last executing test programs: 11.871204776s ago: executing program 3 (id=451): bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e000000040000000b000006c1fe"], 0x50) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000002100)) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4028af11, &(0x7f00000001c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x8008af00, &(0x7f0000001980)=0x1) 10.209154094s ago: executing program 3 (id=454): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/vlan/vlan1\x00') r1 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x0, 0x2) sendfile(r1, r0, 0x0, 0x3fb) (fail_nth: 6) 9.807298564s ago: executing program 3 (id=457): bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, 0x0, 0x4) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$evdev(0x0, 0x0, 0x60000) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = dup(r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x64, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x9413}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x24, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0xa, 0x4, @local}]}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}, @IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x64}, 0x1, 0x0, 0x0, 0x4001}, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000400)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x800}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25df9bfb, {0x0, 0x0, 0x0, r8, {0xb, 0x6}, {}, {0x4, 0x9}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_IIF={0x3, 0x4, r8}]}}, @TCA_RATE={0x6, 0x5, {0xe3, 0x6}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x80000) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 9.653922478s ago: executing program 0 (id=459): openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0xc0, 0x61) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) socket$inet(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r2, 0x6, 0x22, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) sendmmsg(r2, &(0x7f00000007c0)=[{{&(0x7f0000000380)=@in={0x2, 0x4e24, @local}, 0x80, 0x0}}], 0x1, 0x2c000011) sendto(r2, 0x0, 0x0, 0x8000, 0x0, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x3, 0x8, 0x2, 0xb}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x0, 0x9, 0x466}, 0x0, 0x0) r3 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) r4 = socket(0x2, 0x1, 0x0) r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r4) ioctl$NBD_DO_IT(r5, 0xab03) mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r3, 0xab07, 0x3a6c) 8.542482257s ago: executing program 2 (id=460): unshare(0x26000400) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c0001"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x4, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xc00}}}]}, 0x38}}, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001740)=@newtfilter={0x568, 0x2c, 0xd2b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0xb, 0x3}, {}, {0xe, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x53c, 0x2, [@TCA_U32_SEL={0x504, 0x5, {0x7, 0x6, 0x0, 0x9, 0x401, 0x1000, 0x8a0, 0xd5, [{0x8, 0x8, 0x7fffffff, 0xff}, {0x1, 0x10, 0xeb, 0x1000}, {0x3, 0x9, 0x7fff, 0x4}, {0xfffffff8, 0x6321, 0x9, 0xd17}, {0x4, 0x9da5, 0x1000, 0x1ff}, {0x0, 0x7fffffff, 0x7f, 0x3}, {0xc, 0x0, 0x7ff, 0x8}, {0x8, 0x9, 0x4, 0x8}, {0x6, 0x0, 0x3, 0x873}, {0x1, 0x2, 0x32b, 0xd}, {0x8, 0xa, 0x7, 0x7fff}, {0xffffffff, 0x80, 0x9, 0x2}, {0x0, 0x9, 0x7cc, 0x4}, {0xfffffff7, 0x1, 0x1, 0x6}, {0x8, 0x3, 0x1, 0x20000}, {0x4, 0x7fffffff, 0x3, 0x3ff}, {0xffffffff, 0x52, 0x37016b5d, 0x6}, {0xc0000000, 0xd5, 0x6, 0x4}, {0xfffffffc, 0x1, 0x0, 0x17d}, {0x9, 0x8, 0x9, 0x6}, {0x1, 0x2, 0x5, 0x2}, {0x4, 0xfffff9ae, 0x400, 0x100}, {0x4, 0x1, 0x1000, 0x437}, {0xcc, 0xb, 0x1401, 0x7ff}, {0x3, 0x7ed4, 0x0, 0x4}, {0x48a6, 0xb, 0x2, 0xe8}, {0x4, 0x7, 0xad, 0x401}, {0x200, 0x9, 0x27a, 0x7ff}, {0x4, 0xd, 0x0, 0x3}, {0x8ba1, 0x1000, 0x0, 0x3}, {0x495, 0x2, 0x401, 0x3}, {0x5, 0x1, 0xfff, 0x7}, {0x9, 0x80000001, 0x7, 0x6}, {0x80000001, 0xe34, 0x2, 0x7}, {0x8, 0x7ff, 0xb2a5, 0x5}, {0x4, 0xf21, 0x7, 0xfffffff1}, {0x5, 0x0, 0x6, 0x3ff}, {0xfffffffa, 0x4, 0xba6d, 0x8}, {0x4, 0xbe27, 0x3, 0x3ff}, {0x7, 0xfd4, 0x9, 0x796}, {0x6d, 0x8a, 0xf, 0xde9}, {0xff, 0x10, 0x1, 0xbfa}, {0x5, 0x6, 0xfff, 0x3}, {0x2, 0x8, 0x8, 0xfd9d}, {0x800, 0x100, 0x5, 0x7}, {0x9, 0x2, 0x1, 0xd76}, {0x3, 0x5, 0x3, 0x3}, {0x8, 0x3, 0x0, 0x8}, {0x4, 0x4, 0x7, 0x80000001}, {0x9, 0x7ff, 0x101, 0x6}, {0x8, 0x3, 0x2, 0x7fffffff}, {0x800, 0x7, 0x3ff, 0x9}, {0x2, 0x1054, 0x8, 0x800}, {0x8, 0x9, 0xffffffff}, {0x10, 0x3, 0x7, 0x400}, {0x0, 0x1, 0x6, 0x6}, {0x60, 0x91a, 0x159, 0x8}, {0x1, 0x6, 0x0, 0x1ff}, {0x80000000, 0x3, 0x7}, {0x3, 0x1, 0x56ad, 0x4}, {0x7, 0xfffffffb, 0x0, 0x8}, {0x1000, 0x42, 0x8000, 0x8}, {0xe, 0x5, 0x5, 0x4}, {0x7, 0x5, 0x0, 0x9}, {0xb68000, 0x800, 0x10000, 0xfa}, {0x81, 0x1, 0x7, 0x8409}, {0x0, 0x57a4, 0x56db08da, 0x9}, {0xb0, 0x3, 0x10, 0x6}, {0x0, 0x6, 0x79, 0x80000000}, {0x5, 0x3, 0x7ff, 0x8256}, {0xfffffffd, 0x8, 0x5, 0x1}, {0x6, 0x3, 0x1c00000, 0xffffff80}, {0x9, 0x9, 0x400, 0x9}, {0x2, 0x81, 0x7, 0xc8}, {0x4, 0x6, 0xebb, 0x7}, {0x0, 0x7, 0x4}, {0xffffffff, 0x40, 0xffff, 0x3}, {0x8, 0x7, 0x4000000, 0x4}, {0xdd, 0x675b, 0x2, 0x3}]}}, @TCA_U32_ACT={0x34, 0x7, [@m_skbmod={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x568}, 0x1, 0x0, 0x0, 0x81}, 0x800) 7.868902509s ago: executing program 3 (id=462): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$vcsa(0xffffff9c, 0x0, 0x400, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0xa00, &(0x7f0000000040)=[{&(0x7f0000000200)="5c00000012006b9c9e3fe3d86e6c1d0000147ea60864160af36504b68675f8001d000a00a0e69ee517d24460bc24eab556a705251e6182949a36c2151fef08d8cdbf9367b41ad206000000f40800030006010000bdd7000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) sched_setaffinity(0x0, 0x2e, &(0x7f0000000240)=0x802) r5 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$tun(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x2a) unshare(0x400) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) 7.069138663s ago: executing program 1 (id=463): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, 0x0, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(&(0x7f0000001340)='./file0\x00', 0x0) r6 = shmget$private(0x0, 0x3000, 0x40, &(0x7f0000877000/0x3000)=nil) shmctl$SHM_LOCK(r6, 0xb) shmctl$IPC_INFO(r6, 0x3, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) r7 = syz_io_uring_setup(0x39d, &(0x7f0000000300)={0x0, 0xaee8, 0x0, 0x2, 0xbfdffefa}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r7, 0x47f6, 0x0, 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, r2, 0x0) userfaultfd(0x1) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x883f, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 7.05781822s ago: executing program 2 (id=464): openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0xc0, 0x61) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$inet(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x22, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) sendmmsg(r0, &(0x7f00000007c0)=[{{&(0x7f0000000380)=@in={0x2, 0x4e24, @local}, 0x80, 0x0}}], 0x1, 0x2c000011) sendto(r0, 0x0, 0x0, 0x8000, 0x0, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x3, 0x8, 0x2, 0xb}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x0, 0x9, 0x466}, 0x0, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) r2 = socket(0x2, 0x1, 0x0) r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r3, 0xab03) mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0x3a6c) 5.662684719s ago: executing program 3 (id=465): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[], 0x0) unshare(0x40400) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000500)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x1d}, @ptr={0x70742a85, 0x0, &(0x7f0000000700)=""/226, 0xe2, 0x1, 0x37}, @fda={0x66646185, 0x5, 0x1, 0x7}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) r7 = dup(r2) r8 = fanotify_init(0x0, 0x0) fanotify_mark(r8, 0x1, 0x32, r7, 0x0) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x4, 0x6, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r10}, &(0x7f0000000440), &(0x7f0000000540), 0x1000000}, 0x20) connect$inet6(r9, &(0x7f0000000500)={0xa, 0xffff, 0x0, @mcast1, 0x9}, 0x1c) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r11, &(0x7f0000000440), 0x1000a) sendfile(r9, r11, &(0x7f0000000000)=0x1, 0x1001) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r12 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r13 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r12, &(0x7f0000000000)={0x2000001d}) 5.613708509s ago: executing program 1 (id=466): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) bind$unix(r1, &(0x7f00000000c0)=@abs={0x1}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (fail_nth: 6) 4.694248311s ago: executing program 4 (id=468): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1d, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffef000000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @lsm, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000500)=0xffffffffffffffff, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) getpid() connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, 0x0, 0x48000) prlimit64(0x0, 0xe, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, 0x0, 0x108) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r5 = dup(r4) ioctl$KVM_RUN(r5, 0xae80, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r6 = userfaultfd(0x80001) timer_create(0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) 4.627869206s ago: executing program 1 (id=469): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0xa, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="000000020000000c00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0xe) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffe11}, {}, {0x18, 0x3, 0x2, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0xc5}}]}, &(0x7f0000000300)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="010000000000ffffffffffffffa8e55fa5a821c38211439ecf1aed0d0da59e771a65e69190d9b79c212413310468ea9a901c2b148be8c1b8c3bb7bf9c0369005cffb1223ea7d9e1a4be3a1c8d348e36fd149d3a5ef109d43777e069c931ad2fc43723b77a2e0119950c392e00fd7a43d055833cafc1aefeb0edcc6fa67d36d6497dfa7a4ceaac4a9846d3d7a39dca9058decf05d8a3ee05df39d71c6efac0af2cb6e17887e92d359b2e6333014128e2ba78e"], 0x14}, 0x1, 0x0, 0x0, 0x40880}, 0xd0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00', @ANYRES16=0xffffffffffffffff, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000) r8 = dup2(r2, r2) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="070000000000000005000500000018000380080004"], 0x44}}, 0x0) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000002c0)={0xc, r1}) r9 = socket$inet(0x2, 0x3, 0x1) sendmsg$inet(r9, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000400)='\b', 0x1}, {0x0}], 0x2, &(0x7f0000000780)=[@ip_tos_u8={{0x11, 0x0, 0x7}}], 0x18}, 0x0) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r8, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x6, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x76, &(0x7f0000000440)=[{}], 0x8, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x43, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="1e00000009000000020000000000008084800200", @ANYRES32=r8, @ANYBLOB="490500"/20, @ANYRES32=r10, @ANYRES32=r8, @ANYBLOB="0200000001000000040000000800000000000000077ee5bbd6ab631804699fef5d69488f158967ca933cf500e9a170ce4eaf4a4dfeeb4e069faea8c3786c7bc5cba9bec6401ebdb2d9218b4de0ad4bd87e6e53c9aa0058636c347ca601d37bdb43bcd94b2be285d5f57a371ebe", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00'], 0x50) 4.611508731s ago: executing program 2 (id=470): ioctl$SNDCTL_SEQ_GETINCOUNT(0xffffffffffffffff, 0x80045105, &(0x7f00000000c0)) bpf$ENABLE_STATS(0x20, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x6c00, 0x0, 0x4d080}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x9}, 0x0) r1 = socket(0x2, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x5, 0x4) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) sendmmsg(r0, 0x0, 0x0, 0x8000) mkdir(&(0x7f00000002c0)='./file0\x00', 0x10) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='gadgetfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [{@smackfshat}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@permit_directio}, {@smackfshat={'smackfshat', 0x3d, '\'+&$)'}}, {@fsname={'fsname', 0x3d, '#'}}, {@fowner_lt}, {@audit}, {@flag='ro'}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}], 0x2f}) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x1}, 0x18) getdents64(r4, &(0x7f0000000300)=""/154, 0x9a) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x5, 0x4, &(0x7f0000001480)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xbf}]}, &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) 3.848322388s ago: executing program 1 (id=471): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e7cc6120c4108a81ad7d0102030109021b00010000c00509042300010300000009058503"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 3.358503405s ago: executing program 4 (id=472): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001640)={'veth0_macvtap\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x40009, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r0, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}}, 0x0) 3.324800117s ago: executing program 2 (id=473): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80042, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000000)={r5}) ioctl$KDGKBMETA(r3, 0x4b62, 0x0) 3.202297251s ago: executing program 4 (id=474): unshare(0x26000400) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c0001"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x4, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xc00}}}]}, 0x38}}, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001740)=@newtfilter={0x568, 0x2c, 0xd2b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0xb, 0x3}, {}, {0xe, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x53c, 0x2, [@TCA_U32_SEL={0x504, 0x5, {0x7, 0x6, 0x0, 0x9, 0x401, 0x1000, 0x8a0, 0xd5, [{0x8, 0x8, 0x7fffffff, 0xff}, {0x1, 0x10, 0xeb, 0x1000}, {0x3, 0x9, 0x7fff, 0x4}, {0xfffffff8, 0x6321, 0x9, 0xd17}, {0x4, 0x9da5, 0x1000, 0x1ff}, {0x0, 0x7fffffff, 0x7f, 0x3}, {0xc, 0x0, 0x7ff, 0x8}, {0x8, 0x9, 0x4, 0x8}, {0x6, 0x0, 0x3, 0x873}, {0x1, 0x2, 0x32b, 0xd}, {0x8, 0xa, 0x7, 0x7fff}, {0xffffffff, 0x80, 0x9, 0x2}, {0x0, 0x9, 0x7cc, 0x4}, {0xfffffff7, 0x1, 0x1, 0x6}, {0x8, 0x3, 0x1, 0x20000}, {0x4, 0x7fffffff, 0x3, 0x3ff}, {0xffffffff, 0x52, 0x37016b5d, 0x6}, {0xc0000000, 0xd5, 0x6, 0x4}, {0xfffffffc, 0x1, 0x0, 0x17d}, {0x9, 0x8, 0x9, 0x6}, {0x1, 0x2, 0x5, 0x2}, {0x4, 0xfffff9ae, 0x400, 0x100}, {0x4, 0x1, 0x1000, 0x437}, {0xcc, 0xb, 0x1401, 0x7ff}, {0x3, 0x7ed4, 0x0, 0x4}, {0x48a6, 0xb, 0x2, 0xe8}, {0x4, 0x7, 0xad, 0x401}, {0x200, 0x9, 0x27a, 0x7ff}, {0x4, 0xd, 0x0, 0x3}, {0x8ba1, 0x1000, 0x0, 0x3}, {0x495, 0x2, 0x401, 0x3}, {0x5, 0x1, 0xfff, 0x7}, {0x9, 0x80000001, 0x7, 0x6}, {0x80000001, 0xe34, 0x2, 0x7}, {0x8, 0x7ff, 0xb2a5, 0x5}, {0x4, 0xf21, 0x7, 0xfffffff1}, {0x5, 0x0, 0x6, 0x3ff}, {0xfffffffa, 0x4, 0xba6d, 0x8}, {0x4, 0xbe27, 0x3, 0x3ff}, {0x7, 0xfd4, 0x9, 0x796}, {0x6d, 0x8a, 0xf, 0xde9}, {0xff, 0x10, 0x1, 0xbfa}, {0x5, 0x6, 0xfff, 0x3}, {0x2, 0x8, 0x8, 0xfd9d}, {0x800, 0x100, 0x5, 0x7}, {0x9, 0x2, 0x1, 0xd76}, {0x3, 0x5, 0x3, 0x3}, {0x8, 0x3, 0x0, 0x8}, {0x4, 0x4, 0x7, 0x80000001}, {0x9, 0x7ff, 0x101, 0x6}, {0x8, 0x3, 0x2, 0x7fffffff}, {0x800, 0x7, 0x3ff, 0x9}, {0x2, 0x1054, 0x8, 0x800}, {0x8, 0x9, 0xffffffff}, {0x10, 0x3, 0x7, 0x400}, {0x0, 0x1, 0x6, 0x6}, {0x60, 0x91a, 0x159, 0x8}, {0x1, 0x6, 0x0, 0x1ff}, {0x80000000, 0x3, 0x7}, {0x3, 0x1, 0x56ad, 0x4}, {0x7, 0xfffffffb, 0x0, 0x8}, {0x1000, 0x42, 0x8000, 0x8}, {0xe, 0x5, 0x5, 0x4}, {0x7, 0x5, 0x0, 0x9}, {0xb68000, 0x800, 0x10000, 0xfa}, {0x81, 0x1, 0x7, 0x8409}, {0x0, 0x57a4, 0x56db08da, 0x9}, {0xb0, 0x3, 0x10, 0x6}, {0x0, 0x6, 0x79, 0x80000000}, {0x5, 0x3, 0x7ff, 0x8256}, {0xfffffffd, 0x8, 0x5, 0x1}, {0x6, 0x3, 0x1c00000, 0xffffff80}, {0x9, 0x9, 0x400, 0x9}, {0x2, 0x81, 0x7, 0xc8}, {0x4, 0x6, 0xebb, 0x7}, {0x0, 0x7, 0x4}, {0xffffffff, 0x40, 0xffff, 0x3}, {0x8, 0x7, 0x4000000, 0x4}, {0xdd, 0x675b, 0x2, 0x3}]}}, @TCA_U32_ACT={0x34, 0x7, [@m_skbmod={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x568}, 0x1, 0x0, 0x0, 0x81}, 0x800) 2.195854846s ago: executing program 2 (id=475): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$vcsa(0xffffff9c, 0x0, 0x400, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0xa00, &(0x7f0000000040)=[{&(0x7f0000000200)="5c00000012006b9c9e3fe3d86e6c1d0000147ea60864160af36504b68675f8001d000a00a0e69ee517d24460bc24eab556a705251e6182949a36c2151fef08d8cdbf9367b41ad206000000f40800030006010000bdd7000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) sched_setaffinity(0x0, 0x2e, &(0x7f0000000240)=0x802) r5 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$tun(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x2a) unshare(0x400) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) 2.064805218s ago: executing program 4 (id=476): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket(0x10, 0x3, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x42, 0x0, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc}, 0xc) bind$netlink(0xffffffffffffffff, &(0x7f00000000c0)={0x10, 0x0, 0x25dfdbfc, 0x1}, 0xc) recvmmsg(r0, &(0x7f0000000c80), 0x0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0x201, 0xffffffff}, 0x18}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x2000, &(0x7f0000000440)=ANY=[@ANYBLOB="1e000000030000004c0000000000000000000400abecbd35b34cd5624800e01c39e3651669e95748bc696af70ef39d57ff0a189b59771a45f051c081506524a4ab52912d29ff79e84a3d89fc127c2f7b1db08d065c9f17a552bfc2ab034865a2038554f722a17082f98b81f6462b7043feffe27a73cb0645c523f75fc4d5e5882960735d4dd6dce55425834a4a6a92ed3fe5edcf699beeca78445e5b1f6b5dcef700ff31b1abae611155fb4b7fce90aac85e1045219e2c38cf70f47880c7b2bdfd83dfc2daec22deee57b31008a543d6651e8250281a52b8dbd06fa5905e082c6ce5af4ddbbc30dc827c55ceee359d49912b45f27d5de3af910427569548", @ANYRES32, @ANYBLOB="8016047100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000001000000000000000300"/28], 0x56) pread64(r1, &(0x7f0000000340)=""/244, 0xf4, 0x4) 2.004330288s ago: executing program 3 (id=477): timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)=0x0) timer_settime(r0, 0x0, &(0x7f0000000240)={{0x77359400}}, 0x0) timer_delete(r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_uring_setup(0x71b9, &(0x7f00000000c0)={0x0, 0xc63b, 0x0, 0x0, 0x1}) openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f0000000180)='/sys/fs/smackfs/cipso2\x00', 0x2, 0x0) 2.001274823s ago: executing program 0 (id=478): socket$nl_route(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) fsopen(&(0x7f0000000100)='udf\x00', 0x0) syz_open_dev$video4linux(&(0x7f00000001c0), 0xff, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000000000900000030000380140002"], 0x44}}, 0x0) sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000) r2 = openat$mice(0xffffffffffffff9c, &(0x7f00000000c0), 0x80) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r5) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r5) recvmmsg(r5, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000002c40)=""/187, 0xbb}], 0x3}, 0x6}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/179, 0xb3}, {&(0x7f00000001c0)=""/230, 0xe6}, {&(0x7f0000000340)=""/45, 0x2d}, {&(0x7f0000000840)=""/81, 0x51}, {&(0x7f0000002fc0)=""/4091, 0xffb}, {&(0x7f0000000100)=""/68, 0x44}, {&(0x7f00000006c0)=""/243, 0xf3}], 0x7}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x27}], 0x5, 0x20, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.257293288s ago: executing program 4 (id=479): syz_usb_connect(0x3, 0x36, 0x0, 0x0) remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x1, 0x4000000) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000005c0)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000015c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746ccb492175fc9e01", 0xf4}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d83216", 