last executing test programs:
1.445845652s ago: executing program 2 (id=2927):
socket(0x2, 0x5, 0x0)
shutdown$auto(0x200000003, 0x2)
connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55)
1.330814948s ago: executing program 3 (id=2928):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x40, r1, 0x1b, 0x70bd26, 0x25dfdbfb, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x10, 0x3, 0x0, 0x1, [@nested={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0x11, 0x0, 0x0, @fd}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
1.287797048s ago: executing program 0 (id=2929):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = socket(0x2, 0x1, 0x84)
setsockopt$auto(r0, 0x84, 0x15, 0x0, 0x1)
1.250008725s ago: executing program 2 (id=2930):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000c40), 0xffffffffffffffff)
sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000c80)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@GTPA_VERSION={0x8}, @GTPA_TID={0xc, 0x3, 0x6}, @GTPA_LINK={0x8, 0x1, 0xae50}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000)
1.122094407s ago: executing program 0 (id=2932):
mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000)
r0 = socket(0x2, 0x801, 0x106)
getsockopt$auto(r0, 0x6, 0xd, 0x0, 0x0)
1.121277283s ago: executing program 3 (id=2933):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004680), 0xffffffffffffffff)
sendmsg$auto_OVS_VPORT_CMD_DEL(r0, &(0x7f00000049c0)={0x0, 0x0, &(0x7f0000004980)={&(0x7f00000046c0)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@OVS_VPORT_ATTR_OPTIONS={0xc, 0x4, 0x0, 0x1, [@nested={0x8, 0x8, 0x0, 0x1, [@generic="4ffb5eeb"]}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40040801}, 0x4000)
1.08718097s ago: executing program 2 (id=2934):
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080))
lseek$auto(0x3, 0x2, 0x4)
987.327066ms ago: executing program 1 (id=2935):
mmap$auto(0x1, 0x5, 0x4000000000cf, 0xeb4, 0x401, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x4c440, 0x0)
preadv2$auto(0x3, &(0x7f0000000180)={0x0, 0x80001000}, 0x5, 0x3, 0x1000007, 0x4c)
947.4064ms ago: executing program 0 (id=2936):
r0 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x3c, r0, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0xd, 0x0, 0x0, @u32}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44000884}, 0xc880)
935.632488ms ago: executing program 3 (id=2937):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xb, 0x8000)
capset$auto(&(0x7f0000000100)={0x20080522}, 0x0)
openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/setgroups\x00', 0x2, 0x0)
815.156262ms ago: executing program 1 (id=2938):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1)
set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0)
797.392591ms ago: executing program 3 (id=2939):
madvise$auto(0x0, 0x2000040080000004, 0xe)
clone$auto(0x100000000, 0x1, 0x0, &(0x7f0000000040)=0xfffffffc, 0x37)
madvise$auto(0x1ffff000, 0x5510, 0x8)
757.701372ms ago: executing program 0 (id=2940):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000003b00)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x600, 0x0)
readv$auto(r0, &(0x7f0000003dc0)={0x0, 0x1}, 0x3)
570.193247ms ago: executing program 2 (id=2941):
r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd7000029cdf250300000004000800140001801000108004000800080001"], 0x30}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800)
551.438181ms ago: executing program 1 (id=2942):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x301, 0x70bd2d, 0x25dfdbfe}, 0x14}}, 0x4840)
536.580759ms ago: executing program 0 (id=2943):
socket(0xa, 0x801, 0x84)
mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x16)
417.304928ms ago: executing program 1 (id=2944):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = open(&(0x7f0000000100)='.\x00', 0x591083, 0x408)
linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000)
360.086694ms ago: executing program 3 (id=2945):
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder0\x00', 0x0, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
mremap$auto(0x0, 0x4, 0x3fd6, 0x3, 0x20000000)
310.188119ms ago: executing program 0 (id=2946):
mmap$auto(0x0, 0x40009, 0x52, 0x9b72, 0x7, 0x28000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
madvise$auto(0x0, 0x8, 0x3)
293.109936ms ago: executing program 1 (id=2947):
mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptywb\x00', 0x0, 0x0)
ioctl$auto_TCFLSH2(r0, 0x80045438, 0x0)
248.021426ms ago: executing program 2 (id=2948):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0)
sendmsg$auto_NL80211_CMD_DEL_STATION(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b40)={0x3c, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, "65481f2f20c135159f6e09d8488f73a40fa9c4eb18f1b96c99584a9919c9702885cc8e36"}]}, 0x3c}, 0x1, 0x0, 0x0, 0x83}, 0x4880)
120.33043ms ago: executing program 1 (id=2949):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0)
write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9)
write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
98.035263ms ago: executing program 2 (id=2950):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x28, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @loopback}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
0s ago: executing program 3 (id=2951):
r0 = socket(0x2, 0x3, 0xc)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
ioctl$auto(0xc8, 0x801054db, r0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.0.153' (ED25519) to the list of known hosts.
[ 99.441329][ T5825] cgroup: Unknown subsys name 'net'
[ 99.555903][ T5825] cgroup: Unknown subsys name 'cpuset'
[ 99.565454][ T5825] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 101.498467][ T5825] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 102.203277][ T24] cfg80211: failed to load regulatory.db
[ 103.859324][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 103.877438][ T5852] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 103.892354][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 103.911614][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 103.923867][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 103.932748][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 103.940485][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 103.956980][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 103.962865][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 103.965543][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 103.978389][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 103.979664][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 103.994565][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 104.003774][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 104.027444][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 104.031701][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 104.037344][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 104.049626][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 104.049675][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 104.059944][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 104.760901][ T5840] chnl_net:caif_netlink_parms(): no params data found
[ 104.782627][ T5837] chnl_net:caif_netlink_parms(): no params data found
[ 104.875269][ T5839] chnl_net:caif_netlink_parms(): no params data found
[ 104.887236][ T5838] chnl_net:caif_netlink_parms(): no params data found
[ 105.108809][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[ 105.116744][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[ 105.124917][ T5840] bridge_slave_0: entered allmulticast mode
[ 105.133308][ T5840] bridge_slave_0: entered promiscuous mode
[ 105.143578][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[ 105.150759][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[ 105.158128][ T5840] bridge_slave_1: entered allmulticast mode
[ 105.165591][ T5840] bridge_slave_1: entered promiscuous mode
[ 105.192445][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[ 105.199636][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[ 105.207004][ T5837] bridge_slave_0: entered allmulticast mode
[ 105.214744][ T5837] bridge_slave_0: entered promiscuous mode
[ 105.267290][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[ 105.274809][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[ 105.284633][ T5837] bridge_slave_1: entered allmulticast mode
[ 105.292272][ T5837] bridge_slave_1: entered promiscuous mode
[ 105.328357][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[ 105.335589][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[ 105.343011][ T5839] bridge_slave_0: entered allmulticast mode
[ 105.350375][ T5839] bridge_slave_0: entered promiscuous mode
[ 105.390862][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 105.407419][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 105.416802][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[ 105.424217][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[ 105.432228][ T5838] bridge_slave_0: entered allmulticast mode
[ 105.439753][ T5838] bridge_slave_0: entered promiscuous mode
[ 105.447988][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[ 105.455454][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[ 105.462944][ T5839] bridge_slave_1: entered allmulticast mode
[ 105.470266][ T5839] bridge_slave_1: entered promiscuous mode
[ 105.480100][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 105.506131][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[ 105.513427][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[ 105.520706][ T5838] bridge_slave_1: entered allmulticast mode
[ 105.529305][ T5838] bridge_slave_1: entered promiscuous mode
[ 105.554071][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 105.586166][ T5840] team0: Port device team_slave_0 added
[ 105.650303][ T5840] team0: Port device team_slave_1 added
[ 105.660147][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 105.674127][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 105.714468][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 105.726890][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 105.739386][ T5837] team0: Port device team_slave_0 added
[ 105.809057][ T5837] team0: Port device team_slave_1 added
[ 105.816763][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 105.824186][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 105.850527][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 105.878514][ T5839] team0: Port device team_slave_0 added
[ 105.901788][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 105.909004][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 105.935364][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 105.949674][ T5838] team0: Port device team_slave_0 added
[ 105.960951][ T5839] team0: Port device team_slave_1 added
[ 105.997298][ T5838] team0: Port device team_slave_1 added
[ 106.018951][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 106.026359][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 106.053172][ T5850] Bluetooth: hci0: command tx timeout
[ 106.058889][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 106.071919][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 106.078920][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 106.105461][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 106.122203][ T51] Bluetooth: hci1: command tx timeout
[ 106.128073][ T51] Bluetooth: hci2: command tx timeout
[ 106.134102][ T5850] Bluetooth: hci3: command tx timeout
[ 106.178655][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 106.185706][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 106.213286][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 106.225679][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 106.233110][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 106.259163][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 106.302369][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 106.309388][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 106.335782][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 106.355521][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 106.363099][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 106.389332][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 106.414614][ T5840] hsr_slave_0: entered promiscuous mode
