last executing test programs: 12m54.871353678s ago: executing program 32 (id=574): bpf$auto(0x12, &(0x7f0000000000)=@info={0x2800, 0x1ff, 0x2}, 0xcf) 10m40.64325462s ago: executing program 33 (id=3665): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/oss\x00', 0x88400, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000180)=""/210, 0xd2) 8m26.727548092s ago: executing program 2 (id=6497): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$auto(r0, 0x540a, r0) 8m26.529134058s ago: executing program 2 (id=6502): r0 = socket(0xa, 0x5, 0x84) getsockopt$auto(r0, 0x84, 0x1f, 0x0, &(0x7f0000000080)=0x49b) 8m26.442013427s ago: executing program 2 (id=6504): r0 = openat$auto_fragmentation_threshold_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/fragmentation_threshold\x00', 0x400, 0x0) read$auto_fragmentation_threshold_ops_(r0, 0x0, 0x0) 8m26.287814516s ago: executing program 2 (id=6508): open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mount$auto(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cifs\x00', 0x1f, 0x0) 8m26.055194234s ago: executing program 2 (id=6513): tkill$auto(0x1, 0x7) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79) 8m25.713493825s ago: executing program 2 (id=6520): r0 = openat$auto_dai_list_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pread64$auto(r0, 0x0, 0x4, 0xffff) 8m25.402501105s ago: executing program 34 (id=6520): r0 = openat$auto_dai_list_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pread64$auto(r0, 0x0, 0x4, 0xffff) 8m13.033555509s ago: executing program 4 (id=6691): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyw0\x00', 0x40001, 0x0) ioctl$auto_TIOCSBRK2(r0, 0x5427, 0x0) 8m12.803966478s ago: executing program 4 (id=6696): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/nbd9/queue/iosched/read_expire\x00', 0x206a1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)='-7', 0x2) 8m12.62257439s ago: executing program 4 (id=6700): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000140)=""/123, 0x7b) 8m12.436552983s ago: executing program 4 (id=6703): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rt_cache\x00', 0xa182, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000240)=""/4096, 0x1000) 8m12.13755966s ago: executing program 4 (id=6706): setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) tkill$auto(0x80000000000001, 0x7) 8m11.547010457s ago: executing program 4 (id=6715): openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x8082, 0x0) read$auto(0x3, 0x0, 0x7ffffffff000) 8m11.142463706s ago: executing program 35 (id=6715): openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x8082, 0x0) read$auto(0x3, 0x0, 0x7ffffffff000) 5m18.241448336s ago: executing program 1 (id=9761): mmap$auto(0x0, 0x2020009, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r0, 0x0, 0x27, 0x0, 0xc) 5m18.086736157s ago: executing program 1 (id=9764): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_KEY_SET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01002abd7000fcdbdf2517000000080006"], 0x1c}, 0x1, 0x0, 0x0, 0x20000090}, 0x4000) 5m17.96812256s ago: executing program 1 (id=9766): r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x30, r0, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x14, 0x1, 0x0, 0x1, [@nested={0x10, 0x10, 0x0, 0x1, [@typed={0xc, 0xb, 0x0, 0x0, @u64=0x8}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) 5m17.852084176s ago: executing program 1 (id=9768): r0 = socket(0x2, 0x801, 0x106) setsockopt$auto(r0, 0x1, 0x2, &(0x7f0000000040)='\xe2 \xa8\xf4', 0x7) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4001, @loopback}, 0x6b) 5m17.722017835s ago: executing program 1 (id=9772): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 5m17.208129672s ago: executing program 1 (id=9781): mmap$auto(0x0, 0x2020009, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) rt_sigsuspend$auto(0x0, 0x8) 5m16.892290521s ago: executing program 36 (id=9781): mmap$auto(0x0, 0x2020009, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) rt_sigsuspend$auto(0x0, 0x8) 3m58.796614367s ago: executing program 8 (id=10733): r0 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x101202, 0x0) write$auto_nvmf_dev_fops_fabrics(r0, &(0x7f0000001500)='7', 0x1) ppoll$auto(&(0x7f0000000040)={r0, 0x3}, 0x0, &(0x7f0000000080)={0x10000, 0xffffffffffffffff}, &(0x7f0000000100)={0x3}, 0x8) ioctl$auto_RNDADDTOENTCNT2(r1, 0x40045201, &(0x7f0000000140)=0x8001) 3m58.27154508s ago: executing program 8 (id=10738): socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x21}}, 0x54) close_range$auto(0x2, 0x8, 0x0) 3m58.072402125s ago: executing program 8 (id=10740): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x1e, 0x2, 0x0) getsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x0) 3m57.582867256s ago: executing program 8 (id=10745): setresuid$auto(0xf5, 0x8000, 0x67) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), r0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000000240)={0x14, r1, 0x2d, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x0) 3m57.273085817s ago: executing program 8 (id=10751): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xffffffffffff0001, 0x15) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 3m55.240551779s ago: executing program 8 (id=10768): r0 = socket(0x10, 0x2, 0x0) bpf$auto(0x1f, &(0x7f00000004c0)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x4, 0x9, 0xffffffffffffffff, @relative_fd, 0x91}, 0x3ff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) 3m54.923228502s ago: executing program 37 (id=10768): r0 = socket(0x10, 0x2, 0x0) bpf$auto(0x1f, &(0x7f00000004c0)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x4, 0x9, 0xffffffffffffffff, @relative_fd, 0x91}, 0x3ff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) 2m50.127038478s ago: executing program 7 (id=11600): mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r1, 0x2282, r0) 2m49.678895022s ago: executing program 7 (id=11604): mmap$auto(0x0, 0x40009, 0xdd, 0x9b72, 0x7, 0x28000) r0 = socket(0x15, 0x5, 0x0) setsockopt$auto(r0, 0x114, 0x8, 0x0, 0x4) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) 2m49.50983657s ago: executing program 7 (id=11608): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) pipe$auto(0x0) write$auto(0x3, 0x0, 0xfffffdef) 2m49.366540854s ago: executing program 7 (id=11611): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) timer_create$auto(0x0, 0x0, 0x0) timer_settime$auto(0x0, 0x803, &(0x7f00000000c0)={{0x8, 0x8}, {0x9, 0x37}}, 0x0) timer_gettime$auto(0x0, 0x0) 2m48.839506064s ago: executing program 7 (id=11617): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) tkill$auto(0x80000000000001, 0x7) 2m47.633761672s ago: executing program 7 (id=11630): sendmsg$auto_NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x0, 0x20, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r0 = socket(0x18, 0x80000, 0x0) connect$auto(r0, &(0x7f0000000180)=@in={0x2, 0x0, @rand_addr=0x64010101}, 0x1e) 2m47.259935699s ago: executing program 38 (id=11630): sendmsg$auto_NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x0, 0x20, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r0 = socket(0x18, 0x80000, 0x0) connect$auto(r0, &(0x7f0000000180)=@in={0x2, 0x0, @rand_addr=0x64010101}, 0x1e) 2m46.07171796s ago: executing program 9 (id=11646): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x100000000008, 0x8000) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0xffffffffc0106f32, 0x0) 2m45.47684837s ago: executing program 9 (id=11650): ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0x1, 0x1, 0x8, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d"}, 0x2, 0x5, 0x4, @inferred, @integer={0x7, 0x5, 0x5}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd73340238d212b6debe0eda71bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) rt_sigqueueinfo$auto(0x0, 0x4, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x7e73, @_timer={0x0, 0x80000001, @sival_ptr=0x0, 0x5}}}) r0 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)='M', 0x49}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100) 2m45.227559802s ago: executing program 9 (id=11653): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x24, r0, 0x13, 0x70bd2c, 0x25dfdbdd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) 2m44.902118093s ago: executing program 9 (id=11657): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = fanotify_init$auto(0x6a1, 0x2000000000002) fanotify_mark$auto(0x0, 0x1, 0x5, r0, 0x0) read$auto_lsm_ops_inode(r0, &(0x7f00000000c0)=""/243, 0xf3) 2m43.971425284s ago: executing program 9 (id=11663): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) tkill$auto(0x80000000000001, 0x7) 2m43.249688332s ago: executing program 9 (id=11668): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x8) 2m42.98875872s ago: executing program 39 (id=11668): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x8) 3.768666214s ago: executing program 6 (id=13222): bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r0, 0x0, 0x800003, 0x800000000000e2a) 2.446841021s ago: executing program 6 (id=13229): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x11, 0x2, 0x88) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0x0) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3) 2.432267639s ago: executing program 0 (id=13231): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000004000), 0x40, 0x0) ioctl$auto_RNDADDENTROPY2(r1, 0x40085203, 0x0) 2.098180274s ago: executing program 5 (id=13235): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x80001) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) 2.020532024s ago: executing program 6 (id=13236): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/v4l-subdev7\x00', 0x0, 0x0) ioctl$auto(0x3, 0xc0305602, 0x38) 1.750343028s ago: executing program 5 (id=13238): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) r0 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r0, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) 1.558419063s ago: executing program 5 (id=13240): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) flistxattr$auto(0x1, 0x0, 0x9) 1.503165239s ago: executing program 6 (id=13241): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r1, 0x2272, r0) 1.362381026s ago: executing program 0 (id=13242): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setreuid$auto(0x0, 0x20000000004) socket(0xa, 0x5, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) setsockopt$auto(0x3, 0x0, 0x13, 0x0, 0x9) 1.352807134s ago: executing program 3 (id=13243): close_range$auto(0x2, 0x8, 0x0) socket(0x2a, 0x2, 0x1) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0xfdef}, 0x8) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 1.227915677s ago: executing program 3 (id=13244): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x6) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 1.187744047s ago: executing program 6 (id=13245): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) sysfs$auto(0x2, 0x4, 0x0) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x8) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52) 1.183572987s ago: executing program 0 (id=13246): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) ioctl$auto(0x3, 0x8912, 0x46) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x802, 0x0) ioctl$auto(0x3, 0x80045530, 0x38) 878.933579ms ago: executing program 3 (id=13247): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x80001) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) 878.247533ms ago: executing program 5 (id=13255): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) r0 = socket(0xa, 0x801, 0x84) syz_clone3(&(0x7f0000000400)={0x28000000, 0x0, 0x0, 0x0, {0x3f}, 0x0, 0x0, 0x0, 0x0}, 0x58) getsockopt$auto(r0, 0x84, 0x83, 0x0, 0x0) 668.124958ms ago: executing program 0 (id=13248): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="7201fbc5"], 0x1ac}, 0x1, 0x0, 0x0, 0x80}, 0x40000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x13, &(0x7f0000000000), 0x2) 605.543813ms ago: executing program 3 (id=13249): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r0, 0x84, 0x9, 0x0, &(0x7f0000000000)=0x98) 387.277141ms ago: executing program 0 (id=13250): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r0, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000011080)={&(0x7f0000001380)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @uid}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008105}, 0x4464) 377.055176ms ago: executing program 5 (id=13251): close_range$auto(0x2, 0x8000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29e, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x51, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_enter$auto(r0, 0x9, 0x820e, 0x4, 0x0, 0x18) 282.386982ms ago: executing program 3 (id=13252): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x8c) ioctl$auto_UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x5, 0x8, 0x3}) writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb) 190.16404ms ago: executing program 5 (id=13253): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) r0 = socket(0x11, 0x800000003, 0x0) getsockopt$auto(r0, 0x107, 0x10400009, 0x0, 0x0) 155.891422ms ago: executing program 6 (id=13254): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) r2 = socket(0x1d, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'macsec0\x00', 0x0}) sendmsg$auto_MACSEC_CMD_UPD_RXSC(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x2c, r1, 0x201, 0x70bd2a, 0x25dfdbfe, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x10, 0x2, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xa}]}, @MACSEC_ATTR_IFINDEX={0x8, 0x1, r3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004054}, 0x480b0) 121.937855ms ago: executing program 3 (id=13256): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/kernel/shm_rmid_forced\x00', 0x141241, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 0s ago: executing program 0 (id=13257): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) sendto$auto(0x3, 0x0, 0x79, 0x2, &(0x7f0000000440)=@tipc=@name={0x1e, 0x2, 0x3, {{0x1, 0x1}}}, 0x20) kernel console output (not intermixed with test programs): 368.579901][T19593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.611702][T19593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.635088][T19593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.664935][T19593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.691808][T19593] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 368.747741][T19593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.791197][T19593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.817723][T19593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.817898][T19937] ICMPv6: process `syz.1.6657' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 368.837083][T19593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.888088][T19593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.901301][T19593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.912893][T19593] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 368.966351][T19593] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.987944][T19593] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.999257][T19593] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.014235][T19593] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.070308][ T29] audit: type=1800 audit(4294967403.408:35): pid=19944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.6660" name="discovery_nqn" dev="configfs" ino=52444 res=0 errno=0 [ 369.282496][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 369.290376][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 369.424090][T19578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 369.453312][T19578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.741815][ T52] bridge_slave_1: left allmulticast mode [ 372.747525][ T52] bridge_slave_1: left promiscuous mode [ 372.770399][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.792036][ T52] bridge_slave_0: left allmulticast mode [ 372.797734][ T52] bridge_slave_0: left promiscuous mode [ 372.824862][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.713175][ T6271] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 373.726589][ T6271] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 373.734784][ T6271] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 373.768484][ T6271] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 373.776294][ T6271] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 373.784516][ T6271] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 374.096253][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 374.131097][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 374.150586][ T52] bond0 (unregistering): Released all slaves [ 374.909049][ T52] hsr_slave_0: left promiscuous mode [ 374.941398][ T52] hsr_slave_1: left promiscuous mode [ 374.954906][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 374.981155][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 375.005761][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 375.028427][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 375.080607][ T52] veth1_macvtap: left promiscuous mode [ 375.086187][ T52] veth0_macvtap: left promiscuous mode [ 375.118062][ T52] veth1_vlan: left promiscuous mode [ 375.123420][ T52] veth0_vlan: left promiscuous mode [ 375.841632][T20219] warn_unsupported: 17 callbacks suppressed [ 375.841651][T20219] kernel read not supported for file /Pr ^!8;n~ZJp-v<)R_WtakG6h mD|vQ (pid: 20219 comm: syz.1.6763) [ 375.885618][ T6262] Bluetooth: hci2: command tx timeout [ 375.907481][ T29] audit: type=1800 audit(4294967410.287:36): pid=20219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6763" name=5002B9D50272BCD0095EC0217FC0DD38B080FA3B97056EF47E5A05F1EFD1F108D94A9B70DFE7CD1F842DBB05A5B8FCF7763C29DD5202D80D5F03E78E577461FABDAF066B47F7AA361C680B6D44FC7C76D451 dev="mqueue" ino=52925 res=0 errno=0 [ 375.941121][ C1] vkms_vblank_simulate: vblank timer overrun [ 376.020387][T20223] kmem.limit_in_bytes is deprecated and will be removed. Writing any value to this file has no effect. