 kiB [ 958.849126][ T685] CPU: 0 UID: 0 PID: 685 Comm: syz.6.11856 Tainted: G U 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 958.849182][ T685] Tainted: [U]=USER [ 958.849195][ T685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 958.849218][ T685] Call Trace: [ 958.849230][ T685] [ 958.849245][ T685] dump_stack_lvl+0x16c/0x1f0 [ 958.849317][ T685] mtrr_add+0xdf/0x110 [ 958.849362][ T685] mtrr_ioctl+0x7cd/0xcd0 [ 958.849408][ T685] ? __pfx_mtrr_ioctl+0x10/0x10 [ 958.849456][ T685] ? __pfx_lock_release+0x10/0x10 [ 958.849504][ T685] ? ksys_semctl.constprop.0+0x150/0x2e0 [ 958.849578][ T685] ? __fget_files+0x206/0x3a0 [ 958.849616][ T685] ? __pfx_mtrr_ioctl+0x10/0x10 [ 958.849654][ T685] proc_reg_unlocked_ioctl+0x226/0x320 [ 958.849690][ T685] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 958.849744][ T685] __x64_sys_ioctl+0x190/0x200 [ 958.849805][ T685] do_syscall_64+0xcd/0x250 [ 958.849843][ T685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 958.849897][ T685] RIP: 0033:0x7f8141d8cde9 [ 958.849924][ T685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 958.849960][ T685] RSP: 002b:00007f8142cc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 958.849995][ T685] RAX: ffffffffffffffda RBX: 00007f8141fa5fa0 RCX: 00007f8141d8cde9 [ 958.850018][ T685] RDX: 0000000000000007 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 958.850038][ T685] RBP: 00007f8141e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 958.850062][ T685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 958.850083][ T685] R13: 0000000000000000 R14: 00007f8141fa5fa0 R15: 00007ffc481d6758 [ 958.850124][ T685] [ 959.029151][ T687] sctp: [Deprecated]: syz.8.11857 (pid 687) Use of int in maxseg socket option. [ 959.029151][ T687] Use struct sctp_assoc_value instead [ 959.604789][T22832] Bluetooth: hci2: command tx timeout [ 961.345367][ T624] bridge0: port 1(bridge_slave_0) entered blocking state [ 961.352794][ T624] bridge0: port 1(bridge_slave_0) entered disabled state [ 961.403638][ T624] bridge_slave_0: entered allmulticast mode [ 961.421669][ T624] bridge_slave_0: entered promiscuous mode [ 961.485399][ T624] bridge0: port 2(bridge_slave_1) entered blocking state [ 961.492760][ T624] bridge0: port 2(bridge_slave_1) entered disabled state [ 961.508919][ T624] bridge_slave_1: entered allmulticast mode [ 961.553731][ T624] bridge_slave_1: entered promiscuous mode [ 961.684172][T22832] Bluetooth: hci2: command tx timeout [ 961.738123][ T624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 961.778431][ T624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 962.139013][ T624] team0: Port device team_slave_0 added [ 962.177472][ T624] team0: Port device team_slave_1 added [ 962.271901][ T624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 962.284965][ T624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 962.331951][ T624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 962.370129][ T624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 962.384418][ T624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 962.431976][ T624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 962.511411][ T624] hsr_slave_0: entered promiscuous mode [ 962.535222][ T624] hsr_slave_1: entered promiscuous mode [ 962.541664][ T624] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 962.564884][ T624] Cannot create hsr debugfs directory [ 963.764268][T22832] Bluetooth: hci2: command tx timeout [ 964.888884][ T624] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 964.942195][ T624] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 964.981475][ T624] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 965.027834][ T624] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 965.318859][ T624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 965.398480][ T624] 8021q: adding VLAN 0 to HW filter on device team0 [ 965.456614][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 965.463812][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 965.505904][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 965.513102][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 965.555263][ T813] ptrace attach of "./syz-executor exec"[6166] was attempted by "./syz-executor exec"[813] [ 966.202833][ T624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 966.363828][ T624] veth0_vlan: entered promiscuous mode [ 966.405275][ T624] veth1_vlan: entered promiscuous mode [ 966.518645][ T624] veth0_macvtap: entered promiscuous mode [ 966.573941][ T624] veth1_macvtap: entered promiscuous mode [ 966.620172][ T624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 966.637615][ T624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 966.653607][ T624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 966.691101][ T624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 966.712127][ T624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 966.744278][ T624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 966.763472][ T624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 966.894769][ T624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 966.913259][ T624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 966.933865][ T624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 966.950672][ T624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 966.961346][ T624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 966.980872][ T624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 966.992649][ T624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 967.017733][ T624] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.038599][ T624] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.048377][ T624] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.064589][ T624] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.343270][ T3523] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 967.378306][ T3523] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 967.465654][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 967.486130][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 968.858435][ T910] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 973.175873][ T1069] nbd: socks must be embedded in a SOCK_ITEM attr [ 973.203052][ T1069] block nbd0: shutting down sockets [ 974.224103][ T29] audit: type=1800 audit(4294967555.340:50): pid=1104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.11960" name="dbroot" dev="configfs" ino=99732 res=0 errno=0 [ 974.899227][ T1131] sctp: [Deprecated]: syz.0.11966 (pid 1131) Use of int in max_burst socket option deprecated. [ 974.899227][ T1131] Use struct sctp_assoc_value instead [ 977.754971][ T1238] nbd: socks must be embedded in a SOCK_ITEM attr [ 977.765545][ T1238] block nbd0: shutting down sockets [ 979.096641][ T1288] batman_adv: Routing algorithm '0x00060000' is not supported [ 980.402509][ T1344] netlink: 4 bytes leftover after parsing attributes in process `syz.6.12024'. [ 980.995355][ T1364] netlink: 28 bytes leftover after parsing attributes in process `syz.6.12030'. [ 981.671841][ T1385] bridge0: port 5(veth0_to_bridge) entered blocking state [ 981.684573][ T1385] bridge0: port 5(veth0_to_bridge) entered disabled state [ 981.708038][ T1385] veth0_to_bridge: entered allmulticast mode [ 981.732385][ T1385] veth0_to_bridge: entered promiscuous mode [ 981.763477][ T1385] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 981.790123][ T1385] bridge0: port 5(veth0_to_bridge) entered blocking state [ 981.797521][ T1385] bridge0: port 5(veth0_to_bridge) entered listening state [ 982.710693][ T1415] TCP: TCP_TX_DELAY enabled [ 982.805073][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 982.821900][ C0] bridge0: port 5(veth0_to_bridge) entered blocking state [ 990.486319][ T1641] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12100'. [ 996.445211][ T1805] loop5: detected capacity change from 0 to 4194304 [ 999.485246][ T1873] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12158'. [ 1001.417069][ T1903] zswap: compressor not available [ 1003.739312][ T1960] netlink: 74 bytes leftover after parsing attributes in process `syz.0.12182'. [ 1005.829650][ T2021] netlink: 294 bytes leftover after parsing attributes in process `syz.0.12196'. [ 1009.195432][ T2115] ima: policy update failed [ 1009.208553][ T29] audit: type=1802 audit(4294967590.340:51): pid=2115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.12232" res=0 errno=0 [ 1015.324430][ T2264] netlink: 346 bytes leftover after parsing attributes in process `syz.3.12268'. [ 1020.322609][ T29] audit: type=1800 audit(4294967601.450:52): pid=2371 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.12305" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 1022.591492][ T2421] netlink: 160 bytes leftover after parsing attributes in process `syz.6.12322'. [ 1024.701022][ T2478] qrtr: Invalid version 0 [ 1026.954463][ T2543] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12361'. [ 1026.996214][ T2543] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12361'. [ 1028.629694][ T2596] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12381'. [ 1031.254622][ T2685] nbd0: detected capacity change from 0 to 68719476736 [ 1031.302205][ T2381] block nbd0: Send control failed (result -22) [ 1031.342375][ T2381] block nbd0: Request send failed, requeueing [ 1031.397262][T22832] block nbd0: Receive control failed (result -32) [ 1031.444428][ T98] block nbd0: Dead