last executing test programs: 2.118328865s ago: executing program 1 (id=9125): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/wlan1/mcast_solicit\x00', 0x2000, 0x0) 2.040277522s ago: executing program 2 (id=9127): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) copy_file_range$auto(r0, 0x0, r0, 0x0, 0x2, 0x0) 1.925454637s ago: executing program 1 (id=9128): memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) 1.751495563s ago: executing program 1 (id=9130): socket(0x21, 0x2, 0xa) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 1.694645334s ago: executing program 2 (id=9132): mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sysfs$auto(0x2, 0x4, 0x0) mbind$auto(0x0, 0xfaa1, 0x8001, &(0x7f0000000280)=0xc9e, 0x400, 0x1) 1.583359071s ago: executing program 1 (id=9133): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x8f3b7a51b80eb801, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000100)='\"', 0x1) close_range$auto(0x2, 0x8, 0x0) 1.361877458s ago: executing program 1 (id=9136): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x4, 0xfffffffffffff496) ptrace$auto_PTRACE_OLDSETOPTIONS(0x4212, r0, 0x7, 0xc) 1.312773232s ago: executing program 2 (id=9138): socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) 1.146263595s ago: executing program 3 (id=9139): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_ADD(r0, &(0x7f0000002dc0)={0x0, 0x0, &(0x7f0000002d80)={&(0x7f0000000280)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x404c045}, 0x0) 1.080367239s ago: executing program 0 (id=9140): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r0, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000000000)={0x34, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HWSIM_ATTR_FLAGS={0x8, 0x4, 0x1}, @HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "a060292f83d9"}, @HWSIM_ATTR_COOKIE={0xc}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000041}, 0x800) 914.298636ms ago: executing program 1 (id=9141): r0 = socket(0xa, 0x1, 0x0) setsockopt$auto(r0, 0x29, 0x3b, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) 909.81191ms ago: executing program 3 (id=9142): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000005bc0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000005c80)={0x0, 0x0, &(0x7f0000005c40)={&(0x7f0000005c00)={0x20, r1, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x20000080) 844.942313ms ago: executing program 0 (id=9143): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), r0) sendmsg$auto_OVS_VPORT_CMD_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x20, r1, 0x1, 0x71b527, 0x25dfdbfe, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0) 766.832666ms ago: executing program 2 (id=9144): r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x30, r0, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x14, 0x1, 0x0, 0x1, [@nested={0x10, 0x10, 0x0, 0x1, [@typed={0xc, 0xb, 0x0, 0x0, @u64=0x4}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x400d0}, 0x800) 691.197601ms ago: executing program 3 (id=9145): socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x0, 0x23, 0x0, 0x28) 640.049979ms ago: executing program 0 (id=9146): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/midi2\x00', 0xaa101, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_DRAIN(r0, 0x40045731, 0x0) 502.052104ms ago: executing program 3 (id=9147): mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x5, 0x0) setsockopt$auto(r0, 0x10000000084, 0x4, 0x0, 0x4) 440.081469ms ago: executing program 0 (id=9148): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) 407.984724ms ago: executing program 2 (id=9149): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x5, 0x3, 0x5, 0x2000000000000002, 0x9, 0x8, 0x400000000ff, 0xa, 0x4, 0xaab, 0x8, 0x7]}, 0x0, 0x0) 301.907792ms ago: executing program 3 (id=9150): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x488081, 0x0) setresuid$auto(0x0, 0x8, 0x0) fcntl$auto(0x0, 0x407, 0x8100000) 232.998739ms ago: executing program 0 (id=9151): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x1d, 0x2, 0x6) setsockopt$auto(r0, 0x6a, 0x1, 0x0, 0xc) 115.884038ms ago: executing program 3 (id=9152): io_uring_setup$auto(0x386, &(0x7f0000000000)={0x5, 0x1, 0x4c, 0x0, 0x1, 0x8, 0xffffffffffffffff, [0x10001, 0x8, 0xa], {0x8, 0x8, 0x3fc000, 0x4, 0xffffff7a, 0x3, 0x9, 0xec5, 0xffff}, {0xd5, 0x80000000, 0x1bee, 0x5d, 0x400, 0x9, 0x7, 0x8000, 0x7f}}) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) 47.994036ms ago: executing program 0 (id=9153): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_SET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)={0x14, r1, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x40044) 0s ago: executing program 2 (id=9154): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'veth0_to_bridge\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex=r1, 0xffffffffffffffff, 0x9c, 0x1, 0x1, @relative_fd, 0x5}, 0x96) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.187' (ED25519) to the list of known hosts. [ 89.055726][ T5814] cgroup: Unknown subsys name 'net' [ 89.164731][ T5814] cgroup: Unknown subsys name 'cpuset' [ 89.174605][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 90.958577][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 93.142798][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.309745][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.340083][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.497647][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.529905][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.271629][ T796] cfg80211: failed to load regulatory.db [ 97.799336][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.810596][ T5882] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.818892][ T5882] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.832812][ T5882] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.841077][ T5882] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.849547][ T5882] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.868668][ T5885] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.869033][ T5886] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.883926][ T5886] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.885651][ T5885] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.967425][ T5886] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.976475][ T5885] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.984547][ T5886] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.993184][ T5886] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 98.000841][ T5886] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 98.010491][ T5885] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 98.019529][ T5885] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 98.019992][ T5886] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 98.036395][ T5886] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 98.050174][ T5886] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.846596][ T5881] chnl_net:caif_netlink_parms(): no params data found [ 98.975314][ T5887] chnl_net:caif_netlink_parms(): no params data found [ 98.990612][ T5888] chnl_net:caif_netlink_parms(): no params data found [ 99.125182][ T5880] chnl_net:caif_netlink_parms(): no params data found [ 99.237272][ T5887] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.245607][ T5887] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.253344][ T5887] bridge_slave_0: entered allmulticast mode [ 99.261286][ T5887] bridge_slave_0: entered promiscuous mode [ 99.270831][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.278043][ T5881] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.285502][ T5881] bridge_slave_0: entered allmulticast mode [ 99.293266][ T5881] bridge_slave_0: entered promiscuous mode [ 99.339031][ T5887] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.346466][ T5887] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.354074][ T5887] bridge_slave_1: entered allmulticast mode [ 99.362052][ T5887] bridge_slave_1: entered promiscuous mode [ 99.369817][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.377118][ T5881] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.384886][ T5881] bridge_slave_1: entered allmulticast mode [ 99.392513][ T5881] bridge_slave_1: entered promiscuous mode [ 99.407176][ T5888] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.415462][ T5888] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.422895][ T5888] bridge_slave_0: entered allmulticast mode [ 99.430719][ T5888] bridge_slave_0: entered promiscuous mode [ 99.439579][ T5888] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.448047][ T5888] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.456257][ T5888] bridge_slave_1: entered allmulticast mode [ 99.464042][ T5888] bridge_slave_1: entered promiscuous mode [ 99.572965][ T5887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.585835][ T5887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.598516][ T5881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.611772][ T5888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.624472][ T5888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.660477][ T5881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.682009][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.689257][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.696687][ T5880] bridge_slave_0: entered allmulticast mode [ 99.704287][ T5880] bridge_slave_0: entered promiscuous mode [ 99.749044][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.757179][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.764754][ T5880] bridge_slave_1: entered allmulticast mode [ 99.772599][ T5880] bridge_slave_1: entered promiscuous mode [ 99.782284][ T5887] team0: Port device team_slave_0 added [ 99.801693][ T5888] team0: Port device team_slave_0 added [ 99.809750][ T5881] team0: Port device team_slave_0 added [ 99.834479][ T5887] team0: Port device team_slave_1 added [ 99.842141][ T5881] team0: Port device team_slave_1 added [ 99.851219][ T5888] team0: Port device team_slave_1 added [ 99.906239][ T5880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.956294][ T5880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.966585][ T5887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.973754][ T5887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.000522][ T5147] Bluetooth: hci0: command tx timeout [ 100.000517][ T51] Bluetooth: hci1: command tx timeout [ 100.002162][ T5887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.024356][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.031391][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.057598][ T5881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.069570][ T5888] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.073138][ T5147] Bluetooth: hci3: command tx timeout [ 100.086213][ T5888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.112610][ T5888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.136354][ T5887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.143508][ T5887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.150472][ T5147] Bluetooth: hci2: command tx timeout [ 100.175283][ T5887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.187539][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.194588][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.220770][ T5881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.232734][ T5888] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.239733][ T5888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.266068][ T5888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.315530][ T5880] team0: Port device team_slave_0 added [ 100.325091][ T5880] team0: Port device team_slave_1 added [ 100.404502][ T5887] hsr_slave_0: entered promiscuous mode [ 100.411342][ T5887] hsr_slave_1: entered promiscuous mode [ 100.418763][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.426347][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.452522][ T5880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.499357][ T5881] hsr_slave_0: entered promiscuous mode [ 100.507002][ T5881] hsr_slave_1: entered promiscuous mode [ 100.514017][ T5881] debugfs: 'hsr0' already exists in 'hsr' [ 100.520026][ T5881] Cannot create hsr debugfs directory [ 100.526410][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.533975][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.560394][ T5880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.616731][ T5888] hsr_slave_0: entered promiscuous mode [ 100.623450][ T5888] hsr_slave_1: entered promiscuous mode [ 100.629624][ T5888] debugfs: 'hsr0' already exists in 'hsr' [ 100.635618][ T5888] Cannot create hsr debugfs directory [ 100.774478][ T5880] hsr_slave_0: entered promiscuous mode [ 100.781129][ T5880] hsr_slave_1: entered promiscuous mode [ 100.787418][ T5880] debugfs: 'hsr0' already exists in 'hsr' [ 100.793353][ T5880] Cannot create hsr debugfs directory [ 101.206199][ T5881] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 101.240663][ T5881] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 101.266352][ T5881] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 101.279788][ T5881] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 101.348856][ T5887] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 101.367256][ T5887] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 101.407824][ T5887] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 101.419996][ T5887] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 