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 376.039596][ C1] vkms_vblank_simulate: vblank timer overrun [ 376.190877][ T29] audit: type=1800 audit(4294967410.569:37): pid=20229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.6769" name="dbroot" dev="configfs" ino=53436 res=0 errno=0 [ 376.243788][T20229] db_root: cannot open: [ 377.157591][ T52] team0 (unregistering): Port device team_slave_1 removed [ 377.322543][ T52] team0 (unregistering): Port device team_slave_0 removed [ 377.398619][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.405126][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 377.941759][ T6262] Bluetooth: hci2: command tx timeout [ 378.802077][T20140] chnl_net:caif_netlink_parms(): no params data found [ 379.125110][T20140] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.132281][T20140] bridge0: port 1(bridge_slave_0) entered disabled state [ 379.169719][T20140] bridge_slave_0: entered allmulticast mode [ 379.219238][T20140] bridge_slave_0: entered promiscuous mode [ 379.246231][T20140] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.253705][T20140] bridge0: port 2(bridge_slave_1) entered disabled state [ 379.294180][T20140] bridge_slave_1: entered allmulticast mode [ 379.301247][T20140] bridge_slave_1: entered promiscuous mode [ 379.515841][T20140] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 379.535433][T20140] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 379.615652][T20140] team0: Port device team_slave_0 added [ 379.649359][T20140] team0: Port device team_slave_1 added [ 379.761954][T20140] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 379.768987][T20140] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 379.851661][T20140] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 379.892449][T20140] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 379.899436][T20140] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 379.978099][T20140] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 380.015868][ T6262] Bluetooth: hci2: command tx timeout [ 380.248327][T20140] hsr_slave_0: entered promiscuous mode [ 380.279185][T20140] hsr_slave_1: entered promiscuous mode [ 380.285378][T20140] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 380.328165][T20140] Cannot create hsr debugfs directory [ 380.823192][T20140] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 380.866270][T20140] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 380.890346][T20140] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 380.922636][T20140] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 381.139590][T20140] 8021q: adding VLAN 0 to HW filter on device bond0 [ 381.181208][T20140] 8021q: adding VLAN 0 to HW filter on device team0 [ 381.234696][T19578] bridge0: port 1(bridge_slave_0) entered blocking state [ 381.241827][T19578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 381.278269][T19578] bridge0: port 2(bridge_slave_1) entered blocking state [ 381.285447][T19578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 381.765399][T20140] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 382.078522][ T6262] Bluetooth: hci2: command tx timeout [ 382.345744][T20140] veth0_vlan: entered promiscuous mode [ 382.373167][T20140] veth1_vlan: entered promiscuous mode [ 382.419872][T20140] veth0_macvtap: entered promiscuous mode [ 382.453180][T20140] veth1_macvtap: entered promiscuous mode [ 382.502228][T20140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 382.523007][T20140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.534698][T20140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 382.553329][T20140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.564349][T20140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 382.596947][T20140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.651882][T20140] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 382.691352][T20140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 382.724014][T20140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.755621][T20140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 382.788321][T20140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.817084][T20140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 382.849588][T20140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.895886][T20140] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 382.939269][T20140] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.961985][T20140] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.971089][T20140] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.983341][T20140] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.181525][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 383.213241][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 383.258742][T19578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 383.273775][T19578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 384.590860][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.602112][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.377886][T20571] __vm_enough_memory: pid: 20571, comm: syz.1.6918, bytes: 4503599627366400 not enough memory for the allocation [ 385.459142][T20574] syz.6.6919 (20574): attempted to duplicate a private mapping with mremap. This is not supported. [ 386.528209][T20624] block nbd8: NBD_DISCONNECT [ 387.640629][T20673] program syz.5.6974 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 387.686331][T20673] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 389.343750][T20738] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(3) [ 391.877928][ T29] audit: type=1800 audit(4294967426.348:38): pid=20861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.7035" name="lu_gp_id" dev="configfs" ino=54963 res=0 errno=0 [ 392.322237][T20881] futex_wake_op: syz.6.7043 tries to shift op by 64; fix this program [ 396.369927][T21083] block2mtd: error: cannot open device 3QI [ 396.906736][ T6262] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 397.335962][T21134] Zero length message leads to an empty skb [ 399.873893][T21244] netlink: 342 bytes leftover after parsing attributes in process `syz.1.7186'. [ 400.778952][T21280] Process accounting resumed [ 401.352019][T21292] could not allocate digest TFM handle [ 401.633221][T21296] could not allocate digest TFM handle [ 402.051664][T21334] capability: warning: `syz.5.7223' uses 32-bit capabilities (legacy support in use) [ 403.855208][T21402] openvswitch: netlink: Missing valid actions attribute. [ 404.170252][T21414] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 404.345354][T21422] netlink: 'syz.7.7264': attribute type 2 has an invalid length. [ 404.977221][T21441] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 405.037783][T21443] netlink: 'syz.6.7276': attribute type 11 has an invalid length. [ 405.052757][T21443] netlink: 'syz.6.7276': attribute type 11 has an invalid length. [ 405.068575][T21443] netlink: 'syz.6.7276': attribute type 11 has an invalid length. [ 405.076546][T21443] netlink: 'syz.6.7276': attribute type 11 has an invalid length. [ 407.920119][T21547] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 409.930231][T21627] cifs: Unknown parameter '' [ 411.483110][T21672] netlink: 'syz.7.7375': attribute type 10 has an invalid length. [ 412.278081][T21706] openvswitch: netlink: Duplicate or invalid key (type 0). [ 413.772396][T21758] openvswitch: netlink: nsh attr 1 has unexpected len 14 expected 8 [ 416.418465][T21852] netlink: 'syz.1.7461': attribute type 1 has an invalid length. [ 416.765646][T21868] netlink: 'syz.7.7468': attribute type 1 has an invalid length. [ 416.909879][T21874] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 417.865770][T21918] openvswitch: netlink: Flow key attr not present in new flow. [ 417.962492][T21920] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 418.930523][T21958] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 419.007779][T21964] openvswitch: netlink: Flow key attr not present in new flow. [ 419.109668][T21966] openvswitch: netlink: Flow actions attr not present in new flow. [ 419.289327][T21974] nbd: couldn't find device at index 33904 [ 419.451295][T21982] nfs4: Unknown parameter 'nfsd' [ 420.036682][T22005] Setting dangerous option i915.mitigations - tainting kernel [ 420.958965][T22047] netlink: ct family unspecified [ 424.362892][T22190] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7614'. [ 424.582092][T22197] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7616'. [ 425.287348][T22226] netlink: 'syz.6.7630': attribute type 1 has an invalid length. [ 426.636333][T22268] openvswitch: netlink: Key type 261 is out of range max 32 [ 426.842515][T22277] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 430.526909][T22399] netlink: zone id is out of range [ 430.541950][T22399] netlink: zone id is out of range [ 430.563346][T22399] netlink: zone id is out of range [ 430.588871][T22399] netlink: get zone limit has 8 unknown bytes [ 431.495561][T22426] nl80211: entered promiscuous mode [ 431.544376][T22432] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 431.566154][T22432] CPU: 1 UID: 0 PID: 22432 Comm: syz.1.7719 Tainted: G U 6.14.0-rc2-syzkaller #0 [ 431.566191][T22432] Tainted: [U]=USER [ 431.566200][T22432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 431.566224][T22432] Call Trace: [ 431.566231][T22432] [ 431.566245][T22432] dump_stack_lvl+0x16c/0x1f0 [ 431.566288][T22432] sysfs_warn_dup+0x7f/0xa0 [ 431.566323][T22432] sysfs_do_create_link_sd+0x124/0x140 [ 431.566361][T22432] sysfs_create_link+0x61/0xc0 [ 431.566396][T22432] device_add+0x62e/0x1a70 [ 431.566433][T22432] ? __pfx_device_add+0x10/0x10 [ 431.566463][T22432] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 431.566497][T22432] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 431.566532][T22432] wiphy_register+0x1c7a/0x2860 [ 431.566562][T22432] ? netdev_run_todo+0x877/0x1320 [ 431.566600][T22432] ? __pfx_wiphy_register+0x10/0x10 [ 431.566651][T22432] ieee80211_register_hw+0x23ff/0x3ff0 [ 431.566695][T22432] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 431.566723][T22432] ? net_generic+0xea/0x2a0 [ 431.566758][T22432] ? lockdep_init_map_type+0x16d/0x7d0 [ 431.566791][T22432] ? rcu_is_watching+0x12/0xc0 [ 431.566825][T22432] ? trace_hrtimer_init+0x1a6/0x230 [ 431.566855][T22432] ? __hrtimer_init+0x106/0x2c0 [ 431.566889][T22432] mac80211_hwsim_new_radio+0x2c47/0x56d0 [ 431.566952][T22432] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 431.567001][T22432] hwsim_new_radio_nl+0xb42/0x12b0 [ 431.567042][T22432] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 431.567096][T22432] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 431.567142][T22432] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 431.567191][T22432] genl_family_rcv_msg_doit+0x202/0x2f0 [ 431.567231][T22432] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 431.567268][T22432] ? trace_cap_capable+0x1a2/0x210 [ 431.567315][T22432] ? bpf_lsm_capable+0x9/0x10 [ 431.567345][T22432] ? security_capable+0x7e/0x260 [ 431.567381][T22432] ? ns_capable+0xd7/0x110 [ 431.567415][T22432] genl_rcv_msg+0x565/0x800 [ 431.567442][T22432] ? __pfx_genl_rcv_msg+0x10/0x10 [ 431.567467][T22432] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 431.567517][T22432] netlink_rcv_skb+0x165/0x410 [ 431.567551][T22432] ? __pfx_genl_rcv_msg+0x10/0x10 [ 431.567577][T22432] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 431.567627][T22432] ? down_read+0xc9/0x330 [ 431.567650][T22432] ? __pfx_down_read+0x10/0x10 [ 431.567675][T22432] ? netlink_deliver_tap+0x1ae/0xca0 [ 431.567713][T22432] genl_rcv+0x28/0x40 [ 431.567745][T22432] netlink_unicast+0x53c/0x7f0 [ 431.567783][T22432] ? __pfx_netlink_unicast+0x10/0x10 [ 431.567817][T22432] ? __phys_addr_symbol+0x30/0x80 [ 431.567852][T22432] ? __check_object_size+0x488/0x710 [ 431.567888][T22432] netlink_sendmsg+0x8b8/0xd70 [ 431.567927][T22432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 431.567976][T22432] ____sys_sendmsg+0x9ae/0xb40 [ 431.568008][T22432] ? copy_msghdr_from_user+0x10b/0x160 [ 431.568033][T22432] ? __pfx_____sys_sendmsg+0x10/0x10 [ 431.568084][T22432] ___sys_sendmsg+0x135/0x1e0 [ 431.568117][T22432] ? __pfx____sys_sendmsg+0x10/0x10 [ 431.568161][T22432] ? __pfx_lock_release+0x10/0x10 [ 431.568190][T22432] ? trace_lock_acquire+0x14e/0x1f0 [ 431.568227][T22432] ? __fget_files+0x206/0x3a0 [ 431.568263][T22432] __sys_sendmsg+0x16e/0x220 [ 431.568289][T22432] ? __pfx___sys_sendmsg+0x10/0x10 [ 431.568315][T22432] ? __x64_sys_futex+0x1e1/0x4c0 [ 431.568364][T22432] do_syscall_64+0xcd/0x250 [ 431.568390][T22432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.568421][T22432] RIP: 0033:0x7f669b78cde9 [ 431.568441][T22432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.568463][T22432] RSP: 002b:00007f669c500038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 431.568485][T22432] RAX: ffffffffffffffda RBX: 00007f669b9a5fa0 RCX: 00007f669b78cde9 [ 431.568501][T22432] RDX: 0000000004000800 RSI: 00004000000000c0 RDI: 0000000000000003 [ 431.568516][T22432] RBP: 00007f669b80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 431.568531][T22432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.568545][T22432] R13: 0000000000000000 R14: 00007f669b9a5fa0 R15: 00007ffed43d6128 [ 431.568580][T22432] [ 431.984584][ C1] vkms_vblank_simulate: vblank timer overrun [ 432.407754][T22443] nbd: must specify a size in bytes for the device [ 432.926978][T22456] dyndbg: expected <4096 bytes into control [ 436.427723][T22561] netlink: 'syz.1.7774': attribute type 11 has an invalid length. [ 436.436556][T22560] netlink: 'syz.6.7773': attribute type 2 has an invalid length. [ 437.243632][T22586] netlink: 'syz.7.7785': attribute type 2 has an invalid length. [ 437.383191][T22590] unsupported nla_type 32969 [ 437.740933][T22601] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 438.491668][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 438.498120][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.249365][T22655] netlink: 'syz.5.7817': attribute type 1 has an invalid length. [ 439.828405][T22685] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 440.013938][T22691] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 440.033365][T22691] CPU: 0 UID: 0 PID: 22691 Comm: syz.7.7835 Tainted: G U 6.14.0-rc2-syzkaller #0 [ 440.033402][T22691] Tainted: [U]=USER [ 440.033410][T22691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 440.033423][T22691] Call Trace: [ 440.033430][T22691] [ 440.033439][T22691] dump_stack_lvl+0x16c/0x1f0 [ 440.033480][T22691] sysfs_warn_dup+0x7f/0xa0 [ 440.033515][T22691] sysfs_do_create_link_sd+0x124/0x140 [ 440.033554][T22691] sysfs_create_link+0x61/0xc0 [ 440.033587][T22691] device_add+0x62e/0x1a70 [ 440.033624][T22691] ? __pfx_device_add+0x10/0x10 [ 440.033653][T22691] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 440.033686][T22691] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 