last executing test programs: 3m32.375078049s ago: executing program 0 (id=363): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3, &(0x7f0000000040)=ANY=[], 0x4, 0x664, &(0x7f0000000dc0)="$eJzs3U9sHFcdB/DvrNd2HKTEtEkbUKVGjVQQEYkdK4VwgIAQyqFCVThw4WIlTmNl41a2i9wKgfkvbhzKvRx84wTiHqmc4darxakIiUtPFocumtnZ9Tpe/6sdrxM+n2j2vTe/mTfv/XZ2dnesaAP837p1Oc1H+Vmvvb4201pfmxmvm60kZb2RNOtVxUJSfJjcTGfJF8qV3eBOx3l//sbtjz5Z/7jTatZLtX1jt/32Z7VecjHJSF1uN/qZ+ruzY3/7VnRnWCbs0uHnC0ejvc3qlvgfyoeXd9zdeQzPgKLzvrnNZHK6vgBUnwnqq0PjWAf3BKwOewAAAABwDM5uZCMrOTPscQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBTaDVJUf++f1kWF1OcrmNj9bpu/an2qBj2CAAAAAAAAABgX5q7BV/eyEZWcqbbbhfV3/xfKavtdrtc9bm8k6XMZTFXspLZLGc5i5lOMtnX0djK7PLy4nS1Z3IuO+75aXvgnteOetoAAAAAAAAA8Iz75pbWL3Jr8+//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwEhTJSKeolnPd+mQazSSnkoyV260m/0gyPuzx9mnsGm2fHbj60RMaDAAAAJwkZzeykZWcqRoTSbuovvO/UH3vP5V3spDlzGc5rczlbnUvoHMHoLG+NtNaX5t5WC7b+/32fw40jLH6+/tI1Rp05AvVFhO5l/lqzZXcyVtp5W4avW/+F7rjGTyun5djKr5V2+fI7tZlOfPf1+U2tz890GyPxmSVkdFeRqa6N29Ku2figM/O40eaTqNzFyjJucFHatf2yvnooOOdrssy17/py/mW3I/11f95oOkcwuOZuNZ39r2wNRPbd/7SX//0w/uthQf37y1dHngaPU0ez8RMXyZe7GWhSFYHXB+eqUz8qMrE+V77Vr6XH+RyLuaNLGY+P85sljOXi/luVZutz+Ni51dP180trTf2uMVZvSQme1fRg43plWrfM5nP9/NW7mYur1X/rmU6X8v1XM+Nvmf4/D6utI2DXWkvfbmuTCT5bV2eDGVeP9+X1/5r7mQV61+zmaXn9s7S682DZan5xbpSHuOXe971Pk6PZ2K6LxPP756JP7bLx6XWwoPF+7Nv7/N4r9Zl+Tr69U7vzLtqHniP/SnPl+d6/W89O8rY8wNj01XsXC/W2BY734vt9Uodqz/Dbe/pWhV7cWBspopd6IsN+rx1HBkE4FBOf+X02MS/J/4+8cHErybuT7x+6jvjXx9/aSyjfxv9RnNq5NXGS8Wf80F+Wn//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADmXp3fcezLZGstiptOb2WRnPATbeR6Wof8jnyDo80ZU0DjnT7s/nDX0648khz4S//K4zlaE/KUdRaZbPSTmbz9hPGidhFlVlbIhXJeA4XF1++PbVpXff++r8w9k3596cWxi9fv3G1I3rr81cvTffmpvqPA57lMCTsPmmPzD8r2MfEAAAAAAAAAAAALCn4/jvBMOeIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPB0u3U5zUcpMj11Zapsr6/NtMqlW9/cspmkkaT4SVJ8mNxMZ8lkX3fFTsd5f/7G7Y8+Wf94s69md/uy0/+2DzWL1XrJxSQjdXlU/d05dH9FLzNlwi51EwfD9r8AAAD//450DYc=") (fail_nth: 9) 3m31.672335162s ago: executing program 0 (id=365): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000040)={'ah\x00'}, &(0x7f0000000140)=0x1e) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000100)=' ', 0x1}], 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="20000000000000008400000008000000200100000000000000000000000000001800000000000000840000000000000000000000007c07361c000000000000008400000008"], 0x58}, 0x0) sendmmsg$inet_sctp(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="200000000000000084000000020000000000410200000000000000000cf1bba6a632b688ee182094a969e3ead48d391d1c7a3b62a851776f38b529fa0bf4e3db109ca67f2f72352a2364c1400a257637832b749b154b96f4de4715f73351397b9c83f4b81752b61c6a46ddf6d867ba07f91ee32522424c8ff7564683733578c97822be5677e550ac72564999d22c79c09662a01d725222282658b6a7887ba1870b75fe31a73d84bc0943c95a185e83abb5c529422d5480349a42ef98e7a58b1fd8e73383cc842a6ebb2f21ec7a113f090e2c2d2c68a270f3bbd7ac680b94e2865e2e08526ea0aa9005a0421d5e5e98adbff6b7d8decd1627c03191f4c70ea651eac4afb100"/270, @ANYRES32=0x0], 0x20}], 0x4924924924924d0, 0x0) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, 0x0, 0x24) ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000340)={'bridge_slave_0\x00'}) syz_emit_ethernet(0x66, &(0x7f0000000480)=ANY=[@ANYBLOB="ffffffffffffaaaafb8165004500005800000000002f907800000000e0000001248086ddcd1b0000000010000800000086dd080088be81000004100400000100000000000000080022eb0000000020000000020000000000000000000000080065580000"], 