[ 106.421367][ T5840] hsr_slave_1: entered promiscuous mode
[ 106.530944][ T5838] hsr_slave_0: entered promiscuous mode
[ 106.537533][ T5838] hsr_slave_1: entered promiscuous mode
[ 106.543942][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 106.551789][ T5838] Cannot create hsr debugfs directory
[ 106.562901][ T5837] hsr_slave_0: entered promiscuous mode
[ 106.569381][ T5837] hsr_slave_1: entered promiscuous mode
[ 106.578697][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 106.586410][ T5837] Cannot create hsr debugfs directory
[ 106.675253][ T5839] hsr_slave_0: entered promiscuous mode
[ 106.682402][ T5839] hsr_slave_1: entered promiscuous mode
[ 106.688616][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 106.696722][ T5839] Cannot create hsr debugfs directory
[ 107.175498][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 107.197171][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 107.220811][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 107.233532][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 107.306013][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 107.326788][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 107.363408][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 107.379118][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 107.425378][ T5837] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 107.450823][ T5837] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 107.470411][ T5837] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 107.486047][ T5837] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 107.603241][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 107.616021][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 107.640364][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 107.660190][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 107.733133][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[ 107.823413][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[ 107.846632][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[ 107.870541][ T520] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.878002][ T520] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 107.910900][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[ 107.939065][ T520] bridge0: port 2(bridge_slave_1) entered blocking state
[ 107.946349][ T520] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 107.973328][ T520] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.980573][ T520] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 108.021594][ T2926] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.028791][ T2926] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.094536][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 108.116659][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[ 108.121912][ T5850] Bluetooth: hci0: command tx timeout
[ 108.139151][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[ 108.202409][ T5850] Bluetooth: hci3: command tx timeout
[ 108.207932][ T5850] Bluetooth: hci2: command tx timeout
[ 108.215234][ T51] Bluetooth: hci1: command tx timeout
[ 108.227158][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[ 108.259047][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.266304][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 108.298307][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[ 108.317698][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.324985][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.346659][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.353938][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 108.428650][ T520] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.435940][ T520] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.738738][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 108.905330][ T5840] veth0_vlan: entered promiscuous mode
[ 108.947501][ T5840] veth1_vlan: entered promiscuous mode
[ 108.997663][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 109.068625][ T5840] veth0_macvtap: entered promiscuous mode
[ 109.106460][ T5840] veth1_macvtap: entered promiscuous mode
[ 109.130767][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 109.182763][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 109.205567][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 109.229751][ T5838] veth0_vlan: entered promiscuous mode
[ 109.240654][ T5840] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.251618][ T5840] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.260410][ T5840] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.270230][ T5840] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.323933][ T5838] veth1_vlan: entered promiscuous mode
[ 109.348592][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 109.404490][ T5839] veth0_vlan: entered promiscuous mode
[ 109.453479][ T5839] veth1_vlan: entered promiscuous mode
[ 109.559479][ T5838] veth0_macvtap: entered promiscuous mode
[ 109.570243][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.587866][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.599913][ T5837] veth0_vlan: entered promiscuous mode
[ 109.623602][ T5838] veth1_macvtap: entered promiscuous mode
[ 109.647736][ T5839] veth0_macvtap: entered promiscuous mode
[ 109.668479][ T5837] veth1_vlan: entered promiscuous mode
[ 109.683705][ T5839] veth1_macvtap: entered promiscuous mode
[ 109.696255][ T520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.710984][ T520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.720412][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 109.737813][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 109.789753][ T5839] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.800445][ T5839] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.812197][ T5839] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.820976][ T5839] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.839656][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 109.870278][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 109.894358][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 109.899012][ T5838] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.923189][ T5838] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.932818][ T5838] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.942089][ T5838] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.976857][ T5837] veth0_macvtap: entered promiscuous mode
[ 109.998816][ T5837] veth1_macvtap: entered promiscuous mode
[ 110.146908][ T2964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.156464][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 110.165761][ T5928] netlink: zone id is out of range
[ 110.174557][ T2964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.207088][ T5850] Bluetooth: hci0: command tx timeout
[ 110.233494][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 110.284183][ T5850] Bluetooth: hci2: command tx timeout
[ 110.289662][ T5850] Bluetooth: hci1: command tx timeout
[ 110.296134][ T5848] Bluetooth: hci3: command tx timeout
[ 110.327810][ T5837] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.337645][ T5837] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.349195][ T5837] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.358129][ T5837] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.424196][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.451901][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.482371][ T520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.490287][ T520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.602253][ T2964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.610148][ T2964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.685083][ T520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.708508][ T520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.754766][ T2926] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.767563][ T2926] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.030216][ T5969] openvswitch: netlink: Multiple metadata blocks provided
[ 112.288122][ T51] Bluetooth: hci0: command tx timeout
[ 112.362026][ T51] Bluetooth: hci1: command tx timeout
[ 112.362761][ T5850] Bluetooth: hci3: command tx timeout
[ 112.367569][ T51] Bluetooth: hci2: command tx timeout
[ 112.829269][ T5989] IPVS: length: 131 != 8
[ 113.461687][ T6007] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
syzkaller
syzkaller login: [ 114.963040][ T6040] openvswitch: netlink: Flow actions attr not present in new flow.
[ 115.522698][ T6054] device-mapper: ioctl: Invalid ioctl structure: uuid �, name , dev 5
[ 116.104188][ T6072] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[ 116.142730][ T6075] netlink: 'syz.2.69': attribute type 2 has an invalid length.
[ 117.136228][ T5850] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[ 117.136274][ T5850] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[ 117.151496][ T5850] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[ 117.151567][ T5850] Bluetooth: hci1: adv larger than maximum supported
[ 117.158809][ T5850] Bluetooth: hci1: adv larger than maximum supported
[ 117.168911][ T5850] Bluetooth: hci1: Unknown advertising packet type: 0x72
[ 117.176068][ T5850] Bluetooth: hci1: adv larger than maximum supported
[ 117.183264][ T5850] Bluetooth: hci1: Malformed LE Event: 0x0d
[ 117.284088][ T6098] sd 0:0:1:0: PR command failed: 1026
[ 117.290067][ T6098] sd 0:0:1:0: Sense Key : Illegal Request [current]
[ 117.355076][ T6098] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 118.477466][ T5850] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260
[ 118.477544][ T5850] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260
[ 118.492815][ T5850] Bluetooth: hci2: Dropping invalid advertising data
[ 118.499740][ T5850] Bluetooth: hci2: unknown advertising packet type: 0xe9
[ 118.499780][ T5850] Bluetooth: hci2: Dropping invalid advertising data
[ 118.514371][ T5850] Bluetooth: hci2: Malformed LE Event: 0x02
[ 119.417916][ T6171] nbd: couldn't find device at index 33904
[ 120.104474][ T6192] netlink: 148 bytes leftover after parsing attributes in process `syz.2.123'.
[ 120.391503][ T6200] ACPI: Can not change Invalid GPE/Fixed Event status
[ 121.109632][ T6223] process 'syz.1.139' launched '/dev/fd/3/./file0' with NULL argv: empty string added
[ 121.658798][ T6238] netlink: 'syz.1.146': attribute type 2 has an invalid length.
[ 122.127594][ T6255] mmap: syz.1.155 (6255) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 122.908833][ T6276] .RRo\&p�: entered promiscuous mode
[ 122.943532][ T6280] Zero length message leads to an empty skb
[ 123.148423][ T6286] =======================================================
[ 123.148423][ T6286] WARNING: The mand mount option has been deprecated and
[ 123.148423][ T6286] and is ignored by this kernel. Remove the mand
[ 123.148423][ T6286] option from the mount to silence this warning.
[ 123.148423][ T6286] =======================================================
[ 123.328487][ T6286] nfsd: Unknown parameter 'Z'
[ 123.779255][ T30] audit: type=1326 audit(1749168229.883:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.1.178" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff5bf8e929 code=0x0
[ 123.977482][ T6312] program syz.2.182 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 126.557070][ T6391] delete_channel: no stack
[ 126.943311][ T6402] netlink: 'syz.2.223': attribute type 2 has an invalid length.
[ 127.191964][ T6409] openvswitch: netlink: Message has 20 unknown bytes.
[ 127.467229][ T6416] netlink: 'syz.2.230': attribute type 1 has an invalid length.
[ 127.508687][ T6420] FAULT_INJECTION: forcing a failure.