440.033721][T22691] wiphy_register+0x1c7a/0x2860 [ 440.033750][T22691] ? netdev_run_todo+0x877/0x1320 [ 440.033787][T22691] ? __pfx_wiphy_register+0x10/0x10 [ 440.033837][T22691] ieee80211_register_hw+0x23ff/0x3ff0 [ 440.033881][T22691] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 440.033907][T22691] ? net_generic+0xea/0x2a0 [ 440.033943][T22691] ? lockdep_init_map_type+0x16d/0x7d0 [ 440.033975][T22691] ? rcu_is_watching+0x12/0xc0 [ 440.034008][T22691] ? trace_hrtimer_init+0x1a6/0x230 [ 440.034038][T22691] ? __hrtimer_init+0x106/0x2c0 [ 440.034082][T22691] mac80211_hwsim_new_radio+0x2c47/0x56d0 [ 440.034148][T22691] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 440.034196][T22691] hwsim_new_radio_nl+0xb42/0x12b0 [ 440.034235][T22691] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 440.034282][T22691] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 440.034320][T22691] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 440.034367][T22691] genl_family_rcv_msg_doit+0x202/0x2f0 [ 440.034406][T22691] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 440.034442][T22691] ? trace_cap_capable+0x1a2/0x210 [ 440.034486][T22691] ? bpf_lsm_capable+0x9/0x10 [ 440.034516][T22691] ? security_capable+0x7e/0x260 [ 440.034552][T22691] ? ns_capable+0xd7/0x110 [ 440.034585][T22691] genl_rcv_msg+0x565/0x800 [ 440.034613][T22691] ? __pfx_genl_rcv_msg+0x10/0x10 [ 440.034638][T22691] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 440.034685][T22691] netlink_rcv_skb+0x165/0x410 [ 440.034719][T22691] ? __pfx_genl_rcv_msg+0x10/0x10 [ 440.034745][T22691] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 440.034789][T22691] ? down_read+0xc9/0x330 [ 440.034811][T22691] ? __pfx_down_read+0x10/0x10 [ 440.034836][T22691] ? netlink_deliver_tap+0x1ae/0xca0 [ 440.034872][T22691] genl_rcv+0x28/0x40 [ 440.034903][T22691] netlink_unicast+0x53c/0x7f0 [ 440.034939][T22691] ? __pfx_netlink_unicast+0x10/0x10 [ 440.034968][T22691] ? __phys_addr_symbol+0x30/0x80 [ 440.035000][T22691] ? __check_object_size+0x488/0x710 [ 440.035035][T22691] netlink_sendmsg+0x8b8/0xd70 [ 440.035084][T22691] ? __pfx_netlink_sendmsg+0x10/0x10 [ 440.035132][T22691] ____sys_sendmsg+0x9ae/0xb40 [ 440.035160][T22691] ? copy_msghdr_from_user+0x10b/0x160 [ 440.035183][T22691] ? __pfx_____sys_sendmsg+0x10/0x10 [ 440.035229][T22691] ___sys_sendmsg+0x135/0x1e0 [ 440.035253][T22691] ? __pfx____sys_sendmsg+0x10/0x10 [ 440.035291][T22691] ? __pfx_lock_release+0x10/0x10 [ 440.035317][T22691] ? trace_lock_acquire+0x14e/0x1f0 [ 440.035346][T22691] ? __fget_files+0x206/0x3a0 [ 440.035379][T22691] __sys_sendmsg+0x16e/0x220 [ 440.035403][T22691] ? __pfx___sys_sendmsg+0x10/0x10 [ 440.035425][T22691] ? __x64_sys_futex+0x1e1/0x4c0 [ 440.035471][T22691] do_syscall_64+0xcd/0x250 [ 440.035495][T22691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.035525][T22691] RIP: 0033:0x7fbe9818cde9 [ 440.035544][T22691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 440.035566][T22691] RSP: 002b:00007fbe98fe9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 440.035588][T22691] RAX: ffffffffffffffda RBX: 00007fbe983a5fa0 RCX: 00007fbe9818cde9 [ 440.035603][T22691] RDX: 0000000004000800 RSI: 00004000000000c0 RDI: 0000000000000003 [ 440.035616][T22691] RBP: 00007fbe9820e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 440.035628][T22691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 440.035640][T22691] R13: 0000000000000000 R14: 00007fbe983a5fa0 R15: 00007ffd4a7c9198 [ 440.035670][T22691] [ 440.708188][T22709] netlink: 'syz.7.7844': attribute type 1 has an invalid length. [ 441.639112][T22749] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 442.362531][T22787] netlink: 28 bytes leftover after parsing attributes in process `syz.5.7880'. [ 442.679814][T22797] openvswitch: netlink: Key type 29 is not supported [ 443.341314][ T29] audit: type=1804 audit(4294967478.001:39): pid=22816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.7893" name="/newroot/999/file0" dev="tmpfs" ino=5027 res=1 errno=0 [ 443.414399][ T29] audit: type=1800 audit(4294967478.001:40): pid=22816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.7893" name="file0" dev="tmpfs" ino=5027 res=0 errno=0 [ 443.544677][T22825] netlink: zone id is out of range [ 443.558034][T22825] netlink: set zone limit has 4 unknown bytes [ 444.674663][T22871] netlink: zone id is out of range [ 444.679980][T22871] netlink: zone id is out of range [ 444.696066][T22871] netlink: zone id is out of range [ 444.705928][T22871] netlink: zone id is out of range [ 444.711984][T22871] netlink: zone id is out of range [ 444.717145][T22871] netlink: zone id is out of range [ 444.723722][T22871] netlink: zone id is out of range [ 444.728876][T22871] netlink: zone id is out of range [ 449.327425][T23021] net_ratelimit: 30 callbacks suppressed [ 449.327447][T23021] openvswitch: netlink: IP tunnel dst address not specified [ 449.669582][T23032] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 450.013177][T23046] netlink: Unknown conntrack attr (type=146, max=9) [ 450.813927][T23079] MTRR 1 not used [ 450.971668][T23083] sctp: [Deprecated]: syz.1.8012 (pid 23083) Use of int in maxseg socket option. [ 450.971668][T23083] Use struct sctp_assoc_value instead [ 453.173065][T23176] netlink: 16 bytes leftover after parsing attributes in process `syz.7.8050'. [ 454.166944][T23213] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 456.582181][T23319] netlink: 'syz.5.8118': attribute type 1 has an invalid length. [ 456.961435][ T29] audit: type=1800 audit(4294967491.799:41): pid=23330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.8123" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 457.637577][T23351] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8134'. [ 458.632148][T23394] delete_channel: no stack [ 461.680928][T23502] openvswitch: netlink: Message has 4 unknown bytes. [ 462.089684][ T6262] Bluetooth: hci3: unexpected event 0x14 length: 18 > 6 [ 462.597072][T23538] openvswitch: netlink: Multiple metadata blocks provided [ 463.238011][T23564] netlink: zone id is out of range [ 463.243188][T23564] netlink: zone id is out of range [ 463.276486][T23564] netlink: zone id is out of range [ 463.292163][T23564] netlink: zone id is out of range [ 463.321709][T23564] netlink: zone id is out of range [ 463.341730][T23564] netlink: zone id is out of range [ 463.361472][T23564] netlink: zone id is out of range [ 463.376810][T23564] netlink: zone id is out of range [ 465.691774][T23661] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8276'. [ 466.930231][T23711] net_ratelimit: 215 callbacks suppressed [ 466.930253][T23711] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 468.923518][T23788] nbd: couldn't find a device at index 3723 [ 469.589968][T23818] netlink: zone id is out of range [ 469.595615][T23818] netlink: zone id is out of range [ 469.619270][T23818] netlink: zone id is out of range [ 469.624448][T23818] netlink: zone id is out of range [ 469.634513][T23818] netlink: zone id is out of range [ 469.647629][T23818] netlink: zone id is out of range [ 469.665205][T23818] netlink: zone id is out of range [ 469.678839][T23818] netlink: zone id is out of range [ 469.689216][T23818] netlink: zone id is out of range [ 469.862686][T23831] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 469.894663][T23831] CPU: 0 UID: 0 PID: 23831 Comm: syz.7.8354 Tainted: G U 6.14.0-rc2-syzkaller #0 [ 469.894702][T23831] Tainted: [U]=USER [ 469.894709][T23831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 469.894723][T23831] Call Trace: [ 469.894731][T23831] [ 469.894741][T23831] dump_stack_lvl+0x16c/0x1f0 [ 469.894786][T23831] sysfs_warn_dup+0x7f/0xa0 [ 469.894822][T23831] sysfs_do_create_link_sd+0x124/0x140 [ 469.894862][T23831] sysfs_create_link+0x61/0xc0 [ 469.894898][T23831] device_add+0x62e/0x1a70 [ 469.894934][T23831] ? __pfx_device_add+0x10/0x10 [ 469.894965][T23831] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 469.894998][T23831] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 469.895034][T23831] wiphy_register+0x1c7a/0x2860 [ 469.895064][T23831] ? netdev_run_todo+0x877/0x1320 [ 469.895101][T23831] ? __pfx_wiphy_register+0x10/0x10 [ 469.895152][T23831] ieee80211_register_hw+0x23ff/0x3ff0 [ 469.895195][T23831] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 469.895223][T23831] ? net_generic+0xea/0x2a0 [ 469.895257][T23831] ? lockdep_init_map_type+0x16d/0x7d0 [ 469.895287][T23831] ? rcu_is_watching+0x12/0xc0 [ 469.895320][T23831] ? trace_hrtimer_init+0x1a6/0x230 [ 469.895349][T23831] ? __hrtimer_init+0x106/0x2c0 [ 469.895382][T23831] mac80211_hwsim_new_radio+0x2c47/0x56d0 [ 469.895444][T23831] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 469.895490][T23831] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 469.895536][T23831] hwsim_new_radio_nl+0xb42/0x12b0 [ 469.895575][T23831] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 469.895629][T23831] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 469.895671][T23831] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 469.895720][T23831] genl_family_rcv_msg_doit+0x202/0x2f0 [ 469.895763][T23831] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 469.895799][T23831] ? trace_cap_capable+0x1a2/0x210 [ 469.895846][T23831] ? bpf_lsm_capable+0x9/0x10 [ 469.895876][T23831] ? security_capable+0x7e/0x260 [ 469.895912][T23831] ? ns_capable+0xd7/0x110 [ 469.895944][T23831] genl_rcv_msg+0x565/0x800 [ 469.895972][T23831] ? __pfx_genl_rcv_msg+0x10/0x10 [ 469.895996][T23831] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 469.896045][T23831] netlink_rcv_skb+0x165/0x410 [ 469.896079][T23831] ? __pfx_genl_rcv_msg+0x10/0x10 [ 469.896105][T23831] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 469.896154][T23831] ? down_read+0xc9/0x330 [ 469.896179][T23831] ? __pfx_down_read+0x10/0x10 [ 469.896203][T23831] ? netlink_deliver_tap+0x1ae/0xca0 [ 469.896241][T23831] genl_rcv+0x28/0x40 [ 469.896273][T23831] netlink_unicast+0x53c/0x7f0 [ 469.896311][T23831] ? __pfx_netlink_unicast+0x10/0x10 [ 469.896346][T23831] ? __phys_addr_symbol+0x30/0x80 [ 469.896380][T23831] ? __check_object_size+0x488/0x710 [ 469.896416][T23831] netlink_sendmsg+0x8b8/0xd70 [ 469.896462][T23831] ? __pfx_netlink_sendmsg+0x10/0x10 [ 469.896512][T23831] ____sys_sendmsg+0x9ae/0xb40 [ 469.896546][T23831] ? copy_msghdr_from_user+0x10b/0x160 [ 469.896570][T23831] ? __pfx_____sys_sendmsg+0x10/0x10 [ 469.896621][T23831] ___sys_sendmsg+0x135/0x1e0 [ 469.896649][T23831] ? __pfx____sys_sendmsg+0x10/0x10 [ 469.896691][T23831] ? __pfx_lock_release+0x10/0x10 [ 469.896717][T23831] ? trace_lock_acquire+0x14e/0x1f0 [ 469.896754][T23831] ? __fget_files+0x206/0x3a0 [ 469.896790][T23831] __sys_sendmsg+0x16e/0x220 [ 469.896817][T23831] ? __pfx___sys_sendmsg+0x10/0x10 [ 469.896841][T23831] ? __x64_sys_futex+0x1e1/0x4c0 [ 469.896889][T23831] do_syscall_64+0xcd/0x250 [ 469.896914][T23831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.896945][T23831] RIP: 0033:0x7fbe9818cde9 [ 469.896965][T23831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.896987][T23831] RSP: 002b:00007fbe98fe9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 469.897009][T23831] RAX: ffffffffffffffda RBX: 00007fbe983a5fa0 RCX: 00007fbe9818cde9 [ 469.897025][T23831] RDX: 0000000004000800 RSI: 00004000000000c0 RDI: 0000000000000003 [ 469.897040][T23831] RBP: 00007fbe9820e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 469.897055][T23831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 469.897069][T23831] R13: 0000000000000000 R14: 00007fbe983a5fa0 R15: 00007ffd4a7c9198 [ 469.897103][T23831] [ 473.035822][T23932] sctp: [Deprecated]: syz.6.8400 (pid 23932) Use of int in maxseg socket option. [ 473.035822][T23932] Use struct sctp_assoc_value instead [ 474.145889][T23962] netlink: 'syz.1.8415': attribute type 2 has an invalid length. [ 474.187100][T23965] netlink: 'syz.6.8416': attribute type 1 has an invalid length. [ 476.138019][T24030] net_ratelimit: 23 callbacks suppressed [ 476.138043][T24030] netlink: Conntrack attr has 16 unknown bytes [ 476.475239][T24044] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 476.485689][T24044] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 479.876493][T24171] openvswitch: netlink: IP tunnel TTL not specified. [ 479.917792][T24174] device-mapper: ioctl: only supply one of name or uuid, cmd(8) [ 480.048741][T24177] openvswitch: netlink: VXLAN extension 64 out of range max 1 [ 481.283241][ T6271] Bluetooth: hci3: command 0x0406 tx timeout [ 482.964727][T24288] netlink: 5 bytes leftover after parsing attributes in process `syz.5.8563'. [ 484.613752][T24348] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 484.621895][T24348] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 484.675925][T24350] netlink: 16 bytes leftover after parsing attributes in process `syz.7.8592'. [ 485.259402][ T6262] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 485.798541][T24396] can: request_module (can-proto-5) failed. [ 486.284971][T24421] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 487.505912][T24476] delete_channel: no stack [ 488.967439][T24549] nfsd: Unknown parameter 'DJ' [ 489.234156][T24560] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8689'. [ 489.691451][T24578] svc: failed to register nfsdv3 RPC service (errno 111). [ 489.705418][T24578] svc: failed to register nfsaclv3 RPC service (errno 111). [ 491.628963][T24664] nbd: must specify a device to reconfigure [ 493.415568][T24744] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8774'. [ 494.970141][T24809] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 496.032995][T24860] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 496.558744][ T6271] Bluetooth: hci2: command 0x0406 tx timeout [ 496.959580][ T29] audit: type=1800 audit(4294967301.744:42): pid=24906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.8850" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 497.392753][T24926] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 700010006 [ 499.602413][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 499.609495][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 499.646769][T25016] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 499.907786][T25027] openvswitch: netlink: IP tunnel dst address not specified [ 500.032813][T25034] openvswitch: netlink: Key 23 has unexpected len 16 expected 2 [ 500.428100][T25049] HSR: entered promiscuous mode [ 500.656012][T25058] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 501.596964][T25093] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 502.969154][T25149] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 502.976198][T25149] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 503.882637][T25189] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 503.889135][T25189] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 505.479681][T25254] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9014'. [ 507.235054][T25328] netlink: 'syz.6.9045': attribute type 2 has an invalid length. [ 508.286885][T25368] netlink: 'syz.5.9065': attribute type 11 has an invalid length. [ 508.310864][T25368] netlink: 'syz.5.9065': attribute type 11 has an invalid length. [ 509.759092][T25431] netlink: 'syz.1.9095': attribute type 1 has an invalid length. [ 512.284120][T25476] kexec: Could not allocate control_code_buffer [ 513.095385][T25553] openvswitch: netlink: ct_state flags 02001eac unsupported [ 513.150616][T25555] netlink: 'syz.5.9153': attribute type 1 has an invalid length. [ 514.059230][T25595] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 514.387196][T25610] netlink: 'syz.7.9175': attribute type 1 has an invalid length. [ 514.619873][T25617] netlink: 172 bytes leftover after parsing attributes in process `syz.5.9181'. [ 517.364677][T25725] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 517.896492][T25743] netlink: 'syz.6.9237': attribute type 1 has an invalid length. [ 517.992979][T25746] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 519.914501][T25827] openvswitch: netlink: IP tunnel dst address not specified [ 519.933576][ T29] audit: type=1107 audit(4294967310.057:43): pid=25829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 519.974098][ T29] audit: type=1107 audit(4294967310.067:44): pid=25829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 520.019228][T25833] netlink: 206 bytes leftover after parsing attributes in process `syz.1.9281'. [ 521.562660][T25910] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 522.040194][T25935] netlink: 'syz.7.9328': attribute type 4 has an invalid