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000002300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r7 = creat(&(0x7f00000001c0)='./bus\x00', 0x8) io_setup(0xfff, &(0x7f0000000200)=0x0) io_submit(r8, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r7, &(0x7f0000000600)='VT)\x00', 0x4}]) sendto$packet(r3, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x5b2, 0x0, &(0x7f0000000140)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @local}, 0x14) 3m31.041401201s ago: executing program 0 (id=366): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x6000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20) 3m30.312057913s ago: executing program 0 (id=372): syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000340)='./file0\x00') openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) sendmsg$NL80211_CMD_SET_STATION(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100feffffff000000001200000008000300", @ANYRES32=r3, @ANYBLOB="0a00060008021100000100001c0081"], 0x44}}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x800008, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e6fe200"/15, @ANYRESHEX=r1, @ANYRESHEX, @ANYRES64=r4]) timerfd_create(0x0, 0x0) 3m29.984791094s ago: executing program 0 (id=374): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0x2, 0x1, 0x4}) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000280)={0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="000599000000990a148cc9e0d94e59f6cc1c2f8154ee2bb2228bcf8a5bd0571dfae2d011bd6d36f3bc09659480f86ea1f05335440e2a60a484fd39ed5a9f2b6ea80b573549685d9dff481069c95d033c7673638ddef885983a495a6e5d9fb306b292a4d714cc561cd57fa909ce3aa78ff67702712fe312b813c62c572df3c14ba74475e49059f351810153f37796fe551f"], 0x0}, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x8890, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_misc(r2, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0x3]}}) 3m29.05553173s ago: executing program 0 (id=380): r0 = syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) readlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=""/27, 0x1b) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000180)=0xffffffffffffffff) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000200)={0x0, 0xfffffffe, 0x10001, r2, 0x0, &(0x7f00000001c0)={0x98090d, 0x6, '\x00', @value64=0x6}}) fchown(r0, 0xee01, r1) r3 = signalfd4(r2, &(0x7f0000000240)={[0x2]}, 0x8, 0x80000) io_uring_enter(r3, 0xc80, 0x87af, 0x2, &(0x7f0000000280)={[0x100000801]}, 0xffffffffffffff3b) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r5 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80080) ioctl$I2C_SMBUS(r5, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x4, &(0x7f0000000080)={0x15, "90f541a5e64f61909103f1fbbc2bd3c9f144d76e44c7b2986eb5e52829e7cb8393"}}) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) ppoll(&(0x7f0000000300)=[{r4, 0x40e}, {r0, 0x102}, {r5, 0xa529}, {r6, 0x2000}], 0x4, &(0x7f0000000340), &(0x7f0000000380)={[0x7]}, 0x8) 3m27.865509708s ago: executing program 32 (id=380): r0 = syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) readlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=""/27, 0x1b) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000180)=0xffffffffffffffff) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000200)={0x0, 0xfffffffe, 0x10001, r2, 0x0, &(0x7f00000001c0)={0x98090d, 0x6, '\x00', @value64=0x6}}) fchown(r0, 0xee01, r1) r3 = signalfd4(r2, &(0x7f0000000240)={[0x2]}, 0x8, 0x80000) io_uring_enter(r3, 0xc80, 0x87af, 0x2, &(0x7f0000000280)={[0x100000801]}, 