last executing test programs: 18m9.467172142s ago: executing program 32 (id=1057): keyctl$auto(0x4, 0xfffffffd, 0x0, 0xffffffffffffffff, 0x8) 17m25.857979842s ago: executing program 0 (id=1724): r0 = socket(0xa, 0x3, 0x3a) setsockopt$auto(r0, 0x3a, 0x1, 0x0, 0x0) 17m25.646921851s ago: executing program 0 (id=1726): r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa1\x00', 0x48080, 0x0) poll$auto(&(0x7f0000000b00)={r0, 0x6, 0x1}, 0x1, 0x4) 17m25.348580971s ago: executing program 0 (id=1729): mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0x2, 0x3fd6, 0x0, 0x7fffffffb000) 17m25.003886612s ago: executing program 0 (id=1732): socket(0x21, 0x2, 0x2) sendto$auto(0x3, 0x0, 0x18, 0x101, 0x0, 0x1c) 17m24.775191381s ago: executing program 0 (id=1737): rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) migrate_pages$auto(0x1, 0x9, 0x0, &(0x7f0000000840)=0x2) 17m23.882501112s ago: executing program 0 (id=1749): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/ip_forward_update_priority\x00', 0x202, 0x0) sendfile$auto(r0, r0, 0x0, 0x7ffff000) 17m23.495714394s ago: executing program 33 (id=1749): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/ip_forward_update_priority\x00', 0x202, 0x0) sendfile$auto(r0, r0, 0x0, 0x7ffff000) 15m46.561033666s ago: executing program 4 (id=3344): r0 = openat$auto_nsim_nexthop_bucket_activity_fops_fib(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/fib/nexthop_bucket_activity\x00', 0x1, 0x0) write$auto(r0, 0x0, 0x9b) 15m46.351304372s ago: executing program 4 (id=3347): openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/block/nbd2/sched/write0_fifo_list\x00', 0x2, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) 15m46.161286129s ago: executing program 4 (id=3352): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x181902, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8) 15m42.998984345s ago: executing program 4 (id=3411): r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vgem/name\x00', 0x1, 0x0) lseek$auto(r0, 0x9, 0x0) 15m42.887299003s ago: executing program 4 (id=3413): setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) tkill$auto(0x80000000000001, 0x7) 15m42.419764388s ago: executing program 4 (id=3422): socket(0x2, 0x6, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @remote}, 0x55) 15m42.232652991s ago: executing program 34 (id=3422): socket(0x2, 0x6, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @remote}, 0x55) 7m31.447832794s ago: executing program 6 (id=11182): mmap$auto(0x0, 0x5, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x29, 0x2, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) 7m31.191987005s ago: executing program 6 (id=11194): r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0x4001}, 0x55) write$auto(0x3, 0x0, 0x3f00) 7m31.019501399s ago: executing program 6 (id=11187): ioperm$auto(0x800, 0x5, 0xd) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x2, 0x8000) clock_nanosleep$auto(0x8, 0x0, 0x0, 0xffffffffffffffff) 7m30.869897415s ago: executing program 6 (id=11191): mknod$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_', 0x1081, 0x9) acct$auto(&(0x7f0000000380)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82=s\x83\xe6\xae\x00\x00\x00\x00\x0e\x19\x12\x85\bvf(e\xda\x92\x97\t\x15\xf6\xc8\xee\x04\x16\xc1\x1a!\x1d\xe0\xb7\x06D&zg\xb0a\xab|E\xde\x14\xee[\xe1\xc0\xa8Nh\x0f\xa3\xdfT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\xc5OA\xa0\xc4%\xfa\x12\x10\xd8\ncG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\v\xe7|v\xb4*\xf1\xfb\x96\xeb\x87[\xed}\xa5\x99\xae\xed\x9f\xeb\xb7\xd8}\b\xabYq\x94_\xf8\x9cg\xd8X\xa1\xe2\x81^3\x9d$ =\x97\x9a\x8d') openat$dir(0xffffffffffffff9c, &(0x7f0000001340)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_/file0\x00', 0x40000, 0x0) 7m30.674968598s ago: executing program 6 (id=11202): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 7m30.057535316s ago: executing program 6 (id=11200): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) get_mempolicy$auto(&(0x7f0000000640)=0xfffffffc, 0x0, 0x81, 0x8, 0x2) 7m29.599905291s ago: executing program 35 (id=11200): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) get_mempolicy$auto(&(0x7f0000000640)=0xfffffffc, 0x0, 0x81, 0x8, 0x2) 7m19.841637092s ago: executing program 2 (id=11250): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x5, 0x1, '\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60000000}, 0x2) 7m19.471633661s ago: executing program 2 (id=11243): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x2283, 0x38) 7m19.173987139s ago: executing program 2 (id=11244): prctl$auto(0x59616d61, 0xdaffffffffffffff, 0x2, 0xffffffffffffffff, 0x8) prctl$auto(0x4, 0x9, 0x6, 0x3, 0x0) ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f) 7m18.777508219s ago: executing program 2 (id=11256): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000000)={'ip_vti0\x00'}) 7m18.411057639s ago: executing program 2 (id=11249): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 7m17.744130534s ago: executing program 2 (id=11262): socket(0x15, 0x5, 0x0) setreuid$auto(0x3, 0x7) ioctl$auto(0x3, 0x89a0, 0xfffffffffffff4e0) 7m17.41333515s ago: executing program 36 (id=11262): socket(0x15, 0x5, 0x0) setreuid$auto(0x3, 0x7) ioctl$auto(0x3, 0x89a0, 0xfffffffffffff4e0) 5m14.140162607s ago: executing program 7 (id=12408): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000000)={'ip_vti0\x00'}) 5m13.901502327s ago: executing program 7 (id=12411): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) 5m13.635949397s ago: executing program 7 (id=12414): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f00000001c0), r0) setuid$auto(0x1f) sendmsg$auto_NBD_CMD_DISCONNECT(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000200)={0x14, r1, 0x1, 0x70bd2d, 0x8}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4000884) 5m13.339706469s ago: executing program 7 (id=12424): mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto(0x3, 0x89e1, 0x91) 5m12.833464611s ago: executing program 7 (id=12422): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) tkill$auto(0x80000000000001, 0x7) 5m11.687710226s ago: executing program 7 (id=12432): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000009c0)={0x24, r2, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r1}, @NL80211_ATTR_SCAN_SSIDS={0x8, 0x2d, 0x0, 0x1, [@nested={0x4, 0x99}]}]}, 0x24}}, 0x4000000) 5m11.447305148s ago: executing program 37 (id=12432): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000009c0)={0x24, r2, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r1}, @NL80211_ATTR_SCAN_SSIDS={0x8, 0x2d, 0x0, 0x1, [@nested={0x4, 0x99}]}]}, 0x24}}, 0x4000000) 35.779561673s ago: executing program 8 (id=15317): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/nr8/statistics/multicast\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0x3, 0x0, 0x81) 35.51327817s ago: executing program 8 (id=15321): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) getsockopt$auto(0x3, 0x200000000001, 0x11, 0x0, 0x0) 34.952784605s ago: executing program 8 (id=15329): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000) recvmmsg$auto(0x3, 0x0, 0x4, 0x2, 0x0) 34.14312174s ago: executing program 8 (id=15333): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/error_log\x00', 0x50802, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1) 33.439226358s ago: executing program 8 (id=15338): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xffffffffffff0001, 0x15) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 32.06011956s ago: executing program 8 (id=15348): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/o2cb/interface_revision\x00', 0x100, 0x0) read$auto(r1, 0x0, 0x9) ioctl$auto_evdev_fops_evdev(r0, 0x40284504, 0x0) 31.667613347s ago: executing program 38 (id=15348): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/o2cb/interface_revision\x00', 0x100, 0x0) read$auto(r1, 0x0, 0x9) ioctl$auto_evdev_fops_evdev(r0, 0x40284504, 0x0) 7.6394542s ago: executing program 1 (id=15524): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r0, 0x84, 0x84, 0x0, &(0x7f0000000000)=0x9b) 5.919279958s ago: executing program 1 (id=15529): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400005, 0xe3, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) rt_sigprocmask$auto(0x0, 0x0, 0x0, 0x8) 4.460085992s ago: executing program 5 (id=15537): unshare$auto(0x40000080) removexattr$auto(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="0103269a7000eedbdf25050000"], 0x14}, 0x1, 0x0, 0x0, 0x8810}, 0x0) 4.26336871s ago: executing program 1 (id=15539): socket(0x2, 0x2, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x25}}, 0x6b) 3.758191666s ago: executing program 1 (id=15540): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0xffffffffffffffff, 0x0, 0x9) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) write$auto(0x3, 0x0, 0xfffffdef) 3.751676429s ago: executing program 9 (id=15548): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x8, 0x1, 0x0, 0xffffffffffffffff) sysinfo$auto(0x0) close_range$auto(0x2, 0x8, 0x0) 3.74244832s ago: executing program 3 (id=15549): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x4, &(0x7f0000000280)={0x1, 0xd, 0x800ef, 0x9, 0x0, 0x6, 0xffffffffffffffff, [0x7, 0xc, 0x4], {0x100, 0x4, 0x0, 0x2, 0x80007, 0x0, 0xfefffffa, 0x8, 0x23}, {0x2, 0x7, 0x1, 0x9010, 0x3, 0x7ffffff8, 0x1, 0x8, 0x6}}) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) prctl$auto(0x23, 0xe, 0x1ff, 0x68, 0x0) 3.177226209s ago: executing program 9 (id=15541): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x8001, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x14) madvise$auto(0x0, 0x53, 0x9) 2.864607064s ago: executing program 3 (id=15542): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r0, 0x84, 0x84, 0x0, &(0x7f0000000000)=0x9b) 2.855997685s ago: executing program 5 (id=15552): unshare$auto(0x40000080) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_CFG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x24008081}, 0x24044074) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) ioctl$auto(0xc8, 0x400454d4, 0xe) 2.556273526s ago: executing program 9 (id=15543): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x560a, 0x7) 2.100834731s ago: executing program 3 (id=15544): r0 = open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) fchown$auto(r0, 0xe5a, 0x5) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) setresuid$auto(0x5f, 0x1000, 0x607) write$auto(0x3, 0x0, 0xfdef) 2.06371238s ago: executing program 9 (id=15545): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x20, r1, 0x301, 0x4070bd25, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0xc, 0x2, 'nl80211\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) recvmsg$auto(r0, &(0x7f0000000300)={0x0, 0x7, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x483, 0x8}, 0x4) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r0) 1.684801153s ago: executing program 1 (id=15546): mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x4, &(0x7f0000000000)={0x94, 0xf1, 0xc, @raw}}) 1.312586679s ago: executing program 9 (id=15547): socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket(0x11, 0x3, 0x2) getsockopt$auto(r0, 0x107, 0xb, 0x0, 0x0) 1.312529522s ago: executing program 3 (id=15550): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), r0) sendmsg$auto_CTRL_CMD_GETFAMILY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="efff289d7000ffdbdf2503000000050002"], 0x1c}, 0x1, 0x0, 0x0, 0x20040880}, 0x800) read$auto(r0, 0x0, 0x2005) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000000c0), r0) 1.066110485s ago: executing program 5 (id=15551): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) 780.237995ms ago: executing program 5 (id=15553): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xc048ae65, 0x38) 778.570692ms ago: executing program 1 (id=15554): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, 0x0, 0x0) write$auto(0x1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) vmsplice$auto(0x1, &(0x7f0000000000)={0x0, 0x5}, 0x6, 0x8) 760.427647ms ago: executing program 3 (id=15555): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r0, 0x0, 0x210000001) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/rpc/nfsd.fh/channel\x00', 0x48041, 0x0) write$auto(r1, 0x0, 0x6) 501.783851ms ago: executing program 5 (id=15556): r0 = socket(0xa, 0x801, 0x106) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x6) socket(0x1, 0x1, 0x1) shutdown$auto(r0, 0xfffffd8d) 370.699523ms ago: executing program 3 (id=15557): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8000, 0x0) 316.845086ms ago: executing program 9 (id=15558): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000e2, 0x40eb1, 0xffffffffffffffff, 0x10000) r0 = gettid() mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) process_vm_writev$auto(r0, &(0x7f0000000000)={0x0, 0x7ff}, 0x3, &(0x7f0000000080)={0x0, 0x800007}, 0x4, 0x0) 0s ago: executing program 5 (id=15559): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) ioctl$auto_PPPIOCSFLAGS(r0, 0x40047459, 0x0) kernel console output (not intermixed with test programs): pid=17204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 410.656518][T17332] aoe: can't write to that file. [ 414.566442][T17481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5255'. [ 417.563610][T17588] Debayer B: ================= START STATUS ================= [ 417.594277][T17588] Debayer B: Debayer Mean Window Size: 3 [ 417.600495][T17588] Debayer B: ================== END STATUS ================== [ 419.758898][T17664] aoe: could not set interface list: too many interfaces [ 421.799198][T17738] : Can't lookup blockdev [ 422.915736][T17780] Process accounting resumed [ 422.928522][T17780] kstrtoul() returned -22 for lu_gp_id [ 426.081120][T17826] Bluetooth: hci3: command 0x0406 tx timeout [ 435.811412][ T29] audit: type=1800 audit(4294967428.485:27): pid=18187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5601" name="discovery_nqn" dev="configfs" ino=46425 res=0 errno=0 [ 437.341666][ T29] audit: type=1400 audit(4294967430.013:28): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=18238 comm="syz.3.5625" [ 438.159043][T18268] udc dummy_udc.0: soft-connect without a gadget driver [ 441.296394][T18400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5697'. [ 443.482028][T18488] CIFS mount error: No usable UNC path provided in device string! [ 443.482028][T18488] [ 443.492417][T18488] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 444.314777][T18518] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5759'. [ 445.780942][T18573] Format for deleting device is "id" (uint). [ 449.379517][T18706] : Can't lookup blockdev [ 452.049140][T18797] futex_wake_op: syz.6.5894 tries to shift op by 64; fix this program [ 452.535849][T18812] : Can't lookup blockdev [ 454.601476][ T5142] Bluetooth: hci3: unexpected event 0x06 length: 4 > 3 [ 454.978596][T18904] aoe: invalid device specification [ 455.894343][T18940] zram: Added device: zram1 [ 460.955073][T19137] QAT: Stopping