[ 127.508687][ T6420] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 127.531427][ T6420] CPU: 1 UID: 0 PID: 6420 Comm: syz.1.231 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
[ 127.531472][ T6420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 127.531496][ T6420] Call Trace:
[ 127.531511][ T6420]
[ 127.531527][ T6420] dump_stack_lvl+0x16c/0x1f0
[ 127.531590][ T6420] should_fail_ex+0x512/0x640
[ 127.531651][ T6420] should_fail_alloc_page+0xe7/0x130
[ 127.531688][ T6420] prepare_alloc_pages+0x3c2/0x610
[ 127.531737][ T6420] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 127.531796][ T6420] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 127.531850][ T6420] ? stack_depot_save_flags+0x3e0/0xa40
[ 127.531914][ T6420] ? kasan_save_stack+0x42/0x60
[ 127.531967][ T6420] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 127.532019][ T6420] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[ 127.532073][ T6420] ? __get_vm_area_node+0x1ca/0x330
[ 127.532111][ T6420] ? __bpf_map_area_alloc+0x12e/0x200
[ 127.532144][ T6420] ? htab_map_alloc+0x44b/0x1570
[ 127.532195][ T6420] ? map_create+0x592/0x1db0
[ 127.532243][ T6420] ? __sys_bpf+0x47cc/0x4d80
[ 127.532270][ T6420] ? __x64_sys_bpf+0x78/0xc0
[ 127.532300][ T6420] ? do_syscall_64+0xcd/0x490
[ 127.532347][ T6420] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.532396][ T6420] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 127.532450][ T6420] ? policy_nodemask+0xea/0x4e0
[ 127.532485][ T6420] alloc_pages_mpol+0x1fb/0x550
[ 127.532522][ T6420] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 127.532568][ T6420] alloc_pages_noprof+0x131/0x390
[ 127.532604][ T6420] get_free_pages_noprof+0x10/0xb0
[ 127.532641][ T6420] kasan_populate_vmalloc+0x89/0x1f0
[ 127.532700][ T6420] alloc_vmap_area+0x959/0x29c0
[ 127.532753][ T6420] ? __pfx_alloc_vmap_area+0x10/0x10
[ 127.532832][ T6420] __get_vm_area_node+0x1ca/0x330
[ 127.532883][ T6420] __vmalloc_node_range_noprof+0x271/0x14b0
[ 127.532931][ T6420] ? htab_map_alloc+0x44b/0x1570
[ 127.532981][ T6420] ? __mutex_unlock_slowpath+0x161/0x6a0
[ 127.533037][ T6420] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 127.533092][ T6420] ? htab_map_alloc+0x44b/0x1570
[ 127.533148][ T6420] ? mark_held_locks+0x49/0x80
[ 127.533196][ T6420] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 127.533242][ T6420] ? pcpu_alloc_noprof+0x1f5/0x1470
[ 127.533304][ T6420] ? htab_map_alloc+0x44b/0x1570
[ 127.533353][ T6420] __bpf_map_area_alloc+0x12e/0x200
[ 127.533389][ T6420] ? htab_map_alloc+0x44b/0x1570
[ 127.533448][ T6420] htab_map_alloc+0x44b/0x1570
[ 127.533510][ T6420] ? htab_map_alloc_check+0x2f2/0x430
[ 127.533570][ T6420] map_create+0x592/0x1db0
[ 127.533635][ T6420] ? __pfx_map_create+0x10/0x10
[ 127.533684][ T6420] ? __might_fault+0xe3/0x190
[ 127.533732][ T6420] ? __might_fault+0xe3/0x190
[ 127.533779][ T6420] ? __might_fault+0x13b/0x190
[ 127.533852][ T6420] __sys_bpf+0x47cc/0x4d80
[ 127.533881][ T6420] ? __pfx_futex_wake+0x10/0x10
[ 127.533933][ T6420] ? __pfx___sys_bpf+0x10/0x10
[ 127.533966][ T6420] ? ksys_write+0x190/0x250
[ 127.534023][ T6420] ? do_futex+0x122/0x350
[ 127.534063][ T6420] ? __pfx_do_futex+0x10/0x10
[ 127.534122][ T6420] ? fput+0x70/0xf0
[ 127.534156][ T6420] ? xfd_validate_state+0x61/0x180
[ 127.534193][ T6420] ? __pfx_ksys_write+0x10/0x10
[ 127.534242][ T6420] __x64_sys_bpf+0x78/0xc0
[ 127.534274][ T6420] ? lockdep_hardirqs_on+0x7c/0x110
[ 127.534320][ T6420] do_syscall_64+0xcd/0x490
[ 127.534370][ T6420] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.534403][ T6420] RIP: 0033:0x7eff5bf8e929
[ 127.534439][ T6420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 127.534473][ T6420] RSP: 002b:00007eff5ce90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 127.534509][ T6420] RAX: ffffffffffffffda RBX: 00007eff5c1b5fa0 RCX: 00007eff5bf8e929
[ 127.534531][ T6420] RDX: 0000000000000098 RSI: 0000200000000100 RDI: 0000000000000000
[ 127.534551][ T6420] RBP: 00007eff5c010b39 R08: 0000000000000000 R09: 0000000000000000
[ 127.534570][ T6420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 127.534589][ T6420] R13: 0000000000000000 R14: 00007eff5c1b5fa0 R15: 00007ffce6c6c868
[ 127.534630][ T6420]
[ 129.118747][ T6449] syz.2.244 uses obsolete (PF_INET,SOCK_PACKET)
[ 129.775249][ T6466] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.252' sets config #0
[ 130.732229][ T6489] misc userio: No port type given on /dev/userio
[ 130.750600][ T6492] vivid-003: ================= START STATUS =================
[ 130.811338][ T6492] vivid-003: Radio HW Seek Mode: Bounded
[ 130.837553][ T6492] vivid-003: Radio Programmable HW Seek: false
[ 130.847981][ T6492] vivid-003: RDS Rx I/O Mode: Block I/O
[ 130.857181][ T6492] vivid-003: Generate RBDS Instead of RDS: false
[ 130.867730][ T6492] vivid-003: RDS Reception: true
[ 130.941680][ T6492] vivid-003: RDS Program Type: 0 inactive
[ 130.985116][ T6492] vivid-003: RDS PS Name: inactive
[ 131.062473][ T6492] vivid-003: RDS Radio Text: inactive
[ 131.140316][ T6492] vivid-003: RDS Traffic Announcement: false inactive
[ 131.197227][ T6504] sd 0:0:1:0: PR command failed: 1026
[ 131.211235][ T6492] vivid-003: RDS Traffic Program: false inactive
[ 131.221693][ T6504] sd 0:0:1:0: Sense Key : Illegal Request [current]
[ 131.240698][ T6504] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 131.271775][ T6492] vivid-003: RDS Music: false inactive
[ 131.285991][ T6492] vivid-003: ================== END STATUS ==================
[ 133.375210][ T6558] FAULT_INJECTION: forcing a failure.
[ 133.375210][ T6558] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 133.442452][ T6558] CPU: 0 UID: 0 PID: 6558 Comm: syz.3.293 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
[ 133.442498][ T6558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 133.442518][ T6558] Call Trace:
[ 133.442528][ T6558]
[ 133.442540][ T6558] dump_stack_lvl+0x16c/0x1f0
[ 133.442594][ T6558] should_fail_ex+0x512/0x640
[ 133.442661][ T6558] should_fail_alloc_page+0xe7/0x130
[ 133.442700][ T6558] prepare_alloc_pages+0x3c2/0x610
[ 133.442750][ T6558] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 133.442806][ T6558] ? stack_trace_save+0x8e/0xc0
[ 133.442843][ T6558] ? __pfx_stack_trace_save+0x10/0x10
[ 133.442880][ T6558] ? stack_depot_save_flags+0x28/0xa40
[ 133.442945][ T6558] ? kasan_save_stack+0x42/0x60
[ 133.442997][ T6558] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 133.443049][ T6558] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[ 133.443102][ T6558] ? __get_vm_area_node+0x1ca/0x330
[ 133.443141][ T6558] ? __bpf_map_area_alloc+0x12e/0x200
[ 133.443174][ T6558] ? htab_map_alloc+0x44b/0x1570
[ 133.443226][ T6558] ? map_create+0x592/0x1db0
[ 133.443273][ T6558] ? __sys_bpf+0x47cc/0x4d80
[ 133.443301][ T6558] ? __x64_sys_bpf+0x78/0xc0
[ 133.443331][ T6558] ? do_syscall_64+0xcd/0x490
[ 133.443378][ T6558] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.443429][ T6558] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.443483][ T6558] ? policy_nodemask+0xea/0x4e0
[ 133.443520][ T6558] alloc_pages_mpol+0x1fb/0x550
[ 133.443556][ T6558] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 133.443601][ T6558] alloc_pages_noprof+0x131/0x390
[ 133.443636][ T6558] get_free_pages_noprof+0x10/0xb0
[ 133.443679][ T6558] kasan_populate_vmalloc+0x89/0x1f0
[ 133.443739][ T6558] alloc_vmap_area+0x959/0x29c0
[ 133.443796][ T6558] ? __pfx_alloc_vmap_area+0x10/0x10
[ 133.443845][ T6558] __get_vm_area_node+0x1ca/0x330
[ 133.443895][ T6558] __vmalloc_node_range_noprof+0x271/0x14b0
[ 133.443942][ T6558] ? htab_map_alloc+0x44b/0x1570
[ 133.443990][ T6558] ? __mutex_unlock_slowpath+0x161/0x6a0
[ 133.444044][ T6558] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 133.444099][ T6558] ? htab_map_alloc+0x44b/0x1570
[ 133.444153][ T6558] ? mark_held_locks+0x49/0x80
[ 133.444201][ T6558] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 133.444247][ T6558] ? pcpu_alloc_noprof+0x1f5/0x1470
[ 133.444305][ T6558] ? htab_map_alloc+0x44b/0x1570
[ 133.444355][ T6558] __bpf_map_area_alloc+0x12e/0x200
[ 133.444390][ T6558] ? htab_map_alloc+0x44b/0x1570
[ 133.444447][ T6558] htab_map_alloc+0x44b/0x1570
[ 133.444508][ T6558] ? htab_map_alloc_check+0x2f2/0x430
[ 133.444566][ T6558] map_create+0x592/0x1db0
[ 133.444633][ T6558] ? __pfx_map_create+0x10/0x10
[ 133.444693][ T6558] ? __might_fault+0xe3/0x190
[ 133.444744][ T6558] ? __might_fault+0xe3/0x190
[ 133.444790][ T6558] ? __might_fault+0x13b/0x190
[ 133.444859][ T6558] __sys_bpf+0x47cc/0x4d80
[ 133.444896][ T6558] ? __pfx___sys_bpf+0x10/0x10
[ 133.444929][ T6558] ? ksys_write+0x190/0x250
[ 133.444986][ T6558] ? do_futex+0x122/0x350
[ 133.445028][ T6558] ? __pfx_do_futex+0x10/0x10
[ 133.445087][ T6558] ? fput+0x70/0xf0
[ 133.445122][ T6558] ? xfd_validate_state+0x61/0x180
[ 133.445164][ T6558] ? __pfx_ksys_write+0x10/0x10
[ 133.445220][ T6558] __x64_sys_bpf+0x78/0xc0
[ 133.445253][ T6558] ? lockdep_hardirqs_on+0x7c/0x110
[ 133.445298][ T6558] do_syscall_64+0xcd/0x490
[ 133.445350][ T6558] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.445382][ T6558] RIP: 0033:0x7fe9ea78e929
[ 133.445409][ T6558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 133.445442][ T6558] RSP: 002b:00007fe9eb5ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 133.445473][ T6558] RAX: ffffffffffffffda RBX: 00007fe9ea9b5fa0 RCX: 00007fe9ea78e929
[ 133.445495][ T6558] RDX: 0000000000000098 RSI: 0000200000000100 RDI: 0000000000000000
[ 133.445516][ T6558] RBP: 00007fe9ea810b39 R08: 0000000000000000 R09: 0000000000000000
[ 133.445537][ T6558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 133.445556][ T6558] R13: 0000000000000000 R14: 00007fe9ea9b5fa0 R15: 00007fffa3349328
[ 133.445596][ T6558]
[ 134.731863][ T6587] openvswitch: netlink: nsh attribute has unmatched MD type 0.