101.491870][ T5888] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 101.518405][ T5888] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 101.542838][ T5888] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 101.554520][ T5888] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 101.657871][ T5880] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.682066][ T5880] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.696243][ T5880] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.708200][ T5880] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.762159][ T5881] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.818293][ T5881] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.841642][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.848988][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.880630][ T5887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.923478][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.930708][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.992147][ T5887] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.034551][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.041782][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.060984][ T5888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.070637][ T5147] Bluetooth: hci1: command tx timeout [ 102.070645][ T51] Bluetooth: hci0: command tx timeout [ 102.096716][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.104140][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.135680][ T5880] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.150680][ T5147] Bluetooth: hci3: command tx timeout [ 102.197104][ T5888] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.230873][ T5147] Bluetooth: hci2: command tx timeout [ 102.249474][ T5880] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.305712][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.313028][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.326110][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.333358][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.343497][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.350695][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.376500][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.383743][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.710339][ T5881] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.838592][ T5887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.897916][ T5881] veth0_vlan: entered promiscuous mode [ 102.932676][ T5881] veth1_vlan: entered promiscuous mode [ 103.007663][ T5887] veth0_vlan: entered promiscuous mode [ 103.037569][ T5887] veth1_vlan: entered promiscuous mode [ 103.059807][ T5880] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.089048][ T5881] veth0_macvtap: entered promiscuous mode [ 103.113418][ T5881] veth1_macvtap: entered promiscuous mode [ 103.142341][ T5888] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.181085][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.212225][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.233037][ T5887] veth0_macvtap: entered promiscuous mode [ 103.255938][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.266858][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.289430][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.298718][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.314051][ T5887] veth1_macvtap: entered promiscuous mode [ 103.345743][ T5880] veth0_vlan: entered promiscuous mode [ 103.371888][ T5880] veth1_vlan: entered promiscuous mode [ 103.405204][ T5888] veth0_vlan: entered promiscuous mode [ 103.418887][ T5887] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.465692][ T5887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.477485][ T5888] veth1_vlan: entered promiscuous mode [ 103.529629][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.538795][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.558483][ T5880] veth0_macvtap: entered promiscuous mode [ 103.566429][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.576140][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.590031][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.597963][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.668663][ T5880] veth1_macvtap: entered promiscuous mode [ 103.688900][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.710247][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.738607][ T5888] veth0_macvtap: entered promiscuous mode [ 103.758982][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.778959][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.812002][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.832128][ T5888] veth1_macvtap: entered promiscuous mode [ 103.884303][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.955102][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.971492][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.980218][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.989502][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.021284][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.035844][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.066102][ T5888] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.115321][ T5888] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.151489][ T5147] Bluetooth: hci0: command tx timeout [ 104.153956][ T51] Bluetooth: hci1: command tx timeout [ 104.181815][ T169] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.198818][ T169] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.231424][ T51] Bluetooth: hci3: command tx timeout [ 104.255820][ T169] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.279065][ T169] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.321343][ T51] Bluetooth: hci2: command tx timeout [ 104.380458][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.391164][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.584059][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.595764][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.668373][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.688957][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.868881][ T1363] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.898189][ T1363] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.231175][ T51] Bluetooth: hci1: command tx timeout [ 106.236770][ T51] Bluetooth: hci0: command tx timeout [ 106.310812][ T5147] Bluetooth: hci3: command tx timeout [ 106.390640][ T5147] Bluetooth: hci2: command tx timeout [ 106.757907][ T6048] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 108.611206][ T6122] Unable to find swap-space signature [ 112.243602][ T6262] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 113.850331][ T6325] mmap: syz.0.187 (6325) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 114.923532][ T6361] syz.0.204 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 115.680334][ T30] audit: type=1800 audit(1775310795.370:2): pid=6391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.221" name="features" dev="configfs" ino=9921 res=0 errno=0 [ 117.090397][ T6450] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 117.123097][ T30] audit: type=1800 audit(1775310796.820:3): pid=6450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.249" name="trace_pipe" dev="tracefs" ino=3647 res=0 errno=0 [ 117.637253][ T30] audit: type=1800 audit(1775310797.330:4): pid=6468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.258" name="lu_gp_id" dev="configfs" ino=10339 res=0 errno=0 [ 118.330314][ T6496] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 120.037240][ T30] audit: type=1800 audit(1843104520.870:5): pid=6548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.298" name="lu_gp_id" dev="configfs" ino=10409 res=0 errno=0 [ 120.946652][ T6526] kexec: Could not allocate control_code_buffer [ 121.202565][ T30] audit: type=1800 audit(1843104522.040:6): pid=6585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.317" name="lu_gp_id" dev="configfs" ino=11274 res=0 errno=0 [ 125.811072][ T6727] __vm_enough_memory: pid: 6727, comm: syz.3.386, bytes: 4398046511104 not enough memory for the allocation [ 126.780926][ T6756] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 130.248313][ T30] audit: type=1800 audit(1843106579.102:7): pid=6865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.451" name="dummy_udc" dev="gadgetfs" ino=8313 res=0 errno=0 [ 131.083665][ T30] audit: type=1326 audit(1843106579.947:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6889 comm="syz.3.465" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fadf3b9c819 code=0x0 [ 132.585299][ T6926] ima: policy update failed [ 132.590111][ T30] audit: type=1802 audit(1843106581.465:9): pid=6926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.483" res=0 errno=0 [ 133.081581][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.088191][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.715737][ T30] audit: type=1800 audit(1843106582.590:10): pid=6975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.506" name="members" dev="configfs" ino=11893 res=0 errno=0 [ 136.715314][ T5147] Bluetooth: hci2: unknown advertising packet type: 0xea [ 137.033948][ T5147] Bluetooth: hci2: unexpected event 0x33 length: 124 > 10 [ 137.911510][ T7153] ======================================================= [ 137.911510][ T7153] WARNING: The mand mount option has been deprecated and [ 137.911510][ T7153] and is ignored by this kernel. Remove the mand [ 137.911510][ T7153] option from the mount to silence this warning. [ 137.911510][ T7153] ======================================================= [ 142.238947][ T7348] syz_tun: tun_chr_ioctl cmd 2147767508 [ 142.920962][ T5147] Bluetooth: hci1: unexpected event 0x3e length: 720 > 260 [ 142.934441][ T30] audit: type=1800 audit(1843106591.858:11): pid=7380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.707" name="dbroot" dev="configfs" ino=13468 res=0 errno=0 [ 143.597430][ T7406] ptrace attach of "./syz-executor exec"[5887] was attempted by "./syz-executor exec"[7406] [ 144.773447][ T5147] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 145.138744][ T7472] capability: warning: `syz.1.752' uses 32-bit capabilities (legacy support in use) [ 145.712989][ T5147] Bluetooth: hci2: unexpected event 0x01 length: 124 > 1 [ 146.124212][ T7513] futex_wake_op: syz.0.771 tries to shift op by -1; fix this program [ 148.780770][ T7629] Process accounting resumed [ 150.600458][ T5147] Bluetooth: hci0: unexpected event 0x32 length: 727 > 9 [ 155.182374][ T7919] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 156.478407][ T7976] random: crng reseeded on system resumption [ 158.392066][ T8059] syz.2.1046(8059): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 165.690046][ T8375] syz_tun: tun_chr_ioctl cmd 1074025680 [ 166.718259][ T5147] Bluetooth: hci1: unexpected event 0x1d length: 6 > 5 [ 169.461901][ T8541] syz_tun: tun_chr_ioctl cmd 1074025680 [ 169.821197][ T5147] Bluetooth: hci1: unexpected event 0x03 length: 123 > 11 [ 169.985671][ T8566] nfs: Bad value for 'source' [ 170.317619][ T8580] syz_tun: tun_chr_ioctl cmd 21731 [ 170.405669][ T5147] Bluetooth: hci3: unexpected event 0x03 length: 123 > 11 [ 172.986413][ T8711] ptrace attach of "./syz-executor exec"[5888] was attempted by "./syz-executor exec"[8711] [ 175.228421][ T5147] Bluetooth: hci0: unexpected event 0x34 length: 726 > 6 [ 178.030727][ T5147] Bluetooth: hci2: unexpected event 0x23 length: 127 > 13 [ 178.707744][ T8964] Process accounting paused [ 180.987725][ T30] audit: type=1800 audit(4294986699.883:12): pid=9068 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1538" name="features" dev="configfs" ino=18514 res=0 errno=0 [ 181.160726][ T9074] Invalid ELF header magic: != ELF [ 181.954412][ T9107] kafs: addr_prefs: Invalid Command [ 183.780279][ T9183] bond0: option mode: unable to set because the bond device is up [ 184.298769][ T9206] queue_state_write: operation too long [ 184.315367][ T9206] queue_state_write: use 'run', 'start' or 'kick' [ 185.102474][ T30] audit: type=1800 audit(4294986704.015:13): pid=9243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1625" name="lu_gp_id" dev="configfs" ino=18256 res=0 errno=0 [ 185.124365][ T9243] ALUA LU Group already has a valid ID, ignoring request [ 186.129199][ T9289] Debayer A: ================= START STATUS ================= [ 186.155202][ T9289] Debayer A: Debayer Mean Window Size: 3 [ 186.172684][ T9289] Debayer A: ================== END STATUS ================== [ 189.620777][ T9428] __vm_enough_memory: pid: 9428, comm: syz.1.1715, bytes: 9223372036854775808 not enough memory for the allocation [ 191.499982][ T9530] synth uevent: /bus/mei: unknown uevent action string [ 193.960197][ T9632] [U]  [ 194.201432][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.209661][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.053564][ T9688] binder: 9686:9688 ioctl 400c620e 0 returned -14 Ijn9_VQ8j@:U%Ux0 R@x@qrIB@[*t ;S;x=Gcqx)Z*16GSu bmIK7 [ 196.325172][ T9745] Per memcg swappiness does not exist in cgroup v2. See memory.reclaim or memory.swap.max there [ 196.325172][ T9745] [ 196.794042][ T9766] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 197.491179][ T9791] ICMPv6: process `syz.1.1889' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 198.244493][ T30] audit: type=1800 audit(4294986717.223:14): pid=9820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1902" name="discovery_nqn" dev="configfs" ino=20197 res=0 errno=0 [ 200.138549][ T9888] sd 0:0:1:0: PR command failed: 1026 [ 200.144073][ T9888] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 200.154467][ T9888] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 200.467244][ T9902] kAFS: Invalid Command on /proc/fs/afs/cells file [ 201.009524][ T9929] mmap: syz.2.1952 (9929): VmData 45879296 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 202.026628][ T9970] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 204.881962][T10114] [ 207.868022][ T30] audit: type=1800 audit(4294986726.903:15): pid=10261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2115" name="features" dev="configfs" ino=21461 res=0 errno=0 [ 208.197955][T10277] writes to the poll attribute are ignored. [ 208.222883][T10277] please use driver specific parameters instead. [ 208.675121][T10301] Process accounting resumed [ 210.001570][T10361] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 210.095862][T10361] CIFS mount error: No usable UNC path provided in device string! [ 210.095862][T10361] [ 210.130024][T10361] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 210.531650][T10377] bond0: invalid ARP target specified [ 210.739696][T10389] program syz.0.2177 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 211.409702][T10399] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 213.612078][T10524] syz.0.2244 (10524): attempted to duplicate a private mapping with mremap. This is not supported. [ 214.748608][ T30] audit: type=1400 audit(4294986733.819:16): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=10566 comm="syz.0.2265" [ 219.374700][T10761] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 221.641502][T10851] Setting dangerous option i915.mitigations - tainting kernel [ 221.736187][T10776] Bluetooth: hci1: command 0x0406 tx timeout [ 221.736226][T10775] Bluetooth: hci3: command 0x0406 tx timeout [ 221.743186][T10776] Bluetooth: hci2: command 0x0406 tx timeout [ 221.743226][T10776] Bluetooth: hci0: command 0x0406 tx timeout [ 222.094979][ T5885] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 222.095024][ T5885] Bluetooth: hci1: unexpected subevent 0x06 length: 725 > 10 [ 224.122079][ T5885] Bluetooth: hci1: command 0x0406 tx timeout [ 225.877303][T11000] binder: 10999:11000 ioctl 400c620e 2000000001c0 returned -22 [ 225.948507][T11004] WARNING! power/level is deprecated; use power/control instead [ 226.747002][T11040] synth uevent: /devices/platform/vivid.0/cec26: unknown uevent action string [ 226.785822][T11040] cec cec26: uevent: failed to send synthetic uevent: -22 [ 227.094024][ T30] audit: type=1800 audit(4294986746.223:17): pid=11056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2502" name="dbroot" dev="configfs" ino=24861 res=0 errno=0 [ 227.797728][T11092] ICMPv6: process `syz.2.2519' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 228.914438][T11145] rnbd_client L213: map_device: Parameters missing [ 230.150514][T11202] bond0: invalid ARP target specified [ 231.936653][T11259] binder: 11258:11259 ioctl c0306201 200000000000 returned -14 [ 232.328618][T11275] program syz.0.2609 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 232.354691][T11275] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 234.059371][T11349] ptrace attach of "./syz-executor exec"[5880] was attempted by ""[11349] [ 234.069430][T11351] kAFS: Invalid Command on /proc/fs/afs/cells file [ 235.337124][T11395] batman_adv: Routing algorithm '7' is not supported [ 236.023320][T11415] block2mtd: illegal erase size [ 236.182729][T11425] virtio-pci 0000:00:04.0: [Firmware Bug]: Overriding NUMA node to -1. Contact your vendor for updates. [ 238.603689][T11532] Process accounting paused [ 241.265594][T11647] wlan1: mtu less than device minimum [ 241.614993][T11653] syz_tun: tun_chr_ioctl cmd 2147767517 [ 241.870588][T11660] usb usb3: usbfs: process 11660 (syz.3.2799) did not claim interface 0 before use [ 243.565907][T11744] random: crng reseeded on system resumption [ 243.657065][T11750] misc userio: Invalid payload size [ 245.240136][T11832] delete_channel: no stack [ 246.320910][T11857] sd 0:0:1:0: PR command failed: 1026 [ 246.336889][T11857] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 246.352535][T11857] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 247.969403][T11945] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 249.850219][T12041] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 249.948642][T12045] kernel read not supported for file /\*)A (pid: 12045 comm: syz.2.2988) [ 249.997637][ T30] audit: type=1800 audit(4294986769.252:18): pid=12045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2988" name="\*)A" dev="mqueue" ino=27700 res=0 errno=0 [ 250.227957][T12030] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 250.363522][ T30] audit: type=1326 audit(4294986769.614:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12057 comm="syz.2.2996" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f36e4f9c819 code=0x0 [ 251.220645][T12098] usb usb2: usbfs: process 12098 (syz.0.3013) did not claim interface 4 before use [ 251.585892][T12117] zram0: detected capacity change from 0 to 16 [ 254.243542][T12258] bond0: option slaves: interface -]=,Don?I|a CB does not exist! [ 254.409472][T12262] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18000 [ 254.422252][T12262] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 254.485034][T12262] raw: 00fff00000002000 ffffea0000600008 ffffea0000600008 0000000000000000 [ 254.494778][T12262] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 254.506045][T12262] page dumped because: unmovable page [ 254.518128][T12262] page_owner info is not present (never set?) [ 255.247994][T12308] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 255.325580][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.332216][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.650204][T12321] nvme_fcloop: unknown parameter or missing value '0' syzkaller syzkaller login: [ 256.257513][ C0] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff81b1215a (__mcheck_cpu_init_prepare_banks+0x18a/0x380) [ 256.273188][ C0] Call Trace: [ 256.276604][ C0] [ 256.279486][ C0] ? __pfx___mcheck_cpu_init_prepare_banks+0x10/0x10 [ 256.286244][ C0] ? sched_clock_cpu+0x6c/0x570 [ 256.291162][ C0] ? lockdep_softirqs_on+0xad/0x120 [ 256.296450][ C0] ? __pfx_mce_cpu_restart+0x10/0x10 [ 256.301810][ C0] mce_cpu_restart+0xd5/0x1f0 [ 256.306551][ C0] __flush_smp_call_function_queue+0x281/0x960 [ 256.312766][ C0] __sysvec_call_function_single+0x81/0x470 [ 256.318719][ C0] sysvec_call_function_single+0x9e/0xc0 [ 256.324453][ C0] [ 256.327451][ C0] [ 256.330434][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 256.336474][ C0] RIP: 0010:stack_access_ok+0xe/0x1d0 [ 256.341903][ C0] Code: 5d e9 96 ee d9 09 e8 71 bb d6 09 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 b8 00 00 00 00 00 fc ff df 41 55 41 54 <49> 89 d4 48 89 fa 55 48 c1 ea 03 48 89 f5 53 48 89 fb 48 83 ec 08 [ 256.361572][ C0] RSP: 0018:ffffc90003a97650 EFLAGS: 00000283 [ 256.367705][ C0] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff91793f1e [ 256.375712][ C0] RDX: 0000000000000008 RSI: ffffc90003a97c80 RDI: ffffc90003a976d8 [ 256.383721][ C0] RBP: ffffc90003a97c80 R08: 0000000000000001 R09: 0000000000000007 [ 256.391732][ C0] R10: 0000000000000200 R11: 000000000000c661 R12: ffffc90003a97728 [ 256.399750][ C0] R13: ffffc90003a976d8 R14: ffffc90003a97c90 R15: ffffc90003a9770c [ 256.407929][ C0] unwind_next_frame+0x14f0/0x1ea0 [ 256.413109][ C0] ? copy_process+0x3b71/0x7a40 [ 256.418017][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 256.424261][ C0] arch_stack_walk+0x94/0xf0 [ 256.428919][ C0] ? kernel_clone+0xfc/0x9a0 [ 256.433566][ C0] stack_trace_save+0x8e/0xc0 [ 256.438298][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 256.443824][ C0] ? alloc_fdtable+0x17f/0x2d0 [ 256.448657][ C0] ? __do_sys_clone+0xd9/0x120 [ 256.453473][ C0] ? do_syscall_64+0x106/0xf80 [ 256.458281][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.464416][ C0] kasan_save_stack+0x30/0x50 [ 256.469139][ C0] ? kasan_save_stack+0x30/0x50 [ 256.474030][ C0] ? kasan_save_track+0x14/0x30 [ 256.479090][ C0] ? __kasan_slab_alloc+0x89/0x90 [ 256.484147][ C0] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 256.489832][ C0] ? copy_fs_struct+0x49/0x340 [ 256.494699][ C0] ? copy_process+0x3b71/0x7a40 [ 256.499656][ C0] kasan_save_track+0x14/0x30 [ 256.504417][ C0] __kasan_slab_alloc+0x89/0x90 [ 256.509333][ C0] kmem_cache_alloc_noprof+0x241/0x6e0 [ 256.514842][ C0] ? copy_fs_struct+0x49/0x340 [ 256.519667][ C0] copy_fs_struct+0x49/0x340 [ 256.524326][ C0] copy_process+0x3b71/0x7a40 [ 256.529070][ C0] ? __pfx_copy_process+0x10/0x10 [ 256.534172][ C0] ? do_raw_spin_lock+0x128/0x260 [ 256.539262][ C0] kernel_clone+0xfc/0x9a0 [ 256.543728][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 256.548800][ C0] ? __lock_acquire+0x4a5/0x2630 [ 256.553822][ C0] ? find_held_lock+0x2b/0x80 [ 256.558543][ C0] ? __might_fault+0xc5/0x140 [ 256.563283][ C0] __do_sys_clone+0xd9/0x120 [ 256.567923][ C0] ? __pfx___do_sys_clone+0x10/0x10 [ 256.573187][ C0] do_syscall_64+0x106/0xf80 [ 256.577820][ C0] ? clear_bhb_loop+0x40/0x90 [ 256.582551][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.588487][ C0] RIP: 0033:0x7fa8de1c5292 [ 256.592956][ C0] Code: 89 e7 e8 71 8b f7 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 89 c5 85 c0 75 3b 64 48 8b 04 25 10 00 00 [ 256.612693][ C0] RSP: 002b:00007ffcd299ca80 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 256.621186][ C0] RAX: ffffffffffffffda RBX: 00007ffcd299ca80 RCX: 00007fa8de1c5292 [ 256.629202][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 256.637211][ C0] RBP: 00007ffcd299cc0c R08: 0000000000000000 R09: 0000000000000001 [ 256.645249][ C0] R10: 00005555900257d0 R11: 0000000000000246 R12: 0000000000000001 [ 256.653264][ C0] R13: 00000000000927c0 R14: 000000000003eb34 R15: 00007ffcd299cc60 [ 256.661302][ C0] [ 257.092681][T12373] block2mtd: device name too long [ 258.558340][T12404] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 259.910197][T12499] binder: binder_mmap: 12496 0-1000 bad vm_flags failed -1 [ 260.425098][T12523] Malformed UNC in devname [ 260.425098][T12523] [ 260.432347][T12523] CIFS: VFS: Malformed UNC in devname [ 261.485603][T12572] [U] ^Z [ 262.675390][T12614] smpboot: CPU 1 is now offline [ 262.775958][T12621] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 262.776568][T12620] ima: policy update failed [ 262.860867][ T30] audit: type=1802 audit(4294986782.169:20): pid=12620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.3264" res=0 errno=0 [ 262.980268][T12625] nvme_fcloop: unknown parameter or missing value '7=";&L=j"Yq'R"' [ 263.358444][T12639] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 265.465643][T12703] aoe: invalid device specification [ 265.556989][T12708] usb usb24: usbfs: process 12708 (syz.3.3307) did not claim interface 0 before use [ 266.203996][T12730] vhci_hcd vhci_hcd.2: invalid port number 194 [ 266.210332][T12730] vhci_hcd vhci_hcd.2: invalid port number 194 [ 268.314671][T12808] udc dummy_udc.0: soft-connect without a gadget driver [ 268.574621][T12811] Process accounting resumed [ 268.943239][ T5147] Bluetooth: hci3: Unexpected cc 0x7c89 with no status [ 270.580674][ T5147] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 270.580707][ T5147] Bluetooth: hci1: unexpected subevent 0x0e length: 725 > 15 [ 270.608591][ T5147] Bluetooth: hci1: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 273.296782][T12966] syz.1.3433 (12966): drop_caches: 0 [ 275.434953][ T796] Process accounting resumed [ 275.670604][T13060] ecryptfs_miscdev_write: Invalid packet size [192] [ 275.946336][T13072] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 275.980086][T13072] vhci_hcd vhci_hcd.1: SetHubDepth req not supported for USB 2.0 roothub [ 278.543521][T13170] kAFS: Invalid Command on /proc/fs/afs/cells file [ 279.021396][T13187] usb usb4: usbfs: process 13187 (syz.0.3540) did not claim interface 0 before use [ 280.242408][ T5147] Bluetooth: hci1: Unexpected cc 0x7c89 with no status [ 281.082462][T13251] synth uevent: /devices/platform/dummy_hcd.3/usb4/ep_00: unknown uevent action string [ 281.136397][T13251] ep_00: uevent: failed to send synthetic uevent: -22 [ 281.502318][ T5147] Bluetooth: hci0: Unexpected cc 0x7c89 with no status [ 283.036666][ T5147] Bluetooth: hci2: Unexpected cc 0x7c89 with no status [ 285.205803][ T30] audit: type=1800 audit(4294986804.645:21): pid=13379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3632" name="dbroot" dev="configfs" ino=32250 res=0 errno=0 [ 285.236730][T13379] db_root: cannot open: /dev/audio1 [ 285.260752][T13379] db_root: not a directory: /dev/audio1 [ 285.746667][T13395] QAT: Invalid ioctl 21531 [ 287.726619][ T5147] Bluetooth: hci0: Unexpected cc 0x7c89 with no status [ 289.720716][T13534] sysfs_service_op_store: Client not running :-5: [ 292.951986][T13650] overlayfs: "check_copy_up" module option is obsolete [ 294.191189][T13695] binder: 13693:13695 ioctl c0306201 200000000000 returned -14 [ 295.100682][T13727] [U] ^R [ 297.444955][T13816] cougar: G6 mapped to F18 [ 297.914747][ T30] audit: type=1800 audit(4294986817.411:22): pid=13835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3853" name="discovery_nqn" dev="configfs" ino=33699 res=0 errno=0 [ 298.548147][ T30] audit: type=1800 audit(4294986818.055:23): pid=13858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3865" name="dbroot" dev="configfs" ino=33775 res=0 errno=0 [ 298.725156][T13862] Process accounting paused [ 