all acceleration devices. [ 462.756445][T19212] syz.2.6095 (19212): attempted to duplicate a private mapping with mremap. This is not supported. [ 464.016085][T19263] Invalid ELF header magic: != ELF [ 465.812998][T19330] : Can't lookup blockdev [ 472.477902][T19570] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 472.485264][T19570] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 474.272287][T19633] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 476.075685][T19684] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 477.836394][T19749] netlink: 'syz.6.6353': attribute type 1 has an invalid length. [ 478.101186][T19758] netlink: 'syz.6.6357': attribute type 1 has an invalid length. [ 478.180162][T19761] netlink: 168 bytes leftover after parsing attributes in process `syz.6.6358'. [ 478.863210][T19782] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6368'. [ 478.894402][T19782] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 479.053142][T19788] netlink: 5995 bytes leftover after parsing attributes in process `syz.5.6370'. [ 479.155862][T19792] vmstat_refresh: nr_hugetlb -2048 [ 480.260714][T19824] nfs: Unknown parameter 'nl80211' [ 481.386357][T19866] netlink: Unknown conntrack attr (0) [ 482.384913][T19901] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 483.349254][T19933] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 484.554267][T19970] HSR: entered promiscuous mode [ 484.655274][T19976] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 485.395495][ T29] audit: type=1800 audit(4294967478.313:29): pid=20000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.6469" name="features" dev="configfs" ino=51110 res=0 errno=0 [ 486.626110][T20034] program syz.3.6483 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 486.969394][T20047] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 488.005972][T20071] could not allocate digest TFM handle [ 488.037053][T20085] sd 0:0:1:0: PR command failed: 1026 [ 488.042869][T20085] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 488.063118][T20085] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 488.334892][T20073] could not allocate digest TFM handle [ 488.981207][T20113] openvswitch: netlink: Multiple metadata blocks provided [ 490.988044][T20170] delete_channel: no stack [ 491.422145][ T29] audit: type=1800 audit(4294967484.344:30): pid=20188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="dbroot" dev="configfs" ino=52174 res=0 errno=0 [ 492.757965][T20239] cifs: Unknown parameter 'T.ŸмлцЈХМc[Ÿаъ€$тцЕШ)ќБUѓУ‘nEѓ-Ъ™ОlЎік-КŒ -О_€™ЏдхсЊ5Z фoхщЂmžаfwYЭhК*/џxDlнЉŠзэgеkЧAэГљЯ7Эии9’єXіa/fъ_џARЃˆ™‘ШxM ‚vЌ—pџБ$^;єиq‡3БЋЃnьЁЕ-6Љ+e„k„ОёЧ<Аkœcд)n.ќeMЭїNaЈtЎаSMЮЦ1,' [ 493.172819][T20255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 493.192571][T20255] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 493.386933][T20265] CIFS: VFS: Invalid SecurityFlags: [ 493.587188][T20269] openvswitch: netlink: Message has 4 unknown bytes. [ 493.661512][T20275] openvswitch: netlink: Flow actions attr not present in new flow. [ 495.558950][T20339] QAT: Stopping all acceleration devices. [ 497.662099][T20426] netlink: 'syz.3.6661': attribute type 10 has an invalid length. [ 498.470706][T20456] netlink: 168 bytes leftover after parsing attributes in process `syz.2.6675'. [ 498.842615][T20468] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 499.796610][T20499] cifs: Unknown parameter 'р' [ 500.235867][T20514] nvme_fabrics: missing parameter 'transport=%s' [ 500.242366][T20514] nvme_fabrics: missing parameter 'nqn=%s' [ 500.640279][T20530] Zero length message leads to an empty skb                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  syzkaller syzkaller login: [ 585.671738][ T29] audit: type=1800 audit(4294967342.427:36): pid=23431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.8009" name="dbroot" dev="configfs" ino=62397 res=0 errno=0 [ 586.712694][T23475] Process accounting resumed [ 587.681383][T23513] batman_adv: Routing algorithm '' is not supported [ 588.227559][T23538] delete_channel: no stack [ 588.541090][T23554] sctp: [Deprecated]: syz.5.8068 (pid 23554) Use of int in maxseg socket option. [ 588.541090][T23554] Use struct sctp_assoc_value instead [ 588.751782][T23561] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 594.631525][T23730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8147'. [ 594.708907][T23731] netlink: 'syz.3.8145': attribute type 1 has an invalid length. [ 597.204141][T23791] ima: policy update failed [ 597.244174][ T29] audit: type=1802 audit(4294967354.037:37): pid=23791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.8175" res=0 errno=0 [ 599.285286][T23844] netlink: 'syz.5.8195': attribute type 2 has an invalid length. [ 599.293674][T23844] netlink: 674 bytes leftover after parsing attributes in process `syz.5.8195'. [ 599.783668][T23862] svc: failed to register nfsdv3 RPC service (errno 111). [ 599.794466][T23862] svc: failed to register nfsaclv3 RPC service (errno 111). [ 601.603104][T23935] MTRR 1 not used [ 601.761087][T23941] nbd: illegal input index -33554433 [ 601.864010][T23948] netlink: 'syz.2.8245': attribute type 1 has an invalid length. [ 602.907992][T23980] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 608.000316][T24117] .': entered promiscuous mode [ 608.683085][T24147] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8333'. [ 609.660251][T24188] netlink: 'syz.5.8349': attribute type 1 has an invalid length. [ 609.998835][T24198] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 610.668304][T24228] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 614.242273][T24374] : entered promiscuous mode [ 614.536669][T24387] batman_adv: Routing algorithm '' is not supported [ 614.757524][T24396] nbd: couldn't find device at index 33904 [ 614.995728][T24406] netlink: 'syz.2.8454': attribute type 2 has an invalid length. [ 615.761320][T24440] delete_channel: no stack [ 616.639818][T24477] netlink: 'syz.6.8486': attribute type 2 has an invalid length. [ 617.234947][T24503] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 618.293099][T24546] netlink: zone id is out of range [ 618.304013][T24546] netlink: set zone limit has 8 unknown bytes [ 619.590393][T24471] Process accounting paused [ 619.998415][T24612] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8549'. [ 620.424071][T24631] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8559'. [ 621.185858][T24666] aoe: copy from user failed [ 621.192546][T24666] aoe: could not set interface list: too many interfaces [ 622.491798][ T29] audit: type=1800 audit(4294967379.388:38): pid=24721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.8600" name="members" dev="configfs" ino=67381 res=0 errno=0 [ 623.282489][T24756] openvswitch: netlink: IPv4 tunnel dst address is zero [ 623.990691][T24781] openvswitch: netlink: Flow key attr not present in new flow. [ 626.842458][T24891] netlink: del zone limit has 8 unknown bytes [ 626.894541][T24893] block nbd0: not configured, cannot reconfigure [ 627.744339][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 627.752171][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.885459][T24986] netlink: 'syz.2.8717': attribute type 2 has an invalid length. [ 629.925950][T24988] openvswitch: HSR: Dropping previously announced user features [ 630.345079][T24998] svc: failed to register nfsdv3 RPC service (errno 111). [ 630.376824][T24998] svc: failed to register nfsaclv3 RPC service (errno 111). [ 630.494043][T25004] [U] f•нхШ9бHАпАO(BГ•hLg*їЯ)љю хнћJя%—ЖŸЬ6 [ 630.502939][T25004] [U] L [ 630.831173][T25014] debugfs: Directory '!PjE љrѕЃв„yљ*›"Єl-§ЄєyТ–њ„LЭƒїгФ]' with parent 'ieee80211' already present! [ 631.110372][T25025] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 631.484527][T25039] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8741'. [ 634.398385][T25146] netlink: 'syz.5.8793': attribute type 1 has an invalid length. [ 636.143487][T25210] netlink: 'syz.2.8823': attribute type 1 has an invalid length. [ 636.722281][T25232] : entered promiscuous mode [ 640.829791][T25311] netlink: 5995 bytes leftover after parsing attributes in process `syz.6.8865'. syzkaller syzkaller login: [ 640.912394][T25312] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 641.270317][T25328] openvswitch: netlink: Duplicate or invalid key (type 0). [ 645.607837][T25470] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8937'. [ 645.664851][T25472] binder_alloc: binder_alloc_mmap_handler: 25471 0-1000 already mapped failed -16 [ 647.713331][T25553] program syz.6.8973 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 649.199487][T25603] openvswitch: netlink: ufid size 24 bytes exceeds the range (1, 16) [ 649.210351][T25603] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 649.580213][T25618] openvswitch: netlink: IP tunnel dst address not specified [ 650.391531][T25642] netlink: 'syz.6.9014': attribute type 2 has an invalid length. [ 655.543989][T25769] openvswitch: netlink: nsh attr 160 is out of range max 3 [ 656.548417][T25780] netlink: 'syz.5.9076': attribute type 11 has an invalid length. [ 659.992963][T25863] NFSD: Unable to initialize client recovery tracking! (-110) [ 660.000701][T25863] NFSD: Is nfsdcld running? If not, enable CONFIG_NFSD_LEGACY_CLIENT_TRACKING. [ 660.033029][T25863] NFSD: starting 16-second grace period (net f00004bb) [ 660.060831][T25907] netlink: 12 bytes leftover after parsing attributes in process `syz.6.9139'. [ 663.561356][T26037] openvswitch: netlink: ct_state flags 04001eac unsupported [ 663.643134][T26040] netlink: zone id is out of range [ 663.750717][T26045] tipc: Started in network mode [ 663.760553][T26045] tipc: Node identity ee00, cluster identity 11 [ 663.769100][T26045] tipc: Node number set to 60928 [ 663.795327][T26046] program syz.3.9201 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 664.132096][T26059] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9207'. [ 664.171198][T26059] tc_dump_action: action bad kind [ 664.694953][T26074] nl80211: entered promiscuous mode [ 667.835385][T26195] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9276'. [ 667.905470][T26199] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 668.432288][T26224] binder_alloc: binder_alloc_mmap_handler: 26223 0-1000 already mapped failed -16 [ 668.691925][T26231] svc: failed to register nfsdv3 RPC service (errno 111). [ 668.723333][T26231] svc: failed to register nfsaclv3 RPC service (errno 111). [ 670.119250][T26294] openvswitch: netlink: ct_state flags 03001eac unsupported [ 670.356266][T26303] openvswitch: netlink: Flow key attr not present in new flow. [ 670.840896][T26324] netlink: 'syz.5.9337': attribute type 11 has an invalid length. [ 671.114162][T26338] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE љrѕЃв„yљ*›"Єl-§ЄєyТ–њ„LЭƒїгФ]' [ 671.127028][T26338] CPU: 1 UID: 0 PID: 26338 Comm: syz.6.9334 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0 [ 671.137880][T26338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 671.148112][T26338] Call Trace: [ 671.151446][T26338] [ 671.154433][T26338] dump_stack_lvl+0x16c/0x1f0 [ 671.159206][T26338] sysfs_warn_dup+0x7f/0xa0 [ 671.163831][T26338] sysfs_do_create_link_sd+0x124/0x140 [ 671.169400][T26338] sysfs_create_link+0x61/0xc0 [ 671.174265][T26338] device_add+0x62e/0x1a70 [ 671.178765][T26338] ? __pfx_device_add+0x10/0x10 [ 671.183789][T26338] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 671.189817][T26338] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 671.195900][T26338] wiphy_register+0x1c7a/0x2860 [ 671.200852][T26338] ? netdev_run_todo+0x837/0x12d0 [ 671.205983][T26338] ? __pfx_wiphy_register+0x10/0x10 [ 671.211299][T26338] ieee80211_register_hw+0x2951/0x3fa0 [ 671.216860][T26338] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 671.222751][T26338] ? net_generic+0xea/0x2a0 [ 671.227357][T26338] ? lockdep_init_map_type+0x16d/0x7d0 [ 671.232899][T26338] ? rcu_is_watching+0x12/0xc0 [ 671.237764][T26338] ? trace_hrtimer_init+0x1a6/0x230 [ 671.243125][T26338] ? __hrtimer_init+0x106/0x2c0 [ 671.248064][T26338] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 671.253958][T26338] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 671.260139][T26338] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 671.265538][T26338] hwsim_new_radio_nl+0xb42/0x12b0 [ 671.270855][T26338] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 671.276521][T26338] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 671.284421][T26338] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 671.291896][T26338] genl_family_rcv_msg_doit+0x202/0x2f0 [ 671.297550][T26338] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 671.303723][T26338] ? genl_get_cmd+0x195/0x580 [ 671.308502][T26338] ? bpf_lsm_capable+0x9/0x10 [ 671.313269][T26338] ? security_capable+0x7e/0x260 [ 671.318306][T26338] ? ns_capable+0xd7/0x110 [ 671.322876][T26338] genl_rcv_msg+0x565/0x800 [ 671.327472][T26338] ? __pfx_genl_rcv_msg+0x10/0x10 [ 671.332675][T26338] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 671.338345][T26338] netlink_rcv_skb+0x165/0x410 [ 671.343247][T26338] ? __pfx_genl_rcv_msg+0x10/0x10 [ 671.348364][T26338] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 671.353761][T26338] ? down_read+0xc9/0x330 [ 671.358187][T26338] ? __pfx_down_read+0x10/0x10 [ 671.363046][T26338] ? netlink_deliver_tap+0x1ae/0xca0 [ 671.368414][T26338] genl_rcv+0x28/0x40 [ 671.372474][T26338] netlink_unicast+0x53c/0x7f0 [ 671.377320][T26338] ? __pfx_netlink_unicast+0x10/0x10 [ 671.382690][T26338] ? __phys_addr_symbol+0x30/0x80 [ 671.387889][T26338] ? __check_object_size+0x488/0x710 [ 671.393278][T26338] netlink_sendmsg+0x8b8/0xd70 [ 671.398138][T26338] ? __pfx_netlink_sendmsg+0x10/0x10 [ 671.403533][T26338] ____sys_sendmsg+0x9ae/0xb40 [ 671.408385][T26338] ? copy_msghdr_from_user+0x10b/0x160 [ 671.413944][T26338] ? __pfx_____sys_sendmsg+0x10/0x10 [ 671.419340][T26338] ___sys_sendmsg+0x135/0x1e0 [ 671.424119][T26338] ? __pfx____sys_sendmsg+0x10/0x10 [ 671.429620][T26338] ? __pfx_lock_release+0x10/0x10 [ 671.434765][T26338] ? trace_lock_acquire+0x14e/0x1f0 [ 671.440175][T26338] ? __fget_files+0x206/0x3a0 [ 671.445048][T26338] __sys_sendmsg+0x16e/0x220 [ 671.449738][T26338] ? __pfx___sys_sendmsg+0x10/0x10 [ 671.454955][T26338] ? __x64_sys_futex+0x1e1/0x4c0 [ 671.460025][T26338] do_syscall_64+0xcd/0x250 [ 671.464622][T26338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.470599][T26338] RIP: 0033:0x7f1391785d29 [ 671.475079][T26338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 671.495264][T26338] RSP: 002b:00007f1392661038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 671.503763][T26338] RAX: ffffffffffffffda RBX: 00007f1391975fa0 RCX: 00007f1391785d29 [ 671.511812][T26338] RDX: 0000000004000800 RSI: 0000000020000e00 RDI: 0000000000000003 [ 671.520061][T26338] RBP: 00007f1391801b08 R08: 0000000000000000 R09: 0000000000000000 [ 671.528548][T26338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 671.536674][T26338] R13: 0000000000000000 R14: 