[ 136.177198][ T6622] tc_dump_action: action bad kind
[ 136.512562][ T6633] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[ 138.848421][ T6700] netlink: 'syz.3.354': attribute type 1 has an invalid length.
[ 139.848323][ T6723] FAULT_INJECTION: forcing a failure.
[ 139.848323][ T6723] name failslab, interval 1, probability 0, space 0, times 0
[ 139.862107][ T6723] CPU: 1 UID: 0 PID: 6723 Comm: syz.0.364 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
[ 139.862153][ T6723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 139.862174][ T6723] Call Trace:
[ 139.862184][ T6723]
[ 139.862196][ T6723] dump_stack_lvl+0x16c/0x1f0
[ 139.862251][ T6723] should_fail_ex+0x512/0x640
[ 139.862304][ T6723] ? __kmalloc_node_noprof+0xc5/0x500
[ 139.862378][ T6723] should_failslab+0xc2/0x120
[ 139.862412][ T6723] __kmalloc_node_noprof+0xd8/0x500
[ 139.862465][ T6723] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 139.862499][ T6723] ? alloc_slab_obj_exts+0x41/0xa0
[ 139.862551][ T6723] alloc_slab_obj_exts+0x41/0xa0
[ 139.862596][ T6723] new_slab+0x283/0x330
[ 139.862643][ T6723] ___slab_alloc+0xd9c/0x1940
[ 139.862688][ T6723] ? sk_prot_alloc+0x60/0x2a0
[ 139.862721][ T6723] ? new_slab+0x2d1/0x330
[ 139.862780][ T6723] ? sk_prot_alloc+0x60/0x2a0
[ 139.862811][ T6723] ? __slab_alloc.constprop.0+0x56/0xb0
[ 139.862857][ T6723] __slab_alloc.constprop.0+0x56/0xb0
[ 139.862908][ T6723] kmem_cache_alloc_noprof+0xef/0x3b0
[ 139.862960][ T6723] ? security_inode_alloc+0x3b/0x2b0
[ 139.862997][ T6723] ? sk_prot_alloc+0x60/0x2a0
[ 139.863035][ T6723] sk_prot_alloc+0x60/0x2a0
[ 139.863071][ T6723] sk_alloc+0x36/0xc20
[ 139.863117][ T6723] smc_create+0x114/0x2a0
[ 139.863159][ T6723] __sock_create+0x335/0x8d0
[ 139.863203][ T6723] __sys_socket+0x14d/0x260
[ 139.863238][ T6723] ? fput+0x70/0xf0
[ 139.863270][ T6723] ? __pfx___sys_socket+0x10/0x10
[ 139.863307][ T6723] ? xfd_validate_state+0x61/0x180
[ 139.863350][ T6723] ? __pfx_ksys_write+0x10/0x10
[ 139.863419][ T6723] __x64_sys_socket+0x72/0xb0
[ 139.863454][ T6723] ? lockdep_hardirqs_on+0x7c/0x110
[ 139.863501][ T6723] do_syscall_64+0xcd/0x490
[ 139.863553][ T6723] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 139.863586][ T6723] RIP: 0033:0x7f7d22f8e929
[ 139.863611][ T6723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 139.863644][ T6723] RSP: 002b:00007f7d23daa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[ 139.863674][ T6723] RAX: ffffffffffffffda RBX: 00007f7d231b5fa0 RCX: 00007f7d22f8e929
[ 139.863695][ T6723] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000002b
[ 139.863714][ T6723] RBP: 00007f7d23010b39 R08: 0000000000000000 R09: 0000000000000000
[ 139.863734][ T6723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 139.863754][ T6723] R13: 0000000000000000 R14: 00007f7d231b5fa0 R15: 00007ffce218cdd8
[ 139.863796][ T6723]
[ 141.457007][ T6764] netlink: 'syz.3.383': attribute type 1 has an invalid length.
[ 142.578590][ T6797] capability: warning: `syz.1.396' uses 32-bit capabilities (legacy support in use)
[ 143.167210][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[ 143.180864][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[ 143.412639][ T6826] CIFS: VFS: Invalid SecurityFlags:
[ 145.254633][ T6885] netlink: 'syz.0.437': attribute type 1 has an invalid length.
[ 146.380575][ T6922] netlink: 'syz.1.454': attribute type 1 has an invalid length.
[ 147.765140][ T6964] netlink: 'syz.1.473': attribute type 1 has an invalid length.
[ 148.896771][ T7003] sd 0:0:1:0: PR command failed: 1026
[ 148.914239][ T7003] sd 0:0:1:0: Sense Key : Illegal Request [current]
[ 148.921068][ T7003] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 149.658615][ T7022] netlink: 'syz.1.500': attribute type 1 has an invalid length.
[ 150.829464][ T7058] device-mapper: ioctl: only supply one of name or uuid, cmd(11)
[ 153.601839][ T7135] binder: 7134:7135 ioctl c00c620f 200000000340 returned -22
[ 155.051603][ T7173] netlink: 'syz.1.567': attribute type 11 has an invalid length.
[ 155.064609][ T7173] netlink: 'syz.1.567': attribute type 11 has an invalid length.
[ 155.087449][ T7173] netlink: 'syz.1.567': attribute type 11 has an invalid length.
[ 155.221454][ T7177] dyndbg: expected <4096 bytes into control
[ 155.548753][ T7188] FAULT_INJECTION: forcing a failure.
[ 155.548753][ T7188] name failslab, interval 1, probability 0, space 0, times 0
[ 155.589332][ T7188] CPU: 1 UID: 0 PID: 7188 Comm: syz.3.574 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
[ 155.589379][ T7188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 155.589399][ T7188] Call Trace:
[ 155.589410][ T7188]
[ 155.589423][ T7188] dump_stack_lvl+0x16c/0x1f0
[ 155.589476][ T7188] should_fail_ex+0x512/0x640
[ 155.589536][ T7188] should_failslab+0xc2/0x120
[ 155.589571][ T7188] __kmalloc_cache_noprof+0x6a/0x3e0
[ 155.589618][ T7188] ? proc_self_get_link+0x1a9/0x230
[ 155.589670][ T7188] proc_self_get_link+0x1a9/0x230
[ 155.589718][ T7188] ? __pfx_proc_self_get_link+0x10/0x10
[ 155.589763][ T7188] step_into+0x195b/0x2270
[ 155.589817][ T7188] ? __pfx_step_into+0x10/0x10
[ 155.589867][ T7188] ? lookup_fast+0x156/0x610
[ 155.589929][ T7188] walk_component+0xfc/0x5b0
[ 155.589979][ T7188] link_path_walk+0x627/0xe20
[ 155.590040][ T7188] path_openat+0x1b0/0x2cb0
[ 155.590087][ T7188] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.590137][ T7188] ? __pfx_path_openat+0x10/0x10
[ 155.590193][ T7188] ? __lock_acquire+0xb8a/0x1c90
[ 155.590243][ T7188] do_filp_open+0x20b/0x470
[ 155.590294][ T7188] ? __pfx_do_filp_open+0x10/0x10
[ 155.590376][ T7188] ? alloc_fd+0x471/0x7d0
[ 155.590433][ T7188] do_sys_openat2+0x11b/0x1d0
[ 155.590472][ T7188] ? __pfx_do_sys_openat2+0x10/0x10
[ 155.590527][ T7188] __x64_sys_openat+0x174/0x210
[ 155.590569][ T7188] ? __pfx___x64_sys_openat+0x10/0x10
[ 155.590626][ T7188] do_syscall_64+0xcd/0x490
[ 155.590679][ T7188] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.590713][ T7188] RIP: 0033:0x7fe9ea78e929
[ 155.590740][ T7188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 155.590773][ T7188] RSP: 002b:00007fe9eb5ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 155.590805][ T7188] RAX: ffffffffffffffda RBX: 00007fe9ea9b5fa0 RCX: 00007fe9ea78e929
[ 155.590826][ T7188] RDX: 0000000000040302 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 155.590847][ T7188] RBP: 00007fe9ea810b39 R08: 0000000000000000 R09: 0000000000000000
[ 155.590867][ T7188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 155.590886][ T7188] R13: 0000000000000000 R14: 00007fe9ea9b5fa0 R15: 00007fffa3349328
[ 155.590947][ T7188]
[ 156.279946][ T7200] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[ 157.099600][ T7225] openvswitch: netlink: Flow key attr not present in new flow.