0xffffffffffffff3b) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r5 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80080) ioctl$I2C_SMBUS(r5, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x4, &(0x7f0000000080)={0x15, "90f541a5e64f61909103f1fbbc2bd3c9f144d76e44c7b2986eb5e52829e7cb8393"}}) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) ppoll(&(0x7f0000000300)=[{r4, 0x40e}, {r0, 0x102}, {r5, 0xa529}, {r6, 0x2000}], 0x4, &(0x7f0000000340), &(0x7f0000000380)={[0x7]}, 0x8) 58.838402624s ago: executing program 3 (id=898): syz_mount_image$ext4(&(0x7f00000004c0)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000), 0x3, 0x52d, &(0x7f0000000a40)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtqtqL5RThVAlRI8ctiHxRlHsOIqd0oRIZI/ckajECU6cOSBxQOoBcUfiADcu5YBUIAJtkDgYzdjeepP1xknjeBv/ftJo/jx7vu/FmnnWZ2VeABPrWkTsRcSliHgnIua6x5PuEm90lux1D/Z3lw72d5eSaLff/meSt2fHou89mWe65yxGxPfejPhBcijonyKa2ztri7VadbN7qNyqb5Sb2zs3V+uLK9WV6nqlcnvh9vzrt16rnFlfX6r/+qPLEfG7337xwz/ufeNHWVqz3bb+fpylTtdnHsbJTEfEd0YRbAymuv25dJo3n+pNnKU0Ij4TES/n1/9cTOWf5qMe/Zi+eY7ZAQCj0G7PRXuufx8AuOjSvAaWpKVuLWA20rRU6tTwXograa3RbN2419haX+7Uyq7GTHpvtVad79YKr8ZMcm91urqQb/f2a9XKof1bEfF8RPy0cDnfLy01asvj/OIDABPsmUPj/38KnfEfALjgih9vFsaZBwBwforjTgAAOHfGfwCYPMZ/AJg8xn8AmDzGfwCYPMZ/AJgo333rrWxpH3Sff7387vbWWuPdm8vV5lqpvrVUWmpsbpRWGo2V/Jk99ePOV2s0NhZeja33yq1qs1Vubu/crTe21lt38+d6363OnEuvAIAnef6lD/6SRMTencv5En3P+z92rH5x1NkBo5SOOwFgbKbGnQAwNkdn+wImhXo80DdF7/2+w8UjG4e9P9TpU/OGwtPn+uc/Qf0f+FRT/4fJdbr6v+/ycBGo/8PkareTk835n57s5QDA00eNH0iOae///X++3bcz3O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcCHN5kuSlrpzgc9GmpZKEc9GxNWYSe6t1qrzEfFcRPy5MFPI9hciwrxBAPBplv496c7/dX3uldnDrZcK/y3k64j44c/f/tl7i63W5kLEpeRfD4+33u8er4wjfwDgOL1xujeO9zzY3116sD8dEbtL55nPR9/qTC6axT/oLp2W6ZjO18W81nDl30l3vyP7vjJ1BvH37kfE53r97yy9CLN5DaQz8+nh+FnsZ0cd//f98dNe/HyV5rl11tnf4rMDTn8GKcKF9UF2/3mjd/3d6bv+0riWrx9//Rd7F+In1Lv/HRy5/6UP739TA+5/14aN8eofvn3kYHuu03Y/4gvTEQe9k/fdf3rxkwHxXxky/l9f/NLLg9rav4i4Ho/rf/JIrHKrvlFubu/cXK0vrlRXquuVyu2F2/Ov33qtUs5r1OVepfqof9y58dyg+Fn/rwyIXzym/18dsv+//N873//yE+J//SuP//xfeEL8bEz82pDxF6/8pjioLYu/PKD/x33+N4aM/+HfdpaHfCkAcA6a2ztri7VadXPUG+lp3nX55BkmEXsnyzD7KnXKfhV+9ZM3R/+nG/lGPB1p2Bi0UeherecZdMw3JmDkPr7ox50JAAAAAAAAAAAAAAAwSHN7Z63949H+O9G4+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDF9f8AAAD//8Z+yqI=") ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d2, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x8, &(0x7f00000001c0)) syz_usb_connect$cdc_ecm(0x2, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04230d00c9"], 0x10) 56.616325804s ago: executing program 3 (id=904): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000000380)=[{{&(0x7f00000022c0)={0x2, 0x0, @private=0xa010102}, 0x10, &(0x7f0000000440)=[{&(0x7f0000002300)="ef", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000100)}}], 0x2, 0x0) 55.200791769s ago: executing program 3 (id=909): socket$inet6(0xa, 0x3, 0x7) r0 = socket(0x2, 0x80805, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x8, 0x80252}]}, 0x8) sendmmsg$inet(r0, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)='~', 0x1}], 0x1}}], 0x1, 0x1005) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r2, 0x8008af26, 0x0) 53.853361471s ago: executing program 3 (id=912): ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, &(0x7f00000018c0)={0x98f909, 0x2}) 53.011364806s ago: executing program 3 (id=916): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)={0x0, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, &(0x7f0000000040)={0x40, 0x11, 0x5f, {0x5f, 