00007f1391975fa0 R15: 00007ffed01efaf8 [ 671.544739][T26338] [ 671.823735][T26355] openvswitch: netlink: ufid size 24 bytes exceeds the range (1, 16) [ 671.849849][T26355] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 672.236876][T26376] netlink: 'syz.2.9352': attribute type 2 has an invalid length. [ 672.245309][T26376] netlink: 674 bytes leftover after parsing attributes in process `syz.2.9352'. [ 676.119167][T26532] netlink: ct family unspecified [ 677.199661][T26577] openvswitch: netlink: nsh attribute has 2 unknown bytes. [ 678.146139][T26612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 679.366216][T26661] delete_channel: no stack [ 679.482068][T26665] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 680.107619][T26687] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9498'. [ 680.470065][T26702] netlink: zone id is out of range [ 680.485717][T26702] netlink: zone id is out of range [ 680.510036][T26702] netlink: zone id is out of range [ 680.515243][T26702] netlink: zone id is out of range [ 680.524980][T26702] netlink: zone id is out of range [ 680.531691][T26702] netlink: zone id is out of range [ 680.541928][T26702] netlink: zone id is out of range [ 682.732416][T26779] net_ratelimit: 2 callbacks suppressed [ 682.732445][T26779] openvswitch: netlink: nsh attr 160 is out of range max 3 [ 685.567992][T26886] netlink: del zone limit has 8 unknown bytes [ 685.959593][T26896] netlink: zone id is out of range [ 686.006177][T26896] netlink: set zone limit has 8 unknown bytes [ 686.829867][T26935] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 686.909194][T26937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9611'. [ 686.920886][T26937] tc_dump_action: action bad kind [ 687.395676][T26957] tipc: Started in network mode [ 687.400800][T26957] tipc: Node identity ee00, cluster identity 4711 [ 687.407283][T26957] tipc: Node number set to 60928 [ 687.831163][T26973] nl80211: entered promiscuous mode [ 687.966959][T26982] program syz.5.9631 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 688.263341][T26989] netlink: 5995 bytes leftover after parsing attributes in process `syz.3.9634'. [ 688.558594][T27001] netlink: 'syz.3.9641': attribute type 2 has an invalid length. [ 688.579652][T27003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9642'. [ 688.866361][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 688.877361][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 689.502846][T27032] binder_alloc: binder_alloc_mmap_handler: 27031 0-1000 already mapped failed -16 [ 691.989194][T27121] netlink: 'syz.2.9697': attribute type 11 has an invalid length. [ 692.267187][T27133] block nbd0: not configured, cannot reconfigure [ 692.759020][T27149] openvswitch: netlink: IP tunnel dst address not specified [ 693.507900][T27170] debugfs: Directory '!PjE љrѕЃв„yљ*›"Єl-§ЄєyТ–њ„LЭƒїгФ]' with parent 'ieee80211' already present! [ 695.805259][T27253] netlink: 'syz.6.9760': attribute type 1 has an invalid length. [ 696.904933][T27301] openvswitch: netlink: Key 23 has unexpected len 0 expected 2 [ 697.794588][T27337] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 697.922995][T27339] openvswitch: netlink: Message has 4 unknown bytes. [ 699.415879][T27401] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9832'. [ 699.517855][T27404] openvswitch: netlink: IP tunnel dst address not specified [ 699.650658][T27409] CIFS mount error: No usable UNC path provided in device string! [ 699.650658][T27409] [ 699.719867][T27409] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 700.818093][T27453] netlink: 108 bytes leftover after parsing attributes in process `syz.2.9854'. [ 700.967011][ T29] audit: type=1800 audit(4294967458.316:39): pid=27460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.9858" name="discovery_nqn" dev="configfs" ino=76330 res=0 errno=0 [ 701.017293][T27464] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 702.297844][T27502] netlink: 'syz.5.9875': attribute type 2 has an invalid length. [ 703.374002][T27538] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9894'. [ 703.821356][T27556] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 703.827976][T27556] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 707.555766][T27672] ima: policy update failed [ 707.585584][ T29] audit: type=1802 audit(4294967464.970:40): pid=27672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.9957" res=0 errno=0 [ 707.804729][T27681] Invalid ELF header len 3 [ 709.186142][T27736] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 709.485623][T27740] zero sized request [ 711.567371][T27823] netlink: zone id is out of range [ 711.579663][T27823] netlink: del zone limit has 4 unknown bytes syzkaller syzkaller login: [ 718.216742][T27991] netlink: 'syz.3.10101': attribute type 1 has an invalid length. [ 719.373331][T28040] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 719.600509][T28049] openvswitch: netlink: Missing valid actions attribute. [ 720.321300][T28077] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 720.609238][T28091] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 720.961051][T28098] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10153'. [ 723.310441][ T5142] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 723.360868][T28185] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 724.976649][T28254] nbd: must specify an index to disconnect [ 725.769403][T28283] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 725.776221][T28283] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 725.898395][T28289] netlink: 85 bytes leftover after parsing attributes in process `syz.5.10240'. [ 726.232015][T28298] netlink: 'syz.5.10252': attribute type 1 has an invalid length. [ 726.847580][T28324] netlink: 'syz.3.10255': attribute type 22 has an invalid length. [ 727.490645][T28350] Invalid ELF header magic: != ELF [ 732.419699][T28551] nbd: must specify a size in bytes for the device [ 732.935487][T28574] openvswitch: netlink: Key type 261 is out of range max 32 [ 734.727731][T28642] openvswitch: HSR: Dropping previously announced user features [ 736.952841][T28703] sctp: [Deprecated]: syz.5.10433 (pid 28703) Use of int in max_burst socket option deprecated. [ 736.952841][T28703] Use struct sctp_assoc_value instead [ 737.051547][T28709] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[28709] [ 737.561298][T28724] openvswitch: netlink: Message has 4 unknown bytes. [ 739.461717][T28791] netlink: Unknown conntrack attr (type=64, max=9) [ 740.332996][T28821] openvswitch: netlink: Key 23 has unexpected len 0 expected 2 [ 742.662248][T28890] svc: failed to register nfsdv3 RPC service (errno 111). [ 742.689058][T28890] svc: failed to register nfsaclv3 RPC service (errno 111). [ 744.506644][ T29] audit: type=1800 audit(4294967502.072:41): pid=28963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.10551" name="dbroot" dev="configfs" ino=82042 res=0 errno=0 [ 745.331932][T28988] netlink: 108 bytes leftover after parsing attributes in process `syz.3.10562'. [ 746.032414][ T5142] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 746.931309][T29052] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10593'. [ 747.230606][T29066] nbd: must specify an index to disconnect [ 747.829505][T29085] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 747.836078][T29085] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 748.257721][T29100] netlink: 85 bytes leftover after parsing attributes in process `syz.3.10616'. [ 748.445712][T29112] openvswitch: netlink: Key type 29 is not supported [ 748.646294][T29116] netlink: 'syz.3.10624': attribute type 1 has an invalid length. [ 748.700037][T29122] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 749.794811][T29149] netlink: 'syz.5.10637': attribute type 22 has an invalid length. [ 749.995442][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 750.002491][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.028828][T29119] kexec: Could not allocate control_code_buffer [ 754.023921][T29313] netlink: zone id is out of range [ 754.029654][T29313] netlink: zone id is out of range [ 754.051699][T29313] netlink: zone id is out of range [ 754.063850][T29313] netlink: get zone limit has 4 unknown bytes [ 754.283426][T29317] openvswitch: netlink: nsh attr 1 has unexpected len 14 expected 8 [ 755.930460][T29370] netlink: 'syz.2.10737': attribute type 1 has an invalid length. [ 756.315930][T29382] nbd: must specify a size in bytes for the device [ 756.367959][T29384] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10743'. [ 759.113966][T29454] netlink: Conntrack attr type has unexpected length (type=0, length=107, expected=0) [ 759.948898][T29476] openvswitch: netlink: IP tunnel dst address not specified [ 760.426805][T29492] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10794'. [ 761.953176][T29539] netlink: 'syz.5.10816': attribute type 2 has an invalid length. [ 764.485451][T29629] netlink: 32 bytes leftover after parsing attributes in process `syz.5.10856'. [ 766.969012][T29700] netlink: 'syz.5.10886': attribute type 11 has an invalid length. [ 767.470139][T29713] delete_channel: no stack [ 767.818622][T29728] netlink: 648 bytes leftover after parsing attributes in process `syz.3.10899'. [ 767.844025][T29728] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10899'. [ 768.080509][T29738] netlink: get zone limit has 8 unknown bytes [ 768.345019][T29742] netlink: 'syz.5.10905': attribute type 5 has an invalid length. [ 769.882673][T29780] openvswitch: netlink: Flow key attribute not present in set flow. [ 770.937478][T29810] sctp: [Deprecated]: syz.5.10935 (pid 29810) Use of struct sctp_assoc_value in delayed_ack socket option. [ 770.937478][T29810] Use struct sctp_sack_info instead [ 771.971440][T29845] netlink: 'syz.6.10951': attribute type 1 has an invalid length. [ 772.400531][T29858] netlink: 'syz.2.10956': attribute type 22 has an invalid length. [ 774.454323][T29905] netlink: Unknown conntrack attr (type=64, max=9) [ 776.142179][T29979] netlink: 'syz.3.11009': attribute type 2 has an invalid length. [ 780.999517][T30117] netlink: zone id is out of range [ 781.027002][T30117] netlink: zone id is out of range [ 781.032207][T30117] netlink: zone id is out of range [ 781.063384][T30117] netlink: get zone limit has 4 unknown bytes [ 782.765167][T30181] openvswitch: netlink: Message has 4 unknown bytes. [ 789.378684][T30342] sctp: [Deprecated]: syz.3.11173 (pid 30342) Use of struct sctp_assoc_value in delayed_ack socket option. [ 789.378684][T30342] Use struct sctp_sack_info instead [ 790.002321][T30359] delete_channel: no stack [ 791.610685][ T36] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 791.769464][ T36] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 791.917987][ T36] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.078064][ T36] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.536692][ T36] bridge_slave_1: left allmulticast mode [ 792.542438][ T36] bridge_slave_1: left promiscuous mode [ 792.560702][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 792.600275][ T36] bridge_slave_0: left allmulticast mode [ 792.607988][ T36] bridge_slave_0: left promiscuous mode [ 792.613902][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 792.653536][T30432] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 792.674721][T30432] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 792.686529][T30432] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 792.699181][T30432] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 792.711954][T30432] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 792.719947][T30432] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 793.261667][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 793.273324][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 793.286406][ T36] bond0 (unregistering): Released all slaves [ 793.416427][ T36] HSR: left promiscuous mode [ 793.498692][T30443] netlink: 'syz.2.11213': attribute type 5 has an invalid length. [ 793.576318][ T36] : left promiscuous mode [ 793.616889][T30446] netlink: get zone limit has 8 unknown bytes [ 793.711331][ T36] nl80211: left promiscuous mode [ 794.106674][T30430] chnl_net:caif_netlink_parms(): no params data found [ 794.721689][T30430] bridge0: port 1(bridge_slave_0) entered blocking state [ 794.729867][T30430] bridge0: port 1(bridge_slave_0) entered disabled state [ 794.750346][T30430] bridge_slave_0: entered allmulticast mode [ 794.770049][T30430] bridge_slave_0: entered promiscuous mode [ 794.795460][ T5142] Bluetooth: hci3: command tx timeout [ 794.829823][T30430] bridge0: port 2(bridge_slave_1) entered blocking state [ 794.838414][T30430] bridge0: port 2(bridge_slave_1) entered disabled state [ 794.846528][T30430] bridge_slave_1: entered allmulticast mode [ 794.853754][T30430] bridge_slave_1: entered promiscuous mode [ 794.899990][T30430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 794.925827][T30430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 795.007374][T30430] team0: Port device team_slave_0 added [ 795.034816][T30430] team0: Port device team_slave_1 added [ 795.099739][T30430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 795.107129][T30430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 795.134153][T30430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 795.154086][T30430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 795.165459][T30430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 795.193290][T30430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 795.322659][T30430] hsr_slave_0: entered promiscuous mode [ 795.339659][T30430] hsr_slave_1: entered promiscuous mode [ 795.346150][T30430] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 795.356244][T30430] Cannot create hsr debugfs directory [ 795.800592][ T36] hsr_slave_0: left promiscuous mode [ 795.813842][ T36] hsr_slave_1: left promiscuous mode [ 795.820969][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 795.832447][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 795.841041][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 795.850533][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 795.879553][ T36] veth1_macvtap: left promiscuous mode [ 795.885169][ T36] veth0_macvtap: left promiscuous mode [ 795.891609][ T36] veth1_vlan: left promiscuous mode [ 795.897700][ T36] veth0_vlan: left promiscuous mode [ 796.669022][ T36] team0 (unregistering): Port device team_slave_1 removed [ 796.731063][ T36] team0 (unregistering): Port device team_slave_0 removed [ 796.864140][ T5142] Bluetooth: hci3: command tx timeout [ 797.484063][T30430] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 797.539907][T30430] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 797.579506][T30430] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 797.604210][T30430] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 797.841445][T30430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 797.881505][T30430] 8021q: adding VLAN 0 to