connection, failed to find a fallback [ 1031.452079][ T98] block nbd0: shutting down sockets [ 1031.458707][ T98] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.469206][ T98] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1031.484528][ T2381] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.495339][ T2381] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1031.503658][ T2381] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.513088][ T2381] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1031.521225][ T2381] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.530517][ T2381] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1031.538645][ T2381] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.548374][ T2381] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1031.556482][ T2381] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.565732][ T2381] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1031.574210][ T2381] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.583326][ T2381] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1031.592784][ T2381] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.602424][ T2381] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1031.610913][ T2381] ldm_validate_partition_table(): Disk read failed. [ 1031.618968][ T2381] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.628791][ T2381] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1031.638340][ T2381] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.654106][ T2381] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1031.669762][ T2381] Dev nbd0: unable to read RDB block 0 [ 1031.687844][ T2381] nbd0: unable to read partition table [ 1031.735910][ T2381] ldm_validate_partition_table(): Disk read failed. [ 1031.743148][ T2381] Dev nbd0: unable to read RDB block 0 [ 1031.757397][ T2381] nbd0: unable to read partition table [ 1032.872877][ T2736] vivid-009: ================= START STATUS ================= [ 1032.914384][ T2736] vivid-009: Enable Output Cropping: true grabbed [ 1032.922622][ T2736] vivid-009: Enable Output Composing: true grabbed [ 1032.975752][ T2736] vivid-009: Enable Output Scaler: true grabbed [ 1032.982182][ T2736] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 1033.032554][ T2736] vivid-009: Transmit Mode: HDMI grabbed [ 1033.056220][ T2736] vivid-009: Hotplug Present: 0x00000000 [ 1033.062042][ T2736] vivid-009: RxSense Present: 0x00000000 [ 1033.104736][ T2736] vivid-009: EDID Present: 0x00000000 [ 1033.110374][ T2736] vivid-009: ================== END STATUS ================== [ 1034.785084][ T2799] tipc: Trying to set illegal importance in message [ 1034.927101][ T2801] netlink: 28 bytes leftover after parsing attributes in process `syz.8.12451'. [ 1034.981501][ T2801] veth1_macvtap: left promiscuous mode [ 1035.021532][ T2801] macsec0: entered allmulticast mode [ 1035.349360][ T2818] Process accounting resumed [ 1036.184179][ T2840] sctp: [Deprecated]: syz.3.12463 (pid 2840) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1036.184179][ T2840] Use struct sctp_sack_info instead [ 1037.299637][ T2875] zswap: compressor not available [ 1039.329952][ T2952] netlink: 8 bytes leftover after parsing attributes in process `syz.6.12505'. [ 1040.774756][ T2978] netlink: 194 bytes leftover after parsing attributes in process `syz.3.12515'. [ 1041.734267][ T2990] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12520'. [ 1042.672948][ T3005] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12528'. [ 1043.162730][ T3016] sock: sock_timestamping_bind_phc: sock not bind to device [ 1044.875865][ T3061] netlink: 16 bytes leftover after parsing attributes in process `syz.6.12552'. [ 1045.125134][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 1046.576026][ T3098] sg_write: process 1365 (syz.6.12566) changed security contexts after opening file descriptor, this is not allowed. [ 1047.639812][ T3131] netlink: 'syz.3.12580': attribute type 1 has an invalid length. [ 1048.697730][ T3156] block nbd1: Unsupported socket: shutdown callout must be supported. [ 1053.224631][T31178] smpboot: CPU 1 is now offline [ 1053.288546][ T3285] netlink: 'syz.3.12639': attribute type 11 has an invalid length. [ 1053.902063][ T3289] delete_channel: no stack [ 1054.826501][ T3306] CIFS: VFS: Invalid SecurityFlags: 0 [ 1054.826501][ T3306] [ 1059.614278][ T3374] svc: failed to register nfsdv3 RPC service (errno 111). [ 1059.670192][ T3374] svc: failed to register nfsaclv3 RPC service (errno 111). [ 1064.098103][ T3448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12702'. [ 1064.777393][ T3462] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12708'. [ 1065.628229][ T3477] Process accounting paused [ 1067.306730][ T3508] netlink: 4 bytes leftover after parsing attributes in process `syz.8.12732'. [ 1068.474818][ T3524] nbd1: detected capacity change from 0 to 68719476736 [ 1068.593354][ T3447] block nbd1: Send control failed (result -22) [ 1068.639940][ T3447] block nbd1: Request send failed, requeueing [ 1068.710927][ T98] block nbd1: Dead connection, failed to find a fallback [ 1068.719482][ T98] block nbd1: shutting down sockets [ 1068.725496][ T98] blk_print_req_error: 24 callbacks suppressed [ 1068.725513][ T98] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1068.741030][ T98] buffer_io_error: 23 callbacks suppressed [ 1068.741047][ T98] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1068.758963][ T3447] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1068.803587][ T3447] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1068.865669][ T3447] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1068.924079][ T3447] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1068.932004][ T3447] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1069.025901][ T3447] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1069.083501][ T3447] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1069.142506][ T3447] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1069.204338][ T3447] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1069.261229][ T3447] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1069.336642][ T3447] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1069.397765][ T3447] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1069.451970][ T3447] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1069.522690][ T3447] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1069.576101][ T3447] ldm_validate_partition_table(): Disk read failed. [ 1069.617705][ T3447] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1069.685322][ T3447] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1069.730136][ T3447] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1069.790936][ T3447] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1069.836293][ T3447] Dev nbd1: unable to read RDB block 0 [ 1069.842407][ T3447] nbd1: unable to read partition table [ 1069.930802][ T3447] ldm_validate_partition_table(): Disk read failed. [ 1069.966377][ T3447] Dev nbd1: unable to read RDB block 0 [ 1070.015587][ T3447] nbd1: unable to read partition table [ 1077.930063][ T3640] Bluetooth: hci2: command 0x0406 tx timeout [ 1078.240232][ T3678] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12793'. [ 1079.254424][ T3696] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12801'. [ 1079.351452][ T3696] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1079.911064][ T3706] sd 0:0:1:0: PR command failed: 1026 [ 1079.933887][ T3706] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1079.983387][ T3706] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1083.984490][ T3776] netlink: 350 bytes leftover after parsing attributes in process `syz.3.12833'. [ 1087.858380][ T3859] lo: entered allmulticast mode [ 1087.887195][ T3858] lo: left allmulticast mode [ 1090.535468][ T3916] nbd: socks must be embedded in a SOCK_ITEM attr [ 1090.572453][ T3916] block nbd4: shutting down sockets [ 1093.078622][ T3965] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12910'. [ 1093.124758][ T3965] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1094.014731][ T3976] XFS: Clearing xfsstats [ 1095.646745][ T4002] Process accounting resumed [ 1096.903362][ T4036] misc userio: No port type given on /dev/userio [ 1100.567294][ T4107] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12966'. [ 1101.184985][ T4118] netlink: 'syz.6.12971': attribute type 1 has an invalid length. [ 1101.229948][ T4118] netlink: 206 bytes leftover after parsing attributes in process `syz.6.12971'. [ 1101.464245][ T4123] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12973'. [ 1102.697258][ T4142] netlink: 342 bytes leftover after parsing attributes in process `syz.6.12979'. [ 1104.107517][ T4180] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12996'. [ 1104.971316][ T4203] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13014'. [ 1106.489369][ T4240] netlink: 342 bytes leftover after parsing attributes in process `syz.6.13021'. [ 1109.099990][ T4293] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13044'. [ 1109.578825][ T4303] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 1110.044907][ T4314] erspan0: entered allmulticast mode [ 1110.394407][ T4324] nbd4: detected capacity change from 0 to 68719476736 [ 1110.462361][ T4326] block nbd4: Send control failed (result -22) [ 1110.498269][ T4326] block nbd4: Request send failed, requeueing [ 1110.528997][ T6164] block