0xd, "44da209d01ee643e16a7204c589d6106a13120cf49b12836bed1356f6647adcae79e2fc08f57787cd5900d4c3556ec0faf6587c67ade84f8738b3328e6355d2167dc95415f75230cefd172202f86be9e28a3160257223b6e0791645819"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2009}}, &(0x7f0000000100)={0x0, 0x22, 0x17, {[@local=@item_4={0x3, 0x2, 0x8, "9e22b1ae"}, @main=@item_4={0x3, 0x0, 0xc, "872d7ce3"}, @local=@item_012={0x0, 0x2, 0x2}, @local=@item_012={0x1, 0x2, 0x8, "e7"}, @global=@item_4={0x3, 0x1, 0x9, "0563f5e3"}, @global=@item_4={0x3, 0x1, 0x4, "662ec6db"}]}}, 0xffffffffffffffff}, &(0x7f0000000440)={0x2c, &(0x7f0000000180)={0x20, 0x3, 0xbf, "2847946402d4b8019358a6053a2668ed8da719f3cb76e9f62845f3b048e5a947f0ba0c6d298ab539b550b0bce1714a5ec0b26cb90be0daecac11ccb15260858f1a157063385835e98689bf7d88cbcc26d6b2f734573be8a47cc8e494b76cfe1fe140ab5e3660ffa721ea0de9ae1f5a3de6496559de379068945c98d85547068244e00dadbf5fb2f74ff91295fb9ec4036c94cfd03e15d69ca7abfb7af4fdb6f37933868c7b444439f78b8155707b270237de7cb9001d91fd3b5c1997a210f0"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000340)={0x20, 0x1, 0x9a, "80019403a5a993557d832e2019c7bf60988dec5334b6eec50bc145e9467f15b9c59063583442954771ccc3fdfee35131a5bb92133b82744b0024251e312f48ac47d283de572af2af29ee7b131963093c067b7d4ae8124f4e3a2eb874692cd3b2dba1a79de7d615d963337d89c0a8c7455bdf3e9be3d393cb3a61df9300ea6b001b09c39ebb3ad9892f7a0b2b61b1eaa4d072396eab80cf23d705"}, &(0x7f0000000400)={0x20, 0x3, 0x1, 0x3}}) 48.759618935s ago: executing program 3 (id=929): r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x2, &(0x7f00000000c0)=""/135, 0x87) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, 0x0) 32.498538494s ago: executing program 33 (id=929): r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x2, &(0x7f00000000c0)=""/135, 0x87) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, 0x0) 18.222080719s ago: executing program 1 (id=964): socket$kcm(0x10, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0) syz_usb_connect(0x2, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 14.649624849s ago: executing program 4 (id=968): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x54, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x40, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}]}]}, 0x54}}, 0x0) 14.274667867s ago: executing program 1 (id=970): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a936", 0x1b}], 0x1}, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r6, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x5, 0x0, 0x2], [0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x45c) ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x11) ioctl$UI_DEV_CREATE(r6, 0x5501) preadv(r5, &(0x7f0000003780)=[{&(0x7f0000001300)=""/170, 0xaa}], 0x1, 0xffff, 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='\x00', &(0x7f0000000240)='{}k%@\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) gettid() fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) readv(r4, &(0x7f0000000200)=[{&(0x7f0000000080)=""/3, 0x3}], 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x10) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) 13.134560035s ago: executing program 4 (id=971): socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(r5, 0x84, 0x84, 0x0, &(0x7f0000000280)) ioctl$KVM_SET_SREGS(r4, 0x4138ae84, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 10.399085063s ago: executing program 1 (id=972): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$9p_virtio(&(0x7f0000000440), &(0x7f0000000480)='./bus\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=virtio,mmap,cache=none,cache=loose,posixacl']) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40042, 