HW filter on device team0 [ 797.902544][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 797.909760][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 797.934748][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 797.941936][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 798.262630][T30430] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 798.597845][T30430] veth0_vlan: entered promiscuous mode [ 798.619495][T30430] veth1_vlan: entered promiscuous mode [ 798.671104][T30430] veth0_macvtap: entered promiscuous mode [ 798.689530][T30430] veth1_macvtap: entered promiscuous mode [ 798.733510][T30430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 798.753727][T30430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.768060][T30430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 798.782926][T30430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.794805][T30430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 798.805804][T30430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.826710][T30430] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 798.857970][T30430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 798.874092][T30430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.884578][T30430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 798.895531][T30430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.905747][T30430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 798.916286][T30430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.927455][T30430] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 798.935608][ T5142] Bluetooth: hci3: command tx timeout [ 798.956560][T30430] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.967064][T30430] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.976809][T30430] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.986369][T30430] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.116127][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 799.130523][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 799.167411][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 799.179233][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 801.009757][ T5142] Bluetooth: hci3: command tx timeout [ 802.057959][T30641] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 802.452363][T30648] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[30648] [ 803.451059][T30640] kexec: Could not allocate control_code_buffer [ 804.001060][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.350774][T30432] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 804.368384][T30432] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 804.383719][T30432] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 804.402256][T30432] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 804.414019][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.425289][T30432] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 804.430300][T30681] sctp: [Deprecated]: syz.7.11255 (pid 30681) Use of int in max_burst socket option deprecated. [ 804.430300][T30681] Use struct sctp_assoc_value instead [ 804.451607][T30432] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 804.646417][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.893588][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 805.274290][ T11] bridge_slave_1: left allmulticast mode [ 805.280517][ T11] bridge_slave_1: left promiscuous mode [ 805.286982][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 805.383843][ T11] bridge_slave_0: left allmulticast mode [ 805.390510][ T11] bridge_slave_0: left promiscuous mode [ 805.396378][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.151429][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 806.169831][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 806.180994][ T11] bond0 (unregistering): Released all slaves [ 806.201232][T30678] chnl_net:caif_netlink_parms(): no params data found [ 806.272643][ T11] .': left promiscuous mode [ 806.350879][T30722] openvswitch: netlink: Key type 261 is out of range max 32 [ 806.434300][ T11] HSR: left promiscuous mode [ 806.491334][T30432] Bluetooth: hci0: command tx timeout [ 806.521561][ T11] : left promiscuous mode [ 806.654666][ T11] tipc: Left network mode [ 806.655427][T30678] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.680249][T30678] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.710407][T30678] bridge_slave_0: entered allmulticast mode [ 806.750911][T30678] bridge_slave_0: entered promiscuous mode [ 806.765568][T30678] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.788869][T30678] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.818213][T30678] bridge_slave_1: entered allmulticast mode [ 806.835181][T30678] bridge_slave_1: entered promiscuous mode [ 806.983565][T30678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 807.048953][T30678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 807.290774][T30678] team0: Port device team_slave_0 added [ 807.341783][T30678] team0: Port device team_slave_1 added [ 807.452398][T30678] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 807.484369][T30678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 807.555597][T30678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 807.604208][T30678] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 807.633498][T30678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 807.729707][T30678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 808.175221][T30678] hsr_slave_0: entered promiscuous mode [ 808.190903][T30678] hsr_slave_1: entered promiscuous mode [ 808.228632][T30678] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 808.240723][T30678] Cannot create hsr debugfs directory [ 808.580110][T30432] Bluetooth: hci0: command tx timeout [ 809.393242][ T11] hsr_slave_0: left promiscuous mode [ 809.444062][ T11] hsr_slave_1: left promiscuous mode [ 809.495615][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 809.534297][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 809.552025][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 809.580789][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 809.680436][ T11] veth1_macvtap: left promiscuous mode [ 809.693780][ T11] veth0_macvtap: left promiscuous mode [ 809.711984][ T11] veth1_vlan: left promiscuous mode [ 809.734158][ T11] veth0_vlan: left promiscuous mode [ 810.035151][T30822] netlink: 28 bytes leftover after parsing attributes in process `syz.5.11301'. [ 810.629559][T30432] Bluetooth: hci0: command tx timeout [ 811.025064][ T11] team0 (unregistering): Port device team_slave_1 removed [ 811.118973][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 811.125652][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.141622][ T11] team0 (unregistering): Port device team_slave_0 removed [ 811.890401][T30678] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 811.926134][T30678] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 812.033840][T30678] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 812.074518][T30678] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 812.317484][T30678] 8021q: adding VLAN 0 to HW filter on device bond0 [ 812.398888][T30678] 8021q: adding VLAN 0 to HW filter on device team0 [ 812.473030][ T3550] bridge0: port 1(bridge_slave_0) entered blocking state [ 812.480305][ T3550] bridge0: port 1(bridge_slave_0) entered forwarding state [ 812.502356][ T3550] bridge0: port 2(bridge_slave_1) entered blocking state [ 812.509667][ T3550] bridge0: port 2(bridge_slave_1) entered forwarding state [ 812.719208][T30432] Bluetooth: hci0: command tx timeout [ 812.845790][T30875] openvswitch: netlink: IP tunnel TTL not specified. [ 813.258573][T30678] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 814.106640][T30678] veth0_vlan: entered promiscuous mode [ 814.142575][T30678] veth1_vlan: entered promiscuous mode [ 814.223920][T30678] veth0_macvtap: entered promiscuous mode [ 814.260011][T30678] veth1_macvtap: entered promiscuous mode [ 814.311716][T30678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 814.350198][T30678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 814.373678][T30678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 814.405050][T30678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 814.421607][T30678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 814.449534][T30678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 814.468498][T30678] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 814.501079][T30678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 814.532168][T30678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 814.561507][T30678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 814.578846][T30678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 814.600545][T30678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 814.628563][T30678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 814.649670][T30678] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 814.703014][T30678] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.733192][T30678] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.743841][T30678] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.758289][T30678] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.955793][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 814.970466][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 815.060504][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 815.086813][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 815.635082][T30948] openvswitch: netlink: IP tunnel dst address not specified [ 816.240415][T30969] ima: policy update failed [ 816.270142][ T29] audit: type=1802 audit(4294967574.206:42): pid=30969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.11341" res=0 errno=0 [ 817.910839][T31007] usb usb15: usbfs: interface 0 claimed by hub while 'syz.8.11353' sets config #0 [ 818.087601][T31008] svc: failed to register nfsdv3 RPC service (errno 111). [ 818.123401][T31008] svc: failed to register nfsaclv3 RPC service (errno 111). [ 818.216467][T31018] ima: policy update failed [ 818.240088][ T29] audit: type=1802 audit(4294967576.206:43): pid=31018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.8.11355" res=0 errno=0 [ 820.186727][T31071] ima: policy update failed [ 820.203659][ T29] audit: type=1802 audit(4294967578.176:44): pid=31071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.7.11368" res=0 errno=0 [ 820.633611][T31083] svc: failed to register nfsdv3 RPC service (errno 111). [ 820.664166][T31083] svc: failed to register nfsaclv3 RPC service (errno 111). [ 820.733240][T31086] usb usb15: usbfs: interface 0 claimed by hub while 'syz.3.11375' sets config #0 [ 822.346958][T31133] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd31 [ 822.676911][T31143] netlink: 'syz.8.11393': attribute type 1 has an invalid length. [ 824.457328][T31208] ima: policy update failed [ 824.555306][T31198] svc: failed to register nfsdv3 RPC service (errno 111). [ 824.566891][ T29] audit: type=1802 audit(4294967582.529:45): pid=31208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.11413" res=0 errno=0 [ 824.762770][T31198] svc: failed to register nfsaclv3 RPC service (errno 111). [ 826.565666][T31269] svc: failed to register nfsdv3 RPC service (errno 111). [ 826.609951][T31269] svc: failed to register nfsaclv3 RPC service (errno 111). [ 828.208107][T31321] sd 0:0:1:0: PR command failed: 1026 [ 828.213632][T31321] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 828.220654][T31321] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 829.924853][T31381] 0}^: entered promiscuous mode [ 830.371202][T31397] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 834.511340][T31500] netlink: Conntrack attr has 16 unknown bytes [ 835.355580][T31530] sg_write: process 193 (syz.7.11532) changed security contexts after opening file descriptor, this is not allowed. [ 836.052496][T31550] netlink: Conntrack attr has 16 unknown bytes [ 839.000542][T31653] zero sized request [ 839.025300][T31653] zero sized request [ 839.934360][T31663] ptrace attach of "./syz-executor exec"[5829] was attempted by "Ћэ“—a=ЦŸЪѓ‡ŸЧ#Ът8єЁёнЯЈгw\x22шIkhOУB‡T.‚nпЙmyz˜…‹BŸљ00Є_Гi7Є?,mR„ЌЬ3G@m&Ї}\x1b(;=юfУј_ЯrюW꓆`ьD,І@OЈO“'MЁи†[\x5c%к<‰ГгЦ\x07шё9}їш\x1b\x0dхЛЛМ%Ў\x0cE‘АВ ќA4!#y•южО/ЎрГ\x5c=Л{|пRј6Щ™>ыyqђРэ\x0aэOO†н}ИЄINVџдї]u?’лє‚ зЊѕБћ‚Ц?шb5Йуѓ’иЩћ}РЎ=ьJ†Д ЋДE8—фЋ| З'!К˜D``еЈF\x1b{й?(kИ?IK>е[ЦiъKЙ\x0bS€eVфо с{‚VЖe‘,Ћ€‡і3ўШSцьd\x09\x0bEг…AХ&Ю”ЅWmŸт{§*8я•ШЮѓ?ZЬ‘BI\x0d3Ћ}дl TZ1ЋыУЫ№r№šЋ{Ь#ы\x0cУєBчm[\x0bзЉCyN‡(дp*у7љeЙ.J“–\x0a;7xrиCФ1ŒЇЊН\x0bаЫh‰‹RЂЅЧр.щЫ)(ћtыc\x09ˆ7… ЕЄVј(€Кx4ы6Sdnў\x09ВџoўЄ‘X\x0cˆД\x5cЯСR‘ПЛo—вѕЖшчД]@\x09Oню€Я„уP­е‘э§+.oр-PšњџЯ\x22\x0bЇЎЉ hА;т@\x5cњ К\x0cС@€dй„њзySлI\x09§UZл&”9–“MNљbc0RxЦH˜2qщwXjcЄSП@oРџS•ЏщЎd…Žv\x0bK7еYmka'єи JdХSщЗТ сА*okнк\x1bЌM\x22žvhoSЛ?WM?Џt]:%д~МШТS[5ЖMЧ6ˆRпМ $ё]eŸЊH}яЈќŒ\x22ЫˆŸ(ЊГzIџ9†кЬОOш9E{7z№Зƒ\x22Їтpц“Ъ‘^‰nRоŠ­&<И–}в§Kшуж/АОVм„Э\x5cЦ …Œ§‹4ƒХ!ЄyЧП\x0a\x0aЮѓ*&šQПUРЖїЙ^айФŒ–\x1bњнПІЏJ“СЇЊЅ†_:ў\x5cŠ=\x07™s–жѕSМ> ˆ9ЦPЛъs1гT˜2ŸH [ 840.799791][T31713] type: 256 invalid [ 842.880887][T31787] netlink: 28 bytes leftover after parsing attributes in process `syz.5.11602'. [ 842.901861][T31787] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 843.016952][T31787] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 843.770163][T31798] ptrace attach of "./syz-executor exec"[30430] was attempted by "!Ш\x22\x0b№,\x09ЖЄЈdоб5К\x5c>дo?\x07cР#0­уˆ6žщГƒЭњјƒляГёƒЗ—€ШУмOLЃpJ9ЊЅhЙ§6ƒЖXѕ\x1b\x22= дŽџ˜Ъchы*\x0cRЋƒ%$HШ™\x1bJ4‰yчџPЊrШТ“Њofѓ{туЉ0о%Ж_их‹ЙŸѕE›s‹њ…g*64€I~6k.тЛ­k§Џ?AЮ•bсwц\x0d™АЕ}\x0c&ДДРŸfЌ pЇи\x22аЧLа†[;%Ј,P‰я\x09>ёCJ\x22NQ˜Š7Ю№5OюгРы‹s˜У+Сqоыb\x0dˆ‘ўіїи=‹фЩСјЅшU#Ќ~Вбƒ%t$NчUhvcЭcМG~ГрВ[?с!o”Z’>Яі\x09sЩ+іi€ЖІЯТк˜йWeќю\x1bтвррЩ‡кУ+`Э кя РяG9 dD.DšЊ§ƒ3ЬŸСй\x0d=iЌ+qmБ5A&єC=ƒ%уO ~Ršс&'C5ОEб\x07с‡ж– kрvi\x0bPо№Яiт4ч‰{Фхjо§&сО\x0cŠ§нЗрќ‹a\x5c0ижо’ƒ\x5cл#c­…В№мHЊЧЩƒЛи]€№0ЄhMГKMVиh8;Q 8зjЇ—ЊKС#%z\x0bЩkXIТ\x0cРŸ8h4ьžFЌ№#~tЂцр8Ј5еЧoѓџu4$fž“С–ЈXAъйѕЏ$ЗPЛыњу'љF>z<OJЇџ\x22дO‡ЁF”сœя™X ˜†Е:%ДJ€El‡ез„џR0\x0d4ГszMВg?Я\x0c,Ј€ГcЃ9!2Ћтя8№Я\x0b_во™У?аMИиd9}ƒ\x07\x5cаrAнє˜Х›хс•jŽXMŒ\x5c\x1bя9‚ЭКxІ‡ТВШКcCџFM>Є­дvўVѓA|њ &Ѕq…уц\x07”ђrGП!