0xe5}, {&(0x7f0000000640)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287a4b9aaa18fd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365ff226c1523bf01617976641421438e16378094c94f2e55a44150d9a358d92606afb12f21a63daadbb143d6ccdae88d53521b9fe51ffabb08ff67cb98266eeb1fbf81ec1e06", 0xe9}, {&(0x7f0000000040)="f96be6c391f1f8b23ae44a70a75f4a5ed0e013f80882927ab089ee65d16a6c6f5c666dad31257fb48b66d940a3819d0809971ea827", 0x35}, {&(0x7f0000000940)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645005887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36a0ee3df2ab1dc34ceae5a00aaf37f2baacd7146746cf72ab2eae33e2da97c7733eb803", 0xfd}, {&(0x7f0000000a40)="057322e18609ed78266492c2a2ae3f0c0f3f6394c51db6ef9498d209dcb274efec9fc9995189ead7bf00148d091675fa045479980800000000000000a69618eb08ba045907a549ed8330b065b85ad1020ff43ef5271320c838f6af04699839704fe27a7d7d9348c3500362a8c4248e7324fe628720c7ea7af5894ddd5fa902c413ea850200e637bb771609e591d21341020000000000000045d765d02bbec947dc44d3be21d173b59b7819464939f1d00eb78798ad35e251bbe44ee882c80e8e31612cc53a9317d200ecc33f4da12c615c0687c57ad484aae3459edf0af20a67805a287c4fe93f5467cb9d3ddbbc589deb5e9c2cf4a2c593336a772ec0859fdfb44e22c5715f6a", 0x107}], 0x6}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000500)="acc870bde54caaeacb0000108cef4fa7bf44702b28", 0x15}, {&(0x7f0000000840)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aeaf75e9d1b381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863d70581691a79a6678da2bbb2ecbf968e6be4a87272e9c4a1bd98dbb2ab76919ba5c1020e80bd0659e82d861dc6fe4c62639134c504aa4386890334ffff4a9f5f4f3005cd846ea1", 0xd3}, {&(0x7f0000000e80)="5be3b011e12323e4ab88c0472f0700000000000000e71ba6231f303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf646e72f8fe08c33a33b275787892f61fbb621794716f96031931b55af30fa01d72aa5a53ee4c07ab7c96a4a9ed93f4d20269982ab6feb22d8e77afb7b861622ab963b07f0026fd6424", 0xb9}], 0x3}}], 0x2, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r4}, 0x10) mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.121696857s ago: executing program 2 (id=480): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r0, 0x5607, 0x3) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ipvlan1\x00'}) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) sendmsg$can_raw(r3, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r4}, 0x10, &(0x7f0000000200)={0x0}}, 0x5) r5 = socket(0x10, 0x2, 0x0) write(r5, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r5, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) close(0x3) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000040)={@dev={0xfe, 0x80, '\x00', 0x44}, 0x68, r4}) ioctl$VT_ACTIVATE(r0, 0x5606, 0x4) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000180)={0xc, 0x0, 0x3, 0x7fff}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRESHEX=r4], &(0x7f0000000f40)=""/4089, 0x3e, 0xff9, 0x4, 0x0, 0x0, @void, @value}, 0x28) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, 0x0) r7 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xc8e}, {0x16, 0x1, 0x4, 0x1d}]}, 0x10) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r8 = socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xc, 0x235, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5b6154eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7ade8a5b859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ffea0000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd80701018e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f0000000011d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589c95d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d4442d13d5a29179a00837918dd7854aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5d371c61f550e9d86aabda45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5ff070000000000000ea15ccc0d7a830b6eb33b6b61675511d693ef5e3c44bbf71cabc5f45c879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2ea86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c58684a1d2f624c3eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366aa660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e95921218149403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef3103ce10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e00000100000000003edd3d43cc64e0d26b46907b42e08d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a74748b8cd994ed368695aa2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeaded2930376eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041894f60fbbcafa487ee96b368e8769da90b44190e569fe8b923c32c288baaca5c5558b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751e95999b7532603494d37a2bff35a9eec46dfc8a52433f605ebf151c837b4966b5f3628a406175a87e32c5e4268d3000933b580415b162e2946446b8f02554c8a1225217d69d049685dd06aa8528673a9673a723ac414af77f523ad730d00e8700c213f95c87a94f39f506b9e000000000000000000000000000000000000000000000000000090668ac41a1c2a4f7831e6c6a3e9c68ca2c449482bb70a994e71a7f24873848fbb128c820c1de19cc003dfa65a2b296caeb1253802080e08eeb724c4c7b7e052afa19b0f2cd7a13bda4b5a8f3b8fa3ca70bb756a3d529718d5c79d9bdb89e5d33793533211d76d00a45079eff797476106bf76f1fed952a7c9162b88911b5b00c3d26fd2fb4d7b29d1ce025e102d458efd5cca3f3835ce760359eaa01cb13cb28d60e8942fdc02b6824c00dac62f8a2d4c680ae284a82f09d6641921536814b444e4188d9b2e97eb3b108e7876f0f3f3863147ab694218c7cecc075d52d590dddbb57fc6fedf5ec69d7894a7b5c8109f303dab998815c80534b0bd34c49eea63997e56728a8185a8bb6988a7197b87f5548f5edfdfb3efc907fe561b33a6f7c707f7828c6adaf3b2a39929b4b65253e787d65c08aff5e4a9b226"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$inet(r8, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10) sendmmsg$inet(r8, &(0x7f0000000ec0)=[{{&(0x7f0000000080)={0x2, 0x4e25, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r8, &(0x7f0000000100)="e8", 0x1, 0x805, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080)) r9 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r9, 0x40085112, &(0x7f0000000040)=@e={0xff, 0xc, 0x0, 0x0, @generic=0x2, 0x8}) 1.059754374s ago: executing program 0 (id=481): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0xa, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="000000020000000c00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0xe) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffe11}, {}, {0x18, 0x3, 0x2, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0xc5}}]}, &(0x7f0000000300)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="010000000000ffffffffffffffa8e55fa5a821c38211439ecf1aed0d0da59e771a65e69190d9b79c212413310468ea9a901c2b148be8c1b8c3bb7bf9c0369005cffb1223ea7d9e1a4be3a1c8d348e36fd149d3a5ef109d43777e069c931ad2fc43723b77a2e0119950c392e00fd7a43d055833cafc1aefeb0edcc6fa67d36d6497dfa7a4ceaac4a9846d3d7a39dca9058decf05d8a3ee05df39d71c6efac0af2cb6e17887e92d359b2e6333014128e2ba78e"], 0x14}, 0x1, 0x0, 0x0, 0x40880}, 0xd0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00', @ANYRES16=0xffffffffffffffff, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000) r8 = dup2(r2, r2) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="070000000000000005000500000018000380080004"], 0x44}}, 0x0) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000002c0)={0xc, r1}) r9 = socket$inet(0x2, 0x3, 0x1) sendmsg$inet(r9, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000400)='\b', 0x1}, {0x0}], 0x2, &(0x7f0000000780)=[@ip_tos_u8={{0x11, 0x0, 0x7}}], 0x18}, 0x0) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r8, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x6, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x76, &(0x7f0000000440)=[{}], 0x8, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x43, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="1e00000009000000020000000000008084800200", @ANYRES32=r8, @ANYBLOB="490500"/20, @ANYRES32=r10, @ANYRES32=r8, @ANYBLOB="0200000001000000040000000800000000000000077ee5bbd6ab631804699fef5d69488f158967ca933cf500e9a170ce4eaf4a4dfeeb4e069faea8c3786c7bc5cba9bec6401ebdb2d9218b4de0ad4bd87e6e53c9aa0058636c347ca601d37bdb43bcd94b2be285d5f57a371ebe", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00'], 0x50) 914.934667ms ago: executing program 0 (id=482): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1d, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffef00000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @lsm, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000500)=0xffffffffffffffff, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) getpid() connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, 0x0, 0x48000) prlimit64(0x0, 0xe, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, 0x0, 0x108) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r5 = dup(r4) ioctl$KVM_RUN(r5, 0xae80, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r6 = userfaultfd(0x80001) timer_create(0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) 737.181027ms ago: executing program 0 (id=483): ioctl$SNDCTL_SEQ_GETINCOUNT(0xffffffffffffffff, 0x80045105, &(0x7f00000000c0)) bpf$ENABLE_STATS(0x20, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x6c00, 0x0, 0x4d080}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x9}, 0x0) r1 = socket(0x2, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x5, 0x4) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) sendmmsg(r0, 0x0, 0x0, 0x8000) mkdir(&(0x7f00000002c0)='./file0\x00', 0x10) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='gadgetfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [{@smackfshat}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@permit_directio}, {@smackfshat={'smackfshat', 0x3d, '\'+&$)'}}, {@fsname={'fsname', 0x3d, '#'}}, {@fowner_lt}, {@audit}, {@flag='ro'}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}], 0x2f}) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x1}, 0x18) getdents64(r4, &(0x7f0000000300)=""/154, 0x9a) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x5, 0x4, &(0x7f0000001480)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xbf}]}, &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) 698.989235ms ago: executing program 1 (id=484): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001640)={'veth0_macvtap\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x40009, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r0, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}}, 0x0) 52.300301ms ago: executing program 1 (id=485): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0) r4 = syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000000)={r5}) ioctl$KDGKBMETA(r3, 0x4b62, 0x0) 51.025109ms ago: executing program 0 (id=486): unshare(0x26000400) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c0001"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x4, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xc00}}}]}, 0x38}}, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001740)=@newtfilter={0x568, 0x2c, 0xd2b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0xb, 0x3}, {}, {0xe, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x53c, 0x2, [@TCA_U32_SEL={0x504, 0x5, {0x7, 0x6, 0x0, 0x9, 0x401, 0x1000, 0x8a0, 0xd5, [{0x8, 0x8, 0x7fffffff, 0xff}, {0x1, 0x10, 0xeb, 0x1000}, {0x3, 0x9, 0x7fff, 0x4}, {0xfffffff8, 0x6321, 0x9, 0xd17}, {0x4, 0x9da5, 0x1000, 0x1ff}, {0x0, 0x7fffffff, 0x7f, 0x3}, {0xc, 0x0, 0x7ff, 0x8}, {0x8, 0x9, 0x4, 0x8}, {0x6, 0x0, 0x3, 0x873}, {0x1, 0x2, 0x32b, 0xd}, {0x8, 0xa, 0x7, 0x7fff}, {0xffffffff, 0x80, 0x9, 0x2}, {0x0, 0x9, 0x7cc, 0x4}, {0xfffffff7, 0x1, 0x1, 0x6}, {0x8, 0x3, 0x1, 0x20000}, {0x4, 0x7fffffff, 0x3, 0x3ff}, {0xffffffff, 0x52, 0x37016b5d, 0x6}, {0xc0000000, 0xd5, 0x6, 0x4}, {0xfffffffc, 0x1, 0x0, 0x17d}, {0x9, 0x8, 0x9, 0x6}, {0x1, 0x2, 0x5, 0x2}, {0x4, 0xfffff9ae, 0x400, 0x100}, {0x4, 0x1, 0x1000, 0x437}, {0xcc, 0xb, 0x1401, 0x7ff}, {0x3, 0x7ed4, 0x0, 0x4}, {0x48a6, 0xb, 0x2, 0xe8}, {0x4, 0x7, 0xad, 0x401}, {0x200, 0x9, 0x27a, 0x7ff}, {0x4, 0xd, 0x0, 0x3}, {0x8ba1, 0x1000, 0x0, 0x3}, {0x495, 0x2, 0x401, 0x3}, {0x5, 0x1, 0xfff, 0x7}, {0x9, 0x80000001, 0x7, 0x6}, {0x80000001, 0xe34, 0x2, 0x7}, {0x8, 0x7ff, 0xb2a5, 0x5}, {0x4, 0xf21, 0x7, 0xfffffff1}, {0x5, 0x0, 0x6, 0x3ff}, {0xfffffffa, 0x4, 0xba6d, 0x8}, {0x4, 0xbe27, 0x3, 0x3ff}, {0x7, 0xfd4, 0x9, 0x796}, {0x6d, 0x8a, 0xf, 0xde9}, {0xff, 0x10, 0x1, 0xbfa}, {0x5, 0x6, 0xfff, 0x3}, {0x2, 0x8, 0x8, 0xfd9d}, {0x800, 0x100, 0x5, 0x7}, {0x9, 0x2, 0x1, 0xd76}, {0x3, 0x5, 0x3, 0x3}, {0x8, 0x3, 0x0, 0x8}, {0x4, 0x4, 0x7, 0x80000001}, {0x9, 0x7ff, 0x101, 0x6}, {0x8, 0x3, 0x2, 0x7fffffff}, {0x800, 0x7, 0x3ff, 0x9}, {0x2, 0x1054, 0x8, 0x800}, {0x8, 0x9, 0xffffffff}, {0x10, 0x3, 0x7, 0x400}, {0x0, 0x1, 0x6, 0x6}, {0x60, 0x91a, 0x159, 0x8}, {0x1, 0x6, 0x0, 0x1ff}, {0x80000000, 0x3, 0x7}, {0x3, 0x1, 0x56ad, 0x4}, {0x7, 0xfffffffb, 0x0, 0x8}, {0x1000, 0x42, 0x8000, 0x8}, {0xe, 0x5, 0x5, 0x4}, {0x7, 0x5, 0x0, 0x9}, {0xb68000, 0x800, 0x10000, 0xfa}, {0x81, 0x1, 0x7, 0x8409}, {0x0, 0x57a4, 0x56db08da, 0x9}, {0xb0, 0x3, 0x10, 0x6}, {0x0, 0x6, 0x79, 0x80000000}, {0x5, 0x3, 0x7ff, 0x8256}, {0xfffffffd, 0x8, 0x5, 0x1}, {0x6, 0x3, 0x1c00000, 0xffffff80}, {0x9, 0x9, 0x400, 0x9}, {0x2, 0x81, 0x7, 0xc8}, {0x4, 0x6, 0xebb, 0x7}, {0x0, 0x7, 0x4}, {0xffffffff, 0x40, 0xffff, 0x3}, {0x8, 0x7, 0x4000000, 0x4}, {0xdd, 0x675b, 0x2, 0x3}]}}, @TCA_U32_ACT={0x34, 0x7, [@m_skbmod={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x568}, 0x1, 0x0, 0x0, 0x81}, 0x800) 0s ago: executing program 4 (id=487): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket(0x2b, 0x1, 0x1) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000480), &(0x7f0000000540)={&(0x7f00000004c0)={[0x5670]}, 0x8}) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) kernel console output (not intermixed with test programs): endmsg+0x805/0xb30 [ 118.795432][ T6111] ? __sock_sendmsg+0x21c/0x270 [ 118.795448][ T6111] ? ____sys_sendmsg+0x52d/0x830 [ 118.795479][ T6111] ? ___sys_sendmsg+0x21f/0x2a0 [ 118.795503][ T6111] ? __sys_sendmmsg+0x227/0x430 [ 118.795529][ T6111] ? __pfx_rtnl_newlink+0x10/0x10 [ 118.795580][ T6111] ? kasan_quarantine_put+0xdd/0x220 [ 118.795606][ T6111] ? lockdep_hardirqs_on+0x9c/0x150 [ 118.795635][ T6111] ? nlmon_xmit+0xb0/0x100 [ 118.795660][ T6111] ? kmem_cache_free+0x192/0x3f0 [ 118.795697][ T6111] ? __local_bh_enable_ip+0x12d/0x1c0 [ 118.795726][ T6111] ? lockdep_hardirqs_on+0x9c/0x150 [ 118.795750][ T6111] ? __local_bh_enable_ip+0x12d/0x1c0 [ 118.795780][ T6111] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 118.795813][ T6111] ? __dev_queue_xmit+0x27e/0x3a70 [ 118.795841][ T6111] ? __dev_queue_xmit+0x27e/0x3a70 [ 118.795867][ T6111] ? __dev_queue_xmit+0x27e/0x3a70 [ 118.795900][ T6111] ? __lock_acquire+0xaac/0xd20 [ 118.795949][ T6111] ? __pfx_rtnl_newlink+0x10/0x10 [ 118.795971][ T6111] rtnetlink_rcv_msg+0x7cc/0xb70 [ 118.795996][ T6111] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 118.796017][ T6111] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 118.796042][ T6111] ? ref_tracker_free+0x63a/0x7d0 [ 118.796062][ T6111] ? __copy_skb_header+0xa7/0x550 [ 118.796098][ T6111] netlink_rcv_skb+0x21c/0x490 [ 118.796122][ T6111] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 118.796145][ T6111] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 118.796186][ T6111] ? netlink_deliver_tap+0x2e/0x1b0 [ 118.796207][ T6111] ? netlink_deliver_tap+0x2e/0x1b0 [ 118.796235][ T6111] netlink_unicast+0x758/0x8d0 [ 118.796265][ T6111] netlink_sendmsg+0x805/0xb30 [ 118.796297][ T6111] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.796328][ T6111] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 118.796349][ T6111] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.796373][ T6111] __sock_sendmsg+0x21c/0x270 [ 118.796396][ T6111] ____sys_sendmsg+0x52d/0x830 [ 118.796428][ T6111] ? __pfx_____sys_sendmsg+0x10/0x10 [ 118.796469][ T6111] ? import_iovec+0x74/0xa0 [ 118.796500][ T6111] ___sys_sendmsg+0x21f/0x2a0 [ 118.796530][ T6111] ? __pfx____sys_sendmsg+0x10/0x10 [ 118.796591][ T6111] ? __fget_files+0x2a/0x420 [ 118.796608][ T6111] ? __fget_files+0x3a0/0x420 [ 118.796637][ T6111] __sys_sendmmsg+0x227/0x430 [ 118.796670][ T6111] ? __pfx___sys_sendmmsg+0x10/0x10 [ 118.796705][ T6111] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 118.796748][ T6111] ? ksys_write+0x1f0/0x250 [ 118.796775][ T6111] ? rcu_is_watching+0x15/0xb0 [ 118.796814][ T6111] __x64_sys_sendmmsg+0xa0/0xc0 [ 118.796843][ T6111] do_syscall_64+0xf6/0x210 [ 118.796869][ T6111] ? clear_bhb_loop+0x60/0xb0 [ 118.796893][ T6111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.796913][ T6111] RIP: 0033:0x7f01d478e969 [ 118.796938][ T6111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.796954][ T6111] RSP: 002b:00007f01d567f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 118.796981][ T6111] RAX: ffffffffffffffda RBX: 00007f01d49b5fa0 RCX: 00007f01d478e969 [ 118.796995][ T6111] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 118.797009][ T6111] RBP: 00007f01d567f090 R08: 0000000000000000 R09: 0000000000000000 [ 118.797021][ T6111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.797032][ T6111] R13: 0000000000000000 R14: 00007f01d49b5fa0 R15: 00007fffadda97c8 [ 118.797061][ T6111] [ 119.124386][ T6108] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 119.329401][ T5919] usb 2-1: USB disconnect, device number 2 [ 119.676293][ T6119] netlink: 'syz.2.62': attribute type 21 has an invalid length. [ 119.685799][ T6119] netlink: 'syz.2.62': attribute type 6 has an invalid length. [ 119.694256][ T6119] netlink: 132 bytes leftover after parsing attributes in process `syz.2.62'. [ 120.336613][ T5867] sierra 5-1:1.133: Sierra USB modem converter detected [ 120.365579][ T977] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 120.959916][ T5867] usb 5-1: Sierra USB modem converter now attached to ttyUSB0 [ 120.994021][ T5867] usb 5-1: USB disconnect, device number 3 [ 121.034686][ T5867] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 121.136494][ T5867] sierra 5-1:1.133: device disconnected [ 121.154632][ T977] usb 4-1: Using ep0 maxpacket: 32 [ 121.163394][ T977] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 121.181949][ T977] usb 4-1: config 0 has no interface number 0 [ 121.211014][ T977] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 121.238411][ T977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.265818][ T977] usb 4-1: Product: syz [ 121.277251][ T977] usb 4-1: Manufacturer: syz [ 121.292207][ T977] usb 4-1: SerialNumber: syz [ 121.347588][ T977] usb 4-1: config 0 descriptor?? [ 121.387497][ T977] usb 4-1: can't set config #0, error -71 [ 121.423551][ T977] usb 4-1: USB disconnect, device number 6 [ 122.537796][ T5129] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 122.547721][ T5129] CPU: 1 UID: 0 PID: 5129 Comm: kworker/u9:1 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 122.547747][ T5129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.547757][ T5129] Workqueue: hci2 hci_rx_work [ 122.547800][ T5129] Call Trace: [ 122.547806][ T5129] [ 122.547812][ T5129] dump_stack_lvl+0x189/0x250 [ 122.547838][ T5129] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.547859][ T5129] ? __pfx__printk+0x10/0x10 [ 122.547883][ T5129] ? kernfs_path_from_node+0x2b/0x260 [ 122.547899][ T5129] ? kernfs_path_from_node+0x2b/0x260 [ 122.547913][ T5129] ? kernfs_path_from_node+0x2b/0x260 [ 122.547929][ T5129] ? kernfs_path_from_node+0x216/0x260 [ 122.547947][ T5129] sysfs_create_dir_ns+0x259/0x280 [ 122.547964][ T5129] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 122.547980][ T5129] ? do_raw_spin_unlock+0x122/0x240 [ 122.548001][ T5129] kobject_add_internal+0x59f/0xb40 [ 122.548029][ T5129] kobject_add+0x155/0x220 [ 122.548053][ T5129] ? __pfx_kobject_add+0x10/0x10 [ 122.548074][ T5129] ? _raw_spin_unlock+0x28/0x50 [ 122.548093][ T5129] ? get_device_parent+0x366/0x3a0 [ 122.548114][ T5129] device_add+0x408/0xb50 [ 122.548150][ T5129] hci_conn_add_sysfs+0xd5/0x1e0 [ 122.548172][ T5129] le_conn_complete_evt+0xc3a/0x1220 [ 122.548197][ T5129] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 122.548213][ T5129] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 122.548231][ T5129] ? __asan_memcpy+0x40/0x70 [ 122.548253][ T5129] ? __pfx___mutex_lock+0x10/0x10 [ 122.548272][ T5129] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 122.548291][ T5129] ? skb_pull_data+0xfb/0x200 [ 122.548318][ T5129] hci_le_conn_complete_evt+0x187/0x450 [ 122.548348][ T5129] hci_event_packet+0x7a2/0x1270 [ 122.548373][ T5129] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 