0x1ff) write$binfmt_elf32(r1, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x158) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) openat$dsp1(0xffffff9c, 0x0, 0x20001, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="240000001800010000000000000000000208000500000000003251c6005a25ab0047c1de100a6cf621d49a7cb06b14d498d6329d76650a30b52fb80701e2e4ffb7a60e963ef573eb1c918a00000000000000"], 0x24}}, 0x0) lseek(0xffffffffffffffff, 0x851, 0x0) r4 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) futex(&(0x7f0000000200)=0x2, 0x5, 0x0, 0x0, &(0x7f0000004000)=0x3, 0x1002) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000340)={'\x00', 0x6, 0x5, 0x0, 0x7, 0x9, r2}) r5 = syz_io_uring_setup(0x22b, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x269}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f00000009c0)=@IORING_OP_MKDIRAT={0x25, 0x20, 0x0, r1, 0x0, &(0x7f0000000240)='./file1\x00', 0x84, 0x0, 0x1, {0x0, r8}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x11c, &(0x7f0000000040)=0xef, 0x0, 0x4) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r9, 0x0) connect(r9, &(0x7f00000004c0)=@rc={0x1f, @none, 0x8}, 0x80) ptrace$getenv(0x4201, r4, 0x7, &(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x25ed91b8b215948b) capset(0x0, &(0x7f00000001c0)={0x1000, 0xd, 0xff, 0x0, 0xffffffff, 0x7}) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) lsetxattr$system_posix_acl(&(0x7f0000000080)='./bus\x00', &(0x7f0000000200)='system.posix_acl_access\x00', 0x0, 0x0, 0x3) 8.863098244s ago: executing program 2 (id=975): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = openat$cgroup_root(0xffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_procs(r1, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) r2 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='.{\x00', &(0x7f0000000180)='-\x00', 0x0) readv(r0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/145, 0x91}], 0x1) tkill(r2, 0xb) syz_usb_connect(0x6, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_open_dev$char_usb(0xc, 0xb4, 0x20000004) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @remote}, r4, 0xfffffffc}}, 0x48) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 7.551942744s ago: executing program 5 (id=976): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000008c0)=ANY=[@ANYBLOB="400000001400b5"], 0x40}}, 0x0) 6.91588445s ago: executing program 1 (id=977): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f00000002c0)={0x0, 0x1f, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) 6.90548802s ago: executing program 5 (id=978): r0 = getpid() sched_getaffinity(r0, 0x8, &(0x7f0000000400)) 6.673305701s ago: executing program 5 (id=979): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @empty}, {0x0, @link_local}, 0x0, {0x2, 0x0, @dev}, 'lo\x00'}) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @multicast2}, {0x0, @dev}, 0x2, {0x2, 0x0, @empty}, 'lo\x00'}) 6.662067504s ago: executing program 4 (id=980): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="540100001900010000000000000000001d0100001e0106000200000000e6de989a9ca9f8725d728dc15b32ecd5790d00e71b8e2b39c8a6314afabc6403daf0c8e11b1656eeba9883a6986650f6267526a9714b04bdd901da721112c15fd01a5157cf37fceed83cb6864cf1ec0bfa606e63d12be7008c9793f8267692c03d805d867088eecd8cbc19869e38c7a8fdedda5205c67588922774e2dfb5b38d4392fb6d766dbef06391b2e07382587ea23b610e6ee3b7f40a02203a17b9613c8dbb5e4c51e86cefdc986fee309308ad2e5818c164e4c29a3067ddec33974677baeef3e548ce1fa733fe2f5fd835bc0cf51cf6e70e1fbb5df403ca8275a7666fa34857773e2e98fbcfdc193b18aae041d6300086497fee065a1a333810e435f300d2c649c589fd412bc86fac11dc381d9ce866438600001500040000000000000000003a38935fd21ddaf0b30000000800050029"], 