ѓП8НЦ­Nv;x‚+яkИ8LЈЊєŒA­уН o1s`џhUGб\x [ 845.531840][T31873] netlink: 28 bytes leftover after parsing attributes in process `syz.8.11627'. [ 845.679775][T31873] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 845.859633][T31873] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 846.263256][T31891] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11634'. [ 847.235427][T31912] Process accounting resumed [ 848.789597][T31966] Process accounting resumed [ 850.998391][T32004] netlink: 28 bytes leftover after parsing attributes in process `syz.7.11663'. [ 851.033522][T32004] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 851.220879][T32004] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 851.867360][T32020] Process accounting resumed [ 854.308681][T32071] netlink: 8 bytes leftover after parsing attributes in process `syz.7.11685'. [ 854.907512][T32078] Process accounting resumed [ 855.405411][T32088] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 856.374657][T32101] usb usb15: usbfs: process 32101 (syz.8.11698) did not claim interface 0 before use [ 863.784347][T32199] Process accounting resumed [ 865.233015][T32210] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 868.847203][T32276] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 869.354789][T32287] nbd: nbd7 already in use [ 870.245417][T32313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 870.296859][T32311] bcache: register_bcache() error : failed to open device [ 872.141852][T32361] nbd: nbd7 already in use [ 872.239555][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 872.259069][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 874.212996][T32402] bcache: register_bcache() error : failed to open device [ 874.510596][T32410] netlink: 'syz.8.11824': attribute type 11 has an invalid length. [ 874.938944][T30432] Bluetooth: hci1: ACL packet too small [ 875.429503][T32432] bcache: register_bcache() error : failed to open device [ 875.462496][T32434] netlink: 'syz.7.11836': attribute type 11 has an invalid length. [ 877.707938][T32484] Process accounting resumed [ 877.755673][T30432] Bluetooth: hci2: ACL packet too small [ 878.200121][T32494] Process accounting resumed [ 880.786515][T32575] Process accounting resumed [ 881.655746][T32604] Process accounting resumed [ 881.903537][T32613] netlink: 206 bytes leftover after parsing attributes in process `syz.5.11918'. [ 882.772179][T32637] sg_write: data in/out 32473/1048664 bytes for SCSI command 0x0-- guessing data in; [ 882.772179][T32637] program syz.3.11919 not setting count and/or reply_len properly [ 882.879846][T32639] Process accounting resumed [ 883.484351][T32655] Process accounting resumed [ 885.420662][T32723] block nbd1: Unsupported socket: shutdown callout must be supported. [ 886.177197][T32747] openvswitch: netlink: IP tunnel TTL not specified. [ 886.842773][ T300] sg_write: data in/out 32646/1048664 bytes for SCSI command 0x0-- guessing data in; [ 886.842773][ T300] program syz.5.11974 not setting count and/or reply_len properly [ 887.110075][ T307] mtrr: base(0x20000) is not aligned on a size(0x0000) boundary [ 888.213849][ T340] Process accounting resumed [ 889.213505][ T368] sg_write: data in/out 32647/1048664 bytes for SCSI command 0x0-- guessing data in; [ 889.213505][ T368] program syz.8.12000 not setting count and/or reply_len properly [ 889.561501][ T382] Process accounting resumed [ 896.451056][ T539] netlink: 8 bytes leftover after parsing attributes in process `syz.8.12072'. [ 897.654664][ T566] netlink: 8 bytes leftover after parsing attributes in process `syz.7.12083'. [ 898.627342][ T29] audit: type=1800 audit(8277292063.286:46): pid=592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.12094" name="lu_gp_id" dev="configfs" ino=96296 res=0 errno=0 [ 898.851281][ T596] netlink: 28 bytes leftover after parsing attributes in process `syz.8.12096'. [ 899.439096][ T610] Process accounting resumed [ 899.846506][ T617] netlink: 122 bytes leftover after parsing attributes in process `syz.8.12107'. [ 899.890480][ T622] netlink: 122 bytes leftover after parsing attributes in process `syz.8.12107'. [ 900.837029][ T640] Process accounting resumed [ 910.267704][ T863] netlink: 178 bytes leftover after parsing attributes in process `syz.5.12216'. [ 912.212483][ T916] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 912.219031][ T916] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 912.503941][ T933] program syz.5.12234 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 913.562420][ T968] program syz.3.12245 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 913.729662][ T971] Process accounting resumed [ 914.306151][ T985] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 914.312711][ T985] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 915.046520][ T5142] Bluetooth: hci3: command 0x0406 tx timeout [ 916.726507][ T1061] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 917.301625][ T1078] netlink: 8 bytes leftover after parsing attributes in process `syz.5.12288'. [ 919.050020][ T1132] netlink: 8 bytes leftover after parsing attributes in process `syz.8.12306'. [ 920.326552][ T1161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12321'. [ 923.800032][ T1250] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12360'. [ 924.019961][ T1253] netlink: 4 bytes leftover after parsing attributes in process `syz.7.12371'. [ 925.178595][ T1293] netlink: 8 bytes leftover after parsing attributes in process `syz.7.12378'. [ 926.135599][ T1320] sctp: [Deprecated]: syz.7.12389 (pid 1320) Use of int in maxseg socket option. [ 926.135599][ T1320] Use struct sctp_assoc_value instead [ 926.854792][ T1348] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [3]. [ 926.897973][ T1350] netlink: 8 bytes leftover after parsing attributes in process `syz.8.12400'. [ 928.539407][ T1390] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12417'. [ 928.735444][ T1399] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12417'. [ 929.917819][ T1424] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [3]. [ 930.053461][ T9933] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 930.300511][ T1431] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 930.323242][ T1431] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 930.341409][ T1431] Bluetooth: hci0: command 0x0406 tx timeout [ 930.349445][ T1431] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 930.363359][T17826] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 930.371361][ T1431] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 930.378965][ T1431] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 930.433379][ T9933] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 930.665329][ T9933] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 930.798199][ T9933] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 931.100424][ T1428] chnl_net:caif_netlink_parms(): no params data found [ 931.118269][ T9933] bridge_slave_1: left allmulticast mode [ 931.134217][ T9933] bridge_slave_1: left promiscuous mode [ 931.150065][ T9933] bridge0: port 2(bridge_slave_1) entered disabled state [ 931.208524][ T9933] bridge_slave_0: left allmulticast mode [ 931.223638][ T9933] bridge_slave_0: left promiscuous mode [ 931.229723][ T9933] bridge0: port 1(bridge_slave_0) entered disabled state [ 931.540603][ T29] audit: type=1326 audit(8277292096.367:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1460 comm="syz.3.12443" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efd49385d29 code=0x0 [ 932.399085][T30432] Bluetooth: hci3: command tx timeout [ 932.548884][ T1486] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12452'. [ 932.900998][ T9933] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 932.934023][ T9933] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 933.059427][ T9933] bond0 (unregistering): Released all slaves [ 933.148356][ T9933] 0}^: left promiscuous mode [ 933.357989][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 933.364649][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.590242][ T1428] bridge0: port 1(bridge_slave_0) entered blocking state [ 933.592516][ T29] audit: type=1326 audit(8277292098.428:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1517 comm="syz.5.12460" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faa22185d29 code=0x0 [ 933.609930][ T1428] bridge0: port 1(bridge_slave_0) entered disabled state [ 933.629065][ T1428] bridge_slave_0: entered allmulticast mode [ 933.636216][ T1428] bridge_slave_0: entered promiscuous mode [ 933.644444][ T1428] bridge0: port 2(bridge_slave_1) entered blocking state [ 933.651657][ T1428] bridge0: port 2(bridge_slave_1) entered disabled state [ 933.658943][ T1428] bridge_slave_1: entered allmulticast mode [ 933.666540][ T1428] bridge_slave_1: entered promiscuous mode [ 934.025100][ T1428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 934.062363][ T1428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 934.210202][ T9933] hsr_slave_0: left promiscuous mode [ 934.224531][ T9933] hsr_slave_1: left promiscuous mode [ 934.251748][ T9933] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 934.273747][ T9933] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 934.312701][ T9933] veth1_macvtap: left promiscuous mode [ 934.322492][ T9933] veth0_macvtap: left promiscuous mode [ 934.328915][ T9933] veth1_vlan: left promiscuous mode [ 934.334430][ T9933] veth0_vlan: left promiscuous mode [ 934.465478][T30432] Bluetooth: hci3: command tx timeout [ 935.197026][ T9933] team0 (unregistering): Port device team_slave_1 removed [ 935.265440][ T9933] team0 (unregistering): Port device team_slave_0 removed [ 935.950743][ T1428] team0: Port device team_slave_0 added [ 935.988653][ T1428] team0: Port device team_slave_1 added [ 936.110830][ T1428] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 936.123606][ T1428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 936.150761][ T1428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 936.163960][ T1428] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 936.171828][ T1428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 936.198374][ T1428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 936.297481][ T1428] hsr_slave_0: entered promiscuous mode [ 936.304147][ T1428] hsr_slave_1: entered promiscuous mode [ 936.311157][ T1428] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 936.319689][ T1428] Cannot create hsr debugfs directory [ 936.535066][T30432] Bluetooth: hci3: command tx timeout [ 936.602371][ T1428] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 936.613955][ T1428] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 936.627693][ T1428] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 936.638384][ T1428] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 936.738564][ T1428] 8021q: adding VLAN 0 to HW filter on device bond0 [ 936.767636][ T1428] 8021q: adding VLAN 0 to HW filter on device team0 [ 936.796989][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 936.804191][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 936.824289][ T9933] bridge0: port 2(bridge_slave_1) entered blocking state [ 936.831465][ T9933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 937.156024][ T1428] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 937.434082][ T1428] veth0_vlan: entered promiscuous mode [ 937.446257][ T1428] veth1_vlan: entered promiscuous mode [ 937.478807][ T1428] veth0_macvtap: entered promiscuous mode [ 937.488687][ T1428] veth1_macvtap: entered promiscuous mode [ 937.513916][ T1428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 937.527977][ T1428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.539885][ T1428] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 937.553123][ T1428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 937.564366][ T1428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.574930][ T1428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 937.585447][ T1428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.595912][ T1428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 937.606488][ T1428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.617563][ T1428] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 937.655846][ T1428] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 937.666046][ T1428] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 937.675948][ T1428] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 937.685157][ T1428] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 937.799001][ T3453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 937.808496][ T3453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 937.864712][ T9933] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 937.873069][ T9933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 938.604552][T30432] Bluetooth: hci3: command tx timeout [ 941.704914][ T29] audit: type=1326 audit(8277292106.590:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1714 comm="syz.3.12505" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efd49385d29 code=0x0 [ 941.859645][ T1720] Process accounting resumed [ 949.578360][ T1928] vivid-013: ================= START STATUS ================= [ 949.606821][ T1928] vivid-013: Generate PTS: true [ 949.612403][ T1928] vivid-013: Generate SCR: true [ 949.640418][ T1928] tpg source WxH: 640x360 (Y'CbCr) [ 949.645625][ T1928] tpg field: 1 [ 949.677168][ T1928] tpg crop: 640x360@0x0 [ 949.681568][ T1928] tpg compose: 640x360@0x0 [ 949.695965][ T1928] tpg colorspace: 8 [ 949.705358][ T1928] tpg transfer function: 0/0 [ 949.732610][ T1928] tpg Y'CbCr encoding: 0/0 [ 949.751306][ T1928] tpg quantization: 0/0 [ 949.755553][ T1928] tpg RGB range: 0/2 [ 949.792656][ T1928] vivid-013: ================== END STATUS ================== [ 950.027990][ T1947] netlink: 'syz.3.12579': attribute type 1 has an invalid length. [ 950.751074][ T1963] netlink: 4 bytes leftover after parsing attributes in process `syz.9.12585'. [ 950.783130][ T1963] netlink: 4 bytes leftover after parsing attributes in process `syz.9.12585'. [ 954.330434][ T2061] sctp: [Deprecated]: syz.9.12615 (pid 2061) Use of struct sctp_assoc_value in delayed_ack socket option. [ 954.330434][ T2061] Use struct sctp_sack_info instead = =єєџ[ 958.483804][ T2207] Unable to find swap-space signature [ 960.163590][ T2265] Process accounting resumed [ 961.275792][ T2308] netlink: 334 bytes leftover after parsing attributes in process `syz.8.12691'. [ 961.313045][ T2308] netlink: 334 bytes leftover after parsing attributes in process `syz.8.12691'. [ 962.273531][ T2344] Process accounting resumed [ 962.474891][ T2353] Process accounting resumed [ 964.254293][ T2377] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 964.459761][ T2385] netlink: 'syz.3.12721': attribute type 1 has an invalid length. [ 964.469705][ T2385] nbd: error processing sock list [ 964.647001][ T2394] Process accounting resumed [ 965.235699][ T2415] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12732'. [ 965.270206][ T2415] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12732'. [ 966.365609][ T2468] netlink: 'syz.3.12752': attribute type 1 has an invalid length. [ 967.190097][ T2496] ptp ptp0: only physical clock in use now [ 968.842754][ T2550] Process accounting resumed [ 969.946765][ T2587] Process accounting resumed [ 969.946818][ T2582] netlink: 350 bytes leftover after parsing attributes in process `syz.3.12792'. [ 972.299111][ T2661] netlink: 350 bytes leftover after parsing attributes in process `syz.8.12819'. [ 972.687988][ T2676] Process accounting resumed [ 972.706558][ T2677] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 973.723285][ T2707] bridge0: port 3(batadv0) entered blocking state [ 973.730189][ T2707] bridge0: port 3(batadv0) entered disabled state [ 973.738167][ T2707] batadv0: entered allmulticast mode [ 