299.767786][T13906] kAFS: Invalid Command on /proc/fs/afs/cells file [ 299.937584][T13912] bond0: no command found in slaves file - use +ifname or -ifname [ 304.703003][T14086] : Can't lookup blockdev [ 305.349224][T14114] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 306.009443][T14134] zram: Added device: zram1 [ 306.773168][T14160] usb usb22: usbfs: process 14160 (syz.3.3993) did not claim interface 1 before use [ 307.866890][T14204] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 308.123242][T14212] block nbd0: NBD_DISCONNECT [ 309.240760][T14254] capability: warning: `syz.3.4041' uses deprecated v2 capabilities in a way that may be insecure [ 309.376131][T14260] random: crng reseeded on system resumption [ 309.913039][T14278] vhci_hcd: not connected 4 [ 310.147662][T14288] kafs: addr_prefs: Too many elements in string [ 314.213329][T14443] : Can't lookup blockdev [ 315.085813][T14478] usbip-vudc usbip-vudc.0: gadget not bound [ 316.389996][T14520] QAT: failed to copy from user cfg_data. [ 316.444373][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.452674][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.505844][T14522] bond0: option slaves: interface - does not exist! [ 318.756996][T14602] vhci_hcd vhci_hcd.1: invalid port number 16 [ 318.789064][T14602] vhci_hcd vhci_hcd.1: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 319.613192][T14631] delete_channel: no stack [ 322.131149][T14727] i2c i2c-0: new_device: Invalid device name [ 324.442377][T14805] delete_channel: no stack [ 325.036375][T14825] bonding: no command found in bonding_masters - use +ifname or -ifname [ 328.861114][T14924] Process accounting resumed [ 329.081059][T14938] pci 0000:00:00.0: MSI/MSI-X allowed for future drivers [ 329.546593][T14948] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 329.693168][T14950] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.948097][T14950] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.151457][T14950] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.396506][T14950] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.675869][T14979] program syz.0.4393 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 331.920335][T15017] ecryptfs_miscdev_write: Error while inspecting packet size [ 332.942322][T15039] Invalid ELF header magic: != ELF [ 334.114187][T15067] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 335.681310][T15111] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 339.424736][T15236] QAT: Stopping all acceleration devices. [ 340.418985][T15276] CIFS mount error: No usable UNC path provided in device string! [ 340.418985][T15276] [ 340.462661][T15276] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 340.998856][T15296] process 'syz.2.4551' launched './file0' with NULL argv: empty string added [ 342.405566][T15336] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 344.376512][T15398] QAT: failed to copy from user cfg_data. [ 344.895029][T15421] bcache: register_bcache() error : Not a bcache superblock (bad offset) [ 348.616629][T15553] [U] ^\ [ 349.059467][T15573] rnbd_client L202: map_device: Unknown parameter or missing value '7' [ 349.289618][T15577] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 349.321075][T15577] pci 0000:00:01.3: PCI INT A: no GSI [ 352.052948][T15684] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 353.920581][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 353.929507][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 355.906991][T15820] block2mtd: illegal erase size [ 357.247877][T15876] syz.0.4834 uses obsolete (PF_INET,SOCK_PACKET) [ 357.379701][T15877] ima: policy update failed [ 357.386146][ T30] audit: type=1802 audit(4294986877.191:24): pid=15877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.4835" res=0 errno=0 [ 357.478002][T15882] program syz.3.4836 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 358.185524][T15903] nfsd: Unknown parameter 'ԣ' [ 359.083380][T15886] Process accounting paused [ 360.741206][T15995] block loop4: the capability attribute has been deprecated. [ 361.329852][T16018] Invalid input. Must be >= 4608 [ 365.247586][T16166] [ 368.231791][ T5147] Bluetooth: hci1: unexpected event 0x31 length: 19 > 6 [ 368.558736][T16278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 368.622455][T16278] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 368.667410][T16278] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 368.698858][T16278] page_type: f5(slab) [ 368.713768][T16278] raw: 00fff00000000040 ffff88813fe3b140 dead000000000100 dead000000000122 [ 368.777477][T16278] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 368.805057][T16278] head: 00fff00000000040 ffff88813fe3b140 dead000000000100 dead000000000122 [ 368.842394][T16278] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 368.884651][T16278] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 368.922778][T16278] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 368.986400][T16278] page dumped because: unmovable page [ 369.004284][T16278] page_owner tracks the page as allocated [ 369.026113][T16278] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5206, tgid 5206 (udevd), ts 57667988607, free_ts 57529536038 [ 369.113787][T16278] post_alloc_hook+0x153/0x170 [ 369.131173][T16278] get_page_from_freelist+0x111d/0x3140 [ 369.165653][T16278] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 369.195258][T16278] new_slab+0xa6/0x6b0 [ 369.202724][T16278] refill_objects+0x26b/0x400 [ 369.225828][T16278] __pcs_replace_empty_main+0x1ab/0x660 [ 369.256925][T16278] __kmalloc_noprof+0x688/0x850 [ 369.286932][T16278] tomoyo_realpath_from_path+0xb6/0x690 [ 369.302823][T16278] tomoyo_check_open_permission+0x2af/0x3c0 [ 369.376706][T16278] tomoyo_file_open+0x6b/0x90 [ 369.381453][T16278] security_file_open+0xb5/0x1e0 [ 369.419234][T16278] do_dentry_open+0x5aa/0x1660 [ 369.433057][T16305] nvme_fcloop: unknown parameter or missing value '7' [ 369.444095][T16278] vfs_open+0x82/0x3f0 [ 369.448231][T16278] path_openat+0x208c/0x31a0 [ 369.478985][T16278] do_file_open+0x20e/0x430 [ 369.497786][T16278] do_sys_openat2+0x10d/0x1e0 [ 369.525168][T16278] page last free pid 5203 tgid 5203 stack trace: [ 369.552009][T16278] __free_frozen_pages+0x7e1/0x10d0 [ 369.583180][T16278] qlist_free_all+0x47/0xe0 [ 369.601606][T16278] kasan_quarantine_reduce+0x1a0/0x1f0 [ 369.623949][T16278] __kasan_slab_alloc+0x69/0x90 [ 369.628883][T16278] kmem_cache_alloc_noprof+0x241/0x6e0 [ 369.674520][T16278] do_getname+0x35/0x390 [ 369.678873][T16278] do_sys_openat2+0xc5/0x1e0 [ 369.732770][T16278] __x64_sys_openat+0x12d/0x210 [ 369.737707][T16278] do_syscall_64+0x106/0xf80 [ 369.798223][T16278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.619287][T16525] deleting an unspecified loop device is not supported. [ 376.304584][T16549] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 377.574948][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.581325][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 377.884397][ T10] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 377.891077][ T5147] Bluetooth: hci2: command 0x0406 tx timeout [ 378.906935][T16638] ima: policy update failed [ 378.911858][ T30] audit: type=1802 audit(4294967312.710:25): pid=16638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.5205" res=0 errno=0 [ 379.756473][T16661] Format for deleting device is "id" (uint). [ 379.951131][ T5147] Bluetooth: hci2: command 0x0406 tx timeout [ 379.957277][ T10] Bluetooth: hci2: Opcode 0x0406 failed: -110 [ 380.238080][ T30] audit: type=1800 audit(4294967314.036:26): pid=16676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5223" name="members" dev="configfs" ino=42640 res=0 errno=0 [ 384.594417][T16807] rtc_cmos 00:00: Alarms can be up to one day in the future [ 384.949278][ T5147] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 385.186277][T16823] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 385.728834][ T30] audit: type=1400 audit(4294967319.555:27): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=16836 comm="syz.0.5295" [ 389.149682][T16951] Process accounting resumed [ 389.940081][ T30] audit: type=1800 audit(4294967323.797:28): pid=16985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5364" name="dbroot" dev="configfs" ino=43602 res=0 errno=0 [ 390.178796][T16993] ecryptfs_parse_packet_length: Error parsing packet length [ 390.206657][T16993] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 390.759983][T17013] Setting dangerous option i915.mitigations - tainting kernel [ 390.793119][T17013] Bad "i915.mitigations=CmâUQF\ ", 'CmâUQF\' is unknown [ 395.237851][T17177] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 395.314689][ T5885] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 395.323432][ T5885] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 395.705426][T17214] bond0: option packets_per_slave: invalid value ( Xnp) [ 395.744161][T17214] bond0: option packets_per_slave: allowed values 0 - 65535 [ 396.783194][T17253] syz.2.5472: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 396.872771][T17253] CPU: 0 UID: 0 PID: 17253 Comm: syz.2.5472 Tainted: G U I syzkaller #0 PREEMPT(full) [ 396.872812][T17253] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 396.872822][T17253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 396.872839][T17253] Call Trace: [ 396.872847][T17253] [ 396.872855][T17253] dump_stack_lvl+0x100/0x190 [ 396.872897][T17253] warn_alloc.cold+0x95/0x1c1 [ 396.872940][T17253] ? __pfx_warn_alloc+0x10/0x10 [ 396.872980][T17253] ? __lock_acquire+0x4a5/0x2630 [ 396.873034][T17253] __vmalloc_node_range_noprof+0x1252/0x1530 [ 396.873070][T17253] ? rcu_is_watching+0x12/0xc0 [ 396.873110][T17253] ? trace_contention_end+0x140/0x180 [ 396.873146][T17253] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 396.873176][T17253] ? dvb_dvr_do_ioctl+0x7e/0x270 [ 396.873203][T17253] ? tomoyo_path_number_perm+0x28f/0x580 [ 396.873234][T17253] ? tomoyo_path_number_perm+0x28f/0x580 [ 396.873266][T17253] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 396.873298][T17253] ? __pfx___mutex_lock+0x10/0x10 [ 396.873329][T17253] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 396.873359][T17253] ? futex_wait+0x125/0x380 [ 396.873401][T17253] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 396.873428][T17253] __vmalloc_node_noprof+0xad/0xf0 [ 396.873460][T17253] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 396.873491][T17253] dvb_dvr_do_ioctl+0x15d/0x270 [ 396.873524][T17253] dvb_usercopy+0x167/0x340 [ 396.873550][T17253] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 396.873579][T17253] ? __pfx_dvb_usercopy+0x10/0x10 [ 396.873617][T17253] ? __fget_files+0x21f/0x3d0 [ 396.873647][T17253] dvb_dvr_ioctl+0x29/0x40 [ 396.873673][T17253] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 396.873700][T17253] __x64_sys_ioctl+0x18e/0x210 [ 396.873740][T17253] do_syscall_64+0x106/0xf80 [ 396.873764][T17253] ? clear_bhb_loop+0x40/0x90 [ 396.873793][T17253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.873818][T17253] RIP: 0033:0x7f36e4f9c819 [ 396.873838][T17253] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 396.873861][T17253] RSP: 002b:00007f36e5dd1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 396.873883][T17253] RAX: ffffffffffffffda RBX: 00007f36e5215fa0 RCX: 00007f36e4f9c819 [ 396.873899][T17253] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003 [ 396.873913][T17253] RBP: 00007f36e5032c91 R08: 0000000000000000 R09: 0000000000000000 [ 396.873927][T17253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 396.873941][T17253] R13: 00007f36e5216038 R14: 00007f36e5215fa0 R15: 00007ffc7edb2258 [ 396.873972][T17253] [ 396.873981][T17253] Mem-Info: [ 397.785417][T17253] active_anon:5437 inactive_anon:8 isolated_anon:0 [ 397.785417][T17253] active_file:6240 inactive_file:41804 isolated_file:0 [ 397.785417][T17253] unevictable:768 dirty:321 writeback:0 [ 397.785417][T17253] slab_reclaimable:11495 slab_unreclaimable:90638 [ 397.785417][T17253] mapped:24220 shmem:1356 pagetables:1125 [ 397.785417][T17253] sec_pagetables:0 bounce:0 [ 397.785417][T17253] kernel_misc_reclaimable:0 [ 397.785417][T17253] free:1339496 free_pcp:9927 free_cma:0 [ 398.080678][T17253] Node 0 active_anon:21640kB inactive_anon:32kB active_file:24960kB inactive_file:167080kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96880kB dirty:1284kB writeback:0kB shmem:3888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:11008kB pagetables:4192kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 398.151352][T17293] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 398.241121][T17253] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 398.365898][T17253] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 398.499069][T17253] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 398.531651][T17253] Node 0 DMA32 free:1401688kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28060kB inactive_anon:32kB active_file:24960kB inactive_file:167080kB unevictable:1536kB writepending:1324kB zspages:0kB present:3129332kB managed:2537268kB mlocked:0kB bounce:0kB free_pcp:33688kB local_pcp:33688kB free_cma:0kB [ 398.697088][T17253] lowmem_reserve[]: 0 0 1 1 1 [ 398.707135][T17253] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1052kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 398.860974][T17253] lowmem_reserve[]: 0 0 0 0 0 [ 398.865754][T17253] Node 1 Normal free:3940860kB boost:0kB min:55584kB low:69480kB high:83376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 399.014469][T17253] lowmem_reserve[]: 