length. [ 522.116655][T25939] netlink: 5 bytes leftover after parsing attributes in process `syz.6.9330'. [ 522.405834][T25952] svc: failed to register nfsdv3 RPC service (errno 111). [ 522.430872][T25952] svc: failed to register nfsaclv3 RPC service (errno 111). [ 522.715536][T25970] tipc: Enabling of bearer rejected, media not registered [ 523.396501][T26003] svc: failed to register nfsdv3 RPC service (errno 111). [ 523.426361][T26003] svc: failed to register nfsaclv3 RPC service (errno 111). [ 523.489447][T26007] netlink: zone id is out of range [ 524.228244][T26041] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 524.443913][T26054] netlink: 206 bytes leftover after parsing attributes in process `syz.1.9384'. [ 524.491223][T26052] svc: failed to register nfsdv3 RPC service (errno 111). [ 524.514011][T26052] svc: failed to register nfsaclv3 RPC service (errno 111). [ 526.678059][T26158] netlink: Conntrack attr type has unexpected length (type=0, length=3, expected=0) [ 527.315540][T26194] netlink: 'syz.6.9447': attribute type 1 has an invalid length. [ 527.867848][T26217] netlink: 'syz.6.9460': attribute type 1 has an invalid length. [ 527.890485][T26217] nbd: error processing sock list [ 529.491167][T26296] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 529.637413][T26303] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9500'. [ 530.929151][T26360] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9524'. [ 531.517571][T26379] netlink: 306 bytes leftover after parsing attributes in process `syz.5.9533'. [ 534.581895][T26468] openvswitch: netlink: Duplicate key (type 15). [ 536.783379][T26548] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 536.945319][T26557] openvswitch: netlink: Message has 1 unknown bytes. [ 537.335663][T26575] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9624'. [ 540.920153][ T6262] Bluetooth: hci0: unexpected subevent 0x01 length: 125 > 18 [ 540.927824][ T6262] Bluetooth: hci0: Invalid handle: 0x1e1a > 0x0eff [ 541.971654][T26725] openvswitch: netlink: IPv6 tunnel dst address is zero [ 542.060492][T26730] netlink: 'syz.6.9694': attribute type 2 has an invalid length. [ 543.002687][T26764] openvswitch: netlink: Message has 4 unknown bytes. [ 543.683566][T26795] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9725'. [ 543.711578][T26793] nbd: illegal input index -33554433 [ 544.805253][T26836] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9744'. [ 544.847462][T26840] HSR: entered promiscuous mode [ 546.573676][T26904] netlink: del zone limit has 8 unknown bytes [ 546.917970][T26918] openvswitch: netlink: nsh attr 160 is out of range max 3 [ 547.043405][ T1087] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.147277][ T1087] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.331479][ T1087] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.505099][ T1087] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.571654][T26932] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 547.872224][ T6271] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 547.896749][ T6271] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 547.898904][T26945] netlink: 'syz.7.9793': attribute type 1 has an invalid length. [ 547.918522][ T6271] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 547.936537][ T6271] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 547.947433][ T6271] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 547.962079][ T6271] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 548.004902][ T1087] bridge_slave_1: left allmulticast mode [ 548.010829][ T1087] bridge_slave_1: left promiscuous mode [ 548.016909][ T1087] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.026890][ T1087] bridge_slave_0: left allmulticast mode [ 548.032595][ T1087] bridge_slave_0: left promiscuous mode [ 548.046103][ T1087] bridge0: port 1(bridge_slave_0) entered disabled state [ 548.661478][ T1087] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 548.672119][ T1087] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 548.682737][ T1087] bond0 (unregistering): Released all slaves [ 549.111256][T26942] chnl_net:caif_netlink_parms(): no params data found [ 549.521865][T26942] bridge0: port 1(bridge_slave_0) entered blocking state [ 549.557817][T26942] bridge0: port 1(bridge_slave_0) entered disabled state [ 549.575577][T26942] bridge_slave_0: entered allmulticast mode [ 549.583372][T26942] bridge_slave_0: entered promiscuous mode [ 549.591644][T26942] bridge0: port 2(bridge_slave_1) entered blocking state [ 549.602807][T26942] bridge0: port 2(bridge_slave_1) entered disabled state [ 549.610353][T26942] bridge_slave_1: entered allmulticast mode [ 549.621372][T26942] bridge_slave_1: entered promiscuous mode [ 549.843181][T26942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 549.861109][T26942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 549.984078][ T1087] hsr_slave_0: left promiscuous mode [ 549.992285][ T1087] hsr_slave_1: left promiscuous mode [ 549.998743][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 550.035616][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 550.035880][ T6271] Bluetooth: hci0: command tx timeout [ 550.059072][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 550.067006][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 550.163494][ T1087] veth1_macvtap: left promiscuous mode [ 550.196241][ T1087] veth0_macvtap: left promiscuous mode [ 550.214621][ T1087] veth1_vlan: left promiscuous mode [ 550.220004][ T1087] veth0_vlan: left promiscuous mode [ 550.935258][ T1087] team0 (unregistering): Port device team_slave_1 removed [ 550.977772][ T1087] team0 (unregistering): Port device team_slave_0 removed [ 551.433985][T26942] team0: Port device team_slave_0 added [ 551.497282][T26942] team0: Port device team_slave_1 added [ 551.587739][T26942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 551.594740][T26942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 551.658502][T26942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 551.682190][T26942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 551.691034][T26942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 551.719084][T26942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 551.874997][T26942] hsr_slave_0: entered promiscuous mode [ 551.903968][T26942] hsr_slave_1: entered promiscuous mode [ 552.104840][ T6271] Bluetooth: hci0: command tx timeout [ 552.556254][T26942] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 552.585665][T26942] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 552.641218][T26942] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 552.685441][T26942] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 552.855790][T26942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 552.893637][T26942] 8021q: adding VLAN 0 to HW filter on device team0 [ 552.940418][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state [ 552.947563][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 552.982543][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.989714][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 553.343841][T27100] netlink: 'syz.6.9845': attribute type 11 has an invalid length. [ 553.379187][T27100] netlink: 'syz.6.9845': attribute type 11 has an invalid length. [ 553.411257][T27099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 553.548325][T26942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 553.665082][T27118] openvswitch: netlink: IP tunnel dst address not specified [ 554.080242][T26942] veth0_vlan: entered promiscuous mode [ 554.124860][T26942] veth1_vlan: entered promiscuous mode [ 554.174159][ T6271] Bluetooth: hci0: command tx timeout [ 554.238793][T26942] veth0_macvtap: entered promiscuous mode [ 554.298658][T26942] veth1_macvtap: entered promiscuous mode [ 554.347121][T26942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 554.388922][T26942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.403258][T26942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 554.440983][T26942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.552057][T26942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 554.588889][T26942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.623758][T26942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 554.648878][T26942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 554.687995][T26942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.718554][T26942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 554.770895][T26942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.797375][T26942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 554.829414][T26942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.860011][T26942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 554.893895][T26942] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.932018][T26942] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.960074][T26942] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.968835][T26942] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.260031][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 555.298325][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 555.359444][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 555.385509][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 555.466696][T27175] rnbd_client L213: map_device: Parameters missing [ 555.909821][T27196] sctp: [Deprecated]: syz.7.9867 (pid 27196) Use of int in max_burst socket option deprecated. [ 555.909821][T27196] Use struct sctp_assoc_value instead [ 556.243612][ T6271] Bluetooth: hci0: command tx timeout [ 558.132700][T27291] size and base must be multiples of 4 kiB [ 558.173176][T27291] CPU: 1 UID: 0 PID: 27291 Comm: syz.8.9896 Tainted: G U 6.14.0-rc2-syzkaller #0 [ 558.173215][T27291] Tainted: [U]=USER [ 558.173223][T27291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 558.173238][T27291] Call Trace: [ 558.173245][T27291] [ 558.173254][T27291] dump_stack_lvl+0x16c/0x1f0 [ 558.173297][T27291] mtrr_add+0xdf/0x110 [ 558.173326][T27291] mtrr_ioctl+0x7cd/0xcd0 [ 558.173355][T27291] ? __pfx_mtrr_ioctl+0x10/0x10 [ 558.173385][T27291] ? __pfx_lock_release+0x10/0x10 [ 558.173414][T27291] ? ksys_semctl.constprop.0+0x150/0x2e0 [ 558.173460][T27291] ? __fget_files+0x206/0x3a0 [ 558.173486][T27291] ? __pfx_mtrr_ioctl+0x10/0x10 [ 558.173513][T27291] proc_reg_unlocked_ioctl+0x226/0x320 [ 558.173538][T27291] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 558.173568][T27291] __x64_sys_ioctl+0x190/0x200 [ 558.173605][T27291] do_syscall_64+0xcd/0x250 [ 558.173629][T27291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.173658][T27291] RIP: 0033:0x7fb94998cde9 [ 558.173676][T27291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.173699][T27291] RSP: 002b:00007fb94a87f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 558.173722][T27291] RAX: ffffffffffffffda RBX: 00007fb949ba5fa0 RCX: 00007fb94998cde9 [ 558.173738][T27291] RDX: 0000000000000007 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 558.173752][T27291] RBP: 00007fb949a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 558.173766][T27291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.173780][T27291] R13: 0000000000000000 R14: 00007fb949ba5fa0 R15: 00007ffef221ea28 [ 558.173810][T27291] [ 558.630309][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9897'. [ 560.703634][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 560.710106][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.074855][T27417] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 566.366630][T27526] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 566.542033][T27532] netlink: 28 bytes leftover after parsing attributes in process `syz.7.9981'. [ 566.962523][T27540] sctp: [Deprecated]: syz.7.9984 (pid 27540) Use of struct sctp_assoc_value in delayed_ack socket option. [ 566.962523][T27540] Use struct sctp_sack_info instead [ 568.350537][T27587] input: f0?\hՐJL'$d)KLo1oN0ø.m)$cj@qwR=X as /devices/virtual/input/input32 [ 571.645827][T27686] netlink: 'syz.7.10037': attribute type 62 has an invalid length. [ 580.635367][T27985] bridge0: port 3(macvlan1) entered blocking state [ 580.652603][T27985] bridge0: port 3(macvlan1) entered disabled state [ 580.666332][T27985] macvlan1: entered allmulticast mode [ 580.676374][T27985] veth1_vlan: entered allmulticast mode [ 580.683323][T27985] macvlan1: entered promiscuous mode [ 580.716701][T27985] bridge0: port 3(macvlan1) entered blocking state [ 580.723926][T27985] bridge0: port 3(macvlan1) entered listening state [ 582.166203][T28036] bridge0: port 4(team0) entered blocking state [ 582.182983][T28036] bridge0: port 4(team0) entered disabled state [ 582.198348][T28036] team0: entered allmulticast mode [ 582.203550][T28036] team_slave_0: entered allmulticast mode [ 582.226465][T28036] team_slave_1: entered allmulticast mode [ 582.234815][T28036] team0: entered promiscuous mode [ 582.248172][T28036] team_slave_0: entered promiscuous mode [ 582.268617][T28036] team_slave_1: entered promiscuous mode [ 582.278909][T28036] bridge0: port 4(team0) entered blocking state [ 582.285336][T28036] bridge0: port 4(team0) entered listening state [ 582.563063][T28040] input: f0?\hՐJL'$d)KLo1oN0ø.m)$cj@qwR=X as /devices/virtual/input/input33 [ 582.703931][T28043] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10151'. [ 584.167936][ T6271] Bluetooth: hci0: ACL packet too small [ 586.632788][T28119] bridge0: port 3(macvlan1) entered blocking state [ 586.640675][T28119] bridge0: port 3(macvlan1) entered disabled state [ 586.647770][T28119] macvlan1: entered allmulticast mode [ 586.657902][T28119] veth1_vlan: entered allmulticast mode [ 586.701393][T28119] macvlan1: entered promiscuous mode [ 586.728757][T28119] bridge0: port 3(macvlan1) entered blocking state [ 586.735506][T28119] bridge0: port 3(macvlan1) entered forwarding state [ 587.699835][T28149] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 587.744856][T28149] svc: failed to register nfsdv3 RPC service (errno 111). [ 587.768446][T28149] svc: failed to register nfsaclv3 RPC service (errno 111). [ 588.351776][T28174] netlink: 342 bytes leftover after parsing attributes in process `syz.6.10210'. [ 589.864623][T28240] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 589.885319][T28240] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 589.895599][T28242] mtrr: base(0x40000000000) is not aligned on a size(0x0000) boundary [ 592.638661][T28357] netlink: 36 bytes leftover after parsing attributes in process `syz.5.10293'. [ 593.511912][T28386] syz.7.10305 (28386) used obsolete PPPIOCDETACH ioctl [ 595.723984][ C1] bridge0: port 3(macvlan1) entered learning state [ 595.936112][T28476] input: f0?