[ 157.296208][ T7231] netlink: 29 bytes leftover after parsing attributes in process `syz.1.595'.
[ 157.578338][ T7238] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 159.062335][ T7279] netlink: 'syz.1.618': attribute type 11 has an invalid length.
[ 159.070162][ T7279] netlink: 'syz.1.618': attribute type 11 has an invalid length.
[ 159.102926][ T7279] netlink: 4 bytes leftover after parsing attributes in process `syz.1.618'.
[ 159.126805][ T7279] netlink: 'syz.1.618': attribute type 11 has an invalid length.
[ 159.150584][ T7279] netlink: 20 bytes leftover after parsing attributes in process `syz.1.618'.
[ 159.179505][ T7279] netlink: 200 bytes leftover after parsing attributes in process `syz.1.618'.
[ 160.490861][ T7324] netlink: 72 bytes leftover after parsing attributes in process `syz.2.638'.
[ 161.278377][ T7347] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[ 161.907527][ T7367] openvswitch: netlink: Key type 261 is out of range max 32
[ 163.040087][ T7400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.674'.
[ 163.175085][ T7406] openvswitch: netlink: Message has 8 unknown bytes.
[ 163.681596][ T7421] netlink: 'syz.1.684': attribute type 22 has an invalid length.
[ 164.681606][ T7446] netlink: Conntrack attr has 16 unknown bytes
[ 165.051688][ T7458] FAULT_INJECTION: forcing a failure.
[ 165.051688][ T7458] name failslab, interval 1, probability 0, space 0, times 0
[ 165.093895][ T7458] CPU: 0 UID: 0 PID: 7458 Comm: syz.2.700 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
[ 165.093942][ T7458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 165.093961][ T7458] Call Trace:
[ 165.093971][ T7458]
[ 165.093984][ T7458] dump_stack_lvl+0x16c/0x1f0
[ 165.094037][ T7458] should_fail_ex+0x512/0x640
[ 165.094089][ T7458] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[ 165.094148][ T7458] should_failslab+0xc2/0x120
[ 165.094180][ T7458] kmem_cache_alloc_lru_noprof+0x72/0x3b0
[ 165.094236][ T7458] ? __d_alloc+0x31/0xaa0
[ 165.094273][ T7458] __d_alloc+0x31/0xaa0
[ 165.094308][ T7458] d_alloc+0x4a/0x1e0
[ 165.094340][ T7458] d_alloc_parallel+0xe3/0x12e0
[ 165.094394][ T7458] ? find_held_lock+0x2b/0x80
[ 165.094431][ T7458] ? __pfx_d_alloc_parallel+0x10/0x10
[ 165.094478][ T7458] ? __d_lookup+0x266/0x4a0
[ 165.094528][ T7458] lookup_open.isra.0+0x665/0x1580
[ 165.094585][ T7458] ? __pfx_lookup_open.isra.0+0x10/0x10
[ 165.094664][ T7458] ? mnt_get_write_access+0x20c/0x300
[ 165.094708][ T7458] path_openat+0x893/0x2cb0
[ 165.094771][ T7458] ? __pfx_path_openat+0x10/0x10
[ 165.094852][ T7458] ? __lock_acquire+0xb8a/0x1c90
[ 165.094902][ T7458] do_filp_open+0x20b/0x470
[ 165.094954][ T7458] ? __pfx_do_filp_open+0x10/0x10
[ 165.095022][ T7458] ? __pfx_kfree_link+0x10/0x10
[ 165.095075][ T7458] ? alloc_fd+0x471/0x7d0
[ 165.095135][ T7458] do_sys_openat2+0x11b/0x1d0
[ 165.095174][ T7458] ? __pfx_do_sys_openat2+0x10/0x10
[ 165.095232][ T7458] __x64_sys_openat+0x174/0x210
[ 165.095272][ T7458] ? __pfx___x64_sys_openat+0x10/0x10
[ 165.095331][ T7458] do_syscall_64+0xcd/0x490
[ 165.095384][ T7458] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 165.095416][ T7458] RIP: 0033:0x7f7a1a18e929
[ 165.095442][ T7458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 165.095474][ T7458] RSP: 002b:00007f7a1af27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 165.095505][ T7458] RAX: ffffffffffffffda RBX: 00007f7a1a3b5fa0 RCX: 00007f7a1a18e929
[ 165.095527][ T7458] RDX: 0000000000040302 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 165.095545][ T7458] RBP: 00007f7a1a210b39 R08: 0000000000000000 R09: 0000000000000000
[ 165.095567][ T7458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 165.095587][ T7458] R13: 0000000000000000 R14: 00007f7a1a3b5fa0 R15: 00007ffe931acf98
[ 165.095630][ T7458]
[ 167.365246][ T7511] block2mtd: too many arguments
[ 168.230020][ T7537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.733'.
[ 168.906553][ T520] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 168.969402][ T7559] MTRR 1 not used
[ 169.069547][ T520] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 169.181874][ T520] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 169.338962][ T520] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 169.631491][ T7572] netlink: Conntrack attr has 16 unknown bytes
[ 169.713236][ T520] bridge_slave_1: left allmulticast mode
[ 169.744676][ T520] bridge_slave_1: left promiscuous mode
[ 169.751716][ T520] bridge0: port 2(bridge_slave_1) entered disabled state
[ 169.885394][ T520] bridge_slave_0: left allmulticast mode
[ 169.918659][ T520] bridge_slave_0: left promiscuous mode
[ 169.930933][ T7576] Invalid ELF header magic: != ELF
[ 169.951723][ T520] bridge0: port 1(bridge_slave_0) entered disabled state
[ 170.091270][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 170.100185][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 170.122574][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 170.147755][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 170.172713][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 171.128650][ T520] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 171.172412][ T520] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 171.193516][ T520] bond0 (unregistering): Released all slaves
[ 172.213235][ T51] Bluetooth: hci3: command tx timeout
[ 172.651639][ T520] hsr_slave_0: left promiscuous mode
[ 172.696313][ T520] hsr_slave_1: left promiscuous mode
[ 172.735136][ T520] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 172.766157][ T520] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 172.813467][ T520] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 172.821034][ T520] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 172.880747][ T520] veth1_macvtap: left promiscuous mode
[ 172.898386][ T520] veth0_macvtap: left promiscuous mode
[ 172.908756][ T520] veth1_vlan: left promiscuous mode
[ 172.914824][ T520] veth0_vlan: left promiscuous mode
[ 174.193737][ T520] team0 (unregistering): Port device team_slave_1 removed
[ 174.239542][ T520] team0 (unregistering): Port device team_slave_0 removed
[ 174.282428][ T51] Bluetooth: hci3: command tx timeout
[ 175.157486][ T7582] chnl_net:caif_netlink_parms(): no params data found
[ 175.262388][ T7710] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0
[ 175.660365][ T7582] bridge0: port 1(bridge_slave_0) entered blocking state
[ 175.691673][ T7582] bridge0: port 1(bridge_slave_0) entered disabled state
[ 175.708011][ T7582] bridge_slave_0: entered allmulticast mode
[ 175.727150][ T7582] bridge_slave_0: entered promiscuous mode
[ 175.751871][ T7582] bridge0: port 2(bridge_slave_1) entered blocking state
[ 175.768110][ T7582] bridge0: port 2(bridge_slave_1) entered disabled state
[ 175.786553][ T7582] bridge_slave_1: entered allmulticast mode
[ 175.806773][ T7582] bridge_slave_1: entered promiscuous mode
[ 175.940756][ T7730] openvswitch: netlink: IP tunnel dst address not specified
[ 175.961020][ T7582] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 175.995897][ T7582] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 176.165992][ T7582] team0: Port device team_slave_0 added
[ 176.187171][ T7582] team0: Port device team_slave_1 added
[ 176.361526][ T51] Bluetooth: hci3: command tx timeout
[ 176.405935][ T7582] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 176.421282][ T7582] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 176.479714][ T7582] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 176.531751][ T7582] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 176.553592][ T7582] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 176.638749][ T7582] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 176.997228][ T7582] hsr_slave_0: entered promiscuous mode
[ 177.008582][ T7582] hsr_slave_1: entered promiscuous mode
[ 178.446805][ T51] Bluetooth: hci3: command tx timeout
[ 178.934423][ T7582] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 178.992278][ T7582] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 179.035628][ T7582] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 179.099489][ T7582] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 179.515480][ T7582] 8021q: adding VLAN 0 to HW filter on device bond0
[ 179.593683][ T7582] 8021q: adding VLAN 0 to HW filter on device team0
[ 179.644251][ T2926] bridge0: port 1(bridge_slave_0) entered blocking state
[ 179.651526][ T2926] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 179.708469][ T2926] bridge0: port 2(bridge_slave_1) entered blocking state
[ 179.715736][ T2926] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 179.987126][ T7849] Invalid ELF header magic: != ELF
[ 180.097014][ T7857] openvswitch: netlink: IP tunnel dst address not specified
[ 180.543623][ T7582] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 180.758609][ T7582] veth0_vlan: entered promiscuous mode
[ 180.803032][ T7582] veth1_vlan: entered promiscuous mode
[ 180.930597][ T7582] veth0_macvtap: entered promiscuous mode
[ 180.966759][ T7582] veth1_macvtap: entered promiscuous mode
[ 181.045978][ T7582] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 181.111436][ T7582] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 181.157297][ T7582] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 181.182952][ T7582] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 181.211437][ T7582] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 181.230543][ T7582] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 181.352140][ T7892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 181.374946][ T7892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 181.588541][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 181.623599][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 181.819135][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 181.849410][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 183.511095][ T7957] MTRR 1 not used
[ 183.893102][ T7974] Format for adding new device is "id port_count num_queues" (uint uint unit).