122.548397][ T5129] ? __pfx_hci_event_packet+0x10/0x10 [ 122.548419][ T5129] ? kcov_remote_start+0x4d3/0x7f0 [ 122.548437][ T5129] ? lockdep_hardirqs_on+0x20/0x150 [ 122.548457][ T5129] ? hci_send_to_monitor+0xd7/0x4f0 [ 122.548475][ T5129] hci_rx_work+0x46a/0xe80 [ 122.548502][ T5129] ? process_scheduled_works+0x9ec/0x17a0 [ 122.548527][ T5129] process_scheduled_works+0xadb/0x17a0 [ 122.548572][ T5129] ? __pfx_process_scheduled_works+0x10/0x10 [ 122.548608][ T5129] worker_thread+0x8a0/0xda0 [ 122.548623][ T5129] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 122.548646][ T5129] ? __kthread_parkme+0x7b/0x200 [ 122.548668][ T5129] kthread+0x70e/0x8a0 [ 122.548687][ T5129] ? __pfx_worker_thread+0x10/0x10 [ 122.548700][ T5129] ? __pfx_kthread+0x10/0x10 [ 122.548718][ T5129] ? __pfx_kthread+0x10/0x10 [ 122.548734][ T5129] ? _raw_spin_unlock_irq+0x23/0x50 [ 122.548750][ T5129] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.548767][ T5129] ? __pfx_kthread+0x10/0x10 [ 122.548784][ T5129] ret_from_fork+0x4b/0x80 [ 122.548797][ T5129] ? __pfx_kthread+0x10/0x10 [ 122.548814][ T5129] ret_from_fork_asm+0x1a/0x30 [ 122.548849][ T5129] [ 122.548893][ T5129] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 122.850798][ T5129] Bluetooth: hci2: failed to register connection device [ 123.843858][ T6148] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 126.078323][ T6172] batman_adv: batadv0: Adding interface: dummy0 [ 126.118194][ T6172] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 126.179564][ T6172] batman_adv: batadv0: Interface activated: dummy0 [ 126.218709][ T6178] batadv0: mtu less than device minimum [ 126.229684][ T6178] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.241923][ T6178] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.253940][ T6178] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.265891][ T6178] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.277962][ T6178] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.289935][ T6178] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.301971][ T6178] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.313978][ T6178] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.325974][ T6178] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.480996][ T6186] usb usb8: usbfs: process 6186 (syz.3.77) did not claim interface 0 before use [ 127.678356][ T5819] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 127.680118][ T5129] Bluetooth: hci5: command 0x1003 tx timeout [ 128.073957][ T6195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.79'. [ 128.517016][ T6202] syz.0.79: attempt to access beyond end of device [ 128.517016][ T6202] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 128.530626][ T6202] efs: cannot read volume header [ 129.824110][ T30] audit: type=1326 audit(1747335174.327:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6207 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 129.927616][ T30] audit: type=1326 audit(1747335174.337:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6207 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 129.948779][ C1] vkms_vblank_simulate: vblank timer overrun [ 129.965170][ T30] audit: type=1326 audit(1747335174.377:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6207 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 129.987601][ T30] audit: type=1326 audit(1747335174.377:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6207 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 130.012795][ T30] audit: type=1326 audit(1747335174.377:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6207 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 130.033918][ C1] vkms_vblank_simulate: vblank timer overrun [ 130.055042][ T30] audit: type=1326 audit(1747335174.377:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6207 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 130.084643][ T30] audit: type=1326 audit(1747335174.377:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6207 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 130.216348][ T30] audit: type=1326 audit(1747335174.377:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6207 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 130.411443][ T6216] binfmt_misc: register: failed to install interpreter file ./file0 [ 131.174602][ T30] audit: type=1326 audit(1747335174.377:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6207 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 131.196650][ T30] audit: type=1326 audit(1747335174.377:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6207 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 131.217885][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.837801][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.853555][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.782679][ C0] vcan0: j1939_tp_rxtimer: 0xffff888079808800: rx timeout, send abort [ 133.794557][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888079808800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 134.822574][ T6250] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 136.675972][ T6261] binfmt_misc: register: failed to install interpreter file ./file0 [ 137.179447][ T6264] netlink: 12 bytes leftover after parsing attributes in process `syz.3.100'. [ 137.718133][ T6269] netlink: 8 bytes leftover after parsing attributes in process `syz.4.101'. [ 138.644962][ T6280] libceph: resolve '4' (ret=-3): failed [ 140.351911][ T6280] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.360906][ T6280] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.593005][ T6298] Driver unsupported XDP return value 0 on prog (id 21) dev N/A, expect packet loss! [ 140.673341][ T6280] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.698161][ T6280] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.118214][ T6280] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.131924][ T6280] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.148806][ T6280] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.157838][ T6280] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.167901][ T5189] udevd[5189]: worker [5964] terminated by signal 33 (Unknown signal 33) [ 141.191178][ T5189] udevd[5189]: worker [5964] failed while handling '/devices/virtual/block/loop0' [ 141.204579][ T5869] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 141.378402][ T6296] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 141.385954][ T6296] IPv6: NLM_F_CREATE should be set when creating new route [ 141.393255][ T6296] IPv6: NLM_F_CREATE should be set when creating new route [ 141.574289][ T6306] kvm: kvm [6303]: vcpu2, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xffff0000bfc8 [ 141.612698][ T5869] usb 4-1: unable to get BOS descriptor or descriptor too short [ 141.621451][ T5869] usb 4-1: not running at top speed; connect to a high speed hub [ 141.632190][ T5869] usb 4-1: config 0 has an invalid interface number: 93 but max is 0 [ 141.640527][ T5869] usb 4-1: config 0 has no interface number 0 [ 141.647414][ T5869] usb 4-1: config 0 interface 93 has no altsetting 0 [ 141.657432][ T5869] usb 4-1: New USB device found, idVendor=2040, idProduct=721e, bcdDevice=5e.2b [ 141.666841][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.675554][ T5869] usb 4-1: Product: syz [ 141.679749][ T5869] usb 4-1: Manufacturer: syz [ 141.684394][ T5869] usb 4-1: SerialNumber: syz [ 141.695474][ T6306] kvm: kvm [6303]: vcpu2, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xffff0000c08f [ 142.678924][ T5869] usb 4-1: config 0 descriptor?? [ 143.701303][ T5869] usb 4-1: unknown interface protocol 0x1a, assuming v1 [ 143.715709][ T5869] usb 4-1: cannot find UAC_HEADER [ 143.760508][ T5869] snd-usb-audio 4-1:0.93: probe with driver snd-usb-audio failed with error -22 [ 143.776784][ T5869] usb 4-1: USB disconnect, device number 7 [ 144.096461][ T6329] FAULT_INJECTION: forcing a failure. [ 144.096461][ T6329] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 144.109702][ T6329] CPU: 0 UID: 0 PID: 6329 Comm: syz.1.115 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 144.109729][ T6329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 144.109741][ T6329] Call Trace: [ 144.109750][ T6329] [ 144.109758][ T6329] dump_stack_lvl+0x189/0x250 [ 144.109789][ T6329] ? __lock_acquire+0xaac/0xd20 [ 144.109819][ T6329] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.109846][ T6329] ? __pfx__printk+0x10/0x10 [ 144.109877][ T6329] ? __might_fault+0xb0/0x130 [ 144.109919][ T6329] should_fail_ex+0x414/0x560 [ 144.109945][ T6329] _copy_from_user+0x2d/0xb0 [ 144.109974][ T6329] ___sys_recvmsg+0x12e/0x510 [ 144.110009][ T6329] ? __pfx____sys_recvmsg+0x10/0x10 [ 144.110068][ T6329] ? __might_fault+0xb0/0x130 [ 144.110102][ T6329] do_recvmmsg+0x307/0x760 [ 144.110139][ T6329] ? __pfx_do_recvmmsg+0x10/0x10 [ 144.110179][ T6329] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 144.110229][ T6329] __x64_sys_recvmmsg+0x190/0x240 [ 144.110257][ T6329] ? rcu_is_watching+0x15/0xb0 [ 144.110287][ T6329] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 144.110320][ T6329] ? do_syscall_64+0xba/0x210 [ 144.110367][ T6329] do_syscall_64+0xf6/0x210 [ 144.110395][ T6329] ? clear_bhb_loop+0x60/0xb0 [ 144.110421][ T6329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.110453][ T6329] RIP: 0033:0x7ff46a78e969 [ 144.110470][ T6329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.110486][ T6329] RSP: 002b:00007ff46b64c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 144.110507][ T6329] RAX: ffffffffffffffda RBX: 00007ff46a9b6160 RCX: 00007ff46a78e969 [ 144.110521][ T6329] RDX: 04000000000003c9 RSI: 0000200000000380 RDI: 0000000000000003 [ 144.110535][ T6329] RBP: 00007ff46b64c090 R08: 0000000000000000 R09: 0000000000000000 [ 144.110547][ T6329] R10: 0000000000010102 R11: 0000000000000246 R12: 0000000000000001 [ 144.110559][ T6329] R13: 0000000000000000 R14: 00007ff46a9b6160 R15: 00007ffd7c3e2318 [ 144.110589][ T6329] [ 144.313631][ C0] vkms_vblank_simulate: vblank timer overrun [ 145.350991][ T6334] binfmt_misc: register: failed to install interpreter file ./file0 [ 145.884712][ T5867] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 146.086959][ T6349] ipvlan2: entered promiscuous mode [ 146.204867][ T6352] netlink: 8 bytes leftover after parsing attributes in process `syz.3.123'. [ 147.220969][ T6354] syz.0.124: attempt to access beyond end of device [ 147.220969][ T6354] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0 [ 147.235059][ T6354] syz.0.124: attempt to access beyond end of device [ 147.235059][ T6354] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0 [ 147.256583][ T6354] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 147.269249][ T6354] syz.0.124: attempt to access beyond end of device [ 147.269249][ T6354] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0 [ 147.283866][ T5834] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 147.296374][ T6354] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 147.323879][ T6354] syz.0.124: attempt to access beyond end of device [ 147.323879][ T6354] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0 [ 147.340999][ T6354] syz.0.124: attempt to access beyond end of device [ 147.340999][ T6354] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0 [ 147.357126][ T6354] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 147.368293][ T6354] syz.0.124: attempt to access beyond end of device [ 147.368293][ T6354] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 147.385917][ T6354] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 147.402374][ T6354] syz.0.124: attempt to access beyond end of device [ 147.402374][ T6354] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0 [ 147.418980][ T6354] syz.0.124: attempt to access beyond end of device [ 147.418980][ T6354] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 147.432579][ T6354] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 147.447485][ T5834] usb 5-1: Using ep0 maxpacket: 32 [ 147.457899][ T5834] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 147.470825][ T6354] syz.0.124: attempt to access beyond end of device [ 147.470825][ T6354] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 147.471731][ T5834] usb 5-1: config 0 has no interface number 0 [ 147.497439][ T6354] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 147.510789][ T6354] syz.0.124: attempt to access beyond end of device [ 147.510789][ T6354] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 147.526995][ T5834] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 147.536182][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.547993][ T6354] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 147.557765][ T5834] usb 5-1: Product: syz [ 147.561965][ T5834] usb 5-1: Manufacturer: syz [ 147.567158][ T6354] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 147.576867][ T6354] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1) [ 147.576965][ T5834] usb 5-1: SerialNumber: syz [ 147.603340][ T5834] usb 5-1: config 0 descriptor?? [ 147.612776][ T5834] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 147.829546][ T5834] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 147.852972][ T5834] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 148.122472][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 148.134251][ T5834] usb 5-1: USB disconnect, device number 4 [ 148.377465][ T6370] overlayfs: bad index found (index=index/00fb21000153ac3bca0c4c440abbe789f773f2511ba70b6f1f8e00000000000000, ftype=2000, origin ftype=8000). [ 148.404666][ T5869] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 148.815050][ T5834] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 148.845368][ T5834] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 148.888163][ T5834] quatech2 5-1:0.51: device disconnected [ 148.996226][ T5869] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 94, changing to 10 [ 149.027907][ T5869] usb 3-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00 [ 149.044644][ T5869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.065435][ T5869] usb 3-1: config 0 descriptor?? [ 149.803794][ T5869] stadia 0003:18D1:9400.0001: item fetching failed at offset 0/3 [ 150.485040][ T5869] stadia 0003:18D1:9400.0001: parse failed [ 150.518901][ T5869] stadia 0003:18D1:9400.0001: probe with driver stadia failed with error -22 [ 151.623068][ T5919] usb 3-1: USB disconnect, device number 4 [ 151.871531][ T6392] xt_l2tp: v2 doesn't support IP mode [ 156.458805][ T5819] block nbd1: Receive control failed (result -107) [ 156.565214][ T6427] bio_check_eod: 2 callbacks suppressed [ 156.565274][ T6427] syz.1.146: attempt to access beyond end of device [ 156.565274][ T6427] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 156.585920][ T6427] syz.1.146: attempt to access beyond end of device [ 156.585920][ T6427] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 156.600128][ T6427] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 156.615438][ T6427] syz.1.146: attempt to access beyond end of device [ 156.615438][ T6427] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 156.629194][ T6427] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 156.644644][ T6427] syz.1.146: attempt to access beyond end of device [ 156.644644][ T6427] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 156.666686][ T6427] syz.1.146: attempt to access beyond end of device [ 156.666686][ T6427] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 156.680208][ T6427] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 156.690944][ T6427] syz.1.146: attempt to access beyond end of device [ 156.690944][ T6427] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 156.704302][ T6427] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 156.715954][ T6427] syz.1.146: attempt to access beyond end of device [ 156.715954][ T6427] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 156.730062][ T6427] syz.1.146: attempt to access beyond end of device [ 156.730062][ T6427] nbd1: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 156.743523][ T6427] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 156.755450][ T6427] syz.1.146: attempt to access beyond end of device [ 156.755450][ T6427] nbd1: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 156.864918][ T6425] nbd1: detected capacity change from 0 to 29912 [ 157.256417][ T6427] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 157.364598][ T6427] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 157.911443][ T6435] netlink: 36 bytes leftover after parsing attributes in process `syz.2.149'. [ 157.949139][ T6427] block nbd1: shutting down sockets [ 158.427641][ T6432] delete_channel: no stack [ 158.550351][ T6439] bridge0: entered promiscuous mode [ 158.566483][ T6439] bridge0: port 3(macvlan2) entered blocking state [ 158.574366][ T6439] bridge0: port 3(macvlan2) entered disabled state [ 158.582397][ T6439] macvlan2: entered allmulticast mode [ 158.599387][ T6439] bridge0: entered allmulticast mode [ 159.499260][ T6439] macvlan2: left allmulticast mode [ 159.507506][ T6439] bridge0: left allmulticast mode [ 159.517459][ T6439] bridge0: left promiscuous mode [ 159.640003][ T5819] block nbd4: Receive control failed (result -107) [ 159.669297][ T6446] syz.4.151: attempt to access beyond end of device [ 159.669297][ T6446] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 160.146208][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 160.185778][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 160.253295][ T6452] nbd4: detected capacity change from 0 to 29912 [ 160.254944][ T6446] block nbd4: Dead connection, failed to find a fallback [ 160.272743][ T6446] block nbd4: shutting down sockets [ 160.279810][ T6446] I/O error, dev nbd4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 160.317742][ T6446] I/O error, dev nbd4, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 160.394825][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 160.434526][ T6446] I/O error, dev nbd4, sector 29908 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 160.448878][ T6460] process 'syz.0.155' launched './file0' with NULL argv: empty string added [ 160.495397][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=7477, location=7477 [ 160.518513][ T6446] I/O error, dev nbd4, sector 28884 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 160.998079][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=7221, location=7221 [ 161.016549][ T30] kauditd_printk_skb: 521 callbacks suppressed [ 161.016563][ T30] audit: type=1800 audit(1747335205.537:533): pid=6460 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.155" name="/" dev="fuse" ino=0 res=0 errno=0 [ 161.044739][ T6446] I/O error, dev nbd4, sector 29904 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 161.355377][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=7476, location=7476 [ 161.522562][ T6470] overlayfs: failed to resolve './file1': -2 [ 161.696795][ T6446] I/O error, dev nbd4, sector 28880 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 161.745254][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=7220, location=7220 [ 161.792193][ T6446] I/O error, dev nbd4, sector 29900 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 161.836510][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=7475, location=7475 [ 162.904898][ T6446] I/O error, dev nbd4, sector 28876 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.914652][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=7219, location=7219 [ 163.584205][ T6446] I/O error, dev nbd4, sector 29308 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.690307][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=7327, location=7327 [ 163.818264][ T6446] I/O error, dev nbd4, sector 28284 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.841156][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=7071, location=7071 [ 163.889896][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=7325, location=7325 [ 163.939108][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=7069, location=7069 [ 163.964878][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 163.998571][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 