0x154}}, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') fcntl$setpipe(r2, 0x407, 0x2) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB]}, 0x78) syz_emit_ethernet(0x8e, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r4 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000)) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000010300)=[{0x0}, {0x0}, {0x0}], 0x3) r5 = socket$rds(0x15, 0x5, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f0000000ac0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\x00\x00\x00\x00(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000300)={0xd, 0x21, 0x3, 0x19, 0x5, 0x8, 0x5, 0x4f, 0x1}) bind$rds(r5, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) 5.594779663s ago: executing program 5 (id=981): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @private=0xa010101, 0x4e23, 0x3, 'sh\x00', 0x1, 0x7, 0x49}, 0x2c) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x5, 0x0}, 0x4e2e, 0x3, 'lc\x00', 0x2, 0xfff, 0x37}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x6}}, 0x44) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'lc\x00', 0x2, 0x81, 0x19}, {@local, 0x4e20, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @private=0xa010101, 0x4e23, 0x3, 'sh\x00', 0x1, 0x7, 0x49}, 0x2c) socket$inet_tcp(0x2, 0x1, 0x0) 5.346439957s ago: executing program 2 (id=982): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}]}], {0x14, 0x10}}, 0x70}, 0x1, 0xe00}, 0x44840) 5.203658468s ago: executing program 5 (id=983): r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, &(0x7f0000000040)=0x4, 0x4) connect$caif(r0, &(0x7f0000000000)=@dgm, 0x18) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x48, &(0x7f00000001c0)=ANY=[@ANYBLOB="3c19"], 0xd0) r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r2, 0x0, 0x0) syz_io_uring_setup(0x2ddf, 0x0, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x5c7, &(0x7f0000000400)={0x0, 0xcf16, 0x10, 0x0, 0x321}, &(0x7f00000003c0), &(0x7f0000000500)) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x2000000000000376, &(0x7f0000000680)=ANY=[@ANYRES32=0x0, @ANYBLOB="27862ee82c1a7f55ea3bea0de860e3611936abacccc0f2af1bf2ce18315104fdefd8de306ee0"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0xb6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x9, 0x5, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000380)=[0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2008, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x57c91000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x800005d, 0x4810) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0xc102, 0x0) sendfile(r5, r5, 0x0, 0x40008) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000040)={r6, 0x58, &(0x7f0000000100)}, 0x10) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newtaction={0x60, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={0xffffffffffffffff, 0x20, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/67, 0x43}}, 0x10) 4.658675368s ago: executing program 4 (id=984): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000040)=0x100000001, 0x4) 4.279029885s ago: executing program 1 (id=985): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000000000001000000000000000d0100000000000000000000ff"]) 