[ 186.601686][ T8060] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 186.696436][ T8064] futex_wake_op: syz.2.925 tries to shift op by 64; fix this program
[ 187.247162][ T8082] Invalid ELF header magic: != ELF
[ 187.715056][ T8094] svc: failed to register nfsdv3 RPC service (errno 111).
[ 187.751371][ T8094] svc: failed to register nfsaclv3 RPC service (errno 111).
[ 187.928682][ T30] audit: type=1800 audit(4294967351.360:3): pid=8104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.945" name="members" dev="configfs" ino=15262 res=0 errno=0
[ 188.293836][ T8117] ALSA: mixer_oss: invalid OSS volume ''
[ 188.694283][ T8134] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 189.615608][ T8161] Invalid ELF header magic: != ELF
[ 190.603225][ T8185] Format for adding new device is "id port_count num_queues" (uint uint unit).
[ 192.212159][ T8233] nbd: must specify a device to reconfigure
[ 194.371021][ T8282] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 194.381484][ T8282] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 194.442206][ T8282] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 194.501228][ T8282] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 194.511803][ T8282] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 194.562725][ T8282] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 194.613041][ T8282] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 194.621762][ T8282] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 194.648001][ T8309] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1036'.
[ 194.659323][ T8282] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 194.675878][ T8282] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 194.694746][ T8282] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 194.758221][ T8282] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 195.971581][ T51] Bluetooth: hci1: command 0x0c1a tx timeout
[ 196.531316][ T51] Bluetooth: hci2: command 0x0c1a tx timeout
[ 196.681326][ T51] Bluetooth: hci3: command 0x0c1a tx timeout
[ 196.685094][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout
[ 197.266601][ T8390] .SR: entered promiscuous mode
[ 198.041704][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout
[ 198.138233][ T8424] FAULT_INJECTION: forcing a failure.
[ 198.138233][ T8424] name failslab, interval 1, probability 0, space 0, times 0
[ 198.151358][ T8424] CPU: 1 UID: 0 PID: 8424 Comm: syz.3.1087 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
[ 198.151401][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 198.151419][ T8424] Call Trace:
[ 198.151429][ T8424]
[ 198.151441][ T8424] dump_stack_lvl+0x16c/0x1f0
[ 198.151503][ T8424] should_fail_ex+0x512/0x640
[ 198.151552][ T8424] ? __kmalloc_noprof+0xbf/0x510
[ 198.151606][ T8424] ? lsm_blob_alloc+0x68/0x90
[ 198.151634][ T8424] should_failslab+0xc2/0x120
[ 198.151667][ T8424] __kmalloc_noprof+0xd2/0x510
[ 198.151726][ T8424] lsm_blob_alloc+0x68/0x90
[ 198.151756][ T8424] security_sk_alloc+0x30/0x270
[ 198.151791][ T8424] sk_prot_alloc+0x1c7/0x2a0
[ 198.151824][ T8424] sk_alloc+0x36/0xc20
[ 198.151870][ T8424] packet_create+0x127/0x8e0
[ 198.151915][ T8424] __sock_create+0x335/0x8d0
[ 198.151957][ T8424] __sys_socket+0x14d/0x260
[ 198.151992][ T8424] ? fput+0x70/0xf0
[ 198.152023][ T8424] ? __pfx___sys_socket+0x10/0x10
[ 198.152060][ T8424] ? xfd_validate_state+0x61/0x180
[ 198.152100][ T8424] ? __pfx_ksys_write+0x10/0x10
[ 198.152155][ T8424] __x64_sys_socket+0x72/0xb0
[ 198.152190][ T8424] ? lockdep_hardirqs_on+0x7c/0x110
[ 198.152234][ T8424] do_syscall_64+0xcd/0x490
[ 198.152283][ T8424] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 198.152315][ T8424] RIP: 0033:0x7fe9ea78e929
[ 198.152340][ T8424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 198.152368][ T8424] RSP: 002b:00007fe9eb5ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[ 198.152394][ T8424] RAX: ffffffffffffffda RBX: 00007fe9ea9b5fa0 RCX: 00007fe9ea78e929
[ 198.152412][ T8424] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000011
[ 198.152428][ T8424] RBP: 00007fe9ea810b39 R08: 0000000000000000 R09: 0000000000000000
[ 198.152445][ T8424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 198.152461][ T8424] R13: 0000000000000000 R14: 00007fe9ea9b5fa0 R15: 00007fffa3349328
[ 198.152506][ T8424]
[ 198.601505][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout
[ 198.762961][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout
[ 198.765683][ T51] Bluetooth: hci3: command 0x0c1a tx timeout
[ 199.123714][ T8454] netlink: zone id is out of range
[ 199.128915][ T8454] netlink: zone id is out of range
[ 199.176901][ T8454] netlink: zone id is out of range
[ 199.201265][ T8454] netlink: zone id is out of range
[ 199.216919][ T8454] netlink: zone id is out of range
[ 199.233468][ T8454] netlink: zone id is out of range
[ 199.246644][ T8454] netlink: zone id is out of range
[ 199.252529][ T8454] netlink: zone id is out of range
[ 199.259032][ T8454] netlink: zone id is out of range
[ 199.265952][ T8454] netlink: zone id is out of range
[ 199.618569][ T8472] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1109'.
[ 200.129591][ T51] Bluetooth: hci1: command 0x0c1a tx timeout
[ 200.681225][ T51] Bluetooth: hci2: command 0x0c1a tx timeout
[ 200.842269][ T51] Bluetooth: hci0: command 0x0c1a tx timeout
[ 200.842291][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout
[ 201.181411][ T8510] usb usb37: usbfs: process 8510 (syz.2.1126) did not claim interface 0 before use
[ 201.510832][ T8521] netlink: 206 bytes leftover after parsing attributes in process `syz.3.1131'.
[ 202.280196][ T8548] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 203.078464][ T8577] unsupported nla_type 32969
[ 204.606561][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[ 204.613232][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[ 205.748113][ T30] audit: type=1800 audit(4294967369.180:4): pid=8668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1201" name="dbroot" dev="configfs" ino=17076 res=0 errno=0
[ 206.609280][ T8698] cifs: Unknown parameter '�T.�żc[���$�⁍)U�ÑnE-ʙ�l- -_5Z��omfwYh*/xD�lݩ��gkǐA7��9Xa/f_ARxM vp$^�;q3n�-�6�+ek
[ 255.223466][T10175] dump_stack_lvl+0x16c/0x1f0
[ 255.223519][T10175] should_fail_ex+0x512/0x640
[ 255.223573][T10175] ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 255.223631][T10175] should_failslab+0xc2/0x120
[ 255.223665][T10175] kmem_cache_alloc_noprof+0x6d/0x3b0
[ 255.223718][T10175] ? kcm_create+0x11e/0x690
[ 255.223767][T10175] kcm_create+0x11e/0x690
[ 255.223821][T10175] __sock_create+0x335/0x8d0
[ 255.223866][T10175] __sys_socket+0x14d/0x260
[ 255.223901][T10175] ? fput+0x70/0xf0
[ 255.223931][T10175] ? __pfx___sys_socket+0x10/0x10
[ 255.223965][T10175] ? xfd_validate_state+0x61/0x180
[ 255.224000][T10175] ? __pfx_ksys_write+0x10/0x10
[ 255.224052][T10175] __x64_sys_socket+0x72/0xb0
[ 255.224083][T10175] ? lockdep_hardirqs_on+0x7c/0x110
[ 255.224134][T10175] do_syscall_64+0xcd/0x490
[ 255.224195][T10175] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 255.224233][T10175] RIP: 0033:0x7fb0f758e929
[ 255.224264][T10175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 255.224300][T10175] RSP: 002b:00007fb0f83b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[ 255.224335][T10175] RAX: ffffffffffffffda RBX: 00007fb0f77b5fa0 RCX: 00007fb0f758e929
[ 255.224360][T10175] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000029
[ 255.224382][T10175] RBP: 00007fb0f7610b39 R08: 0000000000000000 R09: 0000000000000000
[ 255.224406][T10175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 255.224428][T10175] R13: 0000000000000000 R14: 00007fb0f77b5fa0 R15: 00007ffed3f20848
[ 255.224477][T10175]
[ 255.536715][ C0] vkms_vblank_simulate: vblank timer overrun
[ 256.019105][T10203] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18
[ 256.264413][T10206] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19
[ 257.901652][T10266] netlink: 'syz.0.1915': attribute type 1 has an invalid length.
[ 258.449809][T10287] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20
[ 258.770784][T10289] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21
[ 259.340328][T10315] ima: policy update failed
[ 259.361235][ T30] audit: type=1802 audit(4294967331.700:5): pid=10315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1937" res=0 errno=0
[ 259.848784][T10324] syz.3.1942 (10324) used greatest stack depth: 19800 bytes left
[ 260.511389][T10348] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22
[ 260.712959][T10351] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23
[ 261.179314][T10368] openvswitch: netlink: Missing valid actions attribute.