0 0 0 0 0 [ 399.049053][T17253] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 399.106765][T17253] Node 0 DMA32: 4494*4kB (UM) 2754*8kB (UM) 1909*16kB (UME) 774*32kB (UME) 515*64kB (UME) 379*128kB (UME) 285*256kB (UM) 144*512kB (UME) 119*1024kB (UME) 23*2048kB (UME) 222*4096kB (UM) = 1401752kB [ 399.192413][T17253] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 399.261103][T17253] Node 1 Normal: 11*4kB (UM) 14*8kB (UM) 12*16kB (UM) 11*32kB (UM) 9*64kB (UM) 4*128kB (UM) 5*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 3*2048kB (UM) 959*4096kB (UM) = 3940860kB [ 399.337567][T17253] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 399.381819][T17253] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 399.428112][T17253] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 399.480490][T17253] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 399.536455][T17253] 49396 total pagecache pages [ 399.547347][T17253] 0 pages in swap cache [ 399.551546][T17253] Free swap = 124996kB [ 399.584828][T17253] Total swap = 124996kB [ 399.599763][T17253] 2097051 pages RAM [ 399.626967][T17253] 0 pages HighMem/MovableOnly [ 399.647057][T17253] 430856 pages reserved [ 399.651270][T17253] 0 pages cma reserved [ 400.013493][T17350] random: crng reseeded on system resumption [ 400.580262][ T5147] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 400.591689][ T5147] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 403.870449][T17527] nvme_fcloop: unknown parameter or missing value '' [ 404.443257][T17544] i2c i2c-0: new_device: Missing parameters [ 404.733241][ T5147] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 404.742209][ T5147] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 406.197485][ T5147] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 406.205296][ T5147] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 407.464299][T17665] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 410.848241][T17711] bond0: invalid ARP target specified [ 411.079071][ T5147] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 411.086886][ T5147] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 412.452729][ T5147] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 412.460282][ T5147] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 413.803533][ T5147] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 413.811017][ T5147] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 415.327996][T17905] block2mtd: parameter too long [ 415.877344][T17918] delete_channel: no stack [ 415.901764][T17921] Scaler: ================= START STATUS ================= [ 415.939913][T17921] Scaler: ================== END STATUS ================== [ 418.012447][T18007] QAT: failed to copy from user cfg_data. [ 419.056405][T18032] Process accounting paused [ 421.603487][T18138] nvme_fabrics: unknown parameter or missing value '@' in ctrl creation request [ 423.079454][T18181] hub 1-0:1.0: USB hub found [ 423.110618][T18181] hub 1-0:1.0: 1 port detected [ 423.262121][T18192] ima: policy update failed [ 423.301055][ T30] audit: type=1802 audit(4294967357.320:29): pid=18192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.5826" res=0 errno=0 [ 428.241173][T18362] usb usb15: usbfs: process 18362 (syz.3.5911) did not claim interface 0 before use [ 428.547231][T18373] usb usb11: usbfs: interface 0 claimed by hub while 'syz.1.5915' sets config #7 [ 431.912870][T18499] ptp ptp0: only physical clock in use now [ 433.381499][T18554] sd 0:0:1:0: PR command failed: 1026 [ 433.403224][T18554] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 433.409979][T18554] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 433.603026][T18561] ACPI: Can not change Invalid GPE/Fixed Event status [ 433.977027][T18576] qrtr: Invalid version 0 [ 435.179119][T18606] could not allocate digest TFM handle [ 436.192416][ T30] audit: type=1800 audit(4294967370.287:30): pid=18653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.6050" name="members" dev="configfs" ino=48411 res=0 errno=0 [ 437.710525][ T30] audit: type=1800 audit(4294967371.815:31): pid=18705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6075" name="sr0" dev="devtmpfs" ino=2869 res=0 errno=0 [ 438.051508][T18717] bond0: no command found in slaves file - use +ifname or -ifname [ 438.305997][T18727] scsi_dev_info_list_add_str: bad dev info string ')zD 5fk+*X#R84*VsndvqQW}~YrȀ-8VGDƘLB%v†v}Ypq|?O[,! 7xWDr%[}E$3?G9Ff=lrGH;2L<=|8 -c Fո"[v9q4Mmvqk[(iNDСMX PSqqX4X`V!;r֍)y]WzfIH0,v{q8שUܹ䑉m؛HTwCz-nR%2]x05oՕ|3>lS*L/Cdgӑ[C=Cwem)l#' ''S.sHgi-TY%ܹF*8nFTH?i{' '' [ 438.687781][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 438.694431][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.930427][T18782] random: crng reseeded on system resumption [ 440.576959][T18802] ecryptfs_parse_packet_length: Five-byte packet length not supported [ 440.605098][T18802] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 440.808742][T18811] random: crng reseeded on system resumption [ 441.773107][T18845] Format for unlinking a device is "netnsfd:ifidx" (int uint). [ 445.224957][T18968] synth uevent: /bus/hid/drivers/zeroplus: unknown uevent action string [ 445.715981][T17882] Bluetooth: hci3: unexpected subevent 0x0c length: 118 > 5 [ 446.002481][T18997] block2mtd: too many arguments [ 446.364480][T19009] : Can't lookup blockdev [ 449.169334][T19108] Process accounting resumed [ 450.201622][T19142] program syz.2.6285 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 450.225774][T19142] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 455.947689][T19309] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 456.370799][T19330] warning: `syz.1.6372' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 457.846520][T19387] aoe: copy from user failed [ 457.851182][T19387] aoe: could not set interface list: too many interfaces [ 457.950092][T19393] : Can't lookup blockdev [ 461.700044][T19532] random: crng reseeded on system resumption [ 463.968183][T19638] usb usb36: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 464.002593][T19638] vhci_hcd vhci_hcd.1: Wrong hub descriptor type for USB 3.0 roothub. [ 465.861882][T19709] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 466.580456][T19739] i2c i2c-0: new_device: Can't parse I2C address [ 467.231791][T19765] blktrace: Concurrent blktraces are not allowed on loop2 [ 467.348340][T19757] zswap: compressor Z(u not available [ 467.532816][ T30] audit: type=1400 audit(4294985745.789:32): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=19771 comm="syz.1.6562" [ 467.997270][T19794] blktrace: Concurrent blktraces are not allowed on loop2 [ 469.754391][T19855] kfence: disabled [ 473.574081][ T30] audit: type=1806 audit(4294985751.861:33): xattr="." res=0 [ 476.252635][T17882] Bluetooth: hci2: unexpected event 0x3e length: 0 < 1 [ 478.288139][T20172] Setting dangerous option i915.mitigations - tainting kernel [ 479.206047][T20200] Process accounting paused [ 479.418814][T20214] bdi 43:192: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead. [ 482.312913][T20314] vhci_hcd vhci_hcd.2: invalid port number 16 [ 482.312938][T20314] vhci_hcd vhci_hcd.2: invalid port number 16 [ 483.636619][T20363] Line length is too long: Should be less than 4094 [ 485.063208][T20415] nvme_fcloop: unknown parameter or missing value '1' [ 485.723297][T20441] zram0: detected capacity change from 16 to 0 [ 486.053197][T20451] binder: 20450:20451 ioctl 541b 38 returned -22 [ 487.338417][T20501] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 487.995370][T20523] futex_wake_op: syz.3.6890 tries to shift op by -2048; fix this program [ 488.048359][T20523] futex_wake_op: syz.3.6890 tries to shift op by -2048; fix this program [ 490.019409][T20604] program syz.2.6928 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 490.383881][T20616] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 490.491314][T20620] blkio.reset_stats is deprecated [ 490.702246][ T30] audit: type=1800 audit(4294985769.080:34): pid=20628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6939" name="lu_gp_id" dev="configfs" ino=54260 res=0 errno=0 [ 490.748523][T20628] kstrtoul() returned -22 for lu_gp_id [ 492.255727][ T30] audit: type=1800 audit(4294985770.648:35): pid=20679 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.6965" name="dbroot" dev="configfs" ino=54441 res=0 errno=0 [ 494.630762][T20764] ima: Unable to open file: /suritRy/integrity?iqa/policy (-2) [ 494.631291][T20762] ima: policy update failed [ 494.684427][ T30] audit: type=1802 audit(4294985773.090:36): pid=20762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.7005" res=0 errno=0 [ 495.727842][T20802] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 495.727842][T20802] M' is too long [ 495.760364][T20802] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 495.760364][T20802] W ' is too long [ 498.507387][T20900] kafs: addr_prefs: Invalid Command [ 499.809290][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 499.815661][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.008904][T20990] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582) [ 501.288425][T20998] program syz.1.7123 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 501.573236][T21010] process 'syz.3.7128' launched '/dev/fd/3' with NULL argv: empty string added [ 502.935106][T21056] usb usb26: usbfs: process 21056 (syz.1.7152) did not claim interface 0 before use [ 503.771684][T21084] phram: not enough arguments [ 504.712178][T21119] syz.3.7180 uses obsolete (PF_INET,SOCK_PACKET) [ 506.520849][T21196] ptrace attach of "./syz-executor exec"[5881] was attempted by "./syz-executor exec"[21196] [ 507.779296][T17882] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.788244][T17882] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 507.797857][T17882] CPU: 0 UID: 0 PID: 17882 Comm: kworker/u11:1 Tainted: G U I syzkaller #0 PREEMPT(full) [ 507.797897][T17882] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 507.797907][T17882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 507.797932][T17882] Workqueue: hci3 hci_rx_work [ 507.797976][T17882] Call Trace: [ 507.797986][T17882] [ 507.797995][T17882] dump_stack_lvl+0x100/0x190 [ 507.798034][T17882] sysfs_warn_dup.cold+0x1c/0x28 [ 507.798069][T17882] sysfs_create_dir_ns+0x24b/0x2b0 [ 507.798106][T17882] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 507.798140][T17882] ? find_held_lock+0x2b/0x80 [ 507.798163][T17882] ? kobject_add_internal+0x25f/0x930 [ 507.798193][T17882] ? kobject_add_internal+0x25f/0x930 [ 507.798225][T17882] ? do_raw_spin_unlock+0x145/0x1e0 [ 507.798264][T17882] kobject_add_internal+0x2c8/0x930 [ 507.798299][T17882] kobject_add+0x16a/0x1e0 [ 507.798328][T17882] ? __pfx_kobject_add+0x10/0x10 [ 507.798356][T17882] ? class_to_subsys+0x10f/0x150 [ 507.798395][T17882] ? kobject_put+0xb9/0x640 [ 507.798420][T17882] ? _raw_spin_unlock+0x28/0x50 [ 507.798465][T17882] device_add+0x294/0x1950 [ 507.798497][T17882] ? __pfx_dev_set_name+0x10/0x10 [ 507.798535][T17882] ? __pfx_device_add+0x10/0x10 [ 507.798568][T17882] ? mgmt_send_event_skb+0x2fb/0x460 [ 507.798611][T17882] hci_conn_add_sysfs+0x1a3/0x260 [ 507.798654][T17882] le_conn_complete_evt+0x11eb/0x1f60 [ 507.798697][T17882] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 507.798738][T17882] ? __pfx_bt_warn+0x10/0x10 [ 507.798773][T17882] hci_le_conn_complete_evt+0x23c/0x3a0 [ 507.798811][T17882] ? skb_pull_data+0x15f/0x1e0 [ 507.798845][T17882] hci_le_meta_evt+0x34a/0x5f0 [ 507.798883][T17882] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 507.798922][T17882] hci_event_packet+0x51c/0xcd0 [ 507.798958][T17882] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 507.798997][T17882] ? __pfx_hci_event_packet+0x10/0x10 [ 507.799035][T17882] ? kcov_remote_start+0x374/0x660 [ 507.799059][T17882] ? lockdep_hardirqs_on+0x78/0x100 [ 507.799090][T17882] hci_rx_work+0x451/0xfc0 [ 507.799130][T17882] process_one_work+0xa23/0x19a0 [ 507.799179][T17882] ? __pfx_process_one_work+0x10/0x10 [ 507.799225][T17882] ? __pfx_hci_rx_work+0x10/0x10 [ 507.799286][T17882] worker_thread+0x5ef/0xe50 [ 507.799329][T17882] ? __pfx_worker_thread+0x10/0x10 [ 507.799366][T17882] ? kthread+0x13a/0x450 [ 507.799397][T17882] ? __pfx_worker_thread+0x10/0x10 [ 507.799431][T17882] kthread+0x370/0x450 [ 507.799463][T17882] ? __pfx_kthread+0x10/0x10 [ 507.799497][T17882] ret_from_fork+0x754/0xd80 [ 507.799536][T17882] ? __pfx_ret_from_fork+0x10/0x10 [ 507.799576][T17882] ? __switch_to+0x7b4/0x1120 [ 507.799603][T17882] ? __pfx_kthread+0x10/0x10 [ 507.799638][T17882] ret_from_fork_asm+0x1a/0x30 [ 507.799680][T17882] [ 507.799719][T17882] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 508.113539][T17882] Bluetooth: hci3: failed to register connection device [ 508.301645][T21256] warning: `syz.2.7231' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 508.914162][T21281] cougar: G6 mapped to space [ 509.185590][T21290] usb usb13: check_ctrlrecip: process 21290 (syz.3.7242) requesting ep 01 but needs 81 [ 509.234651][T21290] usb usb13: usbfs: process 21290 (syz.3.7242) did not claim interface 0 before use [ 509.273769][T21282] Process accounting resumed [ 509.757297][T21311] vhci_hcd vhci_hcd.2: invalid port number 16 [ 509.803406][T21311] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 510.159888][T21248] Bluetooth: hci3: command 0x0406 tx timeout [ 510.888502][T21356] [U] 0="/ [ 510.892338][T21356] [U] [ 510.895188][T21356] [U] EeQ@ [ 510.928996][T21355] [U]  [ 511.561576][T21381] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 512.222027][T17882] Bluetooth: hci3: command 0x0406 tx timeout [ 514.396773][T21471] ubi0: attaching mtd0 [ 514.412685][T21471] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 514.581590][T21472] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.022176][T21490] ICMPv6: process `syz.0.7335' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 515.804479][T21513] kafs: addr_prefs: Invalid Command [ 517.819401][T21248] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 518.230895][T21625] QAT: failed to copy from user. [ 519.863364][T17882] Bluetooth: hci1: command 0x0406 tx timeout [ 520.863265][T21736] : Can't lookup blockdev [ 521.930923][T17882] Bluetooth: hci1: command 0x0406 tx timeout [ 522.417642][T21791] vhci_hcd vhci_hcd.1: invalid port number 14 [ 523.593222][T21248] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 525.370423][T21916] vhci_hcd vhci_hcd.1: invalid port number 14 [ 525.408397][T21916] vhci_hcd vhci_hcd.1: Wrong hub descriptor type for USB 3.0 roothub. [ 525.672612][T17882] Bluetooth: hci2: command 0x0406 tx timeout [ 526.041103][T21941] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 526.735295][T21966] usb usb13: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 527.165266][T21248] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 527.725543][T22021] nfs4: Unknown parameter 'ECH];^YىZL`~^g ' [ 527.744545][T21988] Bluetooth: hci2: command 0x0406 tx timeout [ 528.903122][T22085] bond0: Unable to set down delay as MII monitoring is disabled [ 529.252830][T17882] Bluetooth: hci0: command 0x0406 tx timeout [ 531.203744][T22171] bond0: option xmit_hash_policy: invalid value (v) [ 531.322965][T21248] Bluetooth: hci0: command 0x0406 tx timeout [ 531.511378][T21248] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 531.511409][T21248] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 531.526474][T21248] Bluetooth: hci0: Dropping invalid advertising data [ 531.534229][T21248] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 531.534262][T21248] Bluetooth: hci0: Dropping invalid advertising data [ 531.548195][T21248] Bluetooth: hci0: Malformed LE Event: 0x02 [ 532.005308][T22216] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7573'. [ 533.328897][T22258] netlink: 'syz.2.7590': attribute type 1 has an invalid length. [ 533.556185][T22266] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 533.622703][T22268] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7594'. [ 533.715379][T22271] ksmbd: Unknown IPC event: 14, ignore. [ 535.630520][T22333] netlink: 'syz.2.7621': attribute type 11 has an invalid length. [ 535.667026][T22333] netlink: 'syz.2.7621': attribute type 11 has an invalid length. [ 535.709112][T22333] netlink: 'syz.2.7621': attribute type 11 has an invalid length. [ 535.751409][T21248] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 535.751440][T21248] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 535.768593][T21248] Bluetooth: hci1: Dropping invalid advertising data [ 535.775767][T21248] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 535.775796][T21248] Bluetooth: hci1: Dropping invalid advertising data [ 535.790059][T21248] Bluetooth: hci1: Malformed LE Event: 0x02 [ 536.684937][T22385] openvswitch: netlink: IPv6 tunnel dst address is zero [ 537.224350][T22406] FAULT_INJECTION: forcing a failure. [ 537.224350][T22406] name failslab, interval 1, probability 0, space 0, times 1 [ 537.285410][T22406] CPU: 0 UID: 0 PID: 22406 Comm: syz.0.7643 Tainted: G U I syzkaller #0 PREEMPT(full) [ 537.285451][T22406] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 537.285461][T22406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 537.285475][T22406] Call Trace: [ 537.285483][T22406] [ 537.285491][T22406] dump_stack_lvl+0x100/0x190 [ 537.285534][T22406] should_fail_ex.cold+0x5/0xa [ 537.285571][T22406] should_failslab+0xc2/0x120 [ 537.285599][T22406] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 537.285638][T22406] ? alloc_empty_file+0x55/0x1c0 [ 537.285676][T22406] alloc_empty_file+0x55/0x1c0 [ 537.285709][T22406] alloc_file_pseudo+0x13a/0x230 [ 537.285743][T22406] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 537.285774][T22406] ? alloc_fd+0x476/0x790 [ 537.285801][T22406] ? do_raw_spin_unlock+0x145/0x1e0 [ 537.285842][T22406] __anon_inode_getfile+0xe8/0x280 [ 537.285876][T22406] anon_inode_getfile_fmode+0x37/0xa0 [ 537.285914][T22406] __do_sys_fanotify_init+0xa79/0xe50 [ 537.285958][T22406] do_syscall_64+0x106/0xf80 [ 537.285982][T22406] ? clear_bhb_loop+0x40/0x90 [ 537.286012][T22406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.286036][T22406] RIP: 0033:0x7f26a259c819 [ 537.286055][T22406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 537.286078][T22406] RSP: 002b:00007f26a33ef028 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 537.286105][T22406] RAX: ffffffffffffffda RBX: 00007f26a2815fa0 RCX: 00007f26a259c819 [ 537.286121][T22406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 537.286141][T22406] RBP: 00007f26a2632c91 R08: 0000000000000000 R09: 0000000000000000 [ 537.286155][T22406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 537.286169][T22406] R13: 00007f26a2816038 R14: 00007f26a2815fa0 R15: 00007ffea1145f28 [ 537.286200][T22406] [ 538.622662][T22449] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 538.969698][T22460] sd 0:0:1:0: PR command failed: 1026 [ 538.980097][T22460] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 538.998796][T21248] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 538.998826][T21248] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 539.018177][T21248] Bluetooth: hci3: Dropping invalid advertising data [ 539.027526][T21248] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 539.027556][T21248] Bluetooth: hci3: Dropping invalid advertising data [ 539.042019][T21248] Bluetooth: hci3: Malformed LE Event: 0x02 [ 539.073447][T22460] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 540.080384][T22506] nbd: couldn't find a device at index 35644 [ 540.336971][T22473] Process accounting paused [ 541.125649][T22542] netlink: 'syz.3.7685': attribute type 1 has an invalid length. [ 541.336117][T22546] netlink: 'syz.1.7687': attribute type 2 has an invalid length. [ 541.836450][T22564] Zero length message leads to an empty skb [ 544.366961][T22644] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 545.636174][T22642] kexec: Could not allocate control_code_buffer [ 545.761517][T22674] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7742'. [ 545.956892][T22679] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 546.102744][T22684] netlink: 'syz.2.7747': attribute type 1 has an invalid length. [ 546.350713][T22688] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd12 [ 547.234056][T22714] netlink: 'syz.0.7766': attribute type 11 has an invalid length. [ 547.771752][T22724] netlink: 'syz.0.7764': attribute type 11 has an invalid length. [ 547.825789][T22724] netlink: 'syz.0.7764': attribute type 11 has an invalid length. [ 547.866536][T22724] netlink: 'syz.0.7764': attribute type 11 has an invalid length. [ 548.174403][T22740] netlink: 'syz.1.7772': attribute type 9 has an invalid length. [ 549.058325][T22769] netlink: 206 bytes leftover after parsing attributes in process `syz.1.7785'. [ 549.201756][T22772] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 549.338908][T22778] mmap: syz.1.7789 (22778): VmData 37597184 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 549.518544][T22782] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 549.525305][T22782] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 551.442696][T22841] openvswitch: netlink: Key type 29 is not supported [ 551.848208][T22850] openvswitch: netlink: Flow key attribute not present in set flow. [ 552.834224][T22884] ima: policy update failed [ 552.840021][ T30] audit: type=1802 audit(4294985831.543:37): pid=22884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.7831" res=0 errno=0 [ 553.392039][T21248] Bluetooth: hci2: unexpected subevent 0x18 length: 123 > 19 [ 553.402500][T21248] Bluetooth: hci2: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 555.656203][T22974] netlink: Conntrack attr has 16 unknown bytes [ 555.924889][T22983] program syz.1.7868 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 557.548757][T23043] .^: entered promiscuous mode [ 558.051073][T23066] program syz.2.7891 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 560.025143][T23132] tc_dump_action: action bad kind [ 560.939718][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 560.948730][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 561.366490][T23173] zram: Removed device: zram0 [ 561.837684][T23190] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 562.466188][T23209] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7950'. [ 563.584506][T23243] netlink: zone id is out of range [ 564.450632][T23266] netlink: 'syz.2.7970': attribute type 3 has an invalid length. [ 565.120503][T23286] input input40: cannot allocate more than FF_MAX_EFFECTS effects [ 566.405004][T23348] openvswitch: netlink: IP tunnel dst address not specified [ 567.079463][T23366] netlink: 'syz.2.7999': attribute type 2 has an invalid length. [ 567.613688][T23387] dyndbg: expected <4096 bytes into control [ 567.810748][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8008'. [ 567.849377][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8008'. [ 567.983412][T23397] netlink: get zone limit has 4 unknown bytes [ 568.535069][T23417] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8016'. [ 570.387914][T23483] Process accounting resumed [ 571.362194][T23522] FAULT_INJECTION: forcing a failure. [ 571.362194][T23522] name failslab, interval 1, probability 0, space 0, times 0 [ 571.417472][T23522] CPU: 0 UID: 0 PID: 23522 Comm: syz.2.8051 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 571.417517][T23522] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 571.417528][T23522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 571.417542][T23522] Call Trace: [ 571.417550][T23522] [ 571.417559][T23522] dump_stack_lvl+0x100/0x190 [ 571.417602][T23522] should_fail_ex.cold+0x5/0xa [ 571.417631][T23522] should_failslab+0xc2/0x120 [ 571.417658][T23522] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 571.417697][T23522] ? __d_alloc+0x34/0xa80 [ 571.417725][T23522] ? make_vfsgid+0xf1/0x140 [ 571.417764][T23522] __d_alloc+0x34/0xa80 [ 571.417790][T23522] ? bpf_lsm_inode_permission+0x9/0x10 [ 571.417831][T23522] d_alloc+0x4a/0x1e0 [ 571.417861][T23522] vfs_tmpfile+0x148/0x9a0 [ 571.417893][T23522] path_openat+0x164e/0x31a0 [ 571.417923][T23522] ? kasan_save_stack+0x3f/0x50 [ 571.417944][T23522] ? kasan_save_stack+0x30/0x50 [ 571.417965][T23522] ? __kasan_slab_alloc+0x89/0x90 [ 571.417991][T23522] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 571.418029][T23522] ? do_getname+0x35/0x390 [ 571.418061][T23522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.418089][T23522] ? __pfx_path_openat+0x10/0x10 [ 571.418126][T23522] do_file_open+0x20e/0x430 [ 571.418155][T23522] ? __pfx_do_file_open+0x10/0x10 [ 571.418202][T23522] ? _raw_spin_unlock+0x28/0x50 [ 571.418238][T23522] ? alloc_fd+0x476/0x790 [ 571.418271][T23522] do_sys_openat2+0x10d/0x1e0 [ 571.418313][T23522] ? __pfx_do_sys_openat2+0x10/0x10 [ 571.418359][T23522] __x64_sys_open+0xfe/0x1d0 [ 571.418392][T23522] ? __pfx___x64_sys_open+0x10/0x10 [ 571.418437][T23522] do_syscall_64+0x106/0xf80 [ 571.418461][T23522] ? clear_bhb_loop+0x40/0x90 [ 571.418490][T23522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.418515][T23522] RIP: 0033:0x7f36e4f9c819 [ 571.418534][T23522] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 571.418557][T23522] RSP: 002b:00007f36e5dd1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 571.418579][T23522] RAX: ffffffffffffffda RBX: 00007f36e5215fa0 RCX: 00007f36e4f9c819 [ 571.418594][T23522] RDX: 0000000000000408 RSI: 0000000000595002 RDI: 0000200000000100 [ 571.418609][T23522] RBP: 00007f36e5032c91 R08: 0000000000000000 R09: 0000000000000000 [ 571.418623][T23522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 571.418637][T23522] R13: 00007f36e5216038 R14: 00007f36e5215fa0 R15: 00007ffc7edb2258 [ 571.418668][T23522] [ 572.309255][T23534] mmap: syz.0.8058 (23534) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 572.402597][T23537] openvswitch: netlink: IP tunnel dst address not specified [ 572.668512][ T30] audit: type=1107 audit(4294985851.426:38): pid=23544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 572.726212][ T30] audit: type=1107 audit(4294985851.446:39): pid=23544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 573.652181][T23570] FAULT_INJECTION: forcing a failure. [ 573.652181][T23570] name failslab, interval 1, probability 0, space 0, times 0 [ 573.738664][T23570] CPU: 0 UID: 0 PID: 23570 Comm: syz.2.8071 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 573.738708][T23570] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 573.738718][T23570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 573.738732][T23570] Call Trace: [ 573.738739][T23570] [ 573.738748][T23570] dump_stack_lvl+0x100/0x190 [ 573.738789][T23570] should_fail_ex.cold+0x5/0xa [ 573.738818][T23570] ? udpv6_init_sock+0x24e/0x450 [ 573.738852][T23570] should_failslab+0xc2/0x120 [ 573.738879][T23570] __kmalloc_noprof+0xe0/0x850 [ 573.738917][T23570] ? lockdep_init_map_type+0x5c/0x250 [ 573.738956][T23570] udpv6_init_sock+0x24e/0x450 [ 573.738989][T23570] ? __pfx_udpv6_init_sock+0x10/0x10 [ 573.739025][T23570] inet6_create+0xb21/0x12b0 [ 573.739050][T23570] ? inet6_create+0x7f/0x12b0 [ 573.739076][T23570] __sock_create+0x339/0x860 [ 573.739122][T23570] __sys_socket+0x14d/0x260 [ 573.739154][T23570] ? __pfx___sys_socket+0x10/0x10 [ 573.739195][T23570] __x64_sys_socket+0x72/0xb0 [ 573.739225][T23570] ? lockdep_hardirqs_on+0x78/0x100 [ 573.739250][T23570] do_syscall_64+0x106/0xf80 [ 573.739272][T23570] ? clear_bhb_loop+0x40/0x90 [ 573.739302][T23570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.739330][T23570] RIP: 0033:0x7f36e4f9c819 [ 573.739349][T23570] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 573.739374][T23570] RSP: 002b:00007f36e5dd1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 573.739396][T23570] RAX: ffffffffffffffda RBX: 00007f36e5215fa0 RCX: 00007f36e4f9c819 [ 573.739411][T23570] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000000a [ 573.739425][T23570] RBP: 00007f36e5032c91 R08: 0000000000000000 R09: 0000000000000000 [ 573.739439][T23570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 573.739454][T23570] R13: 00007f36e5216038 R14: 00007f36e5215fa0 R15: 00007ffc7edb2258 [ 573.739505][T23570] [ 574.455548][T23583] netlink: 'syz.3.8075': attribute type 1 has an invalid length. [ 575.643826][T21874] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.021266][T21874] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.098828][T21874] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.271353][T21874] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.305218][T23625] capability: warning: `syz.3.8093' uses 32-bit capabilities (legacy support in use) [ 576.934265][T21874] bridge_slave_1: left allmulticast mode [ 576.934354][T21874] bridge_slave_1: left promiscuous mode [ 576.935297][T21874] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.958719][T21874] bridge_slave_0: left allmulticast mode [ 576.958745][T21874] bridge_slave_0: left promiscuous mode [ 576.958900][T21874] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.474221][T17882] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 577.497368][T17882] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 577.510699][T17882] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 577.520124][T17882] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 577.528052][T17882] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 577.969645][T23672] netlink: 'syz.0.8101': attribute type 1 has an invalid length. [ 578.188909][T21874] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 578.251975][T21874] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 578.299400][T21874] bond0 (unregistering): Released all slaves [ 578.477648][T21874] .^: left promiscuous mode [ 579.638068][T17882] Bluetooth: hci1: command tx timeout [ 579.720345][T21874] hsr_slave_0: left promiscuous mode [ 579.773211][T21874] hsr_slave_1: left promiscuous mode [ 579.793054][T21874] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 579.858113][T21874] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 579.884382][T23761] netlink: 'syz.3.8116': attribute type 2 has an invalid length. [ 579.926366][T21874] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 579.969834][T23765] openvswitch: netlink: Multiple metadata blocks provided [ 579.988994][T21874] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 580.105434][T21874] veth1_macvtap: left promiscuous mode [ 580.126748][T21874] veth0_macvtap: left promiscuous mode [ 580.150658][T21874] veth1_vlan: left promiscuous mode [ 580.184912][T21874] veth0_vlan: left promiscuous mode [ 580.909685][T21874] team0 (unregistering): Port device team_slave_1 removed [ 580.962840][T21874] team0 (unregistering): Port device team_slave_0 removed [ 581.665167][T23655] chnl_net:caif_netlink_parms(): no params data found [ 581.700846][T17882] Bluetooth: hci1: command tx timeout [ 581.978764][T23839] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 582.266141][T23655] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.348565][T23655] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.421441][T23655] bridge_slave_0: entered allmulticast mode [ 582.456272][T23655] bridge_slave_0: entered promiscuous mode [ 582.546619][T23655] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.553807][T23655] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.618929][T23655] bridge_slave_1: entered allmulticast mode [ 582.672595][T23655] bridge_slave_1: entered promiscuous mode [ 582.949615][T23655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 583.034176][T23909] HSR: entered promiscuous mode [ 583.081014][T23921] NFSD: Failed to start, no listeners configured. [ 583.105665][T23655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 583.344886][T23655] team0: Port device team_slave_0 added [ 583.383006][T23655] team0: Port device team_slave_1 added [ 583.587359][T23655] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 583.640460][T23655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 583.770034][T17882] Bluetooth: hci1: command tx timeout [ 583.802470][T23655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 583.873994][T23655] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 583.898698][T23655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 584.011141][T23655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 584.236489][T23655] hsr_slave_0: entered promiscuous mode [ 584.323762][T23655] hsr_slave_1: entered promiscuous mode [ 584.367002][T23655] debugfs: 'hsr0' already exists in 'hsr' [ 584.372909][T23655] Cannot create hsr debugfs directory [ 584.904054][T24071] ucma_write: process 4123 (syz.3.8150) changed security contexts after opening file descriptor, this is not allowed. [ 585.839429][T17882] Bluetooth: hci1: command tx timeout [ 586.690123][T23655] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 586.806969][T23655] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 586.885935][T23655] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 586.947176][T23655] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 587.454482][T23655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 587.601781][T23655] 8021q: adding VLAN 0 to HW filter on device team0 [ 587.735161][T23268] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.742610][T23268] bridge0: port 1(bridge_slave_0) entered forwarding state [ 587.871440][T23268] bridge0: port 2(bridge_slave_1) entered blocking state [ 587.878761][T23268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 588.814271][T24242] openvswitch: netlink: Key type 261 is out of range max 32 [ 589.068976][T23655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 589.320781][T23655] veth0_vlan: entered promiscuous mode [ 589.388442][T24260] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 589.430074][T23655] veth1_vlan: entered promiscuous mode [ 589.584008][T24266] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8192'. [ 589.601144][T23655] veth0_macvtap: entered promiscuous mode [ 589.681975][T23655] veth1_macvtap: entered promiscuous mode [ 589.812174][T23655] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 589.886052][T23655] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 589.975520][T24276] ======================================================= [ 589.975520][T24276] WARNING: The mand mount option has been deprecated and [ 589.975520][T24276] and is ignored by this kernel. Remove the mand [ 589.975520][T24276] option from the mount to silence this warning. [ 589.975520][T24276] ======================================================= [ 590.018846][T17873] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.125682][T17873] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.155043][T17873] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.166478][T24282] nbd: must specify a size in bytes for the device [ 590.261158][T17873] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.689225][T21874] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 590.762997][T21874] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 590.896551][T17871] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 590.944529][T17871] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 591.109830][T23655] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 595.698862][T24460] NFSD: Failed to start, no listeners configured. [ 597.594027][T24520] FAULT_INJECTION: forcing a failure. [ 597.594027][T24520] name failslab, interval 1, probability 0, space 0, times 0 [ 597.669569][T24520] CPU: 0 UID: 0 PID: 24520 Comm: syz.2.8274 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 597.669614][T24520] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 597.669625][T24520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 597.669639][T24520] Call Trace: [ 597.669647][T24520] [ 597.669656][T24520] dump_stack_lvl+0x100/0x190 [ 597.669698][T24520] should_fail_ex.cold+0x5/0xa [ 597.669727][T24520] should_failslab+0xc2/0x120 [ 597.669754][T24520] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 597.669792][T24520] ? alloc_empty_file+0x55/0x1c0 [ 597.669830][T24520] alloc_empty_file+0x55/0x1c0 [ 597.669863][T24520] alloc_file_pseudo+0x13a/0x230 [ 597.669896][T24520] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 597.669929][T24520] ? security_inode_init_security_anon+0x7b/0x230 [ 597.669965][T24520] __anon_inode_getfile+0xe8/0x280 [ 597.669999][T24520] new_userfaultfd+0x255/0x400 [ 597.670039][T24520] __x64_sys_userfaultfd+0x4b/0xb0 [ 597.670063][T24520] do_syscall_64+0x106/0xf80 [ 597.670096][T24520] ? clear_bhb_loop+0x40/0x90 [ 597.670125][T24520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.670150][T24520] RIP: 0033:0x7f36e4f9c819 [ 597.670169][T24520] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 597.670192][T24520] RSP: 002b:00007f36e5dd1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 597.670214][T24520] RAX: ffffffffffffffda RBX: 00007f36e5215fa0 RCX: 00007f36e4f9c819 [ 597.670230][T24520] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 597.670243][T24520] RBP: 00007f36e5032c91 R08: 0000000000000000 R09: 0000000000000000 [ 597.670257][T24520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 597.670271][T24520] R13: 00007f36e5216038 R14: 00007f36e5215fa0 R15: 00007ffc7edb2258 [ 597.670301][T24520] [ 598.093141][T24531] netlink: ct family unspecified [ 598.752907][T24554] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8288'. [ 599.617972][T24587] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8303'. [ 602.730801][T24680] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 603.057271][T24683] netlink: Failed to add  helper -22 [ 604.579503][T24751] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 605.382644][T24787] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 605.828249][T24807] : entered promiscuous mode [ 606.020967][T24816] netlink: set zone limit has 8 unknown bytes [ 606.760695][T24840] nfsd: Unknown parameter '*' [ 607.648876][T17882] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 607.648906][T17882] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 607.664178][T17882] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 607.664202][T17882] Bluetooth: hci2: adv larger than maximum supported [ 607.672200][T17882] Bluetooth: hci2: Unknown advertising packet type: 0x16 [ 607.679591][T17882] Bluetooth: hci2: Unknown advertising packet type: 0x5d [ 607.687944][T17882] Bluetooth: hci2: adv larger than maximum supported [ 607.695118][T17882] Bluetooth: hci2: adv larger than maximum supported [ 607.701957][T17882] Bluetooth: hci2: Malformed LE Event: 0x0d [ 609.100039][T21574] udevd[21574]: inotify_add_watch(7, /dev/nbd0, 10) failed: No such file or directory [ 609.185048][T24930] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 609.319839][T24934] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 609.734909][T24949] netlink: Conntrack attr has 5 unknown bytes [ 610.034704][T24960] netlink: 'syz.1.8441': attribute type 1 has an invalid length. [ 611.900514][T25018] openvswitch: netlink: Message has 20 unknown bytes. [ 612.252979][T25027] tipc: Started in network mode [ 612.280643][T25027] tipc: Node identity ee00, cluster identity 4711 [ 612.298331][T25027] tipc: Node number set to 60928 [ 614.656275][T25105] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 615.421133][T25130] dump_stack_lvl+0x100/0x190 [ 615.421175][T25130] should_fail_ex.cold+0x5/0xa [ 615.421205][T25130] should_failslab+0xc2/0x120 [ 615.421233][T25130] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 615.421273][T25130] ? __d_alloc+0x34/0xa80 [ 615.421307][T25130] __d_alloc+0x34/0xa80 [ 615.421333][T25130] ? new_inode+0x15a/0x1c0 [ 615.421369][T25130] d_alloc_pseudo+0x1c/0xc0 [ 615.421405][T25130] alloc_file_pseudo+0xcf/0x230 [ 615.421439][T25130] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 615.421474][T25130] ? hugetlbfs_get_inode+0x36e/0x750 [ 615.421505][T25130] hugetlb_file_setup+0x2a8/0x5b0 [ 615.421538][T25130] ksys_mmap_pgoff+0x232/0x650 [ 615.421574][T25130] ? __UNIQUE_ID_modinfo_711+0x63e08673/0xffffffffffec9f73 [ 615.421620][T25130] ? __x64_sys_futex+0x358/0x4d0 [ 615.421655][T25130] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 615.421682][T25130] ? xfd_validate_state+0x129/0x190 [ 615.421725][T25130] __x64_sys_mmap+0x125/0x190 [ 615.421761][T25130] ? __UNIQUE_ID_modinfo_711+0x63e08673/0xffffffffffec9f73 [ 615.421806][T25130] do_syscall_64+0x106/0xf80 [ 615.421841][T25130] ? clear_bhb_loop+0x40/0x90 [ 615.421871][T25130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.421895][T25130] RIP: 0033:0x7fadf3b9c819 [ 615.421915][T25130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 