4.21667593s ago: executing program 2 (id=986): r0 = openat$vsock(0xffffff9c, &(0x7f00000001c0), 0x40101, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x0, "83e624170a2005004d5e9ac5be09e4bae4ffffffe900000000000000001300", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000280)={"840d6042cee820000004000000e8ff0000002000000000000000000f00", r0}) 3.701466344s ago: executing program 4 (id=987): socket$isdn(0x22, 0x2, 0x26) close(0x3) r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$tipc(0x1e, 0x5, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x24, r3, 0x1, 0x709d23, 0x25dfdbff, {{}, {}, {0x8, 0x11, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x40804}, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) r4 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) 3.52334722s ago: executing program 2 (id=988): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x38, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x5d3c24bb3983d25e}]}}}]}, 0x38}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) ioctl$RTC_SET_TIME(r3, 0x4024700a, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x17, 0x0, 0x4f}) io_setup(0x3, &(0x7f0000000180)=0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000140)=0x1de, 0x4) close_range(r5, 0xffffffffffffffff, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TIOCL_GETSHIFTSTATE(r7, 0x541c, &(0x7f0000000080)={0x6, 0x2}) r8 = gettid() r9 = syz_open_procfs(r8, &(0x7f00000001c0)='attr/exec\x00') io_submit(r4, 0x1, &(0x7f0000002340)=[&(0x7f0000000040)={0x0, 0x300, 0x0, 0x5, 0x0, r9, 0x0}]) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000180)) ioctl$TIOCL_UNBLANKSCREEN(r9, 0x541c, &(0x7f0000000200)) 2.538128939s ago: executing program 1 (id=989): capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xb4600000}) r0 = msgget$private(0x0, 0xd) msgctl$IPC_STAT(r0, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000513f2bd12020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085004000b000ac8b91020000786c6c25000000000069695b19f95a1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r4, 0xc048aeca, &(0x7f0000000080)=ANY=[@ANYRES16=r3]) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) open(&(0x7f0000000080)='./file0\x00', 0x250002, 0x1a) r5 = syz_open_dev$mouse(&(0x7f0000000300), 0x401, 0x40040) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000340)={0x65, 0x0, 0x7, "24cc5dd205079a480bf8a8a10c8db7ac05f28403011d79574b88eb523e502e4ed3b2335ed500c3e225cb9a5bf058448e4d5a7d74d99704693b932d07eaba4d84397fbed25933173eefcf4d726671f99c51cbe42ffcbe29271b955e8f31f98d88f5fde3073e"}) io_uring_enter(0xffffffffffffffff, 0x7947, 0x228b, 0xc, &(0x7f0000000040)={[0x9]}, 0x8) rt_sigprocmask(0x0, &(0x7f0000000280)={[0x8]}, &(0x7f00000002c0), 0x8) 2.4517089s ago: executing program 4 (id=990): r0 = creat(&(0x7f0000000080)='./file0\x00', 0x1de) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount$fuse(0x20000000, &(0x7f00000002c0)='./file0\x00', 0x0, 0x1a8aacd, 0x0) 2.137706258s ago: executing program 2 (id=991): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000037000b0000000000000075310e4fb3"], 0x14}, 0x1, 0x0, 0x0, 0x400}, 0x8094) 1.057571283s ago: executing program 5 (id=992): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='nr0\x00', 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0xb, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$pppl2tp(0x18, 0x1, 0x1) r2 = syz_io_uring_setup(0x497, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1}}], 