[ 261.757763][T10387] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24
[ 262.134551][T10391] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25
[ 263.856594][T10453] netlink: 'syz.3.1996': attribute type 1 has an invalid length.
[ 265.955734][T10527] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26
[ 266.049164][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[ 266.057843][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[ 266.196767][T10528] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27
[ 266.439907][T10537] netlink: zone id is out of range
[ 266.456944][T10537] netlink: del zone limit has 4 unknown bytes
[ 266.611341][T10544] tipc: Enabling of bearer rejected, media not registered
[ 266.759850][T10551] openvswitch: netlink: IP tunnel dst address not specified
[ 267.799020][T10591] syz.0.2056(10591): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[ 268.037628][T10597] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28
[ 268.264491][T10602] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29
[ 269.868930][T10661] delete_channel: no stack
[ 270.426860][T10680] nbd: must specify an index to disconnect
[ 270.880941][ T30] audit: type=1804 audit(4294967343.220:6): pid=10699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2105" name="/newroot/579/file0" dev="tmpfs" ino=2931 res=1 errno=0
[ 271.861448][T10736] .^: entered promiscuous mode
[ 271.870701][T10738] netlink: 'syz.3.2122': attribute type 1 has an invalid length.
[ 273.456988][ T30] audit: type=1800 audit(4294967345.800:7): pid=10781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2142" name="discovery_nqn" dev="configfs" ino=23916 res=0 errno=0
[ 274.005011][T10797] openvswitch: netlink: Duplicate key (type 15).
[ 274.098151][T10801] openvswitch: netlink: Flow key attribute not present in set flow.
[ 274.834507][T10827] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 276.541740][T10889] openvswitch: netlink: push_nsh: missing base or metadata attributes
[ 277.779310][T10924] .^: entered promiscuous mode
[ 278.297498][ T30] audit: type=1326 audit(4294967350.630:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10941 comm="syz.2.2218" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a1a18e929 code=0x0
[ 278.605912][T10959] openvswitch: netlink: Duplicate key (type 15).
[ 279.077154][T10977] netlink: 'syz.0.2234': attribute type 1 has an invalid length.
[ 280.597385][T11039] Console: switching to colour VGA+ 80x25
[ 280.646024][T11041] nbd: illegal input index 2147483647
[ 282.471553][T11110] device-mapper: ioctl: Invalid ioctl structure: name �, dev 7f00010002
[ 282.777480][T11123] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied.
[ 283.001644][T11130] netlink: 'syz.2.2297': attribute type 8 has an invalid length.
[ 283.531424][T11150] netlink: Unknown conntrack attr (type=146, max=9)
[ 283.861259][T11155] svc: failed to register nfsdv3 RPC service (errno 111).
[ 283.881636][T11155] svc: failed to register nfsaclv3 RPC service (errno 111).
[ 286.495992][T11254] device-mapper: ioctl: Invalid data size in the ioctl structure: 0
[ 288.214642][T11308] svc: failed to register nfsdv3 RPC service (errno 111).
[ 288.246123][T11308] svc: failed to register nfsaclv3 RPC service (errno 111).
[ 291.634065][ T30] audit: type=1804 audit(4294967305.100:9): pid=11437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2410" name="/newroot/584/file0" dev="tmpfs" ino=2959 res=1 errno=0
[ 291.701230][ T30] audit: type=1800 audit(4294967305.100:10): pid=11437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2410" name="file0" dev="tmpfs" ino=2959 res=0 errno=0
[ 291.994738][T11449] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2416'.
[ 292.496896][T11470] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2426'.
[ 293.507051][ T51] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[ 293.507100][ T51] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[ 293.522361][ T51] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[ 293.522455][ T51] Bluetooth: hci0: Malformed LE Event: 0x0d
[ 294.631420][T11553] nbd: illegal input index -5
[ 294.909330][T11562] netlink: 'syz.1.2468': attribute type 2 has an invalid length.
[ 295.628154][T11580] device-mapper: ioctl: name not supplied when creating device
[ 296.056198][T11596] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2482'.
[ 296.277473][T11604] program syz.1.2486 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 297.597456][T11662] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2514'.
[ 297.621490][T11662] tc_dump_action: action bad kind
[ 298.182888][T11679] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2522'.
syzkaller
syzkaller login: [ 299.123824][ T51] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260
[ 299.123871][ T51] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260
[ 299.139838][ T51] Bluetooth: hci3: Dropping invalid advertising data
[ 299.147635][ T51] Bluetooth: hci3: Dropping invalid advertising data
[ 299.154635][ T51] Bluetooth: hci3: Dropping invalid advertising data
[ 299.162359][ T51] Bluetooth: hci3: Malformed LE Event: 0x02
[ 299.537935][T11708] openvswitch: netlink: IPv6 tunnel dst address is zero
[ 300.215395][T11724] openvswitch: netlink: push_nsh: missing base or metadata attributes
[ 301.962687][T11774] netlink: 'syz.3.2564': attribute type 1 has an invalid length.
[ 304.100041][T11836] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[ 305.213025][T11873] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[ 305.728849][T11892] smc: net device syz_tun applied user defined pnetid ETHTOOL
[ 308.135531][T11969] netlink: 'syz.1.2656': attribute type 1 has an invalid length.
[ 309.581441][T12019] svc: failed to register nfsdv3 RPC service (errno 111).
[ 309.604591][T12019] svc: failed to register nfsaclv3 RPC service (errno 111).
[ 309.772520][T12029] openvswitch: netlink: nsh attr 68 is out of range max 3
[ 309.791846][T12031] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xeffffd12
[ 310.378188][T12052] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2693'.
[ 310.489579][T12056] openvswitch: netlink: IP tunnel dst address not specified
[ 312.738954][T12147] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2736'.
��������������������������������� �� ���������������� ���� ����������������������������
��������������������������� ������������������������������� ������� ������ �����������������������
�������������������������� ������������������������������������������ �������
��������������������������� ���������������������� ������������������� ���� ���������
������������������������������������ ������ ��� ������������������� ��
syzkaller
syzkaller login:
syzkaller
syzkaller login: [ 324.273426][T12433] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 326.582483][T12493] FAULT_INJECTION: forcing a failure.
[ 326.582483][T12493] name failslab, interval 1, probability 0, space 0, times 0
[ 326.584673][T12493] CPU: 1 UID: 0 PID: 12493 Comm: syz.1.2893 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
[ 326.584716][T12493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 326.584735][T12493] Call Trace:
[ 326.584746][T12493]
[ 326.584759][T12493] dump_stack_lvl+0x16c/0x1f0
[ 326.584816][T12493] should_fail_ex+0x512/0x640
[ 326.584869][T12493] ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 326.584927][T12493] should_failslab+0xc2/0x120
[ 326.584961][T12493] kmem_cache_alloc_noprof+0x6d/0x3b0
[ 326.585011][T12493] ? trace_cap_capable+0x18d/0x200
[ 326.585043][T12493] ? create_new_namespaces+0x30/0xa90
[ 326.585085][T12493] create_new_namespaces+0x30/0xa90
[ 326.585119][T12493] ? bpf_lsm_capable+0x9/0x10
[ 326.585161][T12493] ? security_capable+0x7e/0x260
[ 326.585197][T12493] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 326.585239][T12493] ksys_unshare+0x45b/0xa40
[ 326.585283][T12493] ? __pfx_ksys_unshare+0x10/0x10
[ 326.585328][T12493] ? xfd_validate_state+0x61/0x180
[ 326.585384][T12493] __x64_sys_unshare+0x31/0x40
[ 326.585436][T12493] do_syscall_64+0xcd/0x490
[ 326.585488][T12493] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 326.585520][T12493] RIP: 0033:0x7eff5bf8e929
[ 326.585547][T12493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 326.585580][T12493] RSP: 002b:00007eff5ce90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 326.585611][T12493] RAX: ffffffffffffffda RBX: 00007eff5c1b5fa0 RCX: 00007eff5bf8e929
[ 326.585632][T12493] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400
[ 326.585652][T12493] RBP: 00007eff5c010b39 R08: 0000000000000000 R09: 0000000000000000
[ 326.585672][T12493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 326.585691][T12493] R13: 0000000000000000 R14: 00007eff5c1b5fa0 R15: 00007ffce6c6c868
[ 326.585733][T12493]
[ 327.490987][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[ 327.497858][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[ 329.161357][T12563] openvswitch: netlink: Multiple metadata blocks provided
[ 329.586293][T12579] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 330.277249][T12605] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2941'.
[ 330.309456][T12605] openvswitch: netlink: IPv4 tunnel dst address is zero
[ 330.722880][T12621]
[ 330.725289][T12621] ======================================================
[ 330.732348][T12621] WARNING: possible circular locking dependency detected
[ 330.739418][T12621] 6.15.0-syzkaller-12426-ge271ed52b344 #0 Not tainted
[ 330.746229][T12621] ------------------------------------------------------
[ 330.753303][T12621] syz.1.2949/12621 is trying to acquire lock:
[ 330.759412][T12621] ffffffff8e52f4c8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470
[ 330.769095][T12621]
[ 330.769095][T12621] but task is already holding lock:
[ 330.776504][T12621] ffff888142fb8a70 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[ 330.787820][T12621]
[ 330.787820][T12621] which lock already depends on the new lock.