nbd4: Receive control failed (result -32) [ 1110.588021][ T98] block nbd4: Dead connection, failed to find a fallback [ 1110.602592][ T98] block nbd4: shutting down sockets [ 1110.612311][ T98] blk_print_req_error: 24 callbacks suppressed [ 1110.612333][ T98] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1110.627953][ T98] buffer_io_error: 23 callbacks suppressed [ 1110.627968][ T98] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1110.645194][ T4326] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1110.685097][ T4326] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1110.736542][ T4326] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1110.791398][ T4326] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1110.838326][ T4326] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1110.917140][ T4326] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1110.969656][ T4326] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1111.047804][ T4326] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1111.077335][ T4326] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1111.087543][ T4335] Invalid logical block size (4) [ 1111.150371][ T4326] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1111.208238][ T4326] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1111.274184][ T4326] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1111.315006][ T4326] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1111.383196][ T4326] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1111.430654][ T4326] ldm_validate_partition_table(): Disk read failed. [ 1111.484292][ T4326] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1111.493508][ T4326] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1111.605555][ T4326] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1111.648677][ T4326] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1111.700524][ T4326] Dev nbd4: unable to read RDB block 0 [ 1111.755219][ T4326] nbd4: unable to read partition table [ 1111.819837][ T4326] ldm_validate_partition_table(): Disk read failed. [ 1111.874945][ T4326] Dev nbd4: unable to read RDB block 0 [ 1111.897905][ T4326] nbd4: unable to read partition table [ 1113.275901][ T4381] nbd: socks must be embedded in a SOCK_ITEM attr [ 1113.297573][ T4381] block nbd5: shutting down sockets [ 1113.826633][ T4393] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 1114.894105][ T4418] nbd: socks must be embedded in a SOCK_ITEM attr [ 1114.900750][ T4418] block nbd5: shutting down sockets [ 1116.475769][ T4445] block nbd5: Unsupported socket: shutdown callout must be supported. [ 1119.338927][ T4502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13129'. [ 1123.048735][ T4575] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13161'. [ 1123.095645][ T4575] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1123.635233][ T4588] sd 0:0:1:0: PR command failed: 1026 [ 1123.640695][ T4588] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1123.701418][ T4588] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1125.919613][ T4636] sock: sock_set_timeout: `syz.8.13182' (pid 4636) tries to set negative timeout [ 1125.936595][ T4625] Process accounting paused [ 1126.225513][ T6164] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1126.225559][ T6164] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 1126.241074][ T6164] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 1126.241119][ T6164] Bluetooth: hci0: adv larger than maximum supported [ 1126.248839][ T6164] Bluetooth: hci0: adv larger than maximum supported [ 1126.256977][ T6164] Bluetooth: hci0: adv larger than maximum supported [ 1126.263765][ T6164] Bluetooth: hci0: Malformed LE Event: 0x0d [ 1127.472257][ T4668] sd 0:0:1:0: PR command failed: 1026 [ 1127.514237][ T4668] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1127.521123][ T4668] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1127.946768][ T4675] nbd5: detected capacity change from 0 to 68719476736 [ 1128.037646][ T4679] block nbd5: Send control failed (result -22) [ 1128.043891][ T4679] block nbd5: Request send failed, requeueing [ 1128.184461][ T98] block nbd5: Dead connection, failed to find a fallback [ 1128.191563][ T98] block nbd5: shutting down sockets [ 1128.198005][ T98] blk_print_req_error: 24 callbacks suppressed [ 1128.198021][ T98] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1128.214132][ T98] buffer_io_error: 23 callbacks suppressed [ 1128.214148][ T98] Buffer I/O error on dev nbd5, logical block 0, async page read [ 1128.234190][ T4679] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1128.243288][ T4679] Buffer I/O error on dev nbd5, logical block 0, async page read [ 1128.353151][ T4679] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1128.409387][ T4679] Buffer I/O error on dev nbd5, logical block 0, async page read [ 1128.461618][ T4679] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1128.546927][ T4679] Buffer I/O error on dev nbd5, logical block 0, async page read [ 1128.584487][ T4679] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1128.593581][ T4679] Buffer I/O error on dev nbd5, logical block 0, async page read [ 1128.697905][ T4679] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1128.748853][ T4679] Buffer I/O error on dev nbd5, logical block 0, async page read [ 1128.794319][ T4679] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1128.803518][ T4679] Buffer I/O error on dev nbd5, logical block 0, async page read [ 1128.898999][ T4679] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1128.959557][ T4679] Buffer I/O error on dev nbd5, logical block 0, async page read [ 1129.017622][ T4679] ldm_validate_partition_table(): Disk read failed. [ 1129.054794][ T4679] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1129.121570][ T4679] Buffer I/O error on dev nbd5, logical block 0, async page read [ 1129.179412][ T4679] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1129.246482][ T4679] Buffer I/O error on dev nbd5, logical block 0, async page read [ 1129.304493][ T4679] Dev nbd5: unable to read RDB block 0 [ 1129.310361][ T4679] nbd5: unable to read partition table [ 1129.390147][ T4679] ldm_validate_partition_table(): Disk read failed. [ 1129.438679][ T4679] Dev nbd5: unable to read RDB block 0 [ 1129.477065][ T4679] nbd5: unable to read partition table [ 1131.014345][ T4745] lo: entered allmulticast mode [ 1131.037614][ T4743] lo: left allmulticast mode [ 1133.857532][ T4790] ================================================================== [ 1133.865662][ T4790] BUG: KASAN: slab-use-after-free in idr_for_each+0x252/0x270 [ 1133.873179][ T4790] Read of size 8 at addr ffff88805354a3f0 by task syz.0.13243/4790 [ 1133.881134][ T4790] [ 1133.883481][ T4790] CPU: 0 UID: 0 PID: 4790 Comm: syz.0.13243 Tainted: G U 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 1133.883516][ T4790] Tainted: [U]=USER [ 1133.883525][ T4790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1133.883540][ T4790] Call Trace: [ 1133.883559][ T4790] [ 1133.883570][ T4790] dump_stack_lvl+0x116/0x1f0 [ 1133.883615][ T4790] print_report+0xc3/0x620 [ 1133.883646][ T4790] ? __virt_addr_valid+0x5e/0x590 [ 1133.883667][ T4790] ? __phys_addr+0xc6/0x150 [ 1133.883706][ T4790] kasan_report+0xd9/0x110 [ 1133.883735][ T4790] ? idr_for_each+0x252/0x270 [ 1133.883771][ T4790] ? idr_for_each+0x252/0x270 [ 1133.883809][ T4790] ? __pfx_shm_try_destroy_orphaned+0x10/0x10 [ 1133.883840][ T4790] idr_for_each+0x252/0x270 [ 1133.883877][ T4790] ? __pfx_idr_for_each+0x10/0x10 [ 1133.883914][ T4790] ? __pfx_down_write+0x10/0x10 [ 1133.883943][ T4790] shm_destroy_orphaned+0x85/0x90 [ 1133.883973][ T4790] proc_ipc_dointvec_minmax_orphans+0xca/0xe0 [ 1133.884010][ T4790] proc_sys_call_handler+0x3c6/0x5a0 [ 1133.884039][ T4790] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1133.884071][ T4790] vfs_write+0x5ae/0x1150 [ 1133.884095][ T4790] ? __pfx_proc_sys_write+0x10/0x10 [ 1133.884121][ T4790] ? __pfx___mutex_lock+0x10/0x10 [ 1133.884143][ T4790] ? __pfx_vfs_write+0x10/0x10 [ 1133.884174][ T4790] ksys_write+0x12b/0x250 [ 1133.884197][ T4790] ? __pfx_ksys_write+0x10/0x10 [ 1133.884224][ T4790] do_syscall_64+0xcd/0x250 [ 1133.884248][ T4790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1133.884284][ T4790] RIP: 0033:0x7fcfe838cde9 [ 1133.884303][ T4790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1133.884327][ T4790] RSP: 002b:00007fcfe9214038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1133.884349][ T4790] RAX: ffffffffffffffda RBX: 00007fcfe85a5fa0 RCX: 00007fcfe838cde9 [ 1133.884365][ T4790] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1133.884379][ T4790] RBP: 00007fcfe840e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1133.884394][ T4790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1133.884408][ T4790] R13: 0000000000000000 R14: 00007fcfe85a5fa0 R15: 00007ffc477f12e8 [ 1133.884430][ T4790] [ 1133.884437][ T4790] [ 1134.108592][ T4790] Allocated by task 1798: [ 1134.113012][ T4790] kasan_save_stack+0x33/0x60 [ 1134.117731][ T4790] kasan_save_track+0x14/0x30 [ 1134.122417][ T4790] __kasan_slab_alloc+0x89/0x90 [ 1134.127279][ T4790] kmem_cache_alloc_noprof+0x1c8/0x3b0 [ 1134.132762][ T4790] radix_tree_node_alloc.constprop.0+0x1e8/0x350 [ 1134.139112][ T4790] idr_get_free+0x528/0xa40 [ 1134.143632][ T4790] idr_alloc_u32+0x191/0x2f0 [ 1134.148238][ T4790] idr_alloc_cyclic+0x10c/0x230 [ 1134.153104][ T4790] ipc_addid+0x697/0x1f50 [ 1134.157442][ T4790] newseg+0x674/0xe60 [ 1134.161432][ T4790] ipcget+0x866/0xd80 [ 1134.165424][ T4790] __x64_sys_shmget+0x13f/0x1b0 [ 1134.170286][ T4790] do_syscall_64+0xcd/0x250 [ 1134.174796][ T4790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1134.180709][ T4790] [ 1134.183054][ T4790] Freed by task 16: [ 1134.186962][ T4790] kasan_save_stack+0x33/0x60 [ 1134.191674][ T4790] kasan_save_track+0x14/0x30 [ 1134.196388][ T4790] kasan_save_free_info+0x3b/0x60 [ 1134.201461][ T4790] __kasan_slab_free+0x51/0x70 [ 1134.206242][ T4790] kmem_cache_free+0x2e2/0x4d0 [ 1134.211018][ T4790] rcu_core+0x79d/0x14d0 [ 1134.215281][ T4790] handle_softirqs+0x213/0x8f0 [ 1134.220151][ T4790] run_ksoftirqd+0x3a/0x60 [ 1134.224582][ T4790] smpboot_thread_fn+0x661/0xa30 [ 1134.229554][ T4790] kthread+0x3af/0x750 [ 1134.233639][ T4790] ret_from_fork+0x45/0x80 [ 1134.238068][ T4790] ret_from_fork_asm+0x1a/0x30 [ 1134.242847][ T4790] [ 1134.245184][ T4790] Last potentially related work creation: [ 1134.250900][ T4790] kasan_save_stack+0x33/0x60 [ 1134.255592][ T4790] kasan_record_aux_stack+0xb8/0xd0 [ 1134.260813][ T4790] __call_rcu_common.constprop.0+0x9a/0x870 [ 1134.266755][ T4790] delete_node+0x1fc/0x8e0 [ 1134.271228][ T4790] __radix_tree_delete+0x193/0x3d0 [ 1134.276382][ T4790] radix_tree_delete_item+0xeb/0x230 [ 1134.281706][ T4790] ipc_rmid+0x10b/0x3e0 [ 1134.285882][ T4790] shm_destroy+0x2d7/0x6d0 [ 1134.290314][ T4790] shm_try_destroy_orphaned+0x1a8/0x270 [ 1134.295979][ T4790] idr_for_each+0x141/0x270 [ 1134.300600][ T4790] shm_destroy_orphaned+0x85/0x90 [ 1134.305638][ T4790] proc_ipc_dointvec_minmax_orphans+0xca/0xe0 [ 1134.311722][ T4790] proc_sys_call_handler+0x3c6/0x5a0 [ 1134.317019][ T4790] vfs_write+0x5ae/0x1150 [ 1134.321359][ T4790] ksys_write+0x12b/0x250 [ 1134.325712][ T4790] do_syscall_64+0xcd/0x250 [ 1134.330220][ T4790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1134.336163][ T4790] [ 1134.338512][ T4790] The buggy address belongs to the object at ffff88805354a3c0 [ 1134.338512][ T4790] which belongs to the cache radix_tree_node of size 576 [ 1134.353196][ T4790] The buggy address is located 48 bytes inside of [ 1134.353196][ T4790] freed 576-byte region [ffff88805354a3c0, ffff88805354a600) [ 1134.367024][ T4790] [ 1134.369378][ T4790] The buggy address belongs to the physical page: [ 1134.375794][ T4790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880535498c0 pfn:0x53548 [ 1134.385953][ T4790] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1134.394557][ T4790] memcg:ffff88802f32c001 [ 1134.398823][ T4790] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 1134.407591][ T4790] page_type: f5(slab) [ 1134.411579][ T4790] raw: 00fff00000000240 ffff88801b04fdc0 ffffea00008e6010 ffff88801b04ed08 [ 1134.420312][ T4790] raw: ffff8880535498c0 0000000000170013 00000000f5000000 ffff88802f32c001 [ 1134.428918][ T4790] head: 00fff00000000240 ffff88801b04fdc0 ffffea00008e6010 ffff88801b04ed08 [ 1134.437603][ T4790] head: ffff8880535498c0 0000000000170013 00000000f5000000 ffff88802f32c001 [ 1134.446467][ T4790] head: 00fff00000000002 ffffea00014d5201 ffffffffffffffff 0000000000000000 [ 1134.455145][ T4790] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 1134.463812][ T4790] page dumped because: kasan: bad access detected [ 1134.470221][ T4790] page_owner tracks the page as allocated [ 1134.475940][ T4790] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x52830(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_RECLAIMABLE), pid 15204, tgid 15203 (syz.4.4472), ts 346641279489, free_ts 344707683829 [ 1134.497150][ T4790] post_alloc_hook+0x181/0x1b0 [ 1134.501938][ T4790] get_page_from_freelist+0xfce/0x2f80 [ 1134.507417][ T4790] __alloc_frozen_pages_noprof+0x221/0x2470 [ 1134.513331][ T4790] alloc_pages_mpol+0x1fc/0x540 [ 1134.518205][ T4790] new_slab+0x23d/0x330 [ 1134.522405][ T4790] ___slab_alloc+0xbfa/0x1600 [ 1134.527104][ T4790] __slab_alloc.constprop.0+0x56/0xb0 [ 1134.532483][ T4790] kmem_cache_alloc_noprof+0xeb/0x3b0 [ 1134.537953][ T4790] radix_tree_node_alloc.constprop.0+0x1e8/0x350 [ 1134.544314][ T4790] idr_get_free+0x528/0xa40 [ 1134.548877][ T4790] idr_alloc_u32+0x191/0x2f0 [ 1134.553510][ T4790] idr_alloc_cyclic+0x10c/0x230 [ 1134.558396][ T4790] __kernfs_new_node+0x11b/0x890 [ 1134.563363][ T4790] kernfs_new_node+0x186/0x240 [ 1134.568153][ T4790] __kernfs_create_file+0x53/0x350 [ 1134.573295][ T4790] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 1134.578700][ T4790] page last free pid 15144 tgid 15144 stack trace: [ 1134.585236][ T4790] free_frozen_pages+0x6db/0xfb0 [ 1134.590219][ T4790] qlist_free_all+0x4e/0x120 [ 1134.594834][ T4790] kasan_quarantine_reduce+0x195/0x1e0 [ 1134.600314][ T4790] __kasan_slab_alloc+0x69/0x90 [ 1134.605208][ T4790] kmem_cache_alloc_node_noprof+0x1ca/0x3b0 [ 1134.611307][ T4790] copy_process+0x49c/0x6f20 [ 1134.615926][ T4790] kernel_clone+0xfd/0x960 [ 1134.620536][ T4790] __do_sys_clone3+0x1f9/0x270 [ 1134.625318][ T4790] do_syscall_64+0xcd/0x250 [ 1134.629834][ T4790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1134.635748][ T4790] [ 1134.638069][ T4790] Memory state around the buggy address: [ 1134.643700][ T4790] ffff88805354a280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1134.651764][ T4790] ffff88805354a300: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 1134.659849][ T4790] >ffff88805354a380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 1134.667950][ T4790] ^ [ 1134.675689][ T4790] ffff88805354a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1134.683867][ T4790] ffff88805354a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1134.692026][ T4790] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1136.560719][ T2767] bridge0: port 4(syz_tun) entered disabled state [ 1136.675750][ T2767] syz_tun (unregistering): left allmulticast mode [ 1136.682246][ T2767] syz_tun (unregistering): left promiscuous mode [ 1136.730997][ T2767] bridge0: port 4(syz_tun) entered disabled state [ 1137.026729][ T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1137.182535][ T4797] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 1137.281356][ T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1137.475384][ T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1137.621178][ T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1138.005924][ T52] vlan1: left allmulticast mode [ 1138.010838][ T52] veth0_vlan: left allmulticast mode [ 1138.067451][ T52] vlan1: left promiscuous mode [ 1138.072598][ T52] bridge0: port 3(vlan1) entered disabled state [ 1138.194727][ T52] bridge_slave_1: left allmulticast mode [ 1138.200577][ T52] bridge_slave_1: left promiscuous mode [ 1138.234898][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 1138.284665][ T52] bridge_slave_0: left allmulticast mode [ 1138.324893][ T52] bridge_slave_0: left promiscuous mode [ 1138.330823][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 1139.792122][ T4790] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1139.799502][ T4790] CPU: 0 UID: 0 PID: 4790 Comm: syz.0.13243 Tainted: G U 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 [ 1139.812025][ T4790] Tainted: [U]=USER [ 1139.815859][ T4790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1139.826053][ T4790] Call Trace: [ 1139.829435][ T4790] [ 1139.832415][ T4790] dump_stack_lvl+0x3d/0x1f0 [ 1139.837336][ T4790] panic+0x71d/0x800 [ 1139.841293][ T4790] ? __pfx_panic+0x10/0x10 [ 1139.845734][ T4790] ? preempt_schedule_thunk+0x1a/0x30 [ 1139.851169][ T4790] ? preempt_schedule_common+0x44/0xc0 [ 1139.856696][ T4790] check_panic_on_warn+0xab/0xb0 [ 1139.861853][ T4790] end_report+0x117/0x180 [ 1139.866209][ T4790] kasan_report+0xe9/0x110 [ 1139.870759][ T4790] ? idr_for_each+0x252/0x270 [ 1139.875577][ T4790] ? idr_for_each+0x252/0x270 [ 1139.880496][ T4790] ? __pfx_shm_try_destroy_orphaned+0x10/0x10 [ 1139.886690][ T4790] idr_for_each+0x252/0x270 [ 1139.891680][ T4790] ? __pfx_idr_for_each+0x10/0x10 [ 1139.896865][ T4790] ? __pfx_down_write+0x10/0x10 [ 1139.902238][ T4790] shm_destroy_orphaned+0x85/0x90 [ 1139.907524][ T4790] proc_ipc_dointvec_minmax_orphans+0xca/0xe0 [ 1139.913704][ T4790] proc_sys_call_handler+0x3c6/0x5a0 [ 1139.919035][ T4790] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1139.924874][ T4790] vfs_write+0x5ae/0x1150 [ 1139.929539][ T4790] ? __pfx_proc_sys_write+0x10/0x10 [ 1139.934795][ T4790] ? __pfx___mutex_lock+0x10/0x10 [ 1139.940033][ T4790] ? __pfx_vfs_write+0x10/0x10 [ 1139.944829][ T4790] ksys_write+0x12b/0x250 [ 1139.949221][ T4790] ? __pfx_ksys_write+0x10/0x10 [ 1139.954115][ T4790] do_syscall_64+0xcd/0x250 [ 1139.958633][ T4790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1139.964566][ T4790] RIP: 0033:0x7fcfe838cde9 [ 1139.969100][ T4790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1139.988738][ T4790] RSP: 002b:00007fcfe9214038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1139.997197][ T4790] RAX: ffffffffffffffda RBX: 00007fcfe85a5fa0 RCX: 00007fcfe838cde9 [ 1140.005238][ T4790] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1140.013514][ T4790] RBP: 00007fcfe840e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1140.021504][ T4790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1140.029507][ T4790] R13: 0000000000000000 R14: 00007fcfe85a5fa0 R15: 00007ffc477f12e8 [ 1140.037778][ T4790] [ 1140.040890][ T4790] Kernel Offset: disabled [ 1140.045309][ T4790] Rebooting in 86400 seconds..