973.745418][ T2707] batadv0: entered promiscuous mode [ 973.751625][ T2707] bridge0: port 3(batadv0) entered blocking state [ 973.758840][ T2707] bridge0: port 3(batadv0) entered forwarding state [ 974.087392][ T36] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 974.097360][ T36] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 977.544900][ T2823] vivid-009: ================= START STATUS ================= [ 977.560274][ T2823] vivid-009: Enable Output Cropping: true grabbed [ 977.579827][ T2823] vivid-009: Enable Output Composing: true grabbed [ 977.594053][ T2823] vivid-009: Enable Output Scaler: true grabbed [ 977.609330][ T2823] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 977.627469][ T2823] vivid-009: Transmit Mode: HDMI grabbed [ 977.666032][ T2823] vivid-009: Hotplug Present: 0x00000000 [ 977.675645][ T2823] vivid-009: RxSense Present: 0x00000000 [ 977.692927][ T2823] vivid-009: EDID Present: 0x00000000 [ 977.708995][ T2823] vivid-009: ================== END STATUS ================== [ 979.349399][ T2891] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12895'. [ 980.299672][ T2924] zero sized request [ 981.637700][ T2976] cougar: G6 mapped to F18 [ 981.655525][ T2980] program syz.5.12933 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 992.653923][ T29] audit: type=1326 audit(8277292157.805:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3312 comm="syz.9.13071" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f30a4b85d29 code=0x0 [ 994.478439][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 994.485186][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 995.087509][ T29] audit: type=1326 audit(8277292160.247:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3371 comm="syz.8.13092" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab42785d29 code=0x0 [ 997.490364][ T3450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13123'. [ 997.518934][ T3450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13123'. [ 998.738425][ T3487] netlink: 'syz.5.13138': attribute type 1 has an invalid length. [ 1001.918017][ T3592] netlink: 'syz.8.13182': attribute type 1 has an invalid length. [ 1002.027515][ T3596] vivid-013: ================= START STATUS ================= [ 1002.060159][ T3596] vivid-013: Generate PTS: true [ 1002.075608][ T3596] vivid-013: Generate SCR: true [ 1002.080585][ T3596] tpg source WxH: 640x360 (Y'CbCr) [ 1002.115378][ T3596] tpg field: 1 [ 1002.118833][ T3596] tpg crop: 640x360@0x0 [ 1002.123048][ T3596] tpg compose: 640x360@0x0 [ 1002.145710][ T3596] tpg colorspace: 8 [ 1002.149611][ T3596] tpg transfer function: 0/0 [ 1002.166196][ T3596] tpg Y'CbCr encoding: 0/0 [ 1002.170697][ T3596] tpg quantization: 0/0 [ 1002.179471][ T3596] tpg RGB range: 0/2 [ 1002.193547][ T3596] vivid-013: ================== END STATUS ================== [ 1002.400490][ T3610] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13189'. [ 1002.423448][ T3610] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13189'. = =єєџ[ 1004.891675][ T3690] sctp: [Deprecated]: syz.3.13225 (pid 3690) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1004.891675][ T3690] Use struct sctp_sack_info instead = =єєџ = =єєџ[ 1008.774384][ T3785] Process accounting resumed [ 1010.690231][ T3817] Unable to find swap-space signature [ 1014.179296][ T3904] Process accounting resumed syzkaller syzkaller login: [ 1014.646233][ T3916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1014.930373][ T3928] cifs: Unknown parameter 'T.ŸмлцЈХМc[Ÿаъ€$тцЕШ)ќБUѓУ‘nEѓ-Ъ™ОlЎік-КŒ -О_€™ЏдхсЊ5Z фoхщЂmžаfwYЭhК*/џxDlнЉŠзэgеkЧAэГљЯ7Эии9’єXіa/fъ_џARЃˆ™‘ШxM ‚vЌ—pџБ$^;єиq‡3БЋЃnьЁЕ-6Љ+e„k„ОёЧ<Аkœcд)n.ќeMЭїNaЈtЎаSMЮЦ1,ўЄ•u&— ГZ­HіУьШСi!нЕ‡†Р_ІrŠІ8@ХцK$ЯЉХњ>x' [ 1017.036838][ T3974] netlink: 350 bytes leftover after parsing attributes in process `syz.9.13341'. [ 1017.344418][ T3982] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 1018.439242][ T4006] ptp ptp0: only physical clock in use now [ 1019.921790][ T4036] Process accounting resumed [ 1022.851376][ T4114] cougar: G6 mapped to F18 [ 1033.611080][ T4320] Process accounting resumed [ 1034.744755][ T4335] Unable to find swap-space signature [ 1039.434628][ T4415] Process accounting resumed syzkaller syzkaller login: [ 1049.724266][ T4592] program syz.8.13576 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1052.609720][ T1434] Bluetooth: hci3: command 0x0406 tx timeout [ 1053.248911][ T4650] size and base must be multiples of 4 kiB [ 1053.254814][ T4650] CPU: 1 UID: 0 PID: 4650 Comm: syz.5.13600 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0 [ 1053.265650][ T4650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1053.275774][ T4650] Call Trace: [ 1053.279104][ T4650] [ 1053.282523][ T4650] dump_stack_lvl+0x16c/0x1f0 [ 1053.287277][ T4650] mtrr_add+0xdf/0x110 [ 1053.291434][ T4650] mtrr_ioctl+0x7cd/0xcd0 [ 1053.295845][ T4650] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1053.300788][ T4650] ? __pfx_lock_release+0x10/0x10 [ 1053.306059][ T4650] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1053.311270][ T4650] ? __fget_files+0x206/0x3a0 [ 1053.316027][ T4650] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1053.320966][ T4650] proc_reg_unlocked_ioctl+0x226/0x320 [ 1053.326598][ T4650] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1053.332676][ T4650] __x64_sys_ioctl+0x190/0x200 [ 1053.337515][ T4650] do_syscall_64+0xcd/0x250 [ 1053.342103][ T4650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1053.348083][ T4650] RIP: 0033:0x7faa22185d29 [ 1053.352555][ T4650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1053.372238][ T4650] RSP: 002b:00007faa22f8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1053.380729][ T4650] RAX: ffffffffffffffda RBX: 00007faa22375fa0 RCX: 00007faa22185d29 [ 1053.388762][ T4650] RDX: 0000000000000003 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 1053.396795][ T4650] RBP: 00007faa22201b08 R08: 0000000000000000 R09: 0000000000000000 [ 1053.404846][ T4650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1053.412880][ T4650] R13: 0000000000000000 R14: 00007faa22375fa0 R15: 00007fff86eed738 [ 1053.420935][ T4650] [ 1054.177222][ T4678] hugetlbfs: syz.3.13615 (4678): Using mlock ulimits for SHM_HUGETLB is obsolete [ 1054.658396][ T4684] device-mapper: ioctl: only supply one of name or uuid, cmd(14) [ 1055.606200][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.612696][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 1056.337709][ T4730] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 1057.571922][ T4752] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1059.565665][ T4819] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 1060.493318][ T4845] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 1064.782250][ T4931] netlink: 8 bytes leftover after parsing attributes in process `syz.8.13718'. [ 1072.674866][ T5131] Process accounting resumed [ 1075.713859][ T5227] bridge0: port 4(bond0) entered blocking state [ 1075.748243][ T5227] bridge0: port 4(bond0) entered disabled state [ 1075.770919][ T5227] bond0: entered allmulticast mode [ 1075.781426][ T5227] bond_slave_0: entered allmulticast mode [ 1075.787247][ T5227] bond_slave_1: entered allmulticast mode [ 1075.809968][ T5227] bond0: entered promiscuous mode [ 1075.816169][ T5227] bond_slave_0: entered promiscuous mode [ 1075.822166][ T5227] bond_slave_1: entered promiscuous mode [ 1075.829040][ T5227] bridge0: port 4(bond0) entered blocking state [ 1075.837272][ T5227] bridge0: port 4(bond0) entered forwarding state [ 1078.342257][ T5315] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 1078.675589][ T5325] sd 0:0:1:0: PR command failed: 1026 [ 1078.695460][ T5325] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1078.702269][ T5325] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1079.360530][ T5342] Process accounting resumed [ 1080.596250][ T5376] ima: policy update failed [ 1080.641894][ T29] audit: type=1807 audit(8277292060.682:52): UNKNOWN=ђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџџџђџ [ 1080.642331][ T29] audit: type=1802 audit(8277292060.682:53): pid=5378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.13903" res=0 errno=0 [ 1080.752381][ T29] audit: type=1802 audit(8277292060.692:54): pid=5376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.13903" res=0 errno=0 [ 1081.369466][ T5395] Process accounting resumed [ 1084.308020][ T5469] Process accounting resumed syzkaller syzkaller login: [ 1086.600835][ T5532] netlink: 16 bytes leftover after parsing attributes in process `syz.5.13966'. [ 1091.529714][ T5690] netlink: 334 bytes leftover after parsing attributes in process `syz.3.14027'. syzkaller syzkaller login: [ 1093.813434][ T5765] netlink: 14880 bytes leftover after parsing attributes in process `syz.9.14058'. syzkaller syzkaller login: [ 1095.296183][ T5812] openvswitch: netlink: Multiple metadata blocks provided [ 1098.152215][ T5912] Process accounting resumed [ 1098.957670][ T5939] Process accounting resumed [ 1101.169122][ T5991] could not allocate digest TFM handle [ 1101.810432][ T6012] Process accounting resumed [ 1103.722070][ T6057] netlink: 28 bytes leftover after parsing attributes in process `syz.9.14181'. [ 1103.743810][ T6057] netlink: 28 bytes leftover after parsing attributes in process `syz.9.14181'. [ 1104.339756][ T6069] Process accounting resumed [ 1104.342800][ T6071] Process accounting resumed [ 1105.933812][ T6101] could not allocate digest TFM handle [ 1107.542992][ T6130] bridge0: port 3(ipvlan1) entered blocking state [ 1107.571971][ T6130] bridge0: port 3(ipvlan1) entered disabled state [ 1107.597618][ T6130] ipvlan1: entered allmulticast mode [ 1107.621852][ T6130] veth0_vlan: entered allmulticast mode [ 1107.650113][ T6130] ipvlan1: left allmulticast mode [ 1107.669102][ T6130] veth0_vlan: left allmulticast mode [ 1111.145791][ T6218] Process accounting resumed [ 1111.772856][ T6228] Process accounting resumed [ 1111.813168][ T6228] warn_unsupported: 1 callbacks suppressed [ 1111.813192][ T6228] kernel write not supported for file /tracing_on (pid: 6228 comm: syz.5.14252) [ 1112.076840][ T6237] Process accounting resumed [ 1112.874082][ T29] audit: type=1800 audit(8277292093.130:55): pid=6255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.14263" name="dbroot" dev="configfs" ino=113338 res=0 errno=0 [ 1112.919965][ T6255] db_root: not a directory: /dev/dri/card0 [ 1116.307858][ T6338] bridge0: port 3(syz_tun) entered blocking state [ 1116.329763][ T6338] bridge0: port 3(syz_tun) entered disabled state [ 1116.358250][ T6338] syz_tun: entered allmulticast mode [ 1116.378665][ T6338] syz_tun: entered promiscuous mode [ 1116.391769][ T6338] bridge0: port 3(syz_tun) entered blocking state [ 1116.398418][ T6338] bridge0: port 3(syz_tun) entered forwarding state [ 1116.722671][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.729726][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.313231][ T6363] sock: sock_timestamping_bind_phc: sock not bind to device [ 1117.831508][ T29] audit: type=1800 audit(8277292098.116:56): pid=6395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=FFFFF2FFFFFFF2FFFFFFF2FFFFFFF2 name="features" dev="configfs" ino=114583 res=0 errno=0 [ 1118.182331][ T6408] program syz.8.14327 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1119.428609][ T6448] Process accounting resumed [ 1120.740952][ T6480] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 1121.082030][ T6485] netlink: 85 bytes leftover after parsing attributes in process `syz.9.14361'. [ 1121.353036][ T6491] Process accounting resumed [ 1122.835981][ T6513] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1122.864937][ T6513] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1122.881474][ T6513] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1122.904127][ T6513] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1122.912657][ T6513] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1122.942066][ T6513] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1122.950169][ T6513] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1124.119213][T30432] Bluetooth: hci2: command 0x0c1a tx timeout [ 1124.919933][T30432] Bluetooth: hci0: command 0x0406 tx timeout [ 1124.926623][T30432] Bluetooth: hci1: command 0x0406 tx timeout [ 1124.994660][ T1434] Bluetooth: hci3: command 0x0406 tx timeout [ 1126.304690][ T6595] Process accounting resumed [ 1126.323656][ T6595] i8042 kbd 00:01: in use; can't configure [ 1126.984327][ T1434] Bluetooth: hci1: command 0x0406 tx timeout [ 1126.990468][ T1434] Bluetooth: hci0: command 0x0406 tx timeout [ 1127.063831][ T1434] Bluetooth: hci3: command 0x0406 tx timeout [ 1127.193378][ T6618] program syz.3.14421 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1127.765883][ T6627] Process accounting resumed [ 1128.455643][ T6645] netlink: 8 bytes leftover after parsing attributes in process `syz.8.14433'. [ 1129.143186][ T6668] [ 1131.197343][ T6727] Process accounting resumed [ 1133.374086][ T6730] kexec: Could not allocate control_code_buffer [ 1135.067603][ T6794] Process accounting resumed [ 1135.875829][ T6822] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 1136.309373][ T6835] Process accounting resumed [ 1136.314142][ T6835] ACPI: Can not change Invalid GPE/Fixed Event status [ 1136.452550][ T6840] Process accounting resumed [ 1136.708458][ T6848] Process accounting resumed [ 1137.302162][ T6867] kafs: addr_prefs: Invalid Command [ 1146.558830][ T7128] netlink: 24 bytes leftover after parsing attributes in process `syz.9.14639'. [ 1148.471523][ T7170] netlink: 206 bytes leftover after parsing attributes in process `syz.3.14656'. [ 1149.098594][ T7184] Process accounting resumed [ 1150.185334][ T7217] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1150.191759][ T7217] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1150.329784][ T7221] Process accounting resumed [ 1150.343050][ T7217] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1150.349488][ T7217] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1151.230524][ T7246] netlink: 24 bytes leftover after parsing attributes in process `syz.9.14692'. [ 1152.213070][ T1434] Bluetooth: hci1: command 0x0406 tx timeout [ 1152.219210][ T1434] Bluetooth: hci2: command 0x0c1a tx timeout [ 1152.382238][T30432] Bluetooth: hci3: command 0x0406 tx timeout [ 1152.382249][ T1434] Bluetooth: hci0: command 0x0406 tx timeout [ 1152.575967][ T7289] netlink: 206 bytes leftover after parsing attributes in process `syz.9.14707'. [ 1152.701426][ T7291] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1152.707700][ T7291] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1152.785176][ T7291] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1152.810218][ T7291] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1153.747568][ T7321] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1153.747765][ T7321] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1153.747937][ T7321] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1153.748096][ T7321] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1155.801397][T30432] Bluetooth: hci3: command 0x0406 tx timeout [ 1155.807750][T30432] Bluetooth: hci0: command 0x0406 tx timeout [ 1155.813843][T30432] Bluetooth: hci1: command 0x0406 tx timeout [ 1155.821458][T30432] Bluetooth: hci2: command 0x0c1a tx timeout [ 1157.280152][ T7421] Process accounting resumed [ 1157.389050][ T7424] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1157.396092][ T7424] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1157.402954][ T7424] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1157.457019][ T7424] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1158.432471][ T7458] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14777'. [ 1158.839907][ T29] audit: type=1800 audit(8277292040.629:57): pid=7470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.14783" name="features" dev="configfs" ino=118381 res=0 errno=0 [ 1158.868522][ T29] audit: type=1800 audit(8277292040.629:58): pid=7470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.14783" name="dbroot" dev="configfs" ino=118382 res=0 errno=0 [ 1159.469289][ T1434] Bluetooth: hci0: command 0x0406 tx timeout [ 1159.475522][ T5142] Bluetooth: hci1: command 0x0406 tx timeout [ 1159.481608][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 1159.491213][T30432] Bluetooth: hci3: command 0x0406 tx timeout [ 1161.041087][ T7542] Process accounting resumed [ 1162.418476][ T7592] size and base must be multiples of 4 kiB [ 1162.428666][ T7592] CPU: 1 UID: 0 PID: 7592 Comm: syz.9.14836 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0 [ 1162.439575][ T7592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1162.449689][ T7592] Call Trace: [ 1162.453026][ T7592] [ 1162.456009][ T7592] dump_stack_lvl+0x16c/0x1f0 [ 1162.460769][ T7592] mtrr_del+0xd1/0x110 [ 1162.464937][ T7592] mtrr_ioctl+0x900/0xcd0 [ 1162.469363][ T7592] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1162.474314][ T7592] ? __pfx_lock_release+0x10/0x10 [ 1162.479423][ T7592] ? __fget_files+0x206/0x3a0 [ 1162.484182][ T7592] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1162.489120][ T7592] proc_reg_unlocked_ioctl+0x226/0x320 [ 1162.494655][ T7592] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1162.500722][ T7592] __x64_sys_ioctl+0x190/0x200 [ 1162.505561][ T7592] do_syscall_64+0xcd/0x250 [ 1162.510158][ T7592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1162.516137][ T7592] RIP: 0033:0x7f30a4b85d29 [ 1162.520636][ T7592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1162.540323][ T7592] RSP: 002b:00007f30a49f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1162.548819][ T7592] RAX: ffffffffffffffda RBX: 00007f30a4d75fa0 RCX: 00007f30a4b85d29 [ 1162.556868][ T7592] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 1162.564911][ T7592] RBP: 00007f30a4c01b08 R08: 0000000000000000 R09: 0000000000000000 [ 1162.573046][ T7592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1162.581076][ T7592] R13: 0000000000000000 R14: 00007f30a4d75fa0 R15: 00007ffc48630cd8 [ 1162.589108][ T7592] [ 1163.142323][ T7619] netlink: 4 bytes leftover after parsing attributes in process `syz.9.14849'. [ 1164.991435][ T7679] netlink: 28 bytes leftover after parsing attributes in process `syz.8.14874'. [ 1165.778109][ T7693] Process accounting resumed [ 1167.632292][ T7738] sd 0:0:1:0: PR command failed: 1026 [ 1167.652785][ T7738] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1167.663486][ T7738] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1167.859346][ T7747] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 1168.180080][ T7762] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14911'. [ 1168.189288][ T7762] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 1168.197758][ T7762] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 1169.882258][ T7801] syz.9.14926 (7801): /proc/7798/oom_adj is deprecated, please use /proc/7798/oom_score_adj instead. [ 1172.314089][ T7865] Process accounting resumed [ 1172.895123][ T7882] Process accounting resumed [ 1174.242802][ T7924] sctp: [Deprecated]: syz.3.14973 (pid 7924) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1174.242802][ T7924] Use struct sctp_sack_info instead [ 1174.595603][ T7932] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 1175.939917][ T7963] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14988'. [ 1177.844195][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.851501][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.168912][ T8034] netlink: 'syz.3.15017': attribute type 11 has an invalid length. [ 1180.873137][ T8072] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(4.2097152.1), cmd(6) [ 1181.579194][ T8087] Process accounting resumed [ 1181.853371][ T8096] Process accounting resumed [ 1189.474133][ T8311] netlink: 'syz.3.15132': attribute type 1 has an invalid length. [ 1193.491912][ T8423] Process accounting resumed [ 1194.873941][ T8450] Process accounting resumed [ 1198.636830][ T8543] netlink: 330 bytes leftover after parsing attributes in process `syz.3.15231'. [ 1200.555682][ T8601] netlink: 'syz.5.15255': attribute type 13 has an invalid length. [ 1201.744858][ T8638] netlink: 28 bytes leftover after parsing attributes in process `syz.8.15267'. [ 1203.077129][ T8673] netlink: 334 bytes leftover after parsing attributes in process `syz.5.15283'. [ 1203.291216][ T8678] netlink: 342 bytes leftover after parsing attributes in process `syz.5.15286'. [ 1205.728706][ T8745] netlink: 74 bytes leftover after parsing attributes in process `syz.3.15316'. [ 1206.045485][ T8756] netlink: 342 bytes leftover after parsing attributes in process `syz.9.15322'. [ 1209.539418][ T67] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.796909][ T67] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.967843][ T67] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1210.284584][ T67] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1210.537886][ T5142] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1210.550409][ T5142] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1210.561730][ T5142] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1210.570165][ T5142] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1210.580351][ T5142] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1210.588172][ T5142] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1210.727469][ T67] bridge_slave_1: left allmulticast mode [ 1210.755391][ T67] bridge_slave_1: left promiscuous mode [ 1210.771590][ T67] bridge0: port 2(bridge_slave_1) entered disabled state [ 1210.797553][ T67] bridge_slave_0: left allmulticast mode [ 1210.803675][ T67] bridge_slave_0: left promiscuous mode [ 1210.810640][ T67] bridge0: port 1(bridge_slave_0) entered disabled state [ 1212.261079][ T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1212.285331][ T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1212.310135][ T67] bond0 (unregistering): Released all slaves [ 1212.632969][ T5142] Bluetooth: hci4: command tx timeout [ 1212.643494][ T8874] netlink: 330 bytes leftover after parsing attributes in process `syz.9.15366'. [ 1212.737640][ T8874] ќ: renamed from team0 (while UP) [ 1212.940955][ T8837] chnl_net:caif_netlink_parms(): no params data found [ 1213.348431][ T67] hsr_slave_0: left promiscuous mode [ 1213.416217][ T67] hsr_slave_1: left promiscuous mode [ 1213.484848][ T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1213.530179][ T67] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1213.635851][ T67] veth1_macvtap: left promiscuous mode [ 1213.650720][ T67] veth0_macvtap: left promiscuous mode [ 1213.670184][ T67] veth1_vlan: left promiscuous mode [ 1213.688395][ T67] veth0_vlan: left promiscuous mode [ 1213.860726][ T8912] IPVS: length: 11322 != 8 [ 1213.870601][ T8920] netlink: 8 bytes leftover after parsing attributes in process `syz.9.15377'. [ 1214.505341][ T8927] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15380'. [ 1214.702632][ T5142] Bluetooth: hci4: command tx timeout [ 1215.053671][ T67] team0 (unregistering): Port device team_slave_1 removed [ 1215.133973][ T67] team0 (unregistering): Port device team_slave_0 removed [ 1215.959536][ T8932] netlink: 334 bytes leftover after parsing attributes in process `syz.5.15382'. [ 1215.985521][ T8837] bridge0: port 1(bridge_slave_0) entered blocking state [ 1216.007900][ T8837] bridge0: port 1(bridge_slave_0) entered disabled state [ 1216.050907][ T8837] bridge_slave_0: entered allmulticast mode [ 1216.060136][ T8837] bridge_slave_0: entered promiscuous mode [ 1216.097197][ T8837] bridge0: port 2(bridge_slave_1) entered blocking state [ 1216.111699][ T8837] bridge0: port 2(bridge_slave_1) entered disabled state [ 1216.119018][ T8837] bridge_slave_1: entered allmulticast mode [ 1216.143051][ T8837] bridge_slave_1: entered promiscuous mode [ 1216.289598][ T8945] netlink: 20 bytes leftover after parsing attributes in process `syz.5.15388'. [ 1216.394125][ T8837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1216.431059][ T8837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1216.615814][ T8837] team0: Port device team_slave_0 added [ 1216.625824][ T8837] team0: Port device team_slave_1 added [ 1216.757979][ T5142] Bluetooth: hci4: command tx timeout [ 1216.788798][ T8837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1216.795834][ T8837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1216.845305][ T8837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1216.858421][ T8837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1216.865442][ T8837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1216.891736][ T8837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1217.015666][ T8837] hsr_slave_0: entered promiscuous mode [ 1217.039260][ T8837] hsr_slave_1: entered promiscuous mode [ 1217.101173][ T8837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1217.115522][ T8837] Cannot create hsr debugfs directory [ 1217.310921][ T8981] netlink: 342 bytes leftover after parsing attributes in process `syz.9.15395'. [ 1218.836583][ T5142] Bluetooth: hci4: command tx timeout [ 1219.074354][ T9040] netlink: 342 bytes leftover after parsing attributes in process `syz.3.15410'. [ 1219.407537][ T8837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1219.462606][ T8837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1219.488833][ T8837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1219.531917][ T8837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1219.628815][ T9059] netlink: 28 bytes leftover after parsing attributes in process `syz.5.15417'. [ 1219.649113][ T9059] macvlan1: entered allmulticast mode [ 1219.664893][ T9059] veth1_vlan: entered allmulticast mode [ 1219.826993][ T8837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1219.994464][ T8837] 8021q: adding VLAN 0 to HW filter on device team0 [ 1220.170413][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1220.177600][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1220.267564][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1220.274820][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1220.360177][ T9085] netlink: 28 bytes leftover after parsing attributes in process `syz.5.15421'. [ 1220.381918][ T9085] ip_vti0: entered promiscuous mode [ 1220.550798][ T8837] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1220.561539][ T8837] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1220.693553][ T9096] netlink: 342 bytes leftover after parsing attributes in process `syz.9.15425'. [ 1221.052898][ T8837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1221.345876][ T8837] veth0_vlan: entered promiscuous mode [ 1221.427361][ T8837] veth1_vlan: entered promiscuous mode [ 1221.532540][ T8837] veth0_macvtap: entered promiscuous mode [ 1221.559815][ T8837] veth1_macvtap: entered promiscuous mode [ 1221.629428][ T8837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1221.652466][ T8837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.681749][ T8837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1221.701637][ T8837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.718837][ T8837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1221.766392][ T8837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1221.790530][ T8837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.816093][ T8837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1221.845520][ T8837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.874960][ T8837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1221.897848][ T8837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.919485][ T8837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1221.947880][ T8837] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1221.970491][ T8837] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1221.979312][ T8837] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1222.012852][ T8837] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1222.300346][ T9139] netlink: 20 bytes leftover after parsing attributes in process `syz.9.15435'. [ 1222.304729][ T3550] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1222.346071][ T3550] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1222.443402][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1222.488316][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1223.616297][ T9180] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15444'. [ 1223.655538][ T9182] netlink: 342 bytes leftover after parsing attributes in process `syz.1.15445'. [ 1223.660589][ T9180] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1224.555895][ T9218] netlink: 28 bytes leftover after parsing attributes in process `syz.5.15455'. [ 1224.574917][ T9218] veth1_macvtap: entered allmulticast mode [ 1226.946382][ T9298] nbd: socks must be embedded in a SOCK_ITEM attr [ 1226.975568][ T9298] block nbd1: shutting down sockets [ 1227.612524][ T9326] netlink: 244 bytes leftover after parsing attributes in process `syz.9.15482'. [ 1229.451287][ T9375] netlink: 334 bytes leftover after parsing attributes in process `syz.9.15494'. [ 1231.617093][ T9438] netlink: 334 bytes leftover after parsing attributes in process `syz.1.15505'. [ 1236.575533][ T9567] netlink: 330 bytes leftover after parsing attributes in process `syz.9.15534'. [ 1238.977041][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.986687][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 1241.658116][T28505] [ 1241.660522][T28505] ========================= [ 1241.665060][T28505] WARNING: held lock freed! [ 1241.669602][T28505] 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0 Not tainted [ 1241.676752][T28505] ------------------------- [ 1241.681328][T28505] kworker/1:2/28505 is freeing memory 0000000000000000-ffffffffffffefff, with a lock still held there! [ 1241.692392][T28505] ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 1241.702491][T28505] 2 locks held by kworker/1:2/28505: [ 