164.494235][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=3738, location=3738 [ 164.521052][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=3482, location=3482 [ 164.541786][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=3737, location=3737 [ 164.632968][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=3481, location=3481 [ 164.750147][ T30] audit: type=1800 audit(1747335209.267:534): pid=6492 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.163" name="/" dev="fuse" ino=0 res=0 errno=0 [ 164.776705][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=3736, location=3736 [ 164.804275][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=3480, location=3480 [ 164.816993][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=3588, location=3588 [ 164.849448][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=3332, location=3332 [ 164.883645][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=3586, location=3586 [ 164.909728][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=3330, location=3330 [ 164.931282][ T6446] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 165.344583][ T6446] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1) [ 165.353465][ C0] vcan0: j1939_tp_rxtimer: 0xffff888023b7b000: rx timeout, send abort [ 165.362435][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888023b7b000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 165.409185][ T6501] netlink: 80 bytes leftover after parsing attributes in process `syz.2.166'. [ 166.784640][ T6515] netlink: 8 bytes leftover after parsing attributes in process `syz.4.169'. [ 169.469113][ T6529] dvmrp8: entered allmulticast mode [ 169.556008][ T6529] dvmrp8: left allmulticast mode [ 169.740741][ T6537] netlink: 3 bytes leftover after parsing attributes in process `syz.3.175'. [ 170.064386][ T6539] tmpfs: Unknown parameter '¬kLK' [ 171.747538][ T30] audit: type=1326 audit(1747335214.567:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 171.777485][ T30] audit: type=1326 audit(1747335214.567:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 171.811681][ T30] audit: type=1326 audit(1747335214.567:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 171.833496][ T30] audit: type=1326 audit(1747335214.567:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 171.860745][ T30] audit: type=1326 audit(1747335214.567:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 171.882853][ T30] audit: type=1326 audit(1747335214.567:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 171.904792][ T30] audit: type=1326 audit(1747335214.577:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 171.992639][ T30] audit: type=1326 audit(1747335214.577:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 172.020365][ T30] audit: type=1326 audit(1747335214.577:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 172.051024][ T30] audit: type=1326 audit(1747335214.577:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd038e969 code=0x7ffc0000 [ 172.114855][ T6551] wg2: entered promiscuous mode [ 172.153458][ T6551] wg2: entered allmulticast mode [ 173.469238][ T6567] TCP: TCP_TX_DELAY enabled [ 173.636733][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801a181400: rx timeout, send abort [ 173.649401][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88801a181400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 173.994586][ T5129] Bluetooth: hci4: command 0x0405 tx timeout [ 176.193897][ T6587] netlink: 4 bytes leftover after parsing attributes in process `syz.1.188'. [ 176.850591][ T6595] FAULT_INJECTION: forcing a failure. [ 176.850591][ T6595] name failslab, interval 1, probability 0, space 0, times 0 [ 176.863317][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.2.193 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 176.863342][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.863353][ T6595] Call Trace: [ 176.863362][ T6595] [ 176.863370][ T6595] dump_stack_lvl+0x189/0x250 [ 176.863405][ T6595] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.863432][ T6595] ? __pfx__printk+0x10/0x10 [ 176.863468][ T6595] ? __pfx___might_resched+0x10/0x10 [ 176.863497][ T6595] ? fs_reclaim_acquire+0x7d/0x100 [ 176.863524][ T6595] should_fail_ex+0x414/0x560 [ 176.863548][ T6595] should_failslab+0xa8/0x100 [ 176.863568][ T6595] __kmalloc_node_noprof+0xd1/0x4e0 [ 176.863597][ T6595] ? __bfs+0x151/0x2a0 [ 176.863621][ T6595] ? qdisc_alloc+0x97/0xaa0 [ 176.863648][ T6595] qdisc_alloc+0x97/0xaa0 [ 176.863667][ T6595] ? check_noncircular+0xe0/0x160 [ 176.863693][ T6595] qdisc_create_dflt+0x63/0x470 [ 176.863718][ T6595] fifo_create_dflt+0x71/0x2c0 [ 176.863738][ T6595] ? tbf_change+0x80b/0x13c0 [ 176.863767][ T6595] tbf_change+0x827/0x13c0 [ 176.863808][ T6595] ? __pfx_tbf_change+0x10/0x10 [ 176.863832][ T6595] ? __lock_acquire+0xaac/0xd20 [ 176.863867][ T6595] ? ktime_get+0x3e/0x1f0 [ 176.863894][ T6595] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 176.863921][ T6595] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 176.863948][ T6595] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 176.863978][ T6595] ? read_tsc+0x9/0x20 [ 176.864000][ T6595] ? ktime_get+0x1cb/0x1f0 [ 176.864018][ T6595] ? __pfx_tbf_init+0x10/0x10 [ 176.864041][ T6595] qdisc_create+0x78d/0xe80 [ 176.864074][ T6595] tc_modify_qdisc+0x1808/0x20b0 [ 176.864111][ T6595] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 176.864163][ T6595] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 176.864189][ T6595] rtnetlink_rcv_msg+0x77c/0xb70 [ 176.864209][ T6595] ? kasan_save_track+0x4f/0x80 [ 176.864238][ T6595] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 176.864258][ T6595] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 176.864280][ T6595] ? __lock_acquire+0xaac/0xd20 [ 176.864317][ T6595] netlink_rcv_skb+0x21c/0x490 [ 176.864340][ T6595] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 176.864362][ T6595] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 176.864403][ T6595] ? netlink_deliver_tap+0x2e/0x1b0 [ 176.864425][ T6595] ? netlink_deliver_tap+0x2e/0x1b0 [ 176.864457][ T6595] netlink_unicast+0x758/0x8d0 [ 176.864487][ T6595] netlink_sendmsg+0x805/0xb30 [ 176.864507][ T6595] ? is_bpf_text_address+0x26/0x2b0 [ 176.864543][ T6595] ? __pfx_netlink_sendmsg+0x10/0x10 [ 176.864573][ T6595] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 176.864594][ T6595] ? __pfx_netlink_sendmsg+0x10/0x10 [ 176.864617][ T6595] __sock_sendmsg+0x21c/0x270 [ 176.864640][ T6595] ____sys_sendmsg+0x505/0x830 [ 176.864672][ T6595] ? __pfx_____sys_sendmsg+0x10/0x10 [ 176.864707][ T6595] ? import_iovec+0x74/0xa0 [ 176.864738][ T6595] ___sys_sendmsg+0x21f/0x2a0 [ 176.864766][ T6595] ? __pfx____sys_sendmsg+0x10/0x10 [ 176.864827][ T6595] ? __fget_files+0x2a/0x420 [ 176.864842][ T6595] ? __fget_files+0x3a0/0x420 [ 176.864870][ T6595] __x64_sys_sendmsg+0x19b/0x260 [ 176.864900][ T6595] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 176.864949][ T6595] ? do_syscall_64+0xba/0x210 [ 176.864979][ T6595] do_syscall_64+0xf6/0x210 [ 176.865005][ T6595] ? clear_bhb_loop+0x60/0xb0 [ 176.865028][ T6595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.865047][ T6595] RIP: 0033:0x7f01d478e969 [ 176.865065][ T6595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.865080][ T6595] RSP: 002b:00007f01d567f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 176.865101][ T6595] RAX: ffffffffffffffda RBX: 00007f01d49b5fa0 RCX: 00007f01d478e969 [ 176.865115][ T6595] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000005 [ 176.865126][ T6595] RBP: 00007f01d567f090 R08: 0000000000000000 R09: 0000000000000000 [ 176.865138][ T6595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.865149][ T6595] R13: 0000000000000000 R14: 00007f01d49b5fa0 R15: 00007fffadda97c8 [ 176.865179][ T6595] [ 177.624575][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 177.624594][ T30] audit: type=1800 audit(1747335222.137:552): pid=6601 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.190" name="/" dev="fuse" ino=0 res=0 errno=0 [ 177.794663][ T5869] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 178.001247][ T6609] xt_CT: You must specify a L4 protocol and not use inversions on it [ 178.014774][ T5919] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 178.304269][ T5869] usb 5-1: unable to get BOS descriptor or descriptor too short [ 178.312844][ T5869] usb 5-1: not running at top speed; connect to a high speed hub [ 178.338002][ T5869] usb 5-1: config 129 has an invalid interface number: 28 but max is 0 [ 178.346599][ T5869] usb 5-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 178.377149][ T5869] usb 5-1: config 129 has no interface number 0 [ 178.404033][ T5869] usb 5-1: config 129 interface 28 altsetting 250 has an endpoint descriptor with address 0xFD, changing to 0x8D [ 178.445140][ T5869] usb 5-1: config 129 interface 28 altsetting 250 endpoint 0x8D has invalid wMaxPacketSize 0 [ 178.465946][ T5869] usb 5-1: config 129 interface 28 has no altsetting 0 [ 178.489077][ T5869] usb 5-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57 [ 178.498920][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.518356][ T5919] usb 1-1: config 0 has an invalid interface number: 187 but max is 0 [ 178.527494][ T5869] usb 5-1: Product: syz [ 178.531710][ T5869] usb 5-1: Manufacturer: syz [ 178.544766][ T5869] usb 5-1: SerialNumber: syz [ 178.546577][ T5919] usb 1-1: config 0 has no interface number 0 [ 178.573809][ T5919] usb 1-1: config 0 interface 187 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 178.808361][ T5919] usb 1-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=22.4e [ 178.834622][ T5869] etas_es58x 5-1:129.28: Starting syz syz (Serial Number syz) [ 178.839357][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.843288][ T5869] etas_es58x 5-1:129.28: could not retrieve the product info string [ 178.851067][ T5919] usb 1-1: Product: syz [ 178.863783][ T5919] usb 1-1: Manufacturer: syz [ 178.869420][ T47] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 178.897287][ T5919] usb 1-1: SerialNumber: syz [ 179.880243][ T5919] usb 1-1: config 0 descriptor?? [ 179.906608][ T6603] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 180.316441][ T47] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 180.515123][ T5869] usb 5-1: USB disconnect, device number 5 [ 180.548224][ T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.550286][ T5869] etas_es58x 5-1:129.28: Disconnecting syz syz [ 180.751393][ T47] usb 3-1: config 0 descriptor?? [ 181.083326][ T5867] usb 1-1: USB disconnect, device number 3 [ 181.953373][ C0] vcan0: j1939_tp_rxtimer: 0xffff888012102400: rx timeout, send abort [ 181.962160][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888012102400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 181.966153][ T47] ath6kl: Failed to submit usb control message: -110 [ 182.477097][ T47] ath6kl: unable to send the bmi data to the device: -110 [ 182.538145][ T47] ath6kl: Unable to send get target info: -110 [ 182.569458][ T47] ath6kl: Failed to init ath6kl core: -110 [ 182.597480][ T47] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 182.803558][ T5869] usb 3-1: USB disconnect, device number 5 [ 183.939146][ T6649] FAULT_INJECTION: forcing a failure. [ 183.939146][ T6649] name failslab, interval 1, probability 0, space 0, times 0 [ 183.960058][ T6649] CPU: 0 UID: 0 PID: 6649 Comm: syz.2.206 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 183.960088][ T6649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 183.960101][ T6649] Call Trace: [ 183.960110][ T6649] [ 183.960119][ T6649] dump_stack_lvl+0x189/0x250 [ 183.960165][ T6649] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.960194][ T6649] ? __pfx__printk+0x10/0x10 [ 183.960232][ T6649] ? __pfx___might_resched+0x10/0x10 [ 183.960264][ T6649] ? fs_reclaim_acquire+0x7d/0x100 [ 183.960293][ T6649] should_fail_ex+0x414/0x560 [ 183.960321][ T6649] should_failslab+0xa8/0x100 [ 183.960343][ T6649] __kmalloc_noprof+0xcb/0x4f0 [ 183.960376][ T6649] ? kfree+0x4d/0x440 [ 183.960402][ T6649] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 183.960437][ T6649] tomoyo_realpath_from_path+0xe3/0x5d0 [ 183.960467][ T6649] ? tomoyo_domain+0xda/0x130 [ 183.960502][ T6649] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 183.960526][ T6649] tomoyo_path_number_perm+0x1e8/0x5a0 [ 183.960552][ T6649] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 183.960594][ T6649] ? __lock_acquire+0xaac/0xd20 [ 183.960643][ T6649] ? __fget_files+0x2a/0x420 [ 183.960668][ T6649] ? __fget_files+0x3a0/0x420 [ 183.960686][ T6649] ? __fget_files+0x2a/0x420 [ 183.960710][ T6649] security_file_ioctl+0xcb/0x2d0 [ 183.960738][ T6649] __se_sys_ioctl+0x47/0x170 [ 183.960768][ T6649] do_syscall_64+0xf6/0x210 [ 183.960797][ T6649] ? clear_bhb_loop+0x60/0xb0 [ 183.960823][ T6649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.960844][ T6649] RIP: 0033:0x7f01d478e969 [ 183.960863][ T6649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.960880][ T6649] RSP: 002b:00007f01d567f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 183.960903][ T6649] RAX: ffffffffffffffda RBX: 00007f01d49b5fa0 RCX: 00007f01d478e969 [ 183.960918][ T6649] RDX: 0000000000000000 RSI: 0000000000007040 RDI: 0000000000000005 [ 183.960930][ T6649] RBP: 00007f01d567f090 R08: 0000000000000000 R09: 0000000000000000 [ 183.960943][ T6649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.960955][ T6649] R13: 0000000000000000 R14: 00007f01d49b5fa0 R15: 00007fffadda97c8 [ 183.960988][ T6649] [ 183.961019][ T6649] ERROR: Out of memory at tomoyo_realpath_from_path. [ 184.068851][ T6653] netlink: 3 bytes leftover after parsing attributes in process `syz.3.208'. [ 184.895264][ T5129] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 184.905391][ T5129] CPU: 0 UID: 0 PID: 5129 Comm: kworker/u9:1 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 184.905419][ T5129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 184.905433][ T5129] Workqueue: hci0 hci_rx_work [ 184.905465][ T5129] Call Trace: [ 184.905473][ T5129] [ 184.905481][ T5129] dump_stack_lvl+0x189/0x250 [ 184.905516][ T5129] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.905544][ T5129] ? __pfx__printk+0x10/0x10 [ 184.905577][ T5129] ? kernfs_path_from_node+0x2b/0x260 [ 184.905598][ T5129] ? kernfs_path_from_node+0x2b/0x260 [ 184.905617][ T5129] ? kernfs_path_from_node+0x2b/0x260 [ 184.905640][ T5129] ? kernfs_path_from_node+0x216/0x260 [ 184.905664][ T5129] sysfs_create_dir_ns+0x259/0x280 [ 184.905687][ T5129] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 184.905710][ T5129] ? do_raw_spin_unlock+0x122/0x240 [ 184.905738][ T5129] kobject_add_internal+0x59f/0xb40 [ 184.905776][ T5129] kobject_add+0x155/0x220 [ 184.905810][ T5129] ? __pfx_kobject_add+0x10/0x10 [ 184.905839][ T5129] ? _raw_spin_unlock+0x28/0x50 [ 184.905865][ T5129] ? get_device_parent+0x366/0x3a0 [ 184.905894][ T5129] device_add+0x408/0xb50 [ 184.905923][ T5129] hci_conn_add_sysfs+0xd5/0x1e0 [ 184.905953][ T5129] le_conn_complete_evt+0xc3a/0x1220 [ 184.905997][ T5129] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 184.906019][ T5129] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 184.906044][ T5129] ? __asan_memcpy+0x40/0x70 [ 184.906073][ T5129] ? __pfx___mutex_lock+0x10/0x10 [ 184.906100][ T5129] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 184.906125][ T5129] ? skb_pull_data+0xfb/0x200 [ 184.906162][ T5129] hci_le_conn_complete_evt+0x187/0x450 [ 184.906203][ T5129] hci_event_packet+0x7a2/0x1270 [ 184.906241][ T5129] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 184.906274][ T5129] ? __pfx_hci_event_packet+0x10/0x10 [ 184.906305][ T5129] ? kcov_remote_start+0x4d3/0x7f0 [ 184.906329][ T5129] ? lockdep_hardirqs_on+0x20/0x150 [ 184.906356][ T5129] ? hci_send_to_monitor+0xd7/0x4f0 [ 184.906381][ T5129] hci_rx_work+0x46a/0xe80 [ 184.906418][ T5129] ? process_scheduled_works+0x9ec/0x17a0 [ 184.906452][ T5129] process_scheduled_works+0xadb/0x17a0 [ 184.906515][ T5129] ? __pfx_process_scheduled_works+0x10/0x10 [ 184.906565][ T5129] worker_thread+0x8a0/0xda0 [ 184.906587][ T5129] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 184.906619][ T5129] ? __kthread_parkme+0x7b/0x200 [ 184.906650][ T5129] kthread+0x70e/0x8a0 [ 184.906677][ T5129] ? __pfx_worker_thread+0x10/0x10 [ 184.906695][ T5129] ? __pfx_kthread+0x10/0x10 [ 184.906719][ T5129] ? __pfx_kthread+0x10/0x10 [ 184.906741][ T5129] ? _raw_spin_unlock_irq+0x23/0x50 [ 184.906763][ T5129] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.906787][ T5129] ? __pfx_kthread+0x10/0x10 [ 184.906809][ T5129] ret_from_fork+0x4b/0x80 [ 184.906828][ T5129] ? __pfx_kthread+0x10/0x10 [ 184.906851][ T5129] ret_from_fork_asm+0x1a/0x30 [ 184.906899][ T5129] [ 184.906956][ T5129] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 185.449073][ T5129] Bluetooth: hci0: failed to register connection device [ 185.741245][ T6671] usb usb8: usbfs: process 6671 (syz.1.213) did not claim interface 0 before use [ 186.200851][ T6666] FAULT_INJECTION: forcing a failure. [ 186.200851][ T6666] name failslab, interval 1, probability 0, space 0, times 0 [ 186.301191][ T6666] CPU: 1 UID: 0 PID: 6666 Comm: syz.4.210 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 186.301223][ T6666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 186.301236][ T6666] Call Trace: [ 186.301245][ T6666] [ 186.301254][ T6666] dump_stack_lvl+0x189/0x250 [ 186.301292][ T6666] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.301340][ T6666] ? __pfx__printk+0x10/0x10 [ 186.301377][ T6666] ? __pfx___might_resched+0x10/0x10 [ 186.301419][ T6666] should_fail_ex+0x414/0x560 [ 186.301448][ T6666] should_failslab+0xa8/0x100 [ 186.301472][ T6666] __kmalloc_cache_noprof+0x70/0x3d0 [ 186.301505][ T6666] ? mgmt_pending_new+0x65/0x240 [ 186.301535][ T6666] mgmt_pending_new+0x65/0x240 [ 186.301565][ T6666] set_dev_class+0x36e/0x590 [ 186.301602][ T6666] hci_mgmt_cmd+0x9c6/0xef0 [ 186.301643][ T6666] hci_sock_sendmsg+0x6ca/0xee0 [ 186.301675][ T6666] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 186.301706][ T6666] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 186.301730][ T6666] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 186.301755][ T6666] __sock_sendmsg+0x21c/0x270 [ 186.301782][ T6666] sock_write_iter+0x258/0x330 [ 186.301818][ T6666] ? __pfx_sock_write_iter+0x10/0x10 [ 186.301865][ T6666] ? bpf_lsm_file_permission+0x9/0x20 [ 186.301892][ T6666] ? security_file_permission+0x75/0x290 [ 186.301928][ T6666] vfs_write+0x54b/0xa90 [ 186.301965][ T6666] ? __pfx_sock_write_iter+0x10/0x10 [ 186.302000][ T6666] ? __pfx_vfs_write+0x10/0x10 [ 186.302043][ T6666] ? __fget_files+0x2a/0x420 [ 186.302075][ T6666] ksys_write+0x145/0x250 [ 186.302104][ T6666] ? rcu_is_watching+0x15/0xb0 [ 186.302146][ T6666] ? __pfx_ksys_write+0x10/0x10 [ 186.302182][ T6666] ? do_syscall_64+0xba/0x210 [ 186.302214][ T6666] do_syscall_64+0xf6/0x210 [ 186.302243][ T6666] ? clear_bhb_loop+0x60/0xb0 [ 186.302271][ T6666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.302292][ T6666] RIP: 0033:0x7fae5978e969 [ 186.302311][ T6666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 186.302329][ T6666] RSP: 002b:00007fae575f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 186.302352][ T6666] RAX: ffffffffffffffda RBX: 00007fae599b5fa0 RCX: 00007fae5978e969 [ 186.302368][ T6666] RDX: 0000000000000008 RSI: 00002000000005c0 RDI: 0000000000000004 [ 186.302381][ T6666] RBP: 00007fae575f6090 R08: 0000000000000000 R09: 0000000000000000 [ 186.302394][ T6666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 186.302407][ T6666] R13: 0000000000000000 R14: 00007fae599b5fa0 R15: 00007ffe5bb7ebe8 [ 186.302441][ T6666] [ 186.560518][ C1] vkms_vblank_simulate: vblank timer overrun [ 187.926120][ T30] audit: type=1800 audit(1747335232.437:553): pid=6675 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.214" name="/" dev="fuse" ino=0 res=0 errno=0 [ 187.998936][ T6687] netlink: 8 bytes leftover after parsing attributes in process `syz.1.219'. [ 188.321869][ T5867] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 188.682573][ T5867] usb 4-1: Using ep0 maxpacket: 32 [ 189.444592][ T5867] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 189.496087][ T5867] usb 4-1: config 0 has no interface number 0 [ 189.513072][ T6706] FAULT_INJECTION: forcing a failure. [ 189.513072][ T6706] name failslab, interval 1, probability 0, space 0, times 0 [ 189.527282][ T6706] CPU: 1 UID: 0 PID: 6706 Comm: syz.1.222 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 189.527309][ T6706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 189.527321][ T6706] Call Trace: [ 189.527329][ T6706] [ 189.527337][ T6706] dump_stack_lvl+0x189/0x250 [ 189.527372][ T6706] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.527400][ T6706] ? __pfx__printk+0x10/0x10 [ 189.527436][ T6706] ? __pfx___might_resched+0x10/0x10 [ 189.527471][ T6706] should_fail_ex+0x414/0x560 [ 189.527496][ T6706] should_failslab+0xa8/0x100 [ 189.527517][ T6706] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 189.527548][ T6706] ? __alloc_skb+0x112/0x2d0 [ 189.527576][ T6706] __alloc_skb+0x112/0x2d0 [ 189.527605][ T6706] netlink_sendmsg+0x5c6/0xb30 [ 189.527627][ T6706] ? is_bpf_text_address+0x26/0x2b0 [ 189.527670][ T6706] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.527702][ T6706] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 189.527723][ T6706] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.527747][ T6706] __sock_sendmsg+0x21c/0x270 [ 189.527770][ T6706] ____sys_sendmsg+0x505/0x830 [ 189.527802][ T6706] ? __pfx_____sys_sendmsg+0x10/0x10 [ 189.527838][ T6706] ? import_iovec+0x74/0xa0 [ 189.527870][ T6706] ___sys_sendmsg+0x21f/0x2a0 [ 189.527899][ T6706] ? __pfx____sys_sendmsg+0x10/0x10 [ 189.527961][ T6706] ? __fget_files+0x2a/0x420 [ 189.527980][ T6706] ? __fget_files+0x3a0/0x420 [ 189.528009][ T6706] __x64_sys_sendmsg+0x19b/0x260 [ 189.528044][ T6706] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 189.528087][ T6706] ? do_syscall_64+0xba/0x210 [ 189.528117][ T6706] do_syscall_64+0xf6/0x210 [ 189.528143][ T6706] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 189.528163][ T6706] ? clear_bhb_loop+0x60/0xb0 [ 189.528187][ T6706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.528206][ T6706] RIP: 0033:0x7ff46a78e969 [ 189.528224][ T6706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.528240][ T6706] RSP: 002b:00007ff46b68e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.528260][ T6706] RAX: ffffffffffffffda RBX: 00007ff46a9b5fa0 RCX: 00007ff46a78e969 [ 189.528274][ T6706] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 189.528286][ T6706] RBP: 00007ff46b68e090 R08: 0000000000000000 R09: 0000000000000000 [ 189.528298][ T6706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.528309][ T6706] R13: 0000000000000000 R14: 00007ff46a9b5fa0 R15: 00007ffd7c3e2318 [ 189.528339][ T6706] [ 189.796394][ T5867] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 189.819150][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.863231][ T6708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.224'. [ 189.932611][ T5867] usb 4-1: Product: syz [ 189.954261][ T6708] vlan2: entered promiscuous mode [ 189.963046][ T5867] usb 4-1: Manufacturer: syz [ 189.995709][ T5867] usb 4-1: SerialNumber: syz [ 190.001271][ T6708] bond0: entered promiscuous mode [ 190.038874][ T6708] bond_slave_0: entered promiscuous mode [ 190.058519][ T5867] usb 4-1: config 0 descriptor?? [ 190.069819][ T6708] bond_slave_1: entered promiscuous mode [ 190.083533][ T5867] smsc95xx v2.0.0 [ 190.378711][ T6720] netlink: 8 bytes leftover after parsing attributes in process `syz.1.225'. [ 191.457971][ T5867] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 191.486657][ T5867] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 191.927522][ T6734] ======================================================= [ 191.927522][ T6734] WARNING: The mand mount option has been deprecated and [ 191.927522][ T6734] and is ignored by this kernel. Remove the mand [ 191.927522][ T6734] option from the mount to silence this warning. [ 191.927522][ T6734] ======================================================= [ 191.990531][ T6734] 9pnet_fd: Insufficient options for proto=fd [ 192.416161][ T5867] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 192.957570][ T5867] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 192.969085][ T5867] usb 4-1: USB disconnect, device number 8 [ 194.266544][ T6762] random: crng reseeded on system resumption [ 194.499963][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.506432][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.731303][ T6775] warning: `syz.1.239' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 196.608183][ T6787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.246'. [ 196.684802][ T5911] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 196.767627][ T47] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 196.789135][ T6793] xt_CT: You must specify a L4 protocol and not use inversions on it [ 197.503833][ T6796] bio_check_eod: 2 callbacks suppressed [ 197.512660][ T6796] syz.0.246: attempt to access beyond end of device [ 197.512660][ T6796] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 197.536121][ T6796] efs: cannot read volume header [ 198.224611][ T5911] usb 5-1: Using ep0 maxpacket: 16 [ 198.236506][ T47] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 198.254641][ T47] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 198.265747][ T47] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 198.277382][ T5911] usb 5-1: config 1 has an invalid interface number: 105 but max is 0 [ 198.286653][ T47] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 198.297756][ T5911] usb 5-1: config 1 has no interface number 0 [ 198.303942][ T5911] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 198.315107][ T47] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 198.326492][ T5911] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 198.339092][ T5911] usb 5-1: config 1 interface 105 has no altsetting 0 [ 198.346922][ T47] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 198.357579][ T47] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 198.366118][ T47] usb 2-1: Product: syz [ 198.370346][ T47] usb 2-1: Manufacturer: syz [ 198.417328][ T47] cdc_wdm 2-1:1.0: skipping garbage [ 198.422616][ T47] cdc_wdm 2-1:1.0: skipping garbage [ 198.442729][ T5911] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 198.538844][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.553189][ T47] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 198.561703][ T5911] usb 5-1: Product: syz [ 198.568728][ T47] cdc_wdm 2-1:1.0: Unknown control protocol [ 198.580743][ T5911] usb 5-1: Manufacturer: syz [ 198.662263][ T5911] usb 5-1: SerialNumber: syz [ 198.799374][ T6806] random: crng reseeded on system resumption [ 199.088159][ T6779] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 199.096545][ T6779] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 199.231340][ T47] usb 2-1: USB disconnect, device number 4 [ 199.729056][ T6779] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 199.813042][ T6779] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 200.227945][ T6779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 200.250570][ T6779] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 200.290056][ T6839] netlink: 4 bytes leftover after parsing attributes in process `syz.1.260'. [ 200.587879][ T5911] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 200.938612][ T6847] efs: device does not support 512 byte blocks [ 200.944898][ T6847] device does not support 512 byte blocks [ 200.944898][ T6847] [ 201.045111][ T5911] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 201.115115][ T5911] aqc111 5-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, b6:ff:18:6d:a1:ca [ 201.176473][ T5911] usb 5-1: USB disconnect, device number 6 [ 201.184406][ T5911] aqc111 5-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 201.303879][ T6853] Sensor A: ================= START STATUS ================= [ 201.314271][ T6853] Sensor A: Test Pattern: 75% Colorbar [ 201.323803][ T6853] Sensor A: Show Information: All [ 201.333990][ T6853] Sensor A: Vertical Flip: false [ 201.339564][ T6853] Sensor A: Horizontal Flip: false [ 201.345241][ T6853] Sensor A: Brightness: 128 [ 201.349912][ T6853] Sensor A: Contrast: 128 [ 201.354768][ T6853] Sensor A: Hue: 0 [ 201.358764][ T6853] Sensor A: Saturation: 128 [ 201.363475][ T6853] Sensor A: ================== END STATUS ================== [ 201.544768][ T5911] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 201.555048][ T5911] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 201.565323][ T5911] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 201.844502][ T6862] random: crng reseeded on system resumption [ 202.461622][ T6877] FAULT_INJECTION: forcing a failure. [ 202.461622][ T6877] name failslab, interval 1, probability 0, space 0, times 0 [ 202.461753][ T6877] CPU: 1 UID: 0 PID: 6877 Comm: syz.3.267 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 202.461779][ T6877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 202.461792][ T6877] Call Trace: [ 202.461800][ T6877] [ 202.461809][ T6877] dump_stack_lvl+0x189/0x250 [ 202.461847][ T6877] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.461877][ T6877] ? __pfx__printk+0x10/0x10 [ 202.461918][ T6877] ? __pfx___might_resched+0x10/0x10 [ 202.461950][ T6877] ? fs_reclaim_acquire+0x7d/0x100 [ 202.461981][ T6877] should_fail_ex+0x414/0x560 [ 202.462009][ T6877] should_failslab+0xa8/0x100 [ 202.462030][ T6877] kmem_cache_alloc_noprof+0x73/0x3c0 [ 202.462063][ T6877] ? __mpol_dup+0x79/0x320 [ 202.462087][ T6877] __mpol_dup+0x79/0x320 [ 202.462106][ T6877] ? __pfx___mpol_dup+0x10/0x10 [ 202.462137][ T6877] vma_dup_policy+0x45/0xa0 [ 202.462158][ T6877] __split_vma+0x343/0x9b0 [ 202.462193][ T6877] ? can_vma_merge_left+0x19b/0x4c0 [ 202.462222][ T6877] ? __pfx___split_vma+0x10/0x10 [ 202.462265][ T6877] vma_modify+0x327/0x460 [ 202.462293][ T6877] vma_modify_policy+0x1e8/0x230 [ 202.462318][ T6877] ? __pfx_vma_modify_policy+0x10/0x10 [ 202.462360][ T6877] mbind_range+0x2bb/0x800 [ 202.462378][ T6877] ? __se_sys_set_mempolicy_home_node+0x4b1/0x7e0 [ 202.462407][ T6877] __se_sys_set_mempolicy_home_node+0x4fb/0x7e0 [ 202.462441][ T6877] ? __pfx___se_sys_set_mempolicy_home_node+0x10/0x10 [ 202.462479][ T6877] ? do_syscall_64+0xba/0x210 [ 202.462516][ T6877] do_syscall_64+0xf6/0x210 [ 202.462537][ T6877] ? clear_bhb_loop+0x60/0xb0 [ 202.462558][ T6877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.462573][ T6877] RIP: 0033:0x7fdcd038e969 [ 202.462588][ T6877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.462609][ T6877] RSP: 002b:00007fdcd12b4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c2 [ 202.462627][ T6877] RAX: ffffffffffffffda RBX: 00007fdcd05b5fa0 RCX: 00007fdcd038e969 [ 202.462639][ T6877] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000200000ff9000 [ 202.462649][ T6877] RBP: 00007fdcd12b4090 R08: 0000000000000000 R09: 0000000000000000 [ 202.462659][ T6877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.462668][ T6877] R13: 0000000000000000 R14: 00007fdcd05b5fa0 R15: 00007ffcffa03e28 [ 202.462695][ T6877] [ 202.503361][ T30] audit: type=1326 audit(1747335247.017:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6876 comm="syz.4.269" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fae5978e969 code=0x0 [ 202.683669][ T6882] netlink: 20 bytes leftover after parsing attributes in process `syz.3.271'. [ 202.890033][ T6891] netlink: 256 bytes leftover after parsing attributes in process `syz.3.271'. [ 203.126442][ T6896] FAULT_INJECTION: forcing a failure. [ 203.126442][ T6896] name failslab, interval 1, probability 0, space 0, times 0 [ 203.288807][ T6896] CPU: 0 UID: 0 PID: 6896 Comm: syz.1.275 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 203.288840][ T6896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 203.288853][ T6896] Call Trace: [ 203.288862][ T6896] [ 203.288872][ T6896] dump_stack_lvl+0x189/0x250 [ 203.288911][ T6896] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.288945][ T6896] ? __pfx__printk+0x10/0x10 [ 203.288997][ T6896] ? __pfx___might_resched+0x10/0x10 [ 203.289029][ T6896] ? fs_reclaim_acquire+0x7d/0x100 [ 203.289059][ T6896] should_fail_ex+0x414/0x560 [ 203.289087][ T6896] should_failslab+0xa8/0x100 [ 203.289109][ T6896] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 203.289142][ T6896] ? __d_alloc+0x31/0x6f0 [ 203.289171][ T6896] __d_alloc+0x31/0x6f0 [ 203.289220][ T6896] d_alloc_parallel+0xe0/0x14e0 [ 203.289266][ T6896] ? __d_lookup+0x66/0x780 [ 203.289297][ T6896] ? __pfx_d_alloc_parallel+0x10/0x10 [ 203.289344][ T6896] path_openat+0xa3b/0x3830 [ 203.289370][ T6896] ? arch_stack_walk+0xfc/0x150 [ 203.289438][ T6896] ? __pfx_path_openat+0x10/0x10 [ 203.289462][ T6896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.289510][ T6896] do_filp_open+0x1fa/0x410 [ 203.289547][ T6896] ? __pfx_do_filp_open+0x10/0x10 [ 203.289603][ T6896] ? _raw_spin_unlock+0x28/0x50 [ 203.289625][ T6896] ? alloc_fd+0x64c/0x6c0 [ 203.289671][ T6896] do_sys_openat2+0x121/0x1c0 [ 203.289701][ T6896] ? __pfx_do_sys_openat2+0x10/0x10 [ 203.289727][ T6896] ? exc_page_fault+0x68/0x110 [ 203.289758][ T6896] ? do_user_addr_fault+0xc8a/0x1390 [ 203.289799][ T6896] __x64_sys_openat+0x138/0x170 [ 203.289832][ T6896] do_syscall_64+0xf6/0x210 [ 203.289862][ T6896] ? clear_bhb_loop+0x60/0xb0 [ 203.289890][ T6896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.289911][ T6896] RIP: 0033:0x7ff46a78d2d0 [ 203.289930][ T6896] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 203.289948][ T6896] RSP: 002b:00007ff46b68db70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 203.289971][ T6896] RAX: ffffffffffffffda RBX: 0000000000004002 RCX: 00007ff46a78d2d0 [ 203.289987][ T6896] RDX: 0000000000004002 RSI: 00007ff46b68dc10 RDI: 00000000ffffff9c [ 203.290001][ T6896] RBP: 00007ff46b68dc10 R08: 0000000000000000 R09: 0000000000000000 [ 203.290015][ T6896] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 203.290027][ T6896] R13: 0000000000000000 R14: 00007ff46a9b5fa0 R15: 00007ffd7c3e2318 [ 203.290062][ T6896] [ 203.634262][ T6899] netlink: 4 bytes leftover after parsing attributes in process `syz.0.276'. [ 204.378578][ T6911] random: crng reseeded on system resumption [ 204.542185][ T6912] syz.0.276: attempt to access beyond end of device [ 204.542185][ T6912] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 204.556171][ T6912] efs: cannot read volume header [ 205.026227][ T6904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.277'. [ 205.881692][ T6928] FAULT_INJECTION: forcing a failure. [ 205.881692][ T6928] name failslab, interval 1, probability 0, space 0, times 0 [ 205.920150][ T6928] CPU: 1 UID: 0 PID: 6928 Comm: syz.2.284 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 205.920179][ T6928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 205.920191][ T6928] Call Trace: [ 205.920198][ T6928] [ 205.920207][ T6928] dump_stack_lvl+0x189/0x250 [ 205.920242][ T6928] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.920268][ T6928] ? __pfx__printk+0x10/0x10 [ 205.920320][ T6928] ? __pfx___might_resched+0x10/0x10 [ 205.920353][ T6928] ? fs_reclaim_acquire+0x7d/0x100 [ 205.920382][ T6928] should_fail_ex+0x414/0x560 [ 205.920410][ T6928] should_failslab+0xa8/0x100 [ 205.920432][ T6928] __kmalloc_noprof+0xcb/0x4f0 [ 205.920463][ T6928] ? tomoyo_encode+0x28b/0x550 [ 205.920496][ T6928] tomoyo_encode+0x28b/0x550 [ 205.920530][ T6928] tomoyo_mount_permission+0x44d/0x970 [ 205.920560][ T6928] ? stack_depot_save_flags+0x40/0x910 [ 205.920579][ T6928] ? tomoyo_mount_permission+0x27a/0x970 [ 205.920615][ T6928] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 205.920702][ T6928] security_sb_mount+0xec/0x350 [ 205.920739][ T6928] path_mount+0xbc/0xfe0 [ 205.920769][ T6928] ? user_path_at+0x44/0x60 [ 205.920792][ T6928] ? kmem_cache_free+0x192/0x3f0 [ 205.920833][ T6928] __se_sys_mount+0x317/0x410 [ 205.920860][ T6928] ? __pfx___se_sys_mount+0x10/0x10 [ 205.920885][ T6928] ? do_syscall_64+0xba/0x210 [ 205.920910][ T6928] ? __x64_sys_mount+0x20/0xc0 [ 205.920933][ T6928] do_syscall_64+0xf6/0x210 [ 205.920960][ T6928] ? clear_bhb_loop+0x60/0xb0 [ 205.920986][ T6928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.921006][ T6928] RIP: 0033:0x7f01d478e969 [ 205.921024][ T6928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.921041][ T6928] RSP: 002b:00007f01d567f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 205.921063][ T6928] RAX: ffffffffffffffda RBX: 00007f01d49b5fa0 RCX: 00007f01d478e969 [ 205.921078][ T6928] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000 [ 205.921091][ T6928] RBP: 00007f01d567f090 R08: 0000000000000000 R09: 0000000000000000 [ 205.921103][ T6928] R10: 0000000002224066 R11: 0000000000000246 R12: 0000000000000001 [ 205.921116][ T6928] R13: 0000000000000000 R14: 00007f01d49b5fa0 R15: 00007fffadda97c8 [ 205.921148][ T6928] [ 206.151453][ C1] vkms_vblank_simulate: vblank timer overrun [ 208.095338][ T6954] syz.3.289: attempt to access beyond end of device [ 208.095338][ T6954] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 208.109908][ T6954] syz.3.289: attempt to access beyond end of device [ 208.109908][ T6954] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 208.123599][ T6954] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 208.134539][ T6954] syz.3.289: attempt to access beyond end of device [ 208.134539][ T6954] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 208.173023][ T6954] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 208.188023][ T6954] syz.3.289: attempt to access beyond end of device [ 208.188023][ T6954] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 208.202083][ T6954] syz.3.289: attempt to access beyond end of device [ 208.202083][ T6954] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 208.215540][ T6954] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 208.226357][ T6954] syz.3.289: attempt to access beyond end of device [ 208.226357][ T6954] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 208.240061][ T6954] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 208.253486][ T6954] syz.3.289: attempt to access beyond end of device [ 208.253486][ T6954] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 208.267945][ T6954] syz.3.289: attempt to access beyond end of device [ 208.267945][ T6954] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 208.281819][ T6954] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 208.292251][ T6954] syz.3.289: attempt to access beyond end of device [ 208.292251][ T6954] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 208.305704][ T6954] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 208.319175][ T6954] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 209.234411][ T6960] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 209.246798][ T6960] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 209.262646][ T6960] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 209.273344][ T6960] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 209.287872][ T6960] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 209.298373][ T6960] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 209.310655][ T6960] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 209.320995][ T6960] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 209.330631][ T6960] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 210.724651][ T6954] bio_check_eod: 14 callbacks suppressed [ 210.724668][ T6954] syz.3.289: attempt to access beyond end of device [ 210.724668][ T6954] nbd3: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 210.774557][ T6954] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 210.794514][ T6954] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 211.371993][ T6968] random: crng reseeded on system resumption [ 211.749407][ T6970] 9pnet_virtio: no channels available for device syz [ 211.770913][ T6970] FAULT_INJECTION: forcing a failure. [ 211.770913][ T6970] name failslab, interval 1, probability 0, space 0, times 0 [ 211.783655][ T6970] CPU: 1 UID: 0 PID: 6970 Comm: syz.4.292 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 211.783682][ T6970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.783694][ T6970] Call Trace: [ 211.783702][ T6970] [ 