[ 330.787820][T12621]
[ 330.798252][T12621]
[ 330.798252][T12621] the existing dependency chain (in reverse order) is:
[ 330.807296][T12621]
[ 330.807296][T12621] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}:
[ 330.815961][T12621] blk_alloc_queue+0x619/0x760
[ 330.821303][T12621] blk_mq_alloc_queue+0x175/0x290
[ 330.826894][T12621] __blk_mq_alloc_disk+0x29/0x120
[ 330.832498][T12621] loop_add+0x49e/0xb70
[ 330.837209][T12621] loop_init+0x164/0x270
[ 330.842105][T12621] do_one_initcall+0x120/0x6e0
[ 330.847438][T12621] kernel_init_freeable+0x5c2/0x900
[ 330.853203][T12621] kernel_init+0x1c/0x2b0
[ 330.858116][T12621] ret_from_fork+0x5d7/0x6f0
[ 330.863274][T12621] ret_from_fork_asm+0x1a/0x30
[ 330.868597][T12621]
[ 330.868597][T12621] -> #1 (fs_reclaim){+.+.}-{0:0}:
[ 330.875848][T12621] fs_reclaim_acquire+0x102/0x150
[ 330.881433][T12621] prepare_alloc_pages+0x162/0x610
[ 330.887102][T12621] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 330.893652][T12621] __alloc_pages_noprof+0xb/0x1b0
[ 330.899251][T12621] pcpu_populate_chunk+0x110/0xb00
[ 330.904937][T12621] pcpu_alloc_noprof+0x86a/0x1470
[ 330.910534][T12621] xt_percpu_counter_alloc+0x13e/0x1b0
[ 330.916569][T12621] find_check_entry.constprop.0+0xbc/0x9b0
[ 330.922936][T12621] translate_table+0xc98/0x1720
[ 330.928349][T12621] ipt_register_table+0x102/0x430
[ 330.933927][T12621] iptable_mangle_table_init+0x40/0x60
[ 330.939958][T12621] xt_find_table_lock+0x2e4/0x520
[ 330.945540][T12621] xt_request_find_table_lock+0x28/0xf0
[ 330.951645][T12621] get_info+0x190/0x610
[ 330.956362][T12621] do_ipt_get_ctl+0x169/0xa10
[ 330.961602][T12621] nf_getsockopt+0x79/0xe0
[ 330.966565][T12621] ip_getsockopt+0x18c/0x1e0
[ 330.971712][T12621] tcp_getsockopt+0x9e/0x100
[ 330.976863][T12621] do_sock_getsockopt+0x3ff/0x800
[ 330.982440][T12621] __sys_getsockopt+0x123/0x1b0
[ 330.987849][T12621] __x64_sys_getsockopt+0xbd/0x160
[ 330.993526][T12621] do_syscall_64+0xcd/0x490
[ 330.998593][T12621] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 331.005045][T12621]
[ 331.005045][T12621] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}:
[ 331.012824][T12621] __lock_acquire+0x126f/0x1c90
[ 331.018242][T12621] lock_acquire+0x179/0x350
[ 331.023307][T12621] __mutex_lock+0x199/0xb90
[ 331.028381][T12621] pcpu_alloc_noprof+0xb4c/0x1470
[ 331.033991][T12621] blk_stat_alloc_callback+0xc8/0x280
[ 331.039939][T12621] wbt_init+0xac/0x540
[ 331.044598][T12621] queue_wb_lat_store+0x354/0x3d0
[ 331.050173][T12621] queue_attr_store+0x279/0x320
[ 331.055576][T12621] sysfs_kf_write+0xef/0x150
[ 331.060723][T12621] kernfs_fop_write_iter+0x354/0x510
[ 331.066566][T12621] vfs_write+0x6c4/0x1150
[ 331.071465][T12621] ksys_write+0x12a/0x250
[ 331.076357][T12621] do_syscall_64+0xcd/0x490
[ 331.081438][T12621] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 331.087891][T12621]
[ 331.087891][T12621] other info that might help us debug this:
[ 331.087891][T12621]
[ 331.098144][T12621] Chain exists of:
[ 331.098144][T12621] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#18
[ 331.098144][T12621]
[ 331.111858][T12621] Possible unsafe locking scenario:
[ 331.111858][T12621]
[ 331.119340][T12621] CPU0 CPU1
[ 331.124729][T12621] ---- ----
[ 331.130110][T12621] lock(&q->q_usage_counter(io)#18);
[ 331.135523][T12621] lock(fs_reclaim);
[ 331.142071][T12621] lock(&q->q_usage_counter(io)#18);
[ 331.150004][T12621] lock(pcpu_alloc_mutex);
[ 331.154542][T12621]
[ 331.154542][T12621] *** DEADLOCK ***
[ 331.154542][T12621]
[ 331.162710][T12621] 6 locks held by syz.1.2949/12621:
[ 331.167928][T12621] #0: ffff88802f0130b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370
[ 331.177070][T12621] #1: ffff888024e66428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[ 331.186128][T12621] #2: ffff8880270f7088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[ 331.195936][T12621] #3: ffff88802584ea58 (kn->active#178){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[ 331.206110][T12621] #4: ffff888142fb8a70 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[ 331.217854][T12621] #5: ffff888142fb8aa8 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[ 331.229858][T12621]
[ 331.229858][T12621] stack backtrace:
[ 331.235768][T12621] CPU: 0 UID: 0 PID: 12621 Comm: syz.1.2949 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
[ 331.235803][T12621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 331.235819][T12621] Call Trace:
[ 331.235827][T12621]
[ 331.235837][T12621] dump_stack_lvl+0x116/0x1f0
[ 331.235880][T12621] print_circular_bug+0x275/0x350
[ 331.235917][T12621] check_noncircular+0x14c/0x170
[ 331.235957][T12621] __lock_acquire+0x126f/0x1c90
[ 331.235999][T12621] lock_acquire+0x179/0x350
[ 331.236034][T12621] ? pcpu_alloc_noprof+0xb4c/0x1470
[ 331.236081][T12621] ? __pfx___might_resched+0x10/0x10
[ 331.236109][T12621] ? ksys_write+0x12a/0x250
[ 331.236150][T12621] ? do_syscall_64+0xcd/0x490
[ 331.236188][T12621] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 331.236219][T12621] __mutex_lock+0x199/0xb90
[ 331.236258][T12621] ? pcpu_alloc_noprof+0xb4c/0x1470
[ 331.236299][T12621] ? pcpu_alloc_noprof+0xb4c/0x1470
[ 331.236340][T12621] ? __pfx___mutex_lock+0x10/0x10
[ 331.236390][T12621] ? pcpu_alloc_noprof+0xb4c/0x1470
[ 331.236428][T12621] pcpu_alloc_noprof+0xb4c/0x1470
[ 331.236474][T12621] ? __pfx_wbt_data_dir+0x10/0x10
[ 331.236516][T12621] ? __pfx_wb_timer_fn+0x10/0x10
[ 331.236544][T12621] blk_stat_alloc_callback+0xc8/0x280
[ 331.236573][T12621] ? kasan_save_track+0x14/0x30
[ 331.236617][T12621] wbt_init+0xac/0x540
[ 331.236648][T12621] queue_wb_lat_store+0x354/0x3d0
[ 331.236674][T12621] ? __pfx_queue_wb_lat_store+0x10/0x10
[ 331.236722][T12621] ? __mutex_trylock_common+0xe9/0x250
[ 331.236761][T12621] ? __pfx_queue_wb_lat_store+0x10/0x10
[ 331.236807][T12621] queue_attr_store+0x279/0x320
[ 331.236832][T12621] ? __pfx_queue_attr_store+0x10/0x10
[ 331.236857][T12621] ? __lock_acquire+0x622/0x1c90
[ 331.236900][T12621] ? find_held_lock+0x2b/0x80
[ 331.236926][T12621] ? sysfs_file_kobj+0xe4/0x290
[ 331.236962][T12621] ? __pfx_queue_attr_store+0x10/0x10
[ 331.236987][T12621] sysfs_kf_write+0xef/0x150
[ 331.237022][T12621] kernfs_fop_write_iter+0x354/0x510
[ 331.237051][T12621] ? __pfx_sysfs_kf_write+0x10/0x10
[ 331.237093][T12621] vfs_write+0x6c4/0x1150
[ 331.237133][T12621] ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 331.237165][T12621] ? __pfx___mutex_lock+0x10/0x10
[ 331.237204][T12621] ? __pfx_vfs_write+0x10/0x10
[ 331.237254][T12621] ksys_write+0x12a/0x250
[ 331.237295][T12621] ? __pfx_ksys_write+0x10/0x10
[ 331.237341][T12621] do_syscall_64+0xcd/0x490
[ 331.237381][T12621] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 331.237409][T12621] RIP: 0033:0x7eff5bf8e929
[ 331.237431][T12621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 331.237458][T12621] RSP: 002b:00007eff5ce90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 331.237482][T12621] RAX: ffffffffffffffda RBX: 00007eff5c1b5fa0 RCX: 00007eff5bf8e929
[ 331.237501][T12621] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000003
[ 331.237517][T12621] RBP: 00007eff5c010b39 R08: 0000000000000000 R09: 0000000000000000
[ 331.237534][T12621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 331.237550][T12621] R13: 0000000000000000 R14: 00007eff5c1b5fa0 R15: 00007ffce6c6c868
[ 331.237576][T12621]