\hՐJL'$d)KLo1oN0ø.m)$cj@qwR=X as /devices/virtual/input/input34 [ 596.761618][T28498] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input35 [ 597.638041][ C0] bridge0: port 4(team0) entered learning state [ 597.766842][T28523] bridge0: port 5(bond0) entered blocking state [ 597.782205][T28523] bridge0: port 5(bond0) entered disabled state [ 597.792640][T28523] bond0: entered allmulticast mode [ 597.809592][T28523] bond_slave_0: entered allmulticast mode [ 597.822375][T28523] bond_slave_1: entered allmulticast mode [ 597.830205][T28523] bond0: entered promiscuous mode [ 597.835443][T28523] bond_slave_0: entered promiscuous mode [ 597.846663][T28523] bond_slave_1: entered promiscuous mode [ 597.853924][T28523] bridge0: port 5(bond0) entered blocking state [ 597.860420][T28523] bridge0: port 5(bond0) entered listening state [ 597.883891][T28526] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10365'. [ 598.679297][T28558] bridge0: port 4(vlan1) entered blocking state [ 598.696259][T28558] bridge0: port 4(vlan1) entered disabled state [ 598.714188][T28558] vlan1: entered allmulticast mode [ 598.722049][T28558] veth0_vlan: entered allmulticast mode [ 598.738381][T28558] vlan1: entered promiscuous mode [ 598.745087][T28558] bridge0: port 4(vlan1) entered blocking state [ 598.751488][T28558] bridge0: port 4(vlan1) entered forwarding state [ 602.807064][T28674] netlink: 186 bytes leftover after parsing attributes in process `syz.7.10428'. [ 606.505538][T28767] netlink: 186 bytes leftover after parsing attributes in process `syz.6.10469'. [ 610.337877][T28883] IPVS: length: 150994944 != 2818572296 [ 610.998429][ C1] bridge0: port 3(macvlan1) entered forwarding state [ 611.005173][ C1] bridge0: topology change detected, propagating [ 611.642381][ C0] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 611.664492][ C0] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 611.682718][ C0] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 611.695486][ C0] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 611.707906][ C0] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 611.722442][ C0] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 611.738203][ C0] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 611.752198][ C0] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 611.775491][ C0] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 611.791514][ C0] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 612.181134][T28949] netlink: 24 bytes leftover after parsing attributes in process `syz.8.10546'. [ 612.908509][ C0] bridge0: port 5(bond0) entered learning state [ 612.916614][ C0] bridge0: port 4(team0) entered forwarding state [ 612.923149][ C0] bridge0: topology change detected, propagating [ 613.511213][T29008] netlink: 18 bytes leftover after parsing attributes in process `syz.8.10573'. [ 613.857453][T29024] netlink: 'syz.8.10580': attribute type 11 has an invalid length. [ 616.576623][T29113] netlink: 8 bytes leftover after parsing attributes in process `syz.7.10619'. [ 618.344838][T29161] netlink: 8 bytes leftover after parsing attributes in process `syz.7.10636'. [ 620.647131][T29242] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10673'. [ 621.306365][T29255] net_ratelimit: 199 callbacks suppressed [ 621.306388][T29255] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 621.843660][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 621.850006][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 623.190811][T29304] bridge0: port 3(syz_tun) entered blocking state [ 623.200112][T29304] bridge0: port 3(syz_tun) entered disabled state [ 623.207223][T29304] syz_tun: entered allmulticast mode [ 623.213664][T29304] syz_tun: entered promiscuous mode [ 623.219859][T29304] bridge0: port 3(syz_tun) entered blocking state [ 623.226439][T29304] bridge0: port 3(syz_tun) entered forwarding state [ 625.109437][T29365] Invalid ELF header magic: != ELF [ 625.490274][T29387] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 626.645658][T29375] kexec: Could not allocate control_code_buffer [ 627.803517][T29451] ptrace attach of "./syz-executor exec"[19593] was attempted by "3hVZ|4.\x07a$0q]݇d͝ݝIrp2{!W:Z;IT\x07vNOhx/:|]oΏDb#5Rzh:MX\x5con}s\x09WCѬÝ>.F;\x1bnuޔY9.^\x07!exP4=]}|s1J<`9z~8\x0aȬc{@aQsMuPTPHf[~F7\x1b\x1b*8*}G7+Th!?fxzd2cT6x}Tk\x1b=MZ5#,ӻToiTCLׂt\x22aw85F鎨\x0af`\x0at#R\x0aI6;~ՄYƍZ&Y\x0a\x5cxS2tVC? `[~{1C&czup-Vnf9\x0c<)iUTk[cbpi$[-<D\x5c[{JLRKtb͙#ZP\x0a}RI&#7UYgL޺h,rvLFD+S`ŐmiS/3!HY٢PUWx654ұ:C$i'n\x22uA5%iK*\x07\x5c^aU 1 [ 629.844982][T26686] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 629.865737][T26686] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 629.878135][T26686] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 629.887925][T26686] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 629.895697][T26686] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 630.759887][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 630.784134][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 630.811585][ T69] bond0 (unregistering): Released all slaves [ 631.472127][ T69] hsr_slave_0: left promiscuous mode [ 631.506914][ T69] hsr_slave_1: left promiscuous mode [ 631.536112][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 631.576894][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 631.590100][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 631.604710][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 631.673459][ T69] veth1_macvtap: left promiscuous mode [ 631.689476][ T69] veth0_macvtap: left promiscuous mode [ 631.719861][ T69] veth1_vlan: left promiscuous mode [ 631.729923][ T69] veth0_vlan: left promiscuous mode [ 632.022392][ T6271] Bluetooth: hci0: command tx timeout [ 633.156455][ T69] team0 (unregistering): Port device team_slave_1 removed [ 633.199621][ T69] team0 (unregistering): Port device team_slave_0 removed [ 633.884531][T29490] chnl_net:caif_netlink_parms(): no params data found [ 634.078466][ T6271] Bluetooth: hci0: command tx timeout [ 634.115043][T29490] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.158499][T29490] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.168169][T29490] bridge_slave_0: entered allmulticast mode [ 634.175184][T29490] bridge_slave_0: entered promiscuous mode [ 634.211874][T29490] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.237815][T29490] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.266200][T29490] bridge_slave_1: entered allmulticast mode [ 634.309993][T29490] bridge_slave_1: entered promiscuous mode [ 634.454571][T29490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 634.556563][T29490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 634.708187][T29490] team0: Port device team_slave_0 added [ 634.725066][T29490] team0: Port device team_slave_1 added [ 634.864003][T29490] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 634.884216][T29490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 634.915852][T29490] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 634.947772][T29490] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 634.972228][T29490] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 634.999863][T29490] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 635.010905][T29613] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10816'. [ 635.136618][T29617] hugetlbfs: syz.5.10817 (29617): Using mlock ulimits for SHM_HUGETLB is obsolete [ 635.174286][T29490] hsr_slave_0: entered promiscuous mode [ 635.191161][T29490] hsr_slave_1: entered promiscuous mode [ 635.335550][T29627] IPVS: length: 150994944 != 25171704 [ 636.112582][T29490] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 636.150331][ T6271] Bluetooth: hci0: command tx timeout [ 636.205624][T29490] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 636.226317][T29490] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 636.280342][T29490] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 636.468953][T29662] netlink: 4 bytes leftover after parsing attributes in process `syz.7.10830'. [ 636.486321][T29662] netlink: 4 bytes leftover after parsing attributes in process `syz.7.10830'. [ 636.590291][T29490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 636.633595][T29490] 8021q: adding VLAN 0 to HW filter on device team0 [ 636.676716][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.683859][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 636.800407][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.807571][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 636.919537][T29490] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 637.115191][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 637.127448][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 637.166073][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 637.181897][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 637.193842][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 637.206268][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 637.218949][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 637.231158][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 637.245813][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 637.262705][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 637.576584][T29490] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 637.717616][T29710] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10843'. [ 638.052763][T29490] veth0_vlan: entered promiscuous mode [ 638.072293][T29490] veth1_vlan: entered promiscuous mode [ 638.106417][T29490] veth0_macvtap: entered promiscuous mode [ 638.120752][T29490] veth1_macvtap: entered promiscuous mode [ 638.143741][T29490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.154932][T29490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.165377][T29490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.176558][T29490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.188359][T29490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.199980][T29490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.214714][T29490] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 638.228620][ T6271] Bluetooth: hci0: command tx timeout [ 638.245568][T29490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.262872][T29490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.282823][T29490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.294269][T29490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.309325][T29490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.321586][T29490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.337178][T29490] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 638.367150][T29490] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.375908][T29490] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.389018][T29490] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.397837][T29490] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.495998][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 638.503842][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.537995][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 638.547353][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 640.063736][T29798] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ekC!$ͳM ]55oVIfUj:7gkC\x5c`[ĜT<,}m('\x5c|5\x22/B\x22ymۅ%\x22{Ba7cp}ҨFC+Q@JWiՀgYfc,b#[M~@qlxWPP [ 661.363473][T30547] Invalid ELF header magic: != ELF [ 662.091406][T30567] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11111'. [ 662.226698][T30565] GUP no longer grows the stack in syz.9.11118 (30565): 14000-401000 (4000) [ 662.240350][T30534] kexec: Could not allocate control_code_buffer [ 662.248258][T30565] CPU: 0 UID: 0 PID: 30565 Comm: syz.9.11118 Tainted: G U 6.14.0-rc2-syzkaller #0 [ 662.248310][T30565] Tainted: [U]=USER [ 662.248319][T30565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 662.248335][T30565] Call Trace: [ 662.248342][T30565] [ 662.248352][T30565] dump_stack_lvl+0x16c/0x1f0 [ 662.248400][T30565] gup_vma_lookup+0x1d2/0x220 [ 662.248442][T30565] __get_user_pages+0x236/0x36f0 [ 662.248480][T30565] ? hlock_class+0x4e/0x130 [ 662.248516][T30565] ? __lock_acquire+0x15a9/0x3c40 [ 662.248548][T30565] ? __pfx___get_user_pages+0x10/0x10 [ 662.248589][T30565] __gup_longterm_locked+0x212/0x1870 [ 662.248618][T30565] ? __pfx___lock_acquire+0x10/0x10 [ 662.248654][T30565] ? __pfx___gup_longterm_locked+0x10/0x10 [ 662.248680][T30565] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 662.248708][T30565] ? rwsem_read_trylock+0x12d/0x250 [ 662.248741][T30565] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 662.248774][T30565] ? process_vm_rw_core.constprop.0+0x3ff/0x9c0 [ 662.248814][T30565] pin_user_pages_remote+0xee/0x150 [ 662.248843][T30565] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 662.248871][T30565] ? down_read+0xc9/0x330 [ 662.248910][T30565] process_vm_rw_core.constprop.0+0x42b/0x9c0 [ 662.248951][T30565] ? futex_wait_queue+0x103/0x1f0 [ 662.248990][T30565] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 662.249049][T30565] process_vm_rw+0x301/0x360 [ 662.249082][T30565] ? __pfx_process_vm_rw+0x10/0x10 [ 662.249122][T30565] ? do_user_addr_fault+0xdc7/0x13f0 [ 662.249176][T30565] ? xfd_validate_state+0x5d/0x180 [ 662.249204][T30565] ? rcu_is_watching+0x12/0xc0 [ 662.249239][T30565] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 662.249268][T30565] ? do_syscall_64+0x91/0x250 [ 662.249299][T30565] ? lockdep_hardirqs_on+0x7c/0x110 [ 662.249338][T30565] do_syscall_64+0xcd/0x250 [ 662.249362][T30565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.249393][T30565] RIP: 0033:0x7f537ff8cde9 [ 662.249413][T30565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 662.249434][T30565] RSP: 002b:00007f5380d4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 662.249457][T30565] RAX: ffffffffffffffda RBX: 00007f53801a5fa0 RCX: 00007f537ff8cde9 [ 662.249471][T30565] RDX: 0000000000000004 RSI: 0000400000000040 RDI: 00000000000000ac [ 662.249485][T30565] RBP: 00007f538000e2a0 R08: 0000000000000003 R09: 0000000000000000 [ 662.249498][T30565] R10: 00004000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 662.249513][T30565] R13: 0000000000000000 R14: 00007f53801a5fa0 R15: 00007ffc784dd568 [ 662.249544][T30565] [ 662.949593][T30590] ptrace attach of "./syz-executor exec"[29490] was attempted by "baR`X(xo X]08z$;qo{1{)uS=H(\x0d&F9VL<\x0c`9m|ރ[\x0d5%9;x\x5cɀýž\x5c\x0d٦eaSf+-p9e(>=,I(+0(l$/\x09TbSKl\x09R\x0bg|oRa!gK=\x1b[H9l5]})zm2\x07ȉPq޳DmӉN]\x09GnD nSN\x0ar`{Z\x07@l2L)%r{\x0a\x0c}҆~xMpҏk^ďTRtp=?)TIR4e\x0ctI\x09\x0bJe|S>6W_1~0XSe[#qI+dz:]֫ku\x22ؐ,_z>26!]k\x0cM}GcukJ{Y컴CCjL\x09vΪ^Q|8l<%A&\x1b@]>ɖKd jHߩ\x07\x0a~\x0c#@\x0a+1E]c2YDzLPh3>rb.$󱗆7dz.5.J|ob7A%s \x0b$`Q^̅Cꄊt\x5c.J#KMdbT!\x5cR\x0bz $AR~zyO΃a(\x0a\x22 R`%]aj^\x1b)\x5c [ 663.209026][T30580] Invalid ELF header magic: != ELF [ 664.161757][ T6271] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 664.955770][T30663] netlink: 4 bytes leftover after parsing attributes in process `syz.7.11156'. [ 665.726539][T30689] netlink: 4 bytes leftover after parsing attributes in process `syz.6.11168'. [ 665.764027][T30689] netlink: 4 bytes leftover after parsing attributes in process `syz.6.11168'. [ 668.534086][T30775] netlink: 4 bytes leftover after parsing attributes in process `syz.7.11203'. [ 669.372339][T30809] netlink: 4 bytes leftover after parsing attributes in process `syz.9.11216'. [ 670.074526][T30836] netlink: 8 bytes leftover after parsing attributes in process `syz.7.11229'. [ 673.073429][T30941] Setting dangerous option i915.mitigations - tainting kernel [ 675.647088][T31034] netlink: 334 bytes leftover after parsing attributes in process `syz.7.11315'. [ 676.314054][T31059] netlink: 334 bytes leftover after parsing attributes in process `syz.6.11327'. [ 677.416096][T31097] sctp: [Deprecated]: syz.9.11343 (pid 31097) Use of struct sctp_assoc_value in delayed_ack socket option. [ 677.416096][T31097] Use struct sctp_sack_info instead [ 678.962710][ T6271] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 678.962760][ T6271] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 678.980030][ T6271] Bluetooth: hci0: adv larger than maximum supported [ 678.980119][ T6271] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 678.988273][ T6271] Bluetooth: hci0: Unknown advertising packet type: 0x31 [ 678.996695][ T6271] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 679.003887][ T6271] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 679.011190][ T6271] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 679.018459][ T6271] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 680.548910][T31216] sctp: [Deprecated]: syz.5.11388 (pid 31216) Use of struct sctp_assoc_value in delayed_ack socket option. [ 680.548910][T31216] Use struct sctp_sack_info instead [ 682.101100][T31263] netlink: 4 bytes leftover after parsing attributes in process `syz.9.11409'. [ 682.118878][T31263] net_ratelimit: 199 callbacks suppressed [ 682.118899][T31263] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 682.158580][T31263] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 682.906417][ T6271] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 682.906454][ T6271] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 682.922992][ T6271] Bluetooth: hci1: adv larger than maximum supported [ 682.949863][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 682.963223][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 684.172887][T31346] bridge0: port 4(ipvlan1) entered blocking state [ 684.188118][T31346] bridge0: port 4(ipvlan1) entered disabled state [ 684.202481][T31346] ipvlan1: entered allmulticast mode [ 684.217967][T31346] veth0_vlan: entered allmulticast mode [ 684.232004][T31346] ipvlan1: left allmulticast mode [ 684.242862][T31346] veth0_vlan: left allmulticast mode [ 685.244756][T31385] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11464'. [ 685.282284][T31385] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 685.297146][T31385] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 688.480645][ T6271] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 688.480684][ T6271] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 688.497750][ T6271] Bluetooth: hci3: adv larger than maximum supported [ 689.047216][T31500] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11512'. [ 689.746613][T31536] netlink: 