211.783710][ T6970] dump_stack_lvl+0x189/0x250 [ 211.783744][ T6970] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.783771][ T6970] ? __pfx__printk+0x10/0x10 [ 211.783807][ T6970] ? __pfx___might_resched+0x10/0x10 [ 211.783835][ T6970] ? fs_reclaim_acquire+0x7d/0x100 [ 211.783862][ T6970] should_fail_ex+0x414/0x560 [ 211.783887][ T6970] should_failslab+0xa8/0x100 [ 211.783913][ T6970] kmem_cache_alloc_noprof+0x73/0x3c0 [ 211.783943][ T6970] ? getname_flags+0xb8/0x540 [ 211.783961][ T6970] ? __pfx_vfs_write+0x10/0x10 [ 211.783991][ T6970] getname_flags+0xb8/0x540 [ 211.784015][ T6970] do_sys_openat2+0xbc/0x1c0 [ 211.784040][ T6970] ? __pfx_do_sys_openat2+0x10/0x10 [ 211.784067][ T6970] ? ksys_write+0x1f0/0x250 [ 211.784102][ T6970] __x64_sys_openat+0x138/0x170 [ 211.784130][ T6970] do_syscall_64+0xf6/0x210 [ 211.784157][ T6970] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 211.784176][ T6970] ? clear_bhb_loop+0x60/0xb0 [ 211.784200][ T6970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.784219][ T6970] RIP: 0033:0x7fae5978e969 [ 211.784236][ T6970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.784253][ T6970] RSP: 002b:00007fae575b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 211.784273][ T6970] RAX: ffffffffffffffda RBX: 00007fae599b6160 RCX: 00007fae5978e969 [ 211.784287][ T6970] RDX: 000000000000275a RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 211.784301][ T6970] RBP: 00007fae575b4090 R08: 0000000000000000 R09: 0000000000000000 [ 211.784313][ T6970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.784324][ T6970] R13: 0000000000000000 R14: 00007fae599b6160 R15: 00007ffe5bb7ebe8 [ 211.784354][ T6970] [ 211.996962][ T909] block nbd3: Receive control failed (result -107) [ 212.028895][ T906] block nbd2: Receive control failed (result -107) [ 212.267162][ T6955] nbd3: detected capacity change from 0 to 29912 [ 212.299710][ T6960] nbd2: detected capacity change from 0 to 29912 [ 212.313581][ T6960] block nbd2: shutting down sockets [ 212.318034][ T6955] block nbd3: shutting down sockets [ 213.297798][ T6986] efs: device does not support 512 byte blocks [ 213.304258][ T6986] device does not support 512 byte blocks [ 213.304258][ T6986] [ 214.157730][ T6966] Bluetooth: hci0: command 0x0406 tx timeout [ 214.164000][ T6966] Bluetooth: hci2: command 0x0406 tx timeout [ 214.171038][ T6966] Bluetooth: hci1: command 0x0406 tx timeout [ 214.177723][ T5129] Bluetooth: hci3: command 0x0406 tx timeout [ 214.184393][ T5129] Bluetooth: hci4: command 0x0405 tx timeout [ 214.648192][ T7000] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 215.879919][ T7014] random: crng reseeded on system resumption [ 216.408661][ T5911] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 216.721550][ T5911] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 216.816424][ T5911] usb 4-1: config 1 has an invalid descriptor of length 92, skipping remainder of the config [ 216.920287][ T5911] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 216.939527][ T5911] usb 4-1: config 1 has no interface number 0 [ 216.957582][ T5911] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 217.291277][ T7022] syz.4.306: attempt to access beyond end of device [ 217.291277][ T7022] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 217.305336][ T7022] syz.4.306: attempt to access beyond end of device [ 217.305336][ T7022] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 217.318583][ T7022] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 217.329243][ T7022] syz.4.306: attempt to access beyond end of device [ 217.329243][ T7022] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 217.342677][ T7022] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 217.355943][ T7022] syz.4.306: attempt to access beyond end of device [ 217.355943][ T7022] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0 [ 217.369989][ T7022] syz.4.306: attempt to access beyond end of device [ 217.369989][ T7022] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 217.384657][ T7022] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 217.394959][ T7022] syz.4.306: attempt to access beyond end of device [ 217.394959][ T7022] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 217.408234][ T7022] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 217.420225][ T7022] syz.4.306: attempt to access beyond end of device [ 217.420225][ T7022] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 217.434235][ T7022] syz.4.306: attempt to access beyond end of device [ 217.434235][ T7022] nbd4: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 217.447578][ T7022] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 217.457819][ T7022] syz.4.306: attempt to access beyond end of device [ 217.457819][ T7022] nbd4: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 217.471083][ T7022] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 217.481493][ T7022] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1) [ 217.758058][ T7024] net_ratelimit: 10 callbacks suppressed [ 217.758091][ T7024] openvswitch: netlink: Message has 8 unknown bytes. [ 218.200696][ T5911] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 218.226768][ T5911] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 218.244542][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.252596][ T5911] usb 4-1: Product: syz [ 218.257218][ T5911] usb 4-1: Manufacturer: syz [ 218.261832][ T5911] usb 4-1: SerialNumber: syz [ 218.279877][ T5911] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 218.294537][ T5911] cdc_ncm 4-1:1.1: bind() failure [ 218.352388][ T5829] block nbd4: Receive control failed (result -107) [ 218.513419][ T9] usb 4-1: USB disconnect, device number 9 [ 218.635619][ T7022] nbd4: detected capacity change from 0 to 29912 [ 218.643914][ T7022] block nbd4: shutting down sockets [ 218.727778][ T7036] efs: device does not support 512 byte blocks [ 218.734160][ T7036] device does not support 512 byte blocks [ 218.734160][ T7036] [ 220.824884][ T7044] xt_CT: No such helper "snmp" [ 221.131028][ T7061] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 221.806622][ T7069] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 222.105386][ T7071] random: crng reseeded on system resumption [ 222.684354][ T7079] openvswitch: netlink: Message has 8 unknown bytes. [ 222.698226][ T1336] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 222.895564][ T5829] block nbd1: Receive control failed (result -107) [ 222.952546][ T7085] syz.1.321: attempt to access beyond end of device [ 222.952546][ T7085] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 222.966929][ T7085] syz.1.321: attempt to access beyond end of device [ 222.966929][ T7085] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 222.980279][ T7085] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 222.992534][ T7085] syz.1.321: attempt to access beyond end of device [ 222.992534][ T7085] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 223.056578][ T7085] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 223.070546][ T7085] syz.1.321: attempt to access beyond end of device [ 223.070546][ T7085] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 223.084745][ T7085] syz.1.321: attempt to access beyond end of device [ 223.084745][ T7085] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 223.098135][ T7085] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 223.111189][ T7085] syz.1.321: attempt to access beyond end of device [ 223.111189][ T7085] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 223.126075][ T7085] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 223.139007][ T7085] syz.1.321: attempt to access beyond end of device [ 223.139007][ T7085] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 223.153799][ T7085] syz.1.321: attempt to access beyond end of device [ 223.153799][ T7085] nbd1: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 223.167329][ T7085] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 223.178936][ T7089] nbd1: detected capacity change from 0 to 29912 [ 223.189565][ T7085] block nbd1: Dead connection, failed to find a fallback [ 223.196974][ T7085] block nbd1: shutting down sockets [ 223.202435][ T7085] blk_print_req_error: 16 callbacks suppressed [ 223.202467][ T7085] I/O error, dev nbd1, sector 4096 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.222494][ T7085] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 223.232342][ T7085] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 224.984608][ T5867] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 225.134544][ T5867] usb 5-1: device descriptor read/64, error -71 [ 225.384607][ T5867] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 225.460548][ T7114] efs: device does not support 512 byte blocks [ 225.468334][ T7114] device does not support 512 byte blocks [ 225.468334][ T7114] [ 225.665252][ T5867] usb 5-1: device descriptor read/64, error -71 [ 225.884667][ T5867] usb usb5-port1: attempt power cycle [ 226.449486][ T30] audit: type=1326 audit(1747335270.757:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7109 comm="syz.0.327" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ee738e969 code=0x0 [ 226.470367][ C1] vkms_vblank_simulate: vblank timer overrun [ 226.832132][ T7130] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 226.925377][ T7128] random: crng reseeded on system resumption [ 226.954675][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 227.705777][ T5829] block nbd4: Receive control failed (result -107) [ 227.755084][ T7140] syz.4.334: attempt to access beyond end of device [ 227.755084][ T7140] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 227.769184][ T7140] syz.4.334: attempt to access beyond end of device [ 227.769184][ T7140] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 227.782316][ T7140] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 227.792827][ T7140] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 227.810432][ T7140] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 227.821937][ T7140] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 227.840071][ T7140] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 227.850542][ T7140] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 227.860270][ T7140] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1) [ 227.976635][ T7138] nbd4: detected capacity change from 0 to 29912 [ 228.446531][ T7131] block nbd4: shutting down sockets [ 228.585535][ T7136] vlan2: entered promiscuous mode [ 228.605513][ T7136] hsr0: entered promiscuous mode [ 228.674870][ T7146] openvswitch: netlink: Message has 8 unknown bytes. [ 228.774639][ T5869] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 228.878645][ T7139] dvmrp1: entered allmulticast mode [ 229.654563][ T5869] usb 4-1: Using ep0 maxpacket: 8 [ 229.661520][ T5869] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.684506][ T5869] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 229.705343][ T5869] usb 4-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 229.723496][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.756839][ T5869] usb 4-1: config 0 descriptor?? [ 229.792312][ T7160] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 229.802916][ T7160] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 229.817753][ T7160] overlayfs: missing 'lowerdir' [ 229.836086][ T7160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.338'. [ 230.247329][ T5869] hid-rmi 0003:06CB:81A7.0002: unknown main item tag 0x0 [ 230.267206][ T5869] hid-rmi 0003:06CB:81A7.0002: unknown main item tag 0x0 [ 230.283991][ T7174] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 230.974020][ T7175] random: crng reseeded on system resumption [ 231.051506][ T7179] binfmt_misc: register: failed to install interpreter file ./file0 [ 231.466633][ T5869] hid-rmi 0003:06CB:81A7.0002: unknown main item tag 0x7 [ 231.473836][ T5869] hid-rmi 0003:06CB:81A7.0002: unknown main item tag 0x0 [ 231.481018][ T5869] hid-rmi 0003:06CB:81A7.0002: unknown main item tag 0x0 [ 231.488253][ T5869] hid-rmi 0003:06CB:81A7.0002: unbalanced collection at end of report description [ 231.498537][ T5869] hid-rmi 0003:06CB:81A7.0002: parse failed [ 231.504678][ T5869] hid-rmi 0003:06CB:81A7.0002: probe with driver hid-rmi failed with error -22 [ 231.674912][ T5869] usb 4-1: USB disconnect, device number 10 [ 231.941322][ T5829] block nbd0: Receive control failed (result -107) [ 232.058029][ T7191] sg_write: process 237 (syz.1.346) changed security contexts after opening file descriptor, this is not allowed. [ 232.121310][ T7185] bio_check_eod: 7 callbacks suppressed [ 232.121360][ T7185] syz.0.347: attempt to access beyond end of device [ 232.121360][ T7185] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0 [ 232.141508][ T7185] syz.0.347: attempt to access beyond end of device [ 232.141508][ T7185] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0 [ 232.154907][ T7185] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 232.166332][ T7185] syz.0.347: attempt to access beyond end of device [ 232.166332][ T7185] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 232.179660][ T7185] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 232.193806][ T7185] syz.0.347: attempt to access beyond end of device [ 232.193806][ T7185] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0 [ 232.208207][ T7185] syz.0.347: attempt to access beyond end of device [ 232.208207][ T7185] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 232.221475][ T7185] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 232.233401][ T7185] syz.0.347: attempt to access beyond end of device [ 232.233401][ T7185] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 232.246810][ T7185] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 232.259495][ T7185] syz.0.347: attempt to access beyond end of device [ 232.259495][ T7185] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 232.273571][ T7185] syz.0.347: attempt to access beyond end of device [ 232.273571][ T7185] nbd0: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 232.286897][ T7185] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 232.297388][ T7185] syz.0.347: attempt to access beyond end of device [ 232.297388][ T7185] nbd0: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 232.310766][ T7185] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 232.320388][ T7185] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1) [ 232.680683][ T7185] nbd0: detected capacity change from 0 to 29912 [ 232.688364][ T7185] block nbd0: shutting down sockets [ 232.775509][ T7197] openvswitch: netlink: Message has 8 unknown bytes. [ 232.914607][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 233.054646][ T9] usb 3-1: device descriptor read/64, error -71 [ 233.294584][ T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 233.545200][ T9] usb 3-1: device descriptor read/64, error -71 [ 233.663985][ T7220] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 233.705216][ T9] usb usb3-port1: attempt power cycle [ 234.056883][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 234.105896][ T9] usb 3-1: device descriptor read/8, error -71 [ 234.426748][ T7230] random: crng reseeded on system resumption [ 235.197162][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 235.355875][ T7235] block nbd0: server does not support multiple connections per device. [ 235.410928][ T7235] block nbd0: shutting down sockets [ 236.654581][ T7256] syz.3.363: attempt to access beyond end of device [ 236.654581][ T7256] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 236.668913][ T7256] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 236.679408][ T7256] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 236.692688][ T7256] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 236.703025][ T7256] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 236.715013][ T7256] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 236.725310][ T7256] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 236.735714][ T7256] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 237.321532][ T5829] block nbd3: Receive control failed (result -107) [ 237.715624][ T7256] nbd3: detected capacity change from 0 to 29912 [ 237.720283][ T7256] block nbd3: shutting down sockets [ 237.838186][ T7260] openvswitch: netlink: Message has 8 unknown bytes. [ 238.427147][ T7278] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 239.221212][ T7285] random: crng reseeded on system resumption [ 240.141172][ T7290] netlink: 'syz.0.368': attribute type 25 has an invalid length. [ 240.210218][ T7295] xt_CT: You must specify a L4 protocol and not use inversions on it [ 240.394874][ T7290] netlink: 'syz.0.368': attribute type 8 has an invalid length. [ 241.921605][ T7314] bridge0: port 3(macvlan2) entered blocking state [ 241.928884][ T7314] bridge0: port 3(macvlan2) entered disabled state [ 241.936260][ T7314] macvlan2: entered allmulticast mode [ 241.941729][ T7314] bridge0: entered allmulticast mode [ 242.735280][ T7314] macvlan2: left allmulticast mode [ 242.742260][ T7314] bridge0: left allmulticast mode [ 244.042878][ T7334] 9pnet_fd: Insufficient options for proto=fd [ 244.395704][ T7342] random: crng reseeded on system resumption [ 246.528963][ T7359] FAULT_INJECTION: forcing a failure. [ 246.528963][ T7359] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 246.591952][ T7359] CPU: 1 UID: 0 PID: 7359 Comm: syz.0.391 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 246.591986][ T7359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 246.592008][ T7359] Call Trace: [ 246.592023][ T7359] [ 246.592033][ T7359] dump_stack_lvl+0x189/0x250 [ 246.592072][ T7359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.592103][ T7359] ? __pfx__printk+0x10/0x10 [ 246.592176][ T7359] should_fail_ex+0x414/0x560 [ 246.592206][ T7359] _copy_to_user+0x31/0xb0 [ 246.592240][ T7359] simple_read_from_buffer+0xe1/0x170 [ 246.592278][ T7359] proc_fail_nth_read+0x1df/0x250 [ 246.592305][ T7359] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 246.592332][ T7359] ? rw_verify_area+0x258/0x650 [ 246.592361][ T7359] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 246.592386][ T7359] vfs_read+0x200/0x980 [ 246.592423][ T7359] ? __pfx___mutex_lock+0x10/0x10 [ 246.592452][ T7359] ? __pfx_vfs_read+0x10/0x10 [ 246.592484][ T7359] ? __fget_files+0x2a/0x420 [ 246.592510][ T7359] ? __fget_files+0x3a0/0x420 [ 246.592528][ T7359] ? __fget_files+0x2a/0x420 [ 246.592559][ T7359] ksys_read+0x145/0x250 [ 246.592588][ T7359] ? rcu_is_watching+0x15/0xb0 [ 246.592622][ T7359] ? __pfx_ksys_read+0x10/0x10 [ 246.592657][ T7359] ? do_syscall_64+0xba/0x210 [ 246.592689][ T7359] do_syscall_64+0xf6/0x210 [ 246.592718][ T7359] ? clear_bhb_loop+0x60/0xb0 [ 246.592745][ T7359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.592767][ T7359] RIP: 0033:0x7f8ee738d37c [ 246.592786][ T7359] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 246.592805][ T7359] RSP: 002b:00007f8ee821c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 246.592829][ T7359] RAX: ffffffffffffffda RBX: 00007f8ee75b5fa0 RCX: 00007f8ee738d37c [ 246.592845][ T7359] RDX: 000000000000000f RSI: 00007f8ee821c0a0 RDI: 0000000000000003 [ 246.592859][ T7359] RBP: 00007f8ee821c090 R08: 0000000000000000 R09: 0000000000000000 [ 246.592873][ T7359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.592886][ T7359] R13: 0000000000000001 R14: 00007f8ee75b5fa0 R15: 00007ffdfeb15f48 [ 246.592920][ T7359] [ 246.808389][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.297081][ T7375] bridge0: entered promiscuous mode [ 247.304550][ T5834] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 247.308252][ T5869] libceph: connect (1)[c::]:6789 error -101 [ 247.323891][ T7375] bridge0: port 3(macvlan2) entered blocking state [ 247.331213][ T7375] bridge0: port 3(macvlan2) entered disabled state [ 247.339848][ T7375] macvlan2: entered allmulticast mode [ 247.493223][ T5869] libceph: mon0 (1)[c::]:6789 connect error [ 247.509842][ T5869] libceph: connect (1)[c::]:6789 error -101 [ 247.518276][ T5869] libceph: mon0 (1)[c::]:6789 connect error [ 247.532920][ T7375] bridge0: entered allmulticast mode [ 247.624542][ T5834] usb 2-1: Using ep0 maxpacket: 8 [ 247.653015][ T7375] macvlan2: left allmulticast mode [ 247.658401][ T7375] bridge0: left allmulticast mode [ 247.668757][ T7375] bridge0: left promiscuous mode [ 247.799390][ T5869] libceph: connect (1)[c::]:6789 error -101 [ 247.881996][ T5869] libceph: mon0 (1)[c::]:6789 connect error [ 248.042127][ T7370] ceph: No mds server is up or the cluster is laggy [ 248.328876][ T5834] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 248.337402][ T5834] usb 2-1: config 179 has no interface number 0 [ 248.344954][ T5834] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 248.356340][ T5834] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 248.367794][ T5834] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 248.377938][ T5834] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 248.391436][ T5834] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 248.401168][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.424747][ T7364] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 248.589908][ T7382] netlink: 'syz.3.394': attribute type 25 has an invalid length. [ 248.597875][ T7382] netlink: 'syz.3.394': attribute type 8 has an invalid length. [ 248.754838][ T977] usb 2-1: USB disconnect, device number 5 [ 249.014589][ T7388] random: crng reseeded on system resumption [ 249.880204][ T7398] binfmt_misc: register: failed to install interpreter file ./file0 [ 250.021804][ T5829] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 251.039202][ T7410] netlink: 4 bytes leftover after parsing attributes in process `syz.4.404'. [ 251.097702][ T7410] bond1 (unregistering): Released all slaves [ 251.128039][ T7413] libceph: resolve '4' (ret=-3): failed [ 251.294447][ T7413] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.302441][ T7413] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.464673][ T5867] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 251.530732][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 251.569232][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 251.634655][ T5867] usb 2-1: Using ep0 maxpacket: 8 [ 251.647388][ T5867] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 251.668134][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.703550][ T5867] pvrusb2: Hardware description: Terratec Grabster AV400 [ 251.720762][ T5867] pvrusb2: ********** [ 251.728497][ T5867] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 251.743028][ T5867] pvrusb2: Important functionality might not be entirely working. [ 251.752153][ T7413] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.752323][ T5867] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 251.782905][ T7413] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.793555][ T5867] pvrusb2: ********** [ 251.804993][ T7413] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.815167][ T7413] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.905675][ T2340] pvrusb2: Invalid write control endpoint [ 252.010333][ T2340] pvrusb2: Invalid write control endpoint [ 252.041650][ T2340] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 252.078724][ T2340] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 252.098236][ T2340] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 252.139640][ T2340] pvrusb2: Device being rendered inoperable [ 252.187173][ T7419] pvrusb2: Attempted to execute control transfer when device not ok [ 252.251998][ T2340] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 252.275629][ T2340] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 252.299360][ T2340] pvrusb2: Attached sub-driver cx25840 [ 252.506203][ T2340] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 252.517961][ T2340] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 252.799470][ T7438] random: crng reseeded on system resumption [ 253.622750][ T5919] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 253.841903][ T5869] usb 2-1: USB disconnect, device number 6 [ 253.844619][ T5919] usb 4-1: Using ep0 maxpacket: 32 [ 253.877399][ T5919] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.897443][ T5919] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.908420][ T5919] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 253.920922][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.961972][ T5919] usb 4-1: config 0 descriptor?? [ 254.177684][ T7453] binder: 7450:7453 ioctl c0306201 200000000280 returned -14 [ 255.063920][ T5919] savu 0003:1E7D:2D5A.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 255.220020][ T5869] usb 4-1: USB disconnect, device number 11 [ 255.828439][ T7464] netlink: 8 bytes leftover after parsing attributes in process `syz.2.418'. [ 255.874966][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.882397][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.095275][ T7471] block device autoloading is deprecated and will be removed. [ 256.977633][ T7479] xt_CT: You must specify a L4 protocol and not use inversions on it [ 257.224964][ T7476] block nbd0: server does not support multiple connections per device. [ 257.250846][ T7476] block nbd0: shutting down sockets [ 259.029992][ T7491] random: crng reseeded on system resumption [ 259.751309][ T7494] syzkaller1: entered promiscuous mode [ 259.908376][ T7497] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324 [ 259.955650][ T7494] syzkaller1: entered allmulticast mode [ 260.795935][ T7510] FAULT_INJECTION: forcing a failure. [ 260.795935][ T7510] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 260.812926][ T7508] netfs: Couldn't get user pages (rc=-14) [ 260.883834][ T7510] CPU: 1 UID: 0 PID: 7510 Comm: syz.1.431 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 260.883866][ T7510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.883878][ T7510] Call Trace: [ 260.883892][ T7510] [ 260.883901][ T7510] dump_stack_lvl+0x189/0x250 [ 260.883943][ T7510] ? __lock_acquire+0xaac/0xd20 [ 260.883986][ T7510] ? __pfx_dump_stack_lvl+0x10/0x10 [ 260.884036][ T7510] ? __pfx__printk+0x10/0x10 [ 260.884080][ T7510] ? __might_fault+0xb0/0x130 [ 260.884137][ T7510] should_fail_ex+0x414/0x560 [ 260.884175][ T7510] _copy_from_user+0x2d/0xb0 [ 260.884218][ T7510] snd_seq_write+0x300/0x810 [ 260.884264][ T7510] ? __pfx_snd_seq_write+0x10/0x10 [ 260.884298][ T7510] ? bpf_lsm_file_permission+0x9/0x20 [ 260.884334][ T7510] ? security_file_permission+0x75/0x290 [ 260.884366][ T7510] ? rw_verify_area+0x258/0x650 [ 260.884412][ T7510] vfs_writev+0x4a2/0x9a0 [ 260.884438][ T7510] ? vfs_write+0x8d8/0xa90 [ 260.884467][ T7510] ? __pfx_snd_seq_write+0x10/0x10 [ 260.884495][ T7510] ? __pfx_vfs_writev+0x10/0x10 [ 260.884536][ T7510] ? __fget_files+0x2a/0x420 [ 260.884562][ T7510] ? __fget_files+0x3a0/0x420 [ 260.884582][ T7510] ? __fget_files+0x2a/0x420 [ 260.884612][ T7510] do_writev+0x14d/0x2d0 [ 260.884638][ T7510] ? __pfx_do_writev+0x10/0x10 [ 260.884666][ T7510] ? do_syscall_64+0xba/0x210 [ 260.884698][ T7510] do_syscall_64+0xf6/0x210 [ 260.884727][ T7510] ? clear_bhb_loop+0x60/0xb0 [ 260.884754][ T7510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.884776][ T7510] RIP: 0033:0x7ff46a78e969 [ 260.884795][ T7510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.884814][ T7510] RSP: 002b:00007ff46b68e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 260.884836][ T7510] RAX: ffffffffffffffda RBX: 00007ff46a9b5fa0 RCX: 00007ff46a78e969 [ 260.884852][ T7510] RDX: 0000000000000002 RSI: 0000200000000580 RDI: 0000000000000003 [ 260.884866][ T7510] RBP: 00007ff46b68e090 R08: 0000000000000000 R09: 0000000000000000 [ 260.884880][ T7510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.884894][ T7510] R13: 0000000000000000 R14: 00007ff46a9b5fa0 R15: 00007ffd7c3e2318 [ 260.884939][ T7510] [ 261.109157][ C1] vkms_vblank_simulate: vblank timer overrun [ 261.374811][ T5911] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 261.509541][ T7520] netlink: 8 bytes leftover after parsing attributes in process `syz.2.432'. [ 261.734662][ T5911] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 40, changing to 9 [ 261.961738][ T5911] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 262.127973][ T7522] libceph: resolve '4' (ret=-3): failed [ 262.194413][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.211383][ T5911] usb 5-1: Product: syz [ 262.215703][ T5911] usb 5-1: Manufacturer: syz [ 262.220495][ T5911] usb 5-1: SerialNumber: syz [ 262.851632][ T7529] random: crng reseeded on system resumption [ 263.820814][ T5919] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 263.981455][ T5834] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 263.997298][ T5919] usb 4-1: Using ep0 maxpacket: 32 [ 264.108254][ T5919] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 264.262364][ T5919] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.319233][ T5834] usb 2-1: Using ep0 maxpacket: 8 [ 264.429930][ T5919] usb 4-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 264.439863][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.448424][ T5834] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 264.459739][ T5834] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 264.473447][ T5919] usb 4-1: config 0 descriptor?? [ 264.480378][ T5834] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 264.496181][ T5834] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 264.509533][ T5834] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 264.582136][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.698663][ T7533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 264.699105][ T7533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 264.726734][ T5911] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 264.733264][ T5911] cdc_ncm 5-1:1.0: setting rx_max = 16384 [ 264.820711][ T5834] usb 2-1: GET_CAPABILITIES returned 0 [ 264.822614][ T7546] netlink: 8 bytes leftover after parsing attributes in process `syz.2.442'. [ 264.827495][ T5834] usbtmc 2-1:16.0: can't read capabilities [ 264.902490][ T5919] hid (null): global environment stack underflow [ 264.919348][ T5919] waterforce 0003:1044:7A4D.0004: global environment stack underflow [ 264.929532][ T5919] waterforce 0003:1044:7A4D.0004: item 0 0 1 11 parsing failed [ 264.943412][ T5919] waterforce 0003:1044:7A4D.0004: hid parse failed with -22 [ 264.953498][ T5919] waterforce 0003:1044:7A4D.0004: probe with driver waterforce failed with error -22 [ 264.964381][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 264.996150][ T5911] cdc_ncm 5-1:1.0: setting tx_max = 16384 [ 265.015713][ T5911] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 265.036154][ T7537] binder: 7536:7537 ioctl c018620c 200000000100 returned -1 [ 265.065940][ T5911] usb 5-1: USB disconnect, device number 10 [ 265.073734][ T5911] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP) [ 265.144625][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 265.164408][ T9] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 265.186871][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.209300][ T977] usb 4-1: USB disconnect, device number 12 [ 265.244265][ T9] pvrusb2: Hardware description: Terratec Grabster AV400 [ 265.266182][ T9] pvrusb2: ********** [ 265.270413][ T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 265.284373][ T9] pvrusb2: Important functionality might not be entirely working. [ 265.293489][ T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 265.314046][ T9] pvrusb2: ********** [ 265.410450][ T5911] usb 2-1: USB disconnect, device number 7 [ 265.434241][ T2340] pvrusb2: Invalid write control endpoint [ 265.480300][ T2340] pvrusb2: Invalid write control endpoint [ 265.486371][ T2340] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 265.496177][ T2340] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 265.504394][ T2340] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 265.521433][ T2340] pvrusb2: Device being rendered inoperable [ 265.527677][ T2340] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 265.537255][ T2340] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 265.546661][ T2340] pvrusb2: Attached sub-driver cx25840 [ 265.553181][ T2340] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 265.565030][ T2340] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 265.638478][ T7544] pvrusb2: Attempted to execute control transfer when device not ok [ 266.012357][ T7564] netlink: 8 bytes leftover after parsing attributes in process `syz.4.446'. [ 266.998531][ T9] usb 1-1: USB disconnect, device number 4 [ 267.257342][ T7575] random: crng reseeded on system resumption [ 268.615508][ T7588] FAULT_INJECTION: forcing a failure. [ 268.615508][ T7588] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 268.648502][ T7588] CPU: 0 UID: 0 PID: 7588 Comm: syz.3.454 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 268.648534][ T7588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 268.648547][ T7588] Call Trace: [ 268.648556][ T7588] [ 268.648566][ T7588] dump_stack_lvl+0x189/0x250 [ 268.648605][ T7588] ? __pfx_dump_stack_lvl+0x10/0x10 [ 268.648643][ T7588] ? __pfx__printk+0x10/0x10 [ 268.648691][ T7588] should_fail_ex+0x414/0x560 [ 268.648720][ T7588] _copy_to_user+0x31/0xb0 [ 268.648753][ T7588] simple_read_from_buffer+0xe1/0x170 [ 268.648791][ T7588] proc_fail_nth_read+0x1df/0x250 [ 268.648819][ T7588] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 268.648846][ T7588] ? rw_verify_area+0x258/0x650 [ 268.648876][ T7588] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 268.648901][ T7588] vfs_read+0x200/0x980 [ 268.648936][ T7588] ? __pfx___mutex_lock+0x10/0x10 [ 268.648964][ T7588] ? __pfx_vfs_read+0x10/0x10 [ 268.648996][ T7588] ? __fget_files+0x2a/0x420 [ 268.649022][ T7588] ? __fget_files+0x3a0/0x420 [ 268.649041][ T7588] ? __fget_files+0x2a/0x420 [ 268.649072][ T7588] ksys_read+0x145/0x250 [ 268.649100][ T7588] ? rcu_is_watching+0x15/0xb0 [ 268.649138][ T7588] ? __pfx_ksys_read+0x10/0x10 [ 268.649171][ T7588] ? do_syscall_64+0xba/0x210 [ 268.649203][ T7588] do_syscall_64+0xf6/0x210 [ 268.649232][ T7588] ? clear_bhb_loop+0x60/0xb0 [ 268.649258][ T7588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.649278][ T7588] RIP: 0033:0x7fdcd038d37c [ 268.649298][ T7588] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 268.649318][ T7588] RSP: 002b:00007fdcd12b4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 268.649341][ T7588] RAX: ffffffffffffffda RBX: 00007fdcd05b5fa0 RCX: 00007fdcd038d37c [ 268.649357][ T7588] RDX: 000000000000000f RSI: 00007fdcd12b40a0 RDI: 0000000000000005 [ 268.649370][ T7588] RBP: 00007fdcd12b4090 R08: 0000000000000000 R09: 0000000000000000 [ 268.649384][ T7588] R10: 00000000000003fb R11: 0000000000000246 R12: 0000000000000001 [ 268.649403][ T7588] R13: 0000000000000000 R14: 00007fdcd05b5fa0 R15: 00007ffcffa03e28 [ 268.649436][ T7588] [ 269.250001][ T7599] bridge0: port 3(macvlan2) entered blocking state [ 269.257086][ T7599] bridge0: port 3(macvlan2) entered disabled state [ 269.265421][ T7599] macvlan2: entered allmulticast mode [ 269.277908][ T7599] bridge0: entered allmulticast mode [ 270.151746][ T7599] macvlan2: left allmulticast mode [ 270.157076][ T7599] bridge0: left allmulticast mode [ 270.287843][ T7609] openvswitch: netlink: Message has 8 unknown bytes. [ 270.579614][ T55] block nbd0: Receive control failed (result -107) [ 270.615964][ T7607] bio_check_eod: 8 callbacks suppressed [ 270.615978][ T7607] syz.0.459: attempt to access beyond end of device [ 270.615978][ T7607] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0 [ 270.863718][ T7607] syz.0.459: attempt to access beyond end of device [ 270.863718][ T7607] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0 [ 271.714562][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 271.726428][ T7613] nbd0: detected capacity change from 0 to 29912 [ 271.771060][ T7607] block nbd0: Dead connection, failed to find a fallback [ 271.784522][ T7607] block nbd0: shutting down sockets [ 271.789778][ T7607] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 271.840664][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=0, location=0 [ 272.349686][ T7631] random: crng reseeded on system resumption [ 273.106182][ T7607] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 273.173279][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1, location=1 [ 273.201309][ T7607] I/O error, dev nbd0, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 273.225020][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 273.240966][ T7607] I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 273.275262][ T7607] I/O error, dev nbd0, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 273.326049][ T7641] FAULT_INJECTION: forcing a failure. [ 273.326049][ T7641] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 273.335059][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 273.371095][ T55] block nbd2: Receive control failed (result -107) [ 273.379918][ T7607] I/O error, dev nbd0, sector 29908 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 273.391789][ T7641] CPU: 1 UID: 0 PID: 7641 Comm: syz.1.466 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 273.391819][ T7641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 273.391833][ T7641] Call Trace: [ 273.391841][ T7641] [ 273.391850][ T7641] dump_stack_lvl+0x189/0x250 [ 273.391883][ T7641] ? __lock_acquire+0xaac/0xd20 [ 273.391916][ T7641] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.391945][ T7641] ? __pfx__printk+0x10/0x10 [ 273.391980][ T7641] ? __might_fault+0xb0/0x130 [ 273.392025][ T7641] should_fail_ex+0x414/0x560 [ 273.392055][ T7641] _copy_from_user+0x2d/0xb0 [ 273.392086][ T7641] ___sys_recvmsg+0x12e/0x510 [ 273.392124][ T7641] ? __pfx____sys_recvmsg+0x10/0x10 [ 273.392189][ T7641] ? __might_fault+0xb0/0x130 [ 273.392226][ T7641] do_recvmmsg+0x307/0x760 [ 273.392267][ T7641] ? __pfx_do_recvmmsg+0x10/0x10 [ 273.392321][ T7641] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 273.392369][ T7641] __x64_sys_recvmmsg+0x190/0x240 [ 273.392403][ T7641] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 273.392438][ T7641] ? do_syscall_64+0xba/0x210 [ 273.392470][ T7641] do_syscall_64+0xf6/0x210 [ 273.392497][ T7641] ? clear_bhb_loop+0x60/0xb0 [ 273.392524][ T7641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.392545][ T7641] RIP: 0033:0x7ff46a78e969 [ 273.392563][ T7641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.392582][ T7641] RSP: 002b:00007ff46b66d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 273.392605][ T7641] RAX: ffffffffffffffda RBX: 00007ff46a9b6080 RCX: 00007ff46a78e969 [ 273.392621][ T7641] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 273.392635][ T7641] RBP: 00007ff46b66d090 R08: 0000000000000000 R09: 0000000000000000 [ 273.392649][ T7641] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 273.392674][ T7641] R13: 0000000000000001 R14: 00007ff46a9b6080 R15: 00007ffd7c3e2318 [ 273.392706][ T7641] [ 273.591180][ C1] vkms_vblank_simulate: vblank timer overrun [ 273.608497][ T7642] syz.2.464: attempt to access beyond end of device [ 273.608497][ T7642] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 273.621510][ T7642] syz.2.464: attempt to access beyond end of device [ 273.621510][ T7642] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 273.634509][ T7642] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 273.644224][ T7642] syz.2.464: attempt to access beyond end of device [ 273.644224][ T7642] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 273.657521][ T7642] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 273.667635][ T7642] syz.2.464: attempt to access beyond end of device [ 273.667635][ T7642] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 273.680574][ T7642] syz.2.464: attempt to access beyond end of device [ 273.680574][ T7642] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 273.693572][ T7642] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 273.703712][ T7642] syz.2.464: attempt to access beyond end of device [ 273.703712][ T7642] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 273.716840][ T7642] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 273.726900][ T7642] syz.2.464: attempt to access beyond end of device [ 273.726900][ T7642] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 273.739929][ T7642] syz.2.464: attempt to access beyond