1241.707823][T28505] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 1241.718371][T28505] #1: ffffc900186f7d80 ((work_completion)(&aux->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 1241.729526][T28505] [ 1241.729526][T28505] stack backtrace: [ 1241.735457][T28505] CPU: 1 UID: 0 PID: 28505 Comm: kworker/1:2 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0 [ 1241.746359][T28505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1241.756465][T28505] Workqueue: events bpf_prog_free_deferred [ 1241.762425][T28505] Call Trace: [ 1241.765745][T28505] [ 1241.768742][T28505] dump_stack_lvl+0x116/0x1f0 [ 1241.773490][T28505] debug_check_no_locks_freed+0x208/0x2b0 [ 1241.779294][T28505] remove_vm_area+0x128/0x3f0 [ 1241.784036][T28505] vfree+0x90/0x950 [ 1241.787908][T28505] ? free_percpu+0x724/0x1470 [ 1241.792646][T28505] bpf_prog_free_deferred+0x539/0x6f0 [ 1241.798089][T28505] process_one_work+0x958/0x1b30 [ 1241.803080][T28505] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1241.808772][T28505] ? __pfx_process_one_work+0x10/0x10 [ 1241.814242][T28505] ? rcu_is_watching+0x12/0xc0 [ 1241.819090][T28505] ? assign_work+0x1a0/0x250 [ 1241.823759][T28505] worker_thread+0x6c8/0xf00 [ 1241.828415][T28505] ? __kthread_parkme+0x148/0x220 [ 1241.833513][T28505] ? __pfx_worker_thread+0x10/0x10 [ 1241.838688][T28505] kthread+0x2c1/0x3a0 [ 1241.842815][T28505] ? _raw_spin_unlock_irq+0x23/0x50 [ 1241.848075][T28505] ? __pfx_kthread+0x10/0x10 [ 1241.852732][T28505] ret_from_fork+0x45/0x80 [ 1241.857205][T28505] ? __pfx_kthread+0x10/0x10 [ 1241.861878][T28505] ret_from_fork_asm+0x1a/0x30 [ 1241.866719][T28505] [ 1241.959966][T28505] ------------[ cut here ]------------ [ 1241.965502][T28505] ODEBUG: free active (active state 1) object: ffff88807a9a9100 object type: rcu_head hint: 0x0 [ 1241.986154][ C0] ------------[ cut here ]------------ [ 1241.991687][ C0] ODEBUG: assert_init not available (active state 0) object: ffff88807ff2b8c0 object type: timer_list hint: br_hold_timer_expired+0x0/0x220 [ 1242.006918][T28505] WARNING: CPU: 1 PID: 28505 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 1242.006917][ C0] WARNING: CPU: 0 PID: 9527 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 1242.007021][ C0] Modules linked in: [ 1242.016782][T28505] Modules linked in: [ 1242.026064][ C0] [ 1242.029951][T28505] [ 1242.029966][T28505] CPU: 1 UID: 0 PID: 28505 Comm: kworker/1:2 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0 [ 1242.033925][ C0] CPU: 0 UID: 0 PID: 9527 Comm: syz.5.15525 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0 [ 1242.033971][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1242.033992][ C0] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 1242.034052][ C0] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd e0 80 b1 8b 41 56 4c 89 e6 48 c7 c7 60 75 b1 8b e8 af 52 bc fc 90 <0f> 0b 90 90 58 83 05 f6 53 7f 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 1242.034085][ C0] RSP: 0018:ffffc900000078b8 EFLAGS: 00010282 [ 1242.036692][T28505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1242.038777][ C0] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff815a1729 [ 1242.049783][T28505] Workqueue: events bpf_prog_free_deferred [ 1242.060453][ C0] RDX: ffff888041450000 RSI: ffffffff815a1736 RDI: 0000000000000001 [ 1242.070648][T28505] [ 1242.076391][ C0] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000000000 [ 1242.096301][T28505] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 1242.102197][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8bb17c40 [ 1242.112328][T28505] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd e0 80 b1 8b 41 56 4c 89 e6 48 c7 c7 60 75 b1 8b e8 af 52 bc fc 90 <0f> 0b 90 90 58 83 05 f6 53 7f 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 1242.120466][ C0] R13: ffffffff8b4f8120 R14: ffffffff89f30570 R15: ffffc90000007978 [ 1242.126310][T28505] RSP: 0018:ffffc900186f7a08 EFLAGS: 00010282 [ 1242.134285][ C0] FS: 00007faa22f8e6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 1242.136908][T28505] [ 1242.144616][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1242.150733][T28505] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff815a1729 [ 1242.158462][ C0] CR2: 00007faa223452d8 CR3: 000000006c90a000 CR4: 00000000003526f0 [ 1242.178146][T28505] RDX: ffff8880655ebc00 RSI: ffffffff815a1736 RDI: 0000000000000001 [ 1242.186127][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1242.192318][T28505] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 1242.201235][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1242.201266][ C0] Call Trace: [ 1242.203641][T28505] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8bb17c00 [ 1242.210259][ C0] [ 1242.210278][ C0] ? __warn+0xea/0x3c0 [ 1242.218311][T28505] R13: ffffffff8b4e5e20 R14: 0000000000000000 R15: ffffc900186f7b18 [ 1242.226316][ C0] ? debug_print_object+0x1a2/0x2b0 [ 1242.234307][T28505] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 1242.242321][ C0] ? report_bug+0x3c0/0x580 [ 1242.242366][ C0] ? handle_bug+0x54/0xa0 [ 1242.242410][ C0] ? exc_invalid_op+0x17/0x50 [ 1242.242457][ C0] ? asm_exc_invalid_op+0x1a/0x20 [ 1242.242500][ C0] ? __pfx_br_hold_timer_expired+0x10/0x10 [ 1242.242551][ C0] ? __warn_printk+0x199/0x350 [ 1242.242604][ C0] ? __warn_printk+0x1a6/0x350 [ 1242.250829][T28505] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1242.258615][ C0] ? debug_print_object+0x1a2/0x2b0 [ 1242.261932][T28505] CR2: 00007f78f559790a CR3: 000000006b8b2000 CR4: 00000000003526f0 [ 1242.269938][ C0] ? debug_print_object+0x1a1/0x2b0 [ 1242.272789][T28505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1242.276877][ C0] ? __pfx_br_hold_timer_expired+0x10/0x10 [ 1242.284915][T28505] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1242.290103][ C0] ? trace_irq_enable.constprop.0+0xea/0x140 [ 1242.299212][T28505] Call Trace: [ 1242.303566][ C0] debug_object_assert_init+0x1ee/0x2f0 [ 1242.307946][T28505] [ 1242.312654][ C0] ? nf_hook_slow+0x132/0x200 [ 1242.317737][T28505] ? __warn+0xea/0x3c0 [ 1242.323518][ C0] ? __pfx_debug_object_assert_init+0x10/0x10 [ 1242.328304][T28505] ? preempt_schedule_notrace+0x62/0xe0 [ 1242.333071][ C0] ? br_send_bpdu+0x572/0xa40 [ 1242.339944][T28505] ? debug_print_object+0x1a2/0x2b0 [ 1242.344997][ C0] ? __pfx_br_send_bpdu+0x10/0x10 [ 1242.345037][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1242.345080][ C0] __mod_timer+0xae/0xdc0 [ 1242.345115][ C0] ? __pfx___mod_timer+0x10/0x10 [ 1242.345146][ C0] ? __mod_timer+0x8f6/0xdc0 [ 1242.345180][ C0] ? round_jiffies+0xfb/0x140 [ 1242.345233][ C0] ? __pfx_round_jiffies+0x10/0x10 [ 1242.353196][T28505] ? report_bug+0x3c0/0x580 [ 1242.358457][ C0] ? _raw_spin_lock_irqsave+0x42/0x60 [ 1242.366490][T28505] ? handle_bug+0x54/0xa0 [ 1242.372298][ C0] br_transmit_config+0x676/0x7a0 [ 1242.380319][T28505] ? exc_invalid_op+0x17/0x50 [ 1242.386314][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1242.386362][ C0] ? __pfx_br_transmit_config+0x10/0x10 [ 1242.386416][ C0] ? rcu_is_watching+0x12/0xc0 [ 1242.389705][T28505] ? asm_exc_invalid_op+0x1a/0x20 [ 1242.395281][ C0] ? do_raw_spin_lock+0x12d/0x2c0 [ 1242.395328][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1242.395369][ C0] br_config_bpdu_generation+0x146/0x1c0 [ 1242.395423][ C0] br_hello_timer_expired+0xfb/0x200 [ 1242.398368][T28505] ? __warn_printk+0x199/0x350 [ 1242.403041][ C0] call_timer_fn+0x1a0/0x610 [ 1242.407136][T28505] ? __warn_printk+0x1a6/0x350 [ 1242.413217][ C0] ? __pfx_br_hello_timer_expired+0x10/0x10 [ 1242.418854][T28505] ? debug_print_object+0x1a2/0x2b0 [ 1242.423523][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 1242.428785][T28505] ? debug_print_object+0x1a1/0x2b0 [ 1242.433794][ C0] ? __pfx_lock_release+0x10/0x10 [ 1242.439178][T28505] ? trace_irq_enable.constprop.0+0xea/0x140 [ 1242.443543][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1242.443588][ C0] ? rcu_is_watching+0x12/0xc0 [ 1242.443630][ C0] ? __pfx_br_hello_timer_expired+0x10/0x10 [ 1242.443705][ C0] __run_timers+0x6e8/0x930 [ 1242.443765][ C0] ? __pfx___run_timers+0x10/0x10 [ 1242.443819][ C0] ? clockevents_program_event+0x155/0x380 [ 1242.448795][T28505] debug_check_no_obj_freed+0x4b7/0x600 [ 1242.453475][ C0] ? __pfx_lock_release+0x10/0x10 [ 1242.458428][T28505] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 1242.463289][ C0] ? rcu_is_watching+0x12/0xc0 [ 1242.467866][T28505] ? debug_check_no_locks_freed+0x20d/0x2b0 [ 1242.473197][ C0] ? lock_acquire+0x2f/0xb0 [ 1242.477601][T28505] ? debug_check_no_locks_freed+0x223/0x2b0 [ 1242.482587][ C0] ? run_timer_base+0x10c/0x190 [ 1242.487351][T28505] remove_vm_area+0x1ae/0x3f0 [ 1242.493134][ C0] run_timer_base+0x114/0x190 [ 1242.498854][T28505] vfree+0x90/0x950 [ 1242.503494][ C0] ? __pfx_run_timer_base+0x10/0x10 [ 1242.508515][T28505] ? free_percpu+0x724/0x1470 [ 1242.513590][ C0] run_timer_softirq+0x1a/0x40 [ 1242.518979][T28505] bpf_prog_free_deferred+0x539/0x6f0 [ 1242.524639][ C0] handle_softirqs+0x213/0x8f0 [ 1242.529927][T28505] process_one_work+0x958/0x1b30 [ 1242.534719][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1242.534771][ C0] __irq_exit_rcu+0x109/0x170 [ 1242.539363][T28505] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1242.544178][ C0] irq_exit_rcu+0x9/0x30 [ 1242.544225][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1242.544271][ C0] [ 1242.544281][ C0] [ 1242.544293][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1242.544343][ C0] RIP: 0010:__get_user_pages+0x2a5/0x3b50 [ 1242.544394][ C0] Code: 65 48 8b 15 4d 3b 23 7e 48 89 54 24 18 48 c1 e8 24 25 f8 0f 00 00 48 89 44 24 30 48 89 d0 48 c1 e8 03 48 01 c8 48 89 44 24 28 36 b0 b8 ff 48 8b 7c 24 18 be 08 00 00 00 e8 c7 27 1b 00 48 8b [ 1242.550306][T28505] ? __pfx_process_one_work+0x10/0x10 [ 1242.555548][ C0] RSP: 0018:ffffc9000b91f2d8 EFLAGS: 00000246 [ 1242.555582][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81e0a5ec [ 1242.555604][ C0] RDX: ffff888041450000 RSI: 0000000000000000 RDI: 0000000000000005 [ 1242.555626][ C0] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 1242.555647][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1242.555669][ C0] R13: 0000000000000000 R14: 000000000000000e R15: ffff88805ee4a4d8 [ 1242.555695][ C0] ? __get_user_pages+0x97c/0x3b50 [ 1242.555747][ C0] ? __get_user_pages+0x97c/0x3b50 [ 1242.560886][T28505] ? rcu_is_watching+0x12/0xc0 [ 1242.566129][ C0] ? __pfx___get_user_pages+0x10/0x10 [ 1242.571159][T28505] ? assign_work+0x1a0/0x250 [ 1242.577186][ C0] ? down_read_killable+0xcc/0x380 [ 1242.582606][T28505] worker_thread+0x6c8/0xf00 [ 1242.587412][ C0] ? __pfx_down_read_killable+0x10/0x10 [ 1242.593383][T28505] ? __kthread_parkme+0x148/0x220 [ 1242.597850][ C0] ? shmem_file_write_iter+0xcf/0x140 [ 1242.597904][ C0] ? __kernel_write_iter+0x59f/0xa80 [ 1242.597945][ C0] get_dump_page+0xff/0x230 [ 1242.603033][T28505] ? __pfx_worker_thread+0x10/0x10 [ 1242.608837][ C0] ? __pfx_get_dump_page+0x10/0x10 [ 1242.614419][T28505] kthread+0x2c1/0x3a0 [ 1242.619441][ C0] ? __pfx___might_resched+0x10/0x10 [ 1242.625653][T28505] ? _raw_spin_unlock_irq+0x23/0x50 [ 1242.630495][ C0] ? dump_user_range+0x477/0x8c0 [ 1242.636446][T28505] ? __pfx_kthread+0x10/0x10 [ 1242.641032][ C0] dump_user_range+0x135/0x8c0 [ 1242.647212][T28505] ret_from_fork+0x45/0x80 [ 1242.651798][ C0] ? __pfx_dump_user_range+0x10/0x10 [ 1242.656873][T28505] ? __pfx_kthread+0x10/0x10 [ 1242.661271][ C0] ? elf_coredump_extra_notes_write+0xbe/0x430 [ 1242.665110][T28505] ret_from_fork_asm+0x1a/0x30 [ 1242.670315][ C0] ? __pfx_writenote+0x10/0x10 [ 1242.675036][T28505] [ 1242.679782][ C0] elf_core_dump+0x2787/0x3880 [ 1242.685178][T28505] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1242.685200][T28505] CPU: 1 UID: 0 PID: 28505 Comm: kworker/1:2 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0 [ 1242.685243][T28505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1242.685268][T28505] Workqueue: events bpf_prog_free_deferred [ 1242.685310][T28505] Call Trace: [ 1242.685321][T28505] [ 1242.685334][T28505] dump_stack_lvl+0x3d/0x1f0 [ 1242.685378][T28505] panic+0x71d/0x800 [ 1242.685426][T28505] ? __pfx_panic+0x10/0x10 [ 1242.685474][T28505] ? show_trace_log_lvl+0x29d/0x3d0 [ 1242.685513][T28505] ? check_panic_on_warn+0x1f/0xb0 [ 1242.685564][T28505] ? debug_print_object+0x1a2/0x2b0 [ 1242.685616][T28505] check_panic_on_warn+0xab/0xb0 [ 1242.685666][T28505] __warn+0xf6/0x3c0 [ 1242.685713][T28505] ? preempt_schedule_notrace+0x62/0xe0 [ 1242.685753][T28505] ? debug_print_object+0x1a2/0x2b0 [ 1242.685814][T28505] report_bug+0x3c0/0x580 [ 1242.685851][T28505] handle_bug+0x54/0xa0 [ 1242.685897][T28505] exc_invalid_op+0x17/0x50 [ 1242.685944][T28505] asm_exc_invalid_op+0x1a/0x20 [ 1242.685988][T28505] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 1242.686041][T28505] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd e0 80 b1 8b 41 56 4c 89 e6 48 c7 c7 60 75 b1 8b e8 af 52 bc fc 90 <0f> 0b 90 90 58 83 05 f6 53 7f 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 1242.686075][T28505] RSP: 0018:ffffc900186f7a08 EFLAGS: 00010282 [ 1242.686104][T28505] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff815a1729 [ 1242.686127][T28505] RDX: ffff8880655ebc00 RSI: ffffffff815a1736 RDI: 0000000000000001 [ 1242.686152][T28505] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 1242.686173][T28505] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8bb17c00 [ 1242.686197][T28505] R13: ffffffff8b4e5e20 R14: 0000000000000000 R15: ffffc900186f7b18 [ 1242.686225][T28505] ? __warn_printk+0x199/0x350 [ 1242.686273][T28505] ? __warn_printk+0x1a6/0x350 [ 1242.686322][T28505] ? debug_print_object+0x1a1/0x2b0 [ 1242.686372][T28505] ? trace_irq_enable.constprop.0+0xea/0x140 [ 1242.686412][T28505] debug_check_no_obj_freed+0x4b7/0x600 [ 1242.686475][T28505] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 1242.686531][T28505] ? debug_check_no_locks_freed+0x20d/0x2b0 [ 1242.686582][T28505] ? debug_check_no_locks_freed+0x223/0x2b0 [ 1242.686639][T28505] remove_vm_area+0x1ae/0x3f0 [ 1242.686684][T28505] vfree+0x90/0x950 [ 1242.686723][T28505] ? free_percpu+0x724/0x1470 [ 1242.686764][T28505] bpf_prog_free_deferred+0x539/0x6f0 [ 1242.686811][T28505] process_one_work+0x958/0x1b30 [ 1242.686849][T28505] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1242.686884][T28505] ? __pfx_process_one_work+0x10/0x10 [ 1242.686917][T28505] ? rcu_is_watching+0x12/0xc0 [ 1242.686965][T28505] ? assign_work+0x1a0/0x250 [ 1242.687017][T28505] worker_thread+0x6c8/0xf00 [ 1242.687054][T28505] ? __kthread_parkme+0x148/0x220 [ 1242.687098][T28505] ? __pfx_worker_thread+0x10/0x10 [ 1242.687131][T28505] kthread+0x2c1/0x3a0 [ 1242.687170][T28505] ? _raw_spin_unlock_irq+0x23/0x50 [ 1242.687207][T28505] ? __pfx_kthread+0x10/0x10 [ 1242.687250][T28505] ret_from_fork+0x45/0x80 [ 1242.687281][T28505] ? __pfx_kthread+0x10/0x10 [ 1242.687323][T28505] ret_from_fork_asm+0x1a/0x30 [ 1242.687381][T28505] [ 1242.690207][T28505] Kernel Offset: disabled