8 bytes leftover after parsing attributes in process `syz.9.11528'. [ 695.344804][T31738] netlink: 346 bytes leftover after parsing attributes in process `syz.5.11625'. [ 695.667822][T31746] bridge0: port 6(gretap0) entered blocking state [ 695.681294][T31746] bridge0: port 6(gretap0) entered disabled state [ 695.698304][T31746] gretap0: entered allmulticast mode [ 695.705931][T31746] gretap0: entered promiscuous mode [ 695.717508][T31746] bridge0: port 6(gretap0) entered blocking state [ 695.724137][T31746] bridge0: port 6(gretap0) entered listening state [ 695.875628][ T29] audit: type=1800 audit(4294967486.912:45): pid=31748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.11621" name="dbroot" dev="configfs" ino=88860 res=0 errno=0 [ 696.271589][T29388] bridge0: port 3(syz_tun) entered disabled state [ 696.330450][T29388] syz_tun (unregistering): left allmulticast mode [ 696.345096][T29388] syz_tun (unregistering): left promiscuous mode [ 696.355697][T29388] bridge0: port 3(syz_tun) entered disabled state [ 696.667126][T19578] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.823640][T19578] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.993192][T19578] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.239835][T19578] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.426574][T26686] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 697.441245][T26686] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 697.452565][T26686] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 697.485637][T26686] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 697.495184][T26686] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 697.503414][T26686] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 697.707198][T19578] bridge_slave_1: left allmulticast mode [ 697.717727][T19578] bridge_slave_1: left promiscuous mode [ 697.726206][T19578] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.802310][T19578] bridge_slave_0: left allmulticast mode [ 697.808733][T19578] bridge_slave_0: left promiscuous mode [ 697.827306][T19578] bridge0: port 1(bridge_slave_0) entered disabled state [ 698.981649][T19578] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 698.994218][T19578] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 699.021683][T19578] bond0 (unregistering): Released all slaves [ 699.145768][T19578] HSR: left promiscuous mode [ 699.480360][T31781] chnl_net:caif_netlink_parms(): no params data found [ 699.587878][ T6271] Bluetooth: hci2: command tx timeout [ 699.777721][T31781] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.816929][T31781] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.824124][T31781] bridge_slave_0: entered allmulticast mode [ 699.832064][T31781] bridge_slave_0: entered promiscuous mode [ 699.882333][T31781] bridge0: port 2(bridge_slave_1) entered blocking state [ 699.900296][T31781] bridge0: port 2(bridge_slave_1) entered disabled state [ 699.916334][T31781] bridge_slave_1: entered allmulticast mode [ 699.923569][T31781] bridge_slave_1: entered promiscuous mode [ 700.049841][T31781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 700.107867][T31781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 700.490957][T31781] team0: Port device team_slave_0 added [ 700.651129][T31781] team0: Port device team_slave_1 added [ 700.753205][T31781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 700.760290][T31781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 700.836241][T31781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 701.098074][T31781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 701.120416][T31781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 701.180582][T31781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 701.364814][T31781] hsr_slave_0: entered promiscuous mode [ 701.383405][T31781] hsr_slave_1: entered promiscuous mode [ 701.399497][T31781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 701.415060][T31781] Cannot create hsr debugfs directory [ 701.511131][T19578] hsr_slave_0: left promiscuous mode [ 701.527924][T19578] hsr_slave_1: left promiscuous mode [ 701.547850][T19578] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 701.555336][T19578] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 701.592539][T19578] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 701.619517][T19578] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 701.646943][T26686] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 701.665023][T26686] Bluetooth: hci2: command tx timeout [ 701.672823][ T6262] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 701.686914][ T6262] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 701.695304][ T6262] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 701.704414][ T6262] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 701.712206][ T6262] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 701.762836][T19578] veth1_macvtap: left promiscuous mode [ 701.779278][T19578] veth0_macvtap: left promiscuous mode [ 701.784905][T19578] veth1_vlan: left promiscuous mode [ 701.802223][T19578] veth0_vlan: left promiscuous mode [ 702.843835][T19578] team0 (unregistering): Port device team_slave_1 removed [ 702.921054][T19578] team0 (unregistering): Port device team_slave_0 removed [ 703.724968][ T6271] Bluetooth: hci2: command tx timeout [ 703.798962][ T6271] Bluetooth: hci0: command tx timeout [ 705.505372][T31885] chnl_net:caif_netlink_parms(): no params data found [ 705.785626][ T6271] Bluetooth: hci2: command tx timeout [ 705.868101][T31885] bridge0: port 1(bridge_slave_0) entered blocking state [ 705.875847][ T6271] Bluetooth: hci0: command tx timeout [ 705.905081][T31885] bridge0: port 1(bridge_slave_0) entered disabled state [ 705.930379][T31885] bridge_slave_0: entered allmulticast mode [ 705.951080][T31885] bridge_slave_0: entered promiscuous mode [ 706.088984][T19578] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 706.177516][T31885] bridge0: port 2(bridge_slave_1) entered blocking state [ 706.203433][T31885] bridge0: port 2(bridge_slave_1) entered disabled state [ 706.218715][T31885] bridge_slave_1: entered allmulticast mode [ 706.234350][T31885] bridge_slave_1: entered promiscuous mode [ 706.487187][T19578] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 706.563172][T31885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 706.585179][T31885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 706.668320][T19578] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 706.879346][T31885] team0: Port device team_slave_0 added [ 706.895915][T31781] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 706.922460][T31781] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 707.020942][T19578] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 707.076981][T31885] team0: Port device team_slave_1 added [ 707.103917][T31781] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 707.139892][T31781] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 707.359148][T31885] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 707.366137][T31885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 707.428397][T31885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 707.621888][T31885] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 707.629491][T31885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 707.685666][T31885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 707.902882][T31885] hsr_slave_0: entered promiscuous mode [ 707.925456][T31885] hsr_slave_1: entered promiscuous mode [ 707.931789][T31885] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 707.944809][ T6271] Bluetooth: hci0: command tx timeout [ 707.959322][T31885] Cannot create hsr debugfs directory [ 708.284570][T19578] bridge_slave_1: left allmulticast mode [ 708.290306][T19578] bridge_slave_1: left promiscuous mode [ 708.312911][T19578] bridge0: port 2(bridge_slave_1) entered disabled state [ 708.342830][T19578] bridge_slave_0: left allmulticast mode [ 708.348560][T19578] bridge_slave_0: left promiscuous mode [ 708.382148][T19578] bridge0: port 1(bridge_slave_0) entered disabled state [ 709.937492][T19578] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 709.990485][T19578] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 710.005596][T19578] bond0 (unregistering): Released all slaves [ 710.013730][ T6271] Bluetooth: hci0: command tx timeout [ 710.958706][ C1] bridge0: port 6(gretap0) entered learning state [ 711.355259][T31781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 711.420374][T19578] hsr_slave_0: left promiscuous mode [ 711.476752][T19578] hsr_slave_1: left promiscuous mode [ 711.482772][T19578] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 711.516076][T19578] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 711.579067][T19578] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 711.600204][T19578] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 711.727458][T19578] veth1_macvtap: left promiscuous mode [ 711.733121][T19578] veth0_macvtap: left promiscuous mode [ 711.744678][T19578] veth1_vlan: left promiscuous mode [ 711.750022][T19578] veth0_vlan: left promiscuous mode [ 713.487495][T19578] team0 (unregistering): Port device team_slave_1 removed [ 713.607324][T19578] team0 (unregistering): Port device team_slave_0 removed [ 714.947247][T31781] 8021q: adding VLAN 0 to HW filter on device team0 [ 714.995247][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state [ 715.002452][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 715.065350][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state [ 715.072517][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 715.343587][T31781] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 715.368897][T31781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 715.413544][T31885] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 715.432553][T31885] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 715.463613][T31885] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 715.480360][T31885] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 715.646958][T31885] 8021q: adding VLAN 0 to HW filter on device bond0 [ 715.688332][T31885] 8021q: adding VLAN 0 to HW filter on device team0 [ 715.719841][T19578] bridge0: port 1(bridge_slave_0) entered blocking state [ 715.727008][T19578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 715.755716][T19578] bridge0: port 2(bridge_slave_1) entered blocking state [ 715.762877][T19578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 715.787298][T31781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 715.915645][T31781] veth0_vlan: entered promiscuous mode [ 715.938773][T31781] veth1_vlan: entered promiscuous mode [ 716.004386][T31781] veth0_macvtap: entered promiscuous mode [ 716.027228][T31781] veth1_macvtap: entered promiscuous mode [ 716.040465][T31885] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 716.076228][T31781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 716.089416][T31781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.104085][T31781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 716.117453][T31781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.129739][T31781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 716.158318][T31781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 716.169846][T31781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.185110][T31781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 716.197740][T31781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.213112][T31781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 716.237265][T31781] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.246747][T31781] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.256296][T31781] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.265789][T31781] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.283564][T31885] veth0_vlan: entered promiscuous mode [ 716.313849][T31885] veth1_vlan: entered promiscuous mode [ 716.429916][T31885] veth0_macvtap: entered promiscuous mode [ 716.448754][T31885] veth1_macvtap: entered promiscuous mode [ 716.470115][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 716.477993][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 716.498196][T31885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 716.512428][T31885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.525420][T31885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 716.537505][T31885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.551988][T31885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 716.563913][T31885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.578578][T31885] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 716.634769][T31885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 716.645806][T31885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.656235][T31885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 716.666895][T31885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.677257][T31885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 716.687842][T31885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.700295][T31885] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 716.722996][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 716.733331][T31885] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.744843][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 716.758547][T31885] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.767471][T31885] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.776494][T31885] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.912502][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 716.922744][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 717.023916][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 717.054678][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 719.924324][T32195] netlink: 'syz.3.11729': attribute type 2 has an invalid length. [ 720.739025][T32226] netlink: 'syz.6.11741': attribute type 1 has an invalid length. [ 720.948287][T32232] netlink: 18 bytes leftover after parsing attributes in process `syz.0.11743'. [ 723.838270][T32352] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11776'. [ 726.239199][ C1] bridge0: port 6(gretap0) entered forwarding state [ 726.246045][ C1] bridge0: topology change detected, propagating [ 727.155214][ T6271] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 730.049581][T32613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11850'. [ 731.639043][T32680] ptrace attach of "./syz-executor exec"[19593] was attempted by ""[32680] [ 731.857715][T32687] sctp: [Deprecated]: syz.3.11865 (pid 32687) Use of int in maxseg socket option. [ 731.857715][T32687] Use struct sctp_assoc_value instead [ 732.535729][T32719] ptrace attach of "./syz-executor exec"[31781] was attempted by ""[32719] [ 741.797396][ T29] audit: type=1800 audit(4294967533.081:46): pid=532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.11934" name=03 dev="tmpfs" ino=10500 res=0 errno=0 [ 743.594652][ T589] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11951'. [ 744.073013][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 744.079502][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 746.619771][ T679] netlink: 350 bytes leftover after parsing attributes in process `syz.3.11980'. [ 747.280646][ T702] block nbd0: Unsupported socket: shutdown callout must be supported. [ 748.844033][ T772] netlink: 350 bytes leftover after parsing attributes in process `syz.5.12004'. [ 749.132323][ T6271] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 749.132365][ T6271] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 749.147631][ T6271] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 749.147669][ T6271] Bluetooth: hci1: adv larger than maximum supported [ 749.156645][ T6271] Bluetooth: hci1: Unknown advertising packet type: 0x7d [ 749.165098][ T6271] Bluetooth: hci1: Unknown advertising packet type: 0x7d [ 749.172402][ T6271] Bluetooth: hci1: Malformed LE Event: 0x0d [ 749.176334][ T782] block nbd0: Unsupported socket: shutdown callout must be supported. [ 750.847276][ T862] netlink: 350 bytes leftover after parsing attributes in process `syz.5.12031'. [ 751.308922][ T882] netlink: 28 bytes leftover after parsing attributes in process `syz.6.12038'. [ 752.051334][ T930] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12051'. [ 753.906327][ T1009] zswap: compressor not available [ 757.263139][ T1173] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 757.269643][ T1173] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 759.040597][ T6271] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 759.040636][ T6271] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 759.056035][ T6271] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 759.056108][ T6271] Bluetooth: hci1: Malformed LE Event: 0x0d [ 762.185012][ T1410] ICMPv6: process `syz.0.12178' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 763.384347][ T1456] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12190'. [ 763.441006][ T1456] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12190'. [ 764.831853][ T6271] Bluetooth: hci1: unexpected event 0x01 length: 11 > 1 [ 765.619892][ T1574] netlink: 'syz.3.12220': attribute type 9 has an invalid length. [ 765.665048][ T1574] netlink: 330 bytes leftover after parsing attributes in process `syz.3.12220'. [ 768.822918][ T1694] CIFS: VFS: Invalid SecurityFlags: 0 [ 768.822918][ T1694] [ 770.082335][ T1733] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12258'. [ 772.221981][ T29] audit: type=1800 audit(4294967563.681:47): pid=1809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.12274" name="file0" dev="tmpfs" ino=742 res=0 errno=0 [ 772.298827][ T29] audit: type=1800 audit(4294967563.712:48): pid=1809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.12274" name="file0" dev="tmpfs" ino=742 res=0 errno=0 [ 775.044065][ T1879] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12299'. [ 775.087727][ T1879] vxcan1: entered promiscuous mode [ 777.021354][ T1957] netlink: 280 bytes leftover after parsing attributes in process `syz.0.12317'. [ 779.027950][ T2050] netlink: 28 bytes leftover after parsing attributes in process `syz.5.12345'. [ 779.051470][ T2050] vxcan1: entered promiscuous mode [ 779.381285][ T2066] netlink: 280 bytes leftover after parsing attributes in process `syz.5.12348'. [ 779.671278][ T2079] netlink: 346 bytes leftover after parsing attributes in process `syz.5.12352'. [ 782.011153][ T2173] netlink: 194 bytes leftover after parsing attributes in process `syz.3.12377'. [ 782.931584][ T2207] nbd0: detected capacity change from 0 to 68719476736 [ 782.987448][ T2215] block nbd0: Send control failed (result -22) [ 783.020648][ T2215] block nbd0: Request send failed, requeueing [ 783.056700][ T6271] block nbd0: Receive control failed (result -32) [ 783.063213][ T43] block nbd0: Dead connection, failed to find a fallback [ 783.076170][ T43] block nbd0: shutting down sockets [ 783.082290][ T43] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.093444][ T43] Buffer I/O error on dev nbd0, logical block 0, async page read [ 783.123834][ T2215] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.139459][ T2215] Buffer I/O error on dev nbd0, logical block 0, async page read [ 783.147720][ T2215] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.164590][ T2215] Buffer I/O error on dev nbd0, logical block 0, async page read [ 783.173141][ T2215] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.189229][ T2215] Buffer I/O error on dev nbd0, logical block 0, async page read [ 783.209391][ T2215] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.229331][ T2215] Buffer I/O error on dev nbd0, logical block 0, async page read [ 783.237314][ T2215] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.278789][ T2215] Buffer I/O error on dev nbd0, logical block 0, async page read [ 783.294428][ T2215] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.338208][ T2215] Buffer I/O error on dev nbd0, logical block 0, async page read [ 783.369697][ T2215] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.390848][ T2215] Buffer I/O error on dev nbd0, logical block 0, async page read [ 783.418164][ T2215] ldm_validate_partition_table(): Disk read failed. [ 783.425474][ T2215] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.435106][ T2215] Buffer I/O error on dev nbd0, logical block 0, async page read [ 783.443610][ T2215] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.453377][ T2215] Buffer I/O error on dev nbd0, logical block 0, async page read [ 783.463652][ T2215] Dev nbd0: unable to read RDB block 0 [ 783.470058][ T2215] nbd0: unable to read partition table [ 783.492597][ T2215] ldm_validate_partition_table(): Disk read failed. [ 783.499741][ T2215] Dev nbd0: unable to read RDB block 0 [ 783.506020][ T2215] nbd0: unable to read partition table [ 784.424482][ T2260] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12395'. [ 784.462055][ T2260] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 784.697379][ T2271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12402'. [ 785.213796][ T2292] netlink: 4 bytes leftover after parsing attributes in process `syz.6.12409'. [ 788.068393][ T2387] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input36 [ 788.407072][ T2399] netlink: 'syz.0.12440': attribute type 9 has an invalid length. [ 791.475118][ T2522] Invalid ELF header magic: != ELF [ 794.063621][ T2616] netlink: 85 bytes leftover after parsing attributes in process `syz.3.12485'. [ 794.504984][ T2640] Invalid ELF header magic: != ELF [ 794.969797][T30443] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 795.131372][ T2661] netlink: 8 bytes leftover after parsing attributes in process `syz.6.12497'. [ 795.218819][ T52] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.344143][ T52] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.480437][ T52] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.616509][ T52] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 796.023796][ T52] gretap0: left allmulticast mode [ 796.032566][ T52] gretap0: left promiscuous mode [ 796.037785][ T52] bridge0: port 6(gretap0) entered disabled state [ 796.119801][ T52] bond0: left allmulticast mode [ 796.151418][ T6262] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 796.151945][ T52] bond_slave_0: left allmulticast mode [ 796.169856][ T6262] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 796.182424][ T6262] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 796.191821][ T52] bond_slave_1: left allmulticast mode [ 796.202087][ T6262] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 796.207613][ T52] bond0: left promiscuous mode [ 796.221699][ T6262] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 796.229074][ T6262] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 796.231559][ T52] bond_slave_0: left promiscuous mode [ 796.290608][ T52] bond_slave_1: left promiscuous mode [ 796.317585][ T52] bridge0: port 5(bond0) entered disabled state [ 796.336605][ T52] team0: left allmulticast mode [ 796.350834][ T52] team_slave_0: left allmulticast mode [ 796.357075][ T52] team_slave_1: left allmulticast mode [ 796.370830][ T52] team0: left promiscuous mode [ 796.375639][ T52] team_slave_0: left promiscuous mode [ 796.386561][ T52] team_slave_1: left promiscuous mode [ 796.395709][ T52] bridge0: port 4(team0) entered disabled state [ 796.406809][ T52] macvlan1: left allmulticast mode [ 796.420705][ T52] veth1_vlan: left allmulticast mode [ 796.431075][ T52] macvlan1: left promiscuous mode [ 796.443369][ T52] bridge0: port 3(macvlan1) entered disabled state [ 796.464051][ T52] bridge_slave_1: left allmulticast mode [ 796.469740][ T52] bridge_slave_1: left promiscuous mode [ 796.496055][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 796.515753][ T52] bridge_slave_0: left allmulticast mode [ 796.529961][ T52] bridge_slave_0: left promiscuous mode [ 796.535726][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 797.142479][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 797.154945][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 797.165659][ T52] bond0 (unregistering): Released all slaves [ 797.271392][ T52] nl80211: left promiscuous mode [ 797.416929][ T52] HSR: left promiscuous mode [ 798.097586][ T2693] chnl_net:caif_netlink_parms(): no params data found [ 798.228852][ T52] hsr_slave_0: left promiscuous mode [ 798.291962][ T52] hsr_slave_1: left promiscuous mode [ 798.304845][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 798.320182][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 798.330805][ T6262] Bluetooth: hci1: command tx timeout [ 798.354400][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 798.382161][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 798.449690][ T52] veth1_macvtap: left promiscuous mode [ 798.480682][ T52] veth0_macvtap: left promiscuous mode [ 798.496973][ T52] veth1_vlan: left promiscuous mode [ 798.513715][ T52] veth0_vlan: left promiscuous mode [ 800.168999][ T52] team0 (unregistering): Port device team_slave_1 removed [ 800.307879][ T52] team0 (unregistering): Port device team_slave_0 removed [ 800.400126][ T6262] Bluetooth: hci1: command tx timeout [ 801.891120][ T2693] bridge0: port 1(bridge_slave_0) entered blocking state [ 801.902332][ T2693] bridge0: port 1(bridge_slave_0) entered disabled state [ 801.909566][ T2693] bridge_slave_0: entered allmulticast mode [ 801.917196][ T2693] bridge_slave_0: entered promiscuous mode [ 801.927929][ T2693] bridge0: port 2(bridge_slave_1) entered blocking state [ 801.937824][ T2693] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.945744][ T2693] bridge_slave_1: entered allmulticast mode [ 801.954226][ T2693] bridge_slave_1: entered promiscuous mode [ 802.087776][ T2693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 802.132061][ T2693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 802.347947][ T2693] team0: Port device team_slave_0 added [ 802.387024][ T2693] team0: Port device team_slave_1 added [ 802.469373][ T6262] Bluetooth: hci1: command tx timeout [ 802.539308][ T2693] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 802.546311][ T2693] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 802.628333][ T2693] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 802.669987][ T2693] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 802.676991][ T2693] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 802.838751][ T2693] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 803.009712][ T2903] Invalid ELF header magic: != ELF [ 803.087844][ T2693] hsr_slave_0: entered promiscuous mode [ 803.117828][ T2693] hsr_slave_1: entered promiscuous mode [ 804.538443][ T6262] Bluetooth: hci1: command tx timeout [ 805.065133][ T2693] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 805.148510][ T2693] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 805.181885][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 805.188405][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 805.204932][ T2693] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 805.273287][ T2693] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 805.522161][ T2693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 805.585771][ T2693] 8021q: adding VLAN 0 to HW filter on device team0 [ 805.609750][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 805.616948][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 805.660789][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 805.668001][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 805.781023][ T2693] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 805.795176][ T2693] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 806.102973][ T2693] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 806.444299][ T2946] kexec: Could not allocate control_code_buffer [ 806.625935][ T2693] veth0_vlan: entered promiscuous mode [ 806.651457][ T2693] veth1_vlan: entered promiscuous mode [ 806.719242][ T2693] veth0_macvtap: entered promiscuous mode [ 806.751834][ T2693] veth1_macvtap: entered promiscuous mode [ 806.788784][ T2693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 806.803214][ T2693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 806.823674][ T2693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 806.845663][ T2693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 806.879333][ T2693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 806.890235][ T2693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 806.907684][ T2693] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 806.936400][ T2693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 806.958914][ T2693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 806.975332][ T2693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 806.991114][ T2693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.029426][ T2693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 807.053921][ T2693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.077992][ T2693] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 807.137498][ T2693] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.180617][ T2693] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.227951][ T2693] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.258330][ T2693] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.501544][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 807.530606][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 807.581175][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 807.599209][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 809.224195][ T3098] netlink: 20 bytes leftover after parsing attributes in process `syz.6.12600'. [ 809.421160][ T3092] zswap: compressor not available [ 809.656020][ T29] audit: type=1800 audit(4294967601.318:49): pid=3114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.12602" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 809.915735][ T3124] netlink: 4 bytes leftover after parsing attributes in process `syz.6.12606'. [ 809.926660][ T3124] netlink: 4 bytes leftover after parsing attributes in process `syz.6.12606'. [ 810.089572][ T3129] netlink: 334 bytes leftover after parsing attributes in process `syz.6.12610'. [ 810.166851][ T3132] Invalid ELF header magic: != ELF [ 810.853828][ T3154] qrtr: Invalid version 0 [ 811.201767][ T3180] netlink: 186 bytes leftover after parsing attributes in process `syz.0.12629'. [ 813.509569][ T3258] netlink: 'syz.3.12662': attribute type 1 has an invalid length. [ 813.517908][ T3258] netlink: 206 bytes leftover after parsing attributes in process `syz.3.12662'. [ 813.548682][ T3257] Invalid ELF header magic: != ELF [ 815.213634][ T3308] Invalid ELF header magic: != ELF [ 815.274364][ T3313] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12682'. [ 815.518177][ T3318] program syz.0.12684 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 816.130598][ T3327] nbd: socks must be embedded in a SOCK_ITEM attr [ 816.173762][ T3327] block nbd2: shutting down sockets [ 817.693079][ T3371] netlink: 74 bytes leftover after parsing attributes in process `syz.6.12707'. [ 818.074791][ T3386] zswap: compressor not available [ 818.826799][ T3427] Invalid ELF header magic: != ELF [ 819.383384][ T3450] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12735'. [ 820.639763][ T3488] Invalid ELF header magic: != ELF [ 822.533859][ T6271] Bluetooth: hci2: command 0x0406 tx timeout [ 822.839911][ T3555] netlink: 12 bytes leftover after parsing attributes in process `syz.6.12776'. [ 824.435329][ T3584] netlink: 342 bytes leftover after parsing attributes in process `syz.5.12788'. [ 827.628107][T31887] Bluetooth: hci0: command 0x0406 tx timeout [ 828.970379][ T3719] kAFS: bad VL server IP address [ 830.809890][ T3779] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12864'. [ 830.959834][ T3782] sg_write: process 160 (syz.5.12865) changed security contexts after opening file descriptor, this is not allowed. [ 831.938737][ T3817] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12881'. [ 832.106972][ T3823] dyndbg: bad flag-op , at start of  [ 832.112866][ T3823] dyndbg: flags parse failed [ 832.469046][ T29] audit: type=1800 audit(4294967624.247:50): pid=3838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.12890" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 833.436142][ T3870] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12902'. [ 834.560729][ T3904] ALUA LU Group already has a valid ID, ignoring request [ 836.409675][ T3962] qrtr: Invalid version 47 [ 838.790728][ T4014] tipc: Trying to set illegal importance in message [ 839.496765][ T4030] nbd2: detected capacity change from 0 to 68719476736 [ 839.505619][ T3883] block nbd2: Send control failed (result -22) [ 839.556755][ T3883] block nbd2: Request send failed, requeueing [ 839.566884][ T6271] block nbd2: Receive control failed (result -32) [ 839.566996][ T43] block nbd2: Dead