end of device [ 273.739929][ T7642] nbd2: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 273.753154][ T7642] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 273.762890][ T7642] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 273.772843][ T7642] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 273.784888][ T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 273.803772][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=7477, location=7477 [ 273.852782][ T7607] I/O error, dev nbd0, sector 28884 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 273.862618][ T7640] nbd2: detected capacity change from 0 to 29912 [ 273.876600][ T7640] block nbd2: shutting down sockets [ 273.898460][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=7221, location=7221 [ 273.940945][ T7607] I/O error, dev nbd0, sector 29904 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 273.964752][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 273.975874][ T9] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 273.984400][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=7476, location=7476 [ 273.989236][ T9] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 274.043860][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 274.054631][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 274.054745][ T7607] I/O error, dev nbd0, sector 28880 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 274.106564][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=7220, location=7220 [ 274.107230][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 274.167113][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 274.170065][ T7607] I/O error, dev nbd0, sector 29900 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 274.196608][ T9] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 274.265342][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.279467][ T9] usb 4-1: config 0 descriptor?? [ 274.289732][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=7475, location=7475 [ 274.307280][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=7219, location=7219 [ 274.319236][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=7327, location=7327 [ 274.330016][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=7071, location=7071 [ 274.341152][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=7325, location=7325 [ 274.361874][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=7069, location=7069 [ 274.877484][ T9] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 274.891977][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 274.896998][ T9] usb 4-1: USB disconnect, device number 13 [ 275.385721][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 275.415701][ T9] usblp0: removed [ 275.442142][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=3738, location=3738 [ 275.452674][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=3482, location=3482 [ 275.462960][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=3737, location=3737 [ 275.477081][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=3481, location=3481 [ 275.490231][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=3736, location=3736 [ 275.511798][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=3480, location=3480 [ 275.527795][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=3588, location=3588 [ 275.538959][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=3332, location=3332 [ 275.587597][ T7663] openvswitch: netlink: Message has 8 unknown bytes. [ 275.694732][ T5919] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 275.719025][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=3586, location=3586 [ 275.735258][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=3330, location=3330 [ 275.754712][ T7607] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 275.874635][ T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 276.563614][ T7607] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1) [ 276.654921][ T5919] usb 2-1: Using ep0 maxpacket: 32 [ 276.685956][ T5919] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 276.746809][ T5919] usb 2-1: config 0 has no interface number 0 [ 276.770121][ T5919] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 276.814616][ T5919] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 276.828553][ T5919] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 276.842068][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.852100][ T5919] usb 2-1: Product: syz [ 276.858124][ T5919] usb 2-1: Manufacturer: syz [ 276.863357][ T5919] usb 2-1: SerialNumber: syz [ 276.965721][ T5919] usb 2-1: config 0 descriptor?? [ 277.317149][ T5919] radio-si470x 2-1:0.35: this is not a si470x device. [ 277.450361][ T5919] radio-raremono 2-1:0.35: this is not Thanko's Raremono. [ 277.527171][ T5919] usb 2-1: USB disconnect, device number 8 [ 277.562289][ T7685] mmap: syz.4.479 (7685) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 278.643013][ T7690] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 278.649772][ T7690] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 278.683956][ T7690] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 278.694233][ T7690] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 278.708302][ T7690] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 278.770949][ T7690] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 278.795323][ T7690] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 278.817117][ T7690] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 278.831085][ T7705] openvswitch: netlink: Message has 8 unknown bytes. [ 278.833564][ T7690] ================================================================== [ 278.845901][ T7690] BUG: KASAN: slab-out-of-bounds in __list_del_entry_valid_or_report+0x92/0x190 [ 278.854979][ T7690] Read of size 8 at addr ffff888059683558 by task syz.2.480/7690 [ 278.862743][ T7690] [ 278.865089][ T7690] CPU: 1 UID: 0 PID: 7690 Comm: syz.2.480 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 278.865118][ T7690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 278.865133][ T7690] Call Trace: [ 278.865142][ T7690] [ 278.865151][ T7690] dump_stack_lvl+0x189/0x250 [ 278.865185][ T7690] ? __virt_addr_valid+0x18c/0x540 [ 278.865213][ T7690] ? rcu_is_watching+0x15/0xb0 [ 278.865245][ T7690] ? __kasan_check_byte+0x12/0x40 [ 278.865279][ T7690] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.865307][ T7690] ? rcu_is_watching+0x15/0xb0 [ 278.865339][ T7690] ? lock_release+0x4b/0x3e0 [ 278.865370][ T7690] ? __virt_addr_valid+0x18c/0x540 [ 278.865397][ T7690] ? __virt_addr_valid+0x469/0x540 [ 278.865426][ T7690] print_report+0xb4/0x290 [ 278.865450][ T7690] ? __list_del_entry_valid_or_report+0x92/0x190 [ 278.865484][ T7690] kasan_report+0x118/0x150 [ 278.865519][ T7690] ? __list_del_entry_valid_or_report+0x92/0x190 [ 278.865557][ T7690] __list_del_entry_valid_or_report+0x92/0x190 [ 278.865592][ T7690] bt_accept_unlink+0x39/0x240 [ 278.865629][ T7690] l2cap_sock_teardown_cb+0x17e/0x460 [ 278.865659][ T7690] l2cap_chan_del+0xb2/0x5e0 [ 278.865690][ T7690] l2cap_conn_del+0x388/0x680 [ 278.865717][ T7690] l2cap_connect_cfm+0x11d/0x1040 [ 278.865746][ T7690] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 278.865772][ T7690] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 278.865796][ T7690] hci_conn_failed+0x1ce/0x310 [ 278.865820][ T7690] ? hci_abort_conn_sync+0x202/0xdd0 [ 278.865839][ T7690] hci_abort_conn_sync+0x5ad/0xdd0 [ 278.865865][ T7690] ? __pfx_hci_abort_conn_sync+0x10/0x10 [ 278.865904][ T7690] ? hci_disconnect_all_sync+0x2e/0x350 [ 278.865931][ T7690] ? hci_disconnect_all_sync+0x2e/0x350 [ 278.865953][ T7690] ? hci_disconnect_all_sync+0x2e/0x350 [ 278.865976][ T7690] hci_disconnect_all_sync+0x1b5/0x350 [ 278.866003][ T7690] hci_suspend_sync+0x3b8/0xc00 [ 278.866026][ T7690] ? __pfx___mutex_lock+0x10/0x10 [ 278.866053][ T7690] ? enable_work+0x258/0x2c0 [ 278.866076][ T7690] ? __pfx_hci_suspend_sync+0x10/0x10 [ 278.866100][ T7690] ? __pfx_hci_sock_dev_event+0x10/0x10 [ 278.866123][ T7690] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 278.866152][ T7690] ? hci_cmd_sync_cancel_sync+0xc9/0x190 [ 278.866182][ T7690] hci_suspend_dev+0x28d/0x4d0 [ 278.866216][ T7690] ? __pfx_hci_suspend_dev+0x10/0x10 [ 278.866254][ T7690] hci_suspend_notifier+0xf2/0x290 [ 278.866287][ T7690] notifier_call_chain+0x1b6/0x3e0 [ 278.866310][ T7690] blocking_notifier_call_chain_robust+0x85/0x100 [ 278.866335][ T7690] pm_notifier_call_chain_robust+0x2c/0x60 [ 278.866365][ T7690] snapshot_open+0x19c/0x280 [ 278.866396][ T7690] ? __pfx_snapshot_open+0x10/0x10 [ 278.866425][ T7690] misc_open+0x2bc/0x330 [ 278.866457][ T7690] chrdev_open+0x4c9/0x5e0 [ 278.866479][ T7690] ? __pfx_chrdev_open+0x10/0x10 [ 278.866502][ T7690] ? __pfx_chrdev_open+0x10/0x10 [ 278.866521][ T7690] do_dentry_open+0xdf3/0x1970 [ 278.866553][ T7690] vfs_open+0x3b/0x340 [ 278.866574][ T7690] ? path_openat+0x2ecd/0x3830 [ 278.866602][ T7690] path_openat+0x2ee5/0x3830 [ 278.866628][ T7690] ? arch_stack_walk+0xfc/0x150 [ 278.866673][ T7690] ? __pfx_path_openat+0x10/0x10 [ 278.866698][ T7690] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.866732][ T7690] do_filp_open+0x1fa/0x410 [ 278.866760][ T7690] ? __pfx_do_filp_open+0x10/0x10 [ 278.866799][ T7690] ? _raw_spin_unlock+0x28/0x50 [ 278.866821][ T7690] ? alloc_fd+0x64c/0x6c0 [ 278.866859][ T7690] do_sys_openat2+0x121/0x1c0 [ 278.866891][ T7690] ? __pfx_do_sys_openat2+0x10/0x10 [ 278.866919][ T7690] ? rcu_is_watching+0x15/0xb0 [ 278.866955][ T7690] __x64_sys_openat+0x138/0x170 [ 278.866983][ T7690] do_syscall_64+0xf6/0x210 [ 278.867012][ T7690] ? clear_bhb_loop+0x60/0xb0 [ 278.867037][ T7690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.867059][ T7690] RIP: 0033:0x7f01d478e969 [ 278.867078][ T7690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.867099][ T7690] RSP: 002b:00007f01d565e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 278.867122][ T7690] RAX: ffffffffffffffda RBX: 00007f01d49b6080 RCX: 00007f01d478e969 [ 278.867139][ T7690] RDX: 0000000000101000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 278.867155][ T7690] RBP: 00007f01d4810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 278.867170][ T7690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 278.867183][ T7690] R13: 0000000000000000 R14: 00007f01d49b6080 R15: 00007fffadda97c8 [ 278.867208][ T7690] [ 278.867216][ T7690] [ 279.307306][ T7690] Allocated by task 5820: [ 279.311640][ T7690] kasan_save_track+0x3e/0x80 [ 279.316335][ T7690] __kasan_kmalloc+0x93/0xb0 [ 279.320935][ T7690] __kmalloc_noprof+0x27a/0x4f0 [ 279.325812][ T7690] tomoyo_realpath_from_path+0xe3/0x5d0 [ 279.331413][ T7690] tomoyo_path_perm+0x213/0x4b0 [ 279.336279][ T7690] tomoyo_path_unlink+0xa2/0xe0 [ 279.341140][ T7690] security_path_unlink+0x167/0x360 [ 279.346354][ T7690] do_unlinkat+0x2de/0x560 [ 279.350787][ T7690] __x64_sys_unlink+0x47/0x50 [ 279.355477][ T7690] do_syscall_64+0xf6/0x210 [ 279.360001][ T7690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.365899][ T7690] [ 279.368221][ T7690] Freed by task 5820: [ 279.372207][ T7690] kasan_save_track+0x3e/0x80 [ 279.376894][ T7690] kasan_save_free_info+0x46/0x50 [ 279.381922][ T7690] __kasan_slab_free+0x62/0x70 [ 279.386702][ T7690] kfree+0x193/0x440 [ 279.390609][ T7690] tomoyo_realpath_from_path+0x598/0x5d0 [ 279.396252][ T7690] tomoyo_path_perm+0x213/0x4b0 [ 279.401104][ T7690] tomoyo_path_unlink+0xa2/0xe0 [ 279.406050][ T7690] security_path_unlink+0x167/0x360 [ 279.411262][ T7690] do_unlinkat+0x2de/0x560 [ 279.415683][ T7690] __x64_sys_unlink+0x47/0x50 [ 279.420365][ T7690] do_syscall_64+0xf6/0x210 [ 279.424892][ T7690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.430789][ T7690] [ 279.433116][ T7690] The buggy address belongs to the object at ffff888059682000 [ 279.433116][ T7690] which belongs to the cache kmalloc-4k of size 4096 [ 279.447176][ T7690] The buggy address is located 1368 bytes to the right of [ 279.447176][ T7690] allocated 4096-byte region [ffff888059682000, ffff888059683000) [ 279.462021][ T7690] [ 279.464348][ T7690] The buggy address belongs to the physical page: [ 279.470775][ T7690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x59680 [ 279.479536][ T7690] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 279.488041][ T7690] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 279.496034][ T7690] page_type: f5(slab) [ 279.500013][ T7690] raw: 00fff00000000040 ffff88801a042140 0000000000000000 dead000000000001 [ 279.508601][ T7690] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 279.517185][ T7690] head: 00fff00000000040 ffff88801a042140 0000000000000000 dead000000000001 [ 279.525853][ T7690] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 279.534529][ T7690] head: 00fff00000000003 ffffea000165a001 00000000ffffffff 00000000ffffffff [ 279.543210][ T7690] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 279.551878][ T7690] page dumped because: kasan: bad access detected [ 279.558287][ T7690] page_owner tracks the page as allocated [ 279.563991][ T7690] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5830, tgid 5830 (syz-executor), ts 232832868145, free_ts 232752671673 [ 279.584752][ T7690] post_alloc_hook+0x1d8/0x230 [ 279.589531][ T7690] get_page_from_freelist+0x21c7/0x22a0 [ 279.595092][ T7690] __alloc_frozen_pages_noprof+0x181/0x370 [ 279.600916][ T7690] alloc_pages_mpol+0x232/0x4a0 [ 279.605793][ T7690] allocate_slab+0x8a/0x3b0 [ 279.610316][ T7690] ___slab_alloc+0xbfc/0x1480 [ 279.614994][ T7690] __kmalloc_noprof+0x305/0x4f0 [ 279.619855][ T7690] tomoyo_realpath_from_path+0xe3/0x5d0 [ 279.625406][ T7690] tomoyo_path_number_perm+0x1e8/0x5a0 [ 279.630870][ T7690] security_file_ioctl+0xcb/0x2d0 [ 279.635898][ T7690] __se_sys_ioctl+0x47/0x170 [ 279.640494][ T7690] do_syscall_64+0xf6/0x210 [ 279.645015][ T7690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.650904][ T7690] page last free pid 5826 tgid 5826 stack trace: [ 279.657230][ T7690] __free_frozen_pages+0xb05/0xcd0 [ 279.662342][ T7690] __put_partials+0x161/0x1c0 [ 279.667043][ T7690] put_cpu_partial+0x17c/0x250 [ 279.671825][ T7690] __slab_free+0x2f7/0x400 [ 279.676345][ T7690] qlist_free_all+0x9a/0x140 [ 279.680948][ T7690] kasan_quarantine_reduce+0x148/0x160 [ 279.686423][ T7690] __kasan_slab_alloc+0x22/0x80 [ 279.691280][ T7690] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 279.696748][ T7690] vm_area_dup+0x2b/0x5c0 [ 279.701086][ T7690] copy_mm+0xbe1/0x2100 [ 279.705242][ T7690] copy_process+0x16d3/0x3b80 [ 279.709920][ T7690] kernel_clone+0x224/0x7f0 [ 279.714423][ T7690] __x64_sys_clone+0x18b/0x1e0 [ 279.719190][ T7690] do_syscall_64+0xf6/0x210 [ 279.723701][ T7690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.729601][ T7690] [ 279.731922][ T7690] Memory state around the buggy address: [ 279.737557][ T7690] ffff888059683400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 279.745623][ T7690] ffff888059683480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 279.753684][ T7690] >ffff888059683500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 279.761747][ T7690] ^ [ 279.768681][ T7690] ffff888059683580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 279.776741][ T7690] ffff888059683600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 279.784808][ T7690] ================================================================== [ 279.793029][ C1] vkms_vblank_simulate: vblank timer overrun [ 279.862089][ T7690] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 279.869348][ T7690] CPU: 1 UID: 0 PID: 7690 Comm: syz.2.480 Not tainted 6.15.0-rc6-syzkaller-00093-g546bce579204 #0 PREEMPT(full) [ 279.881277][ T7690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 279.891360][ T7690] Call Trace: [ 279.894658][ T7690] [ 279.897610][ T7690] dump_stack_lvl+0x99/0x250 [ 279.902238][ T7690] ? __asan_memcpy+0x40/0x70 [ 279.906857][ T7690] ? __pfx_dump_stack_lvl+0x10/0x10 [ 279.912083][ T7690] ? __pfx__printk+0x10/0x10 [ 279.916719][ T7690] panic+0x2db/0x790 [ 279.920665][ T7690] ? __pfx_panic+0x10/0x10 [ 279.925196][ T7690] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 279.931119][ T7690] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 279.937472][ T7690] ? print_memory_metadata+0x314/0x400 [ 279.943053][ T7690] ? __list_del_entry_valid_or_report+0x92/0x190 [ 279.949427][ T7690] check_panic_on_warn+0x89/0xb0 [ 279.954410][ T7690] ? __list_del_entry_valid_or_report+0x92/0x190 [ 279.960761][ T7690] end_report+0x78/0x160 [ 279.965052][ T7690] kasan_report+0x129/0x150 [ 279.969601][ T7690] ? __list_del_entry_valid_or_report+0x92/0x190 [ 279.975975][ T7690] __list_del_entry_valid_or_report+0x92/0x190 [ 279.982165][ T7690] bt_accept_unlink+0x39/0x240 [ 279.986968][ T7690] l2cap_sock_teardown_cb+0x17e/0x460 [ 279.992376][ T7690] l2cap_chan_del+0xb2/0x5e0 [ 279.996999][ T7690] l2cap_conn_del+0x388/0x680 [ 280.001707][ T7690] l2cap_connect_cfm+0x11d/0x1040 [ 280.006767][ T7690] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 280.012268][ T7690] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 280.017756][ T7690] hci_conn_failed+0x1ce/0x310 [ 280.022561][ T7690] ? hci_abort_conn_sync+0x202/0xdd0 [ 280.027883][ T7690] hci_abort_conn_sync+0x5ad/0xdd0 [ 280.033035][ T7690] ? __pfx_hci_abort_conn_sync+0x10/0x10 [ 280.038699][ T7690] ? hci_disconnect_all_sync+0x2e/0x350 [ 280.044277][ T7690] ? hci_disconnect_all_sync+0x2e/0x350 [ 280.049864][ T7690] ? hci_disconnect_all_sync+0x2e/0x350 [ 280.055461][ T7690] hci_disconnect_all_sync+0x1b5/0x350 [ 280.060953][ T7690] hci_suspend_sync+0x3b8/0xc00 [ 280.065833][ T7690] ? __pfx___mutex_lock+0x10/0x10 [ 280.070894][ T7690] ? enable_work+0x258/0x2c0 [ 280.075523][ T7690] ? __pfx_hci_suspend_sync+0x10/0x10 [ 280.080925][ T7690] ? __pfx_hci_sock_dev_event+0x10/0x10 [ 280.086506][ T7690] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 280.092186][ T7690] ? hci_cmd_sync_cancel_sync+0xc9/0x190 [ 280.097873][ T7690] hci_suspend_dev+0x28d/0x4d0 [ 280.102674][ T7690] ? __pfx_hci_suspend_dev+0x10/0x10 [ 280.108007][ T7690] hci_suspend_notifier+0xf2/0x290 [ 280.113171][ T7690] notifier_call_chain+0x1b6/0x3e0 [ 280.118323][ T7690] blocking_notifier_call_chain_robust+0x85/0x100 [ 280.124781][ T7690] pm_notifier_call_chain_robust+0x2c/0x60 [ 280.130633][ T7690] snapshot_open+0x19c/0x280 [ 280.135273][ T7690] ? __pfx_snapshot_open+0x10/0x10 [ 280.140416][ T7690] misc_open+0x2bc/0x330 [ 280.144696][ T7690] chrdev_open+0x4c9/0x5e0 [ 280.149145][ T7690] ? __pfx_chrdev_open+0x10/0x10 [ 280.154130][ T7690] ? __pfx_chrdev_open+0x10/0x10 [ 280.159093][ T7690] do_dentry_open+0xdf3/0x1970 [ 280.163910][ T7690] vfs_open+0x3b/0x340 [ 280.168005][ T7690] ? path_openat+0x2ecd/0x3830 [ 280.172794][ T7690] path_openat+0x2ee5/0x3830 [ 280.177412][ T7690] ? arch_stack_walk+0xfc/0x150 [ 280.182307][ T7690] ? __pfx_path_openat+0x10/0x10 [ 280.187270][ T7690] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.193368][ T7690] do_filp_open+0x1fa/0x410 [ 280.197900][ T7690] ? __pfx_do_filp_open+0x10/0x10 [ 280.202963][ T7690] ? _raw_spin_unlock+0x28/0x50 [ 280.207835][ T7690] ? alloc_fd+0x64c/0x6c0 [ 280.212207][ T7690] do_sys_openat2+0x121/0x1c0 [ 280.216917][ T7690] ? __pfx_do_sys_openat2+0x10/0x10 [ 280.222146][ T7690] ? rcu_is_watching+0x15/0xb0 [ 280.226942][ T7690] __x64_sys_openat+0x138/0x170 [ 280.231825][ T7690] do_syscall_64+0xf6/0x210 [ 280.236354][ T7690] ? clear_bhb_loop+0x60/0xb0 [ 280.241056][ T7690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.246950][ T7690] RIP: 0033:0x7f01d478e969 [ 280.251373][ T7690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.270999][ T7690] RSP: 002b:00007f01d565e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 280.279425][ T7690] RAX: ffffffffffffffda RBX: 00007f01d49b6080 RCX: 00007f01d478e969 [ 280.287403][ T7690] RDX: 0000000000101000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 280.295377][ T7690] RBP: 00007f01d4810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 280.303348][ T7690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.311318][ T7690] R13: 0000000000000000 R14: 00007f01d49b6080 R15: 00007fffadda97c8 [ 280.319442][ T7690] [ 280.322817][ T7690] Kernel Offset: disabled [ 280.327166][ T7690] Rebooting in 86400 seconds..