615.421937][T25130] RSP: 002b:00007fadf49bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 615.421959][T25130] RAX: ffffffffffffffda RBX: 00007fadf3e15fa0 RCX: 00007fadf3b9c819 [ 615.421975][T25130] RDX: 0000000000000002 RSI: 0000000000000005 RDI: ffffffffff600700 [ 615.421989][T25130] RBP: 00007fadf3c32c91 R08: 0000000000000401 R09: 0000300000000000 [ 615.422004][T25130] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 615.422018][T25130] R13: 00007fadf3e16038 R14: 00007fadf3e15fa0 R15: 00007fff4ef25368 [ 615.422042][T25130] ? __UNIQUE_ID_modinfo_711+0x63e08673/0xffffffffffec9f73 [ 615.422089][T25130] [ 616.551895][T25163] openvswitch: netlink: Duplicate or invalid key (type 0). [ 616.795904][T25170] random: crng reseeded on system resumption [ 617.526129][T25191] openvswitch: netlink: ct_state flags aa1414ac unsupported [ 617.767649][T25198] netlink: 'syz.3.8534': attribute type 2 has an invalid length. [ 618.787402][T25233] netlink: zone id is out of range [ 618.787439][T25233] netlink: zone id is out of range [ 620.145481][T25272] netlink: 'syz.1.8566': attribute type 1 has an invalid length. [ 620.922003][T25299] HfR: entered promiscuous mode [ 621.713741][T25329] openvswitch: netlink: Missing valid actions attribute. [ 622.070513][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 622.076969][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 622.508668][T25368] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 623.662334][T25432] openvswitch: netlink: IP tunnel dst address not specified [ 625.149193][T25493] netlink: NAT attribute has 4 unknown bytes [ 627.958504][T25578] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8660'. [ 628.006272][T25578] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8660'. [ 630.966230][ T30] audit: type=1326 audit(4294967302.186:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25683 comm="syz.3.8694" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fadf3b9c819 code=0x0 [ 631.042614][T17882] Bluetooth: hci3: unexpected subevent 0x04 length: 122 > 11 [ 631.574692][T25702] delete_channel: no stack [ 634.042156][T25793] binder: 25792:25793 ioctl 400c620e 2000000001c0 returned -22 [ 634.523897][T25812] openvswitch: netlink: VXLAN extension message has 16 unknown bytes. [ 635.171001][T25830] [U] ^@ [ 635.636632][T25847] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 639.730996][T25993] openvswitch: netlink: VXLAN extension message has 1 unknown bytes. [ 640.020360][T26003] blktrace: Concurrent blktraces are not allowed on loop2 [ 640.284425][T17882] Bluetooth: hci0: SCO packet too small [ 641.072650][T26040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8824'. [ 641.122004][T26042] nbd: must specify a device to reconfigure [ 642.072006][T26095] netlink: 'syz.1.8838': attribute type 1 has an invalid length. [ 642.140358][T26095] netlink: 'syz.1.8838': attribute type 1 has an invalid length. [ 642.163819][T26095] netlink: 124 bytes leftover after parsing attributes in process `syz.1.8838'. [ 642.222225][T26095] netlink: 100 bytes leftover after parsing attributes in process `syz.1.8838'. [ 643.793193][T26160] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 645.584900][T26216] netlink: 'syz.1.8888': attribute type 1 has an invalid length. [ 650.344771][ T30] audit: type=1800 audit(4294967321.657:41): pid=26385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.8951" name="dbroot" dev="configfs" ino=71274 res=0 errno=0 [ 652.870426][T26490] openvswitch: netlink: IPv4 tunnel dst address is zero [ 653.499233][T26513] netlink: Invalid conntrack timeout [ 653.734127][T26522] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8996'. [ 654.867739][T26562] netlink: 'syz.1.9013': attribute type 8 has an invalid length. [ 655.853964][T26596] delete_channel: no stack [ 656.135191][T26608] netlink: 'syz.3.9033': attribute type 11 has an invalid length. [ 657.100317][T26643] netlink: 'syz.2.9045': attribute type 1 has an invalid length. [ 657.656995][T26660] delete_channel: no stack [ 657.922267][T26671] netlink: 'syz.1.9060': attribute type 11 has an invalid length. [ 661.568983][T26795] FAULT_INJECTION: forcing a failure. [ 661.568983][T26795] name failslab, interval 1, probability 0, space 0, times 0 [ 661.644127][T26795] CPU: 0 UID: 0 PID: 26795 Comm: syz.1.9112 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 661.644180][T26795] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 661.644194][T26795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 661.644209][T26795] Call Trace: [ 661.644217][T26795] [ 661.644226][T26795] dump_stack_lvl+0x100/0x190 [ 661.644268][T26795] should_fail_ex.cold+0x5/0xa [ 661.644297][T26795] should_failslab+0xc2/0x120 [ 661.644324][T26795] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 661.644363][T26795] ? security_file_alloc+0x34/0x2c0 [ 661.644396][T26795] ? trace_kmem_cache_alloc+0xf3/0x120 [ 661.644428][T26795] security_file_alloc+0x34/0x2c0 [ 661.644462][T26795] init_file+0x95/0x480 [ 661.644493][T26795] alloc_empty_file+0x73/0x1c0 [ 661.644525][T26795] dentry_open+0x46/0xd0 [ 661.644558][T26795] pidfs_alloc_file+0x18f/0x290 [ 661.644581][T26795] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 661.644613][T26795] pidfd_prepare+0x123/0x200 [ 661.644645][T26795] __x64_sys_pidfd_open+0x105/0x1a0 [ 661.644681][T26795] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 661.644724][T26795] do_syscall_64+0x106/0xf80 [ 661.644748][T26795] ? clear_bhb_loop+0x40/0x90 [ 661.644778][T26795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.644803][T26795] RIP: 0033:0x7fbf22f9c819 [ 661.644822][T26795] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 661.644845][T26795] RSP: 002b:00007fbf23e60028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 661.644868][T26795] RAX: ffffffffffffffda RBX: 00007fbf23215fa0 RCX: 00007fbf22f9c819 [ 661.644883][T26795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 661.644897][T26795] RBP: 00007fbf23032c91 R08: 0000000000000000 R09: 0000000000000000 [ 661.644911][T26795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 661.644925][T26795] R13: 00007fbf23216038 R14: 00007fbf23215fa0 R15: 00007fff1ec7f848 [ 661.644961][T26795] [ 663.413792][T26844] ALSA: mixer_oss: invalid OSS volume '' [ 664.906221][T26889] ================================================================== [ 664.906241][T26889] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x174a/0x1910 [ 664.906286][T26889] Write of size 8 at addr ffffc90004129000 by task syz.3.9152/26889 [ 664.906307][T26889] [ 664.906320][T26889] CPU: 0 UID: 0 PID: 26889 Comm: syz.3.9152 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 664.906360][T26889] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 664.906372][T26889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 664.906390][T26889] Call Trace: [ 664.906398][T26889] [ 664.906406][T26889] dump_stack_lvl+0x100/0x190 [ 664.906444][T26889] print_report+0x156/0x4c9 [ 664.906477][T26889] ? _raw_spin_lock_irqsave+0x52/0x60 [ 664.906515][T26889] ? __virt_addr_valid+0x81/0x620 [ 664.906549][T26889] ? sys_fillrect+0x174a/0x1910 [ 664.906585][T26889] kasan_report+0xdf/0x1e0 [ 664.906611][T26889] ? sys_fillrect+0x174a/0x1910 [ 664.906651][T26889] sys_fillrect+0x174a/0x1910 [ 664.906701][T26889] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 664.906731][T26889] bit_clear+0x17d/0x220 [ 664.906761][T26889] ? __pfx_bit_clear+0x10/0x10 [ 664.906791][T26889] ? fb_get_color_depth+0x120/0x250 [ 664.906820][T26889] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 664.906848][T26889] __fbcon_clear+0x633/0x760 [ 664.906875][T26889] ? __pfx_bit_clear+0x10/0x10 [ 664.906908][T26889] fbcon_scroll+0x314/0x650 [ 664.906936][T26889] con_scroll+0x464/0x690 [ 664.906975][T26889] do_con_write+0x71f6/0x8540 [ 664.907006][T26889] ? __pfx_do_con_write+0x10/0x10 [ 664.907034][T26889] con_write+0x23/0xb0 [ 664.907055][T26889] n_tty_write+0x44f/0x12d0 [ 664.907090][T26889] ? __pfx_n_tty_write+0x10/0x10 [ 664.907117][T26889] ? trace_kmalloc+0x101/0x130 [ 664.907143][T26889] ? __pfx_woken_wake_function+0x10/0x10 [ 664.907182][T26889] ? rcu_is_watching+0x12/0xc0 [ 664.907219][T26889] ? file_tty_write.isra.0+0x694/0x890 [ 664.907257][T26889] ? kfree+0x2ec/0x6b0 [ 664.907289][T26889] ? __pfx_n_tty_write+0x10/0x10 [ 664.907317][T26889] file_tty_write.isra.0+0x4d2/0x890 [ 664.907359][T26889] redirected_tty_write+0xd4/0x120 [ 664.907398][T26889] vfs_write+0x6ac/0x1070 [ 664.907421][T26889] ? __pfx_redirected_tty_write+0x10/0x10 [ 664.907461][T26889] ? __pfx_vfs_write+0x10/0x10 [ 664.907483][T26889] ? find_held_lock+0x2b/0x80 [ 664.907515][T26889] ksys_write+0x12a/0x250 [ 664.907537][T26889] ? __pfx_ksys_write+0x10/0x10 [ 664.907564][T26889] do_syscall_64+0x106/0xf80 [ 664.907587][T26889] ? clear_bhb_loop+0x40/0x90 [ 664.907615][T26889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.907639][T26889] RIP: 0033:0x7fadf3b9c819 [ 664.907663][T26889] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 664.907686][T26889] RSP: 002b:00007fadf49bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 664.907709][T26889] RAX: ffffffffffffffda RBX: 00007fadf3e15fa0 RCX: 00007fadf3b9c819 [ 664.907725][T26889] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 664.907740][T26889] RBP: 00007fadf3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 664.907755][T26889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.907769][T26889] R13: 00007fadf3e16038 R14: 00007fadf3e15fa0 R15: 00007fff4ef25368 [ 664.907792][T26889] [ 664.907800][T26889] [ 664.907806][T26889] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc90003e29000 allocated at drm_gem_shmem_vmap_locked+0x54b/0x800 [ 664.907849][T26889] Memory state around the buggy address: [ 664.907862][T26889] ffffc90004128f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 664.907884][T26889] ffffc90004128f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 664.907900][T26889] >ffffc90004129000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 664.907913][T26889] ^ [ 664.907924][T26889] ffffc90004129080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 664.907941][T26889] ffffc90004129100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 664.907954][T26889] ================================================================== [ 664.920864][T26889] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 664.920891][T26889] CPU: 0 UID: 0 PID: 26889 Comm: syz.3.9152 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 664.920931][T26889] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 664.920942][T26889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 664.920957][T26889] Call Trace: [ 664.920965][T26889] [ 664.920974][T26889] dump_stack_lvl+0x100/0x190 [ 664.921014][T26889] vpanic+0x552/0x970 [ 664.921036][T26889] ? __pfx_vpanic+0x10/0x10 [ 664.921063][T26889] ? sys_fillrect+0x174a/0x1910 [ 664.921100][T26889] panic+0xd1/0xe0 [ 664.921121][T26889] ? __pfx_panic+0x10/0x10 [ 664.921145][T26889] ? sys_fillrect+0x174a/0x1910 [ 664.921181][T26889] ? preempt_schedule_common+0x42/0xc0 [ 664.921225][T26889] check_panic_on_warn.cold+0x19/0x34 [ 664.921251][T26889] end_report.part.0+0x3a/0x90 [ 664.921285][T26889] kasan_report.cold+0xe/0x18 [ 664.921319][T26889] ? sys_fillrect+0x174a/0x1910 [ 664.921360][T26889] sys_fillrect+0x174a/0x1910 [ 664.921403][T26889] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 664.921433][T26889] bit_clear+0x17d/0x220 [ 664.921463][T26889] ? __pfx_bit_clear+0x10/0x10 [ 664.921494][T26889] ? fb_get_color_depth+0x120/0x250 [ 664.921522][T26889] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 664.921550][T26889] __fbcon_clear+0x633/0x760 [ 664.921578][T26889] ? __pfx_bit_clear+0x10/0x10 [ 664.921610][T26889] fbcon_scroll+0x314/0x650 [ 664.921639][T26889] con_scroll+0x464/0x690 [ 664.921686][T26889] do_con_write+0x71f6/0x8540 [ 664.921718][T26889] ? __pfx_do_con_write+0x10/0x10 [ 664.921747][T26889] con_write+0x23/0xb0 [ 664.921768][T26889] n_tty_write+0x44f/0x12d0 [ 664.921803][T26889] ? __pfx_n_tty_write+0x10/0x10 [ 664.921830][T26889] ? trace_kmalloc+0x101/0x130 [ 664.921861][T26889] ? __pfx_woken_wake_function+0x10/0x10 [ 664.921900][T26889] ? rcu_is_watching+0x12/0xc0 [ 664.921939][T26889] ? file_tty_write.isra.0+0x694/0x890 [ 664.921977][T26889] ? kfree+0x2ec/0x6b0 [ 664.922009][T26889] ? __pfx_n_tty_write+0x10/0x10 [ 664.922038][T26889] file_tty_write.isra.0+0x4d2/0x890 [ 664.922080][T26889] redirected_tty_write+0xd4/0x120 [ 664.922119][T26889] vfs_write+0x6ac/0x1070 [ 664.922142][T26889] ? __pfx_redirected_tty_write+0x10/0x10 [ 664.922183][T26889] ? __pfx_vfs_write+0x10/0x10 [ 664.922204][T26889] ? find_held_lock+0x2b/0x80 [ 664.922236][T26889] ksys_write+0x12a/0x250 [ 664.922259][T26889] ? __pfx_ksys_write+0x10/0x10 [ 664.922286][T26889] do_syscall_64+0x106/0xf80 [ 664.922309][T26889] ? clear_bhb_loop+0x40/0x90 [ 664.922336][T26889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.922361][T26889] RIP: 0033:0x7fadf3b9c819 [ 664.922380][T26889] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 664.922403][T26889] RSP: 002b:00007fadf49bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 664.922433][T26889] RAX: ffffffffffffffda RBX: 00007fadf3e15fa0 RCX: 00007fadf3b9c819 [ 664.922450][T26889] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 664.922465][T26889] RBP: 00007fadf3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 664.922480][T26889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.922495][T26889] R13: 00007fadf3e16038 R14: 00007fadf3e15fa0 R15: 00007fff4ef25368 [ 664.922519][T26889] [ 664.922589][T26889] Kernel Offset: disabled