connection, failed to find a fallback [ 839.581004][ T43] block nbd2: shutting down sockets [ 839.586282][ T43] blk_print_req_error: 24 callbacks suppressed [ 839.586298][ T43] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 839.601608][ T43] buffer_io_error: 23 callbacks suppressed [ 839.601622][ T43] Buffer I/O error on dev nbd2, logical block 0, async page read [ 839.628767][ T3883] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 839.705560][ T3883] Buffer I/O error on dev nbd2, logical block 0, async page read [ 839.713506][ T3883] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 839.784968][ T3883] Buffer I/O error on dev nbd2, logical block 0, async page read [ 839.822309][ T3883] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 839.843783][ T3883] Buffer I/O error on dev nbd2, logical block 0, async page read [ 839.863878][ T3883] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 839.883613][ T3883] Buffer I/O error on dev nbd2, logical block 0, async page read [ 839.902927][ T3883] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 839.934272][ T3883] Buffer I/O error on dev nbd2, logical block 0, async page read [ 839.942226][ T3883] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 839.968935][ T3883] Buffer I/O error on dev nbd2, logical block 0, async page read [ 839.988765][ T3883] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 840.057491][ T3883] Buffer I/O error on dev nbd2, logical block 0, async page read [ 840.079635][ T3883] ldm_validate_partition_table(): Disk read failed. [ 840.107951][ T3883] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 840.143341][ T3883] Buffer I/O error on dev nbd2, logical block 0, async page read [ 840.152463][ T3883] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 840.193591][ T3883] Buffer I/O error on dev nbd2, logical block 0, async page read [ 840.201678][ T3883] Dev nbd2: unable to read RDB block 0 [ 840.220182][ T3883] nbd2: unable to read partition table [ 840.245982][ T3883] ldm_validate_partition_table(): Disk read failed. [ 840.269348][ T3883] Dev nbd2: unable to read RDB block 0 [ 840.281443][ T3883] nbd2: unable to read partition table [ 841.191737][ T4078] lo: entered allmulticast mode [ 841.325829][ T4077] lo: left allmulticast mode [ 844.002653][ T4163] nbd: socks must be embedded in a SOCK_ITEM attr [ 844.021852][ T4163] block nbd3: shutting down sockets [ 844.423533][ T6271] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 844.423570][ T6271] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 844.439633][ T6271] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 844.439701][ T6271] Bluetooth: hci2: adv larger than maximum supported [ 844.449523][ T6271] Bluetooth: hci2: adv larger than maximum supported [ 844.457114][ T6271] Bluetooth: hci2: adv larger than maximum supported [ 844.464413][ T6271] Bluetooth: hci2: Malformed LE Event: 0x0d [ 844.883795][ T4189] netlink: 350 bytes leftover after parsing attributes in process `syz.3.13029'. [ 845.008211][ T4194] sd 0:0:1:0: PR command failed: 1026 [ 845.013705][ T4194] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 845.078883][ T4194] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 851.021854][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 851.035728][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 851.050818][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 851.065418][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 851.092650][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 851.104711][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 851.116763][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 851.136740][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 851.155385][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 851.173722][ C1] bridge0: received packet on macvlan1 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 852.909094][ T6271] Bluetooth: hci2: unexpected subevent 0x0a length: 124 > 30 [ 853.384246][ T4472] nbd: socks must be embedded in a SOCK_ITEM attr [ 853.392554][ T4472] block nbd3: shutting down sockets [ 856.220977][ T4542] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 857.515490][T31887] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 857.515535][T31887] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 857.531185][T31887] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 857.531229][T31887] Bluetooth: hci3: adv larger than maximum supported [ 857.541347][T31887] Bluetooth: hci3: adv larger than maximum supported [ 857.552536][T31887] Bluetooth: hci3: adv larger than maximum supported [ 857.561127][T31887] Bluetooth: hci3: Malformed LE Event: 0x0d [ 858.242320][ T4597] netlink: 'syz.5.13188': attribute type 11 has an invalid length. [ 858.453541][ T4606] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13192'. [ 858.465923][ T4606] macvlan1: entered allmulticast mode [ 858.472379][ T4606] veth1_vlan: entered allmulticast mode [ 858.572590][ T4609] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13193'. [ 859.061603][ T4626] netlink: 28 bytes leftover after parsing attributes in process `syz.0.13201'. [ 860.118226][ T29] audit: type=1800 audit(4294967652.031:51): pid=4664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.13218" name="dbroot" dev="configfs" ino=104483 res=0 errno=0 [ 864.108268][ T4762] ================================================================== [ 864.116386][ T4762] BUG: KASAN: slab-use-after-free in idr_for_each+0x252/0x270 [ 864.123889][ T4762] Read of size 8 at addr ffff88805424d8f0 by task syz.3.13256/4762 [ 864.131803][ T4762] [ 864.134125][ T4762] CPU: 1 UID: 0 PID: 4762 Comm: syz.3.13256 Tainted: G U 6.14.0-rc2-syzkaller #0 [ 864.134155][ T4762] Tainted: [U]=USER [ 864.134163][ T4762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 864.134176][ T4762] Call Trace: [ 864.134183][ T4762] [ 864.134191][ T4762] dump_stack_lvl+0x116/0x1f0 [ 864.134225][ T4762] print_report+0xc3/0x620 [ 864.134248][ T4762] ? __virt_addr_valid+0x5e/0x590 [ 864.134267][ T4762] ? __phys_addr+0xc6/0x150 [ 864.134297][ T4762] kasan_report+0xd9/0x110 [ 864.134321][ T4762] ? idr_for_each+0x252/0x270 [ 864.134348][ T4762] ? idr_for_each+0x252/0x270 [ 864.134376][ T4762] ? __pfx_shm_try_destroy_orphaned+0x10/0x10 [ 864.134401][ T4762] idr_for_each+0x252/0x270 [ 864.134428][ T4762] ? __pfx_idr_for_each+0x10/0x10 [ 864.134455][ T4762] ? __pfx_down_write+0x10/0x10 [ 864.134478][ T4762] shm_destroy_orphaned+0x85/0x90 [ 864.134501][ T4762] proc_ipc_dointvec_minmax_orphans+0xca/0xe0 [ 864.134529][ T4762] proc_sys_call_handler+0x3c6/0x5a0 [ 864.134551][ T4762] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 864.134577][ T4762] vfs_write+0x5ae/0x1150 [ 864.134596][ T4762] ? __pfx_proc_sys_write+0x10/0x10 [ 864.134617][ T4762] ? __pfx___mutex_lock+0x10/0x10 [ 864.134645][ T4762] ? __pfx_vfs_write+0x10/0x10 [ 864.134671][ T4762] ksys_write+0x12b/0x250 [ 864.134689][ T4762] ? __pfx_ksys_write+0x10/0x10 [ 864.134712][ T4762] do_syscall_64+0xcd/0x250 [ 864.134731][ T4762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.134757][ T4762] RIP: 0033:0x7f0d6018cde9 [ 864.134772][ T4762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 864.134791][ T4762] RSP: 002b:00007f0d60f69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 864.134809][ T4762] RAX: ffffffffffffffda RBX: 00007f0d603a5fa0 RCX: 00007f0d6018cde9 [ 864.134822][ T4762] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 864.134835][ T4762] RBP: 00007f0d6020e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 864.134848][ T4762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 864.134860][ T4762] R13: 0000000000000000 R14: 00007f0d603a5fa0 R15: 00007fff08d6e3b8 [ 864.134879][ T4762] [ 864.134886][ T4762] [ 864.356185][ T4762] Allocated by task 3838: [ 864.360504][ T4762] kasan_save_stack+0x33/0x60 [ 864.365186][ T4762] kasan_save_track+0x14/0x30 [ 864.369856][ T4762] __kasan_slab_alloc+0x89/0x90 [ 864.374705][ T4762] kmem_cache_alloc_noprof+0x1c8/0x3b0 [ 864.380161][ T4762] radix_tree_node_alloc.constprop.0+0x1e8/0x350 [ 864.386498][ T4762] idr_get_free+0x528/0xa40 [ 864.391011][ T4762] idr_alloc_u32+0x191/0x2f0 [ 864.395606][ T4762] idr_alloc_cyclic+0x10c/0x230 [ 864.400463][ T4762] ipc_addid+0x697/0x1f50 [ 864.404792][ T4762] newseg+0x674/0xe60 [ 864.408771][ T4762] ipcget+0x866/0xd80 [ 864.412752][ T4762] __x64_sys_shmget+0x13f/0x1b0 [ 864.417601][ T4762] do_syscall_64+0xcd/0x250 [ 864.422102][ T4762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.428005][ T4762] [ 864.430321][ T4762] Freed by task 31885: [ 864.434381][ T4762] kasan_save_stack+0x33/0x60 [ 864.439055][ T4762] kasan_save_track+0x14/0x30 [ 864.443756][ T4762] kasan_save_free_info+0x3b/0x60 [ 864.448788][ T4762] __kasan_slab_free+0x51/0x70 [ 864.453547][ T4762] kmem_cache_free+0x2e2/0x4d0 [ 864.458310][ T4762] rcu_core+0x79d/0x14d0 [ 864.462553][ T4762] handle_softirqs+0x213/0x8f0 [ 864.467316][ T4762] __irq_exit_rcu+0x109/0x170 [ 864.471992][ T4762] irq_exit_rcu+0x9/0x30 [ 864.476233][ T4762] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 864.481887][ T4762] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 864.487873][ T4762] [ 864.490186][ T4762] Last potentially related work creation: [ 864.495886][ T4762] kasan_save_stack+0x33/0x60 [ 864.500563][ T4762] kasan_record_aux_stack+0xb8/0xd0 [ 864.505765][ T4762] __call_rcu_common.constprop.0+0x9a/0x870 [ 864.511660][ T4762] delete_node+0x1fc/0x8e0 [ 864.516079][ T4762] __radix_tree_delete+0x193/0x3d0 [ 864.521196][ T4762] radix_tree_delete_item+0xeb/0x230 [ 864.526482][ T4762] ipc_rmid+0x10b/0x3e0 [ 864.530633][ T4762] shm_destroy+0x2d7/0x6d0 [ 864.535049][ T4762] shm_try_destroy_orphaned+0x1a8/0x270 [ 864.540595][ T4762] idr_for_each+0x141/0x270 [ 864.545106][ T4762] shm_destroy_orphaned+0x85/0x90 [ 864.550129][ T4762] proc_ipc_dointvec_minmax_orphans+0xca/0xe0 [ 864.556205][ T4762] proc_sys_call_handler+0x3c6/0x5a0 [ 864.561502][ T4762] vfs_write+0x5ae/0x1150 [ 864.565830][ T4762] ksys_write+0x12b/0x250 [ 864.570153][ T4762] do_syscall_64+0xcd/0x250 [ 864.574657][ T4762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.580557][ T4762] [ 864.582873][ T4762] The buggy address belongs to the object at ffff88805424d8c0 [ 864.582873][ T4762] which belongs to the cache radix_tree_node of size 576 [ 864.597264][ T4762] The buggy address is located 48 bytes inside of [ 864.597264][ T4762] freed 576-byte region [ffff88805424d8c0, ffff88805424db00) [ 864.610971][ T4762] [ 864.613286][ T4762] The buggy address belongs to the physical page: [ 864.619681][ T4762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5424c [ 864.628435][ T4762] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 864.636927][ T4762] memcg:ffff888029ab6d01 [ 864.641155][ T4762] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 864.648695][ T4762] page_type: f5(slab) [ 864.652678][ T4762] raw: 00fff00000000040 ffff88801b04fdc0 dead000000000100 dead000000000122 [ 864.661257][ T4762] raw: 0000000000000000 0000000000170017 00000000f5000000 ffff888029ab6d01 [ 864.669834][ T4762] head: 00fff00000000040 ffff88801b04fdc0 dead000000000100 dead000000000122 [ 864.678500][ T4762] head: 0000000000000000 0000000000170017 00000000f5000000 ffff888029ab6d01 [ 864.687165][ T4762] head: 00fff00000000002 ffffea0001509301 ffffffffffffffff 0000000000000000 [ 864.695827][ T4762] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 864.704488][ T4762] page dumped because: kasan: bad access detected [ 864.710903][ T4762] page_owner tracks the page as allocated [ 864.716605][ T4762] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x52810(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_RECLAIMABLE), pid 28062, tgid 28061 (syz.7.10160), ts 586620466005, free_ts 578193803575 [ 864.736748][ T4762] post_alloc_hook+0x181/0x1b0 [ 864.741513][ T4762] get_page_from_freelist+0xfce/0x2f80 [ 864.746968][ T4762] __alloc_frozen_pages_noprof+0x221/0x2470 [ 864.752858][ T4762] alloc_pages_mpol+0x1fc/0x540 [ 864.757708][ T4762] new_slab+0x23d/0x330 [ 864.761854][ T4762] ___slab_alloc+0xbfa/0x1600 [ 864.766523][ T4762] __slab_alloc.constprop.0+0x56/0xb0 [ 864.771890][ T4762] kmem_cache_alloc_lru_noprof+0xf0/0x3b0 [ 864.777608][ T4762] xas_alloc+0x34f/0x460 [ 864.781858][ T4762] xas_create+0x72b/0x1460 [ 864.786274][ T4762] xas_store+0x8b/0x1930 [ 864.790510][ T4762] shmem_add_to_page_cache+0x66a/0x9b0 [ 864.795974][ T4762] shmem_alloc_and_add_folio+0x662/0xc10 [ 864.801615][ T4762] shmem_get_folio_gfp+0x689/0x1530 [ 864.806827][ T4762] shmem_write_begin+0x161/0x300 [ 864.811772][ T4762] generic_perform_write+0x2ba/0x920 [ 864.817061][ T4762] page last free pid 27930 tgid 27930 stack trace: [ 864.823553][ T4762] free_frozen_pages+0x6db/0xfb0 [ 864.828490][ T4762] qlist_free_all+0x4e/0x120 [ 864.833079][ T4762] kasan_quarantine_reduce+0x195/0x1e0 [ 864.838532][ T4762] __kasan_slab_alloc+0x69/0x90 [ 864.843378][ T4762] kmem_cache_alloc_noprof+0x1c8/0x3b0 [ 864.848834][ T4762] mas_alloc_nodes+0x18b/0x880 [ 864.853603][ T4762] mas_node_count_gfp+0x105/0x130 [ 864.858633][ T4762] mas_preallocate+0x53f/0xce0 [ 864.863390][ T4762] commit_merge+0x701/0x10a0 [ 864.867976][ T4762] vma_expand+0x3fd/0x9c0 [ 864.872299][ T4762] relocate_vma_down+0x216/0x480 [ 864.877250][ T4762] setup_arg_pages+0x565/0xcd0 [ 864.882007][ T4762] load_elf_binary+0xaf9/0x4ff0 [ 864.886865][ T4762] bprm_execve+0x8dd/0x16d0 [ 864.891360][ T4762] do_execveat_common.isra.0+0x4a2/0x610 [ 864.896996][ T4762] __x64_sys_execve+0x8c/0xb0 [ 864.901666][ T4762] [ 864.903979][ T4762] Memory state around the buggy address: [ 864.909598][ T4762] ffff88805424d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 864.917655][ T4762] ffff88805424d800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 864.925709][ T4762] >ffff88805424d880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 864.933757][ T4762] ^ [ 864.941460][ T4762] ffff88805424d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 864.949511][ T4762] ffff88805424d980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 864.957559][ T4762] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 865.013769][ T4762] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 865.021036][ T4762] CPU: 1 UID: 0 PID: 4762 Comm: syz.3.13256 Tainted: G U 6.14.0-rc2-syzkaller #0 [ 865.031566][ T4762] Tainted: [U]=USER [ 865.035366][ T4762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 865.045417][ T4762] Call Trace: [ 865.048688][ T4762] [ 865.051610][ T4762] dump_stack_lvl+0x3d/0x1f0 [ 865.056212][ T4762] panic+0x71d/0x800 [ 865.060104][ T4762] ? __pfx_panic+0x10/0x10 [ 865.064516][ T4762] ? preempt_schedule_thunk+0x1a/0x30 [ 865.069889][ T4762] ? preempt_schedule_common+0x44/0xc0 [ 865.075358][ T4762] check_panic_on_warn+0xab/0xb0 [ 865.080293][ T4762] end_report+0x117/0x180 [ 865.084627][ T4762] kasan_report+0xe9/0x110 [ 865.089045][ T4762] ? idr_for_each+0x252/0x270 [ 865.093732][ T4762] ? idr_for_each+0x252/0x270 [ 865.098412][ T4762] ? __pfx_shm_try_destroy_orphaned+0x10/0x10 [ 865.104479][ T4762] idr_for_each+0x252/0x270 [ 865.108989][ T4762] ? __pfx_idr_for_each+0x10/0x10 [ 865.114021][ T4762] ? __pfx_down_write+0x10/0x10 [ 865.118878][ T4762] shm_destroy_orphaned+0x85/0x90 [ 865.123907][ T4762] proc_ipc_dointvec_minmax_orphans+0xca/0xe0 [ 865.129980][ T4762] proc_sys_call_handler+0x3c6/0x5a0 [ 865.135269][ T4762] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 865.141079][ T4762] vfs_write+0x5ae/0x1150 [ 865.145407][ T4762] ? __pfx_proc_sys_write+0x10/0x10 [ 865.150604][ T4762] ? __pfx___mutex_lock+0x10/0x10 [ 865.155634][ T4762] ? __pfx_vfs_write+0x10/0x10 [ 865.160401][ T4762] ksys_write+0x12b/0x250 [ 865.164725][ T4762] ? __pfx_ksys_write+0x10/0x10 [ 865.169578][ T4762] do_syscall_64+0xcd/0x250 [ 865.174078][ T4762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 865.179977][ T4762] RIP: 0033:0x7f0d6018cde9 [ 865.184385][ T4762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 865.203993][ T4762] RSP: 002b:00007f0d60f69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 865.212418][ T4762] RAX: ffffffffffffffda RBX: 00007f0d603a5fa0 RCX: 00007f0d6018cde9 [ 865.220388][ T4762] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 865.228357][ T4762] RBP: 00007f0d6020e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 865.236322][ T4762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 865.244285][ T4762] R13: 0000000000000000 R14: 00007f0d603a5fa0 R15: 00007fff08d6e3b8 [ 865.252258][ T4762] [ 865.255500][ T4762] Kernel Offset: disabled [ 865.259811][ T4762] Rebooting in 86400 seconds..