0xfdef, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x1c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}}, 0x20040000) 0s ago: executing program 2 (id=993): r0 = syz_open_dev$media(&(0x7f0000000080), 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x4020940d, 0x0) kernel console output (not intermixed with test programs): __x64_sys_read+0x93/0xe0 [ 424.445283][ T7165] x64_sys_call+0x314c/0x3c30 [ 424.450312][ T7165] do_syscall_64+0xcd/0x1e0 [ 424.455099][ T7165] ? clear_bhb_loop+0x25/0x80 [ 424.460114][ T7165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.466351][ T7165] RIP: 0033:0x7f7263f8473c [ 424.471020][ T7165] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 424.490968][ T7165] RSP: 002b:00007f7264da3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 424.499748][ T7165] RAX: ffffffffffffffda RBX: 00007f7264175fa0 RCX: 00007f7263f8473c [ 424.508012][ T7165] RDX: 000000000000000f RSI: 00007f7264da30a0 RDI: 0000000000000004 [ 424.516286][ T7165] RBP: 00007f7264da3090 R08: 0000000000000000 R09: 0000000000000000 [ 424.524517][ T7165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 424.532737][ T7165] R13: 0000000000000000 R14: 00007f7264175fa0 R15: 00007fff85ca30e8 [ 424.541010][ T7165] [ 424.912515][ T44] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 425.026088][ T7023] veth0_vlan: entered promiscuous mode [ 425.085524][ T7023] veth1_vlan: entered promiscuous mode [ 425.092124][ T44] usb 4-1: Using ep0 maxpacket: 16 [ 425.133558][ T44] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 425.168033][ T44] usb 4-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice= 0.40 [ 425.179043][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.187557][ T44] usb 4-1: Product: syz [ 425.192132][ T44] usb 4-1: Manufacturer: syz [ 425.197035][ T44] usb 4-1: SerialNumber: syz [ 425.286991][ T44] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input7 [ 425.293968][ T5837] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 425.301422][ T5836] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 425.464950][ T5836] usb 3-1: Using ep0 maxpacket: 8 [ 425.490337][ T5836] usb 3-1: config 1 interface 0 altsetting 243 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 425.499527][ T10] usb 4-1: USB disconnect, device number 5 [ 425.502172][ T5836] usb 3-1: config 1 interface 0 altsetting 243 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 425.524890][ T5836] usb 3-1: config 1 interface 0 has no altsetting 0 [ 425.532850][ T7023] veth0_macvtap: entered promiscuous mode [ 425.577624][ T5837] usb 2-1: Using ep0 maxpacket: 8 [ 425.583750][ T5836] usb 3-1: New USB device found, idVendor=046d, idProduct=ca04, bcdDevice= 0.40 [ 425.593767][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.602205][ T5836] usb 3-1: Product: ꄰ▷폆穩툮쪇舐அ䶒횐쪄誎谟⒋ካ鴕잓㘹㓬淪嶷輰迊Ꝇ薠朴ᝠ츔䌜鋥玢녕㭗葁ल莞졽粓Ε逅襀୓콀ࡒ㎰뺟읃솬⮊ꉞ仫判ᒽ࿕倴ꡲԼ⇫螸烳磹ஷ隐慃⻳ﵠ䩐辈骀焷ڌ哗衆粿渡籵띦㱟갭ʡ䥔吤籭᳝坛獺㝋㲙ᇦ깳 [ 425.627839][ T5837] usb 2-1: config 0 has an invalid interface number: 38 but max is 0 [ 425.636191][ T5836] usb 3-1: Manufacturer: ఏ [ 425.641711][ T5837] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 425.647110][ T5836] usb 3-1: SerialNumber: ц [ 425.656413][ T5837] usb 2-1: config 0 has no interface number 0 [ 425.668003][ T5837] usb 2-1: config 0 interface 38 altsetting 0 bulk endpoint 0xE has invalid maxpacket 32 [ 425.678412][ T5837] usb 2-1: config 0 interface 38 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 425.688662][ T5837] usb 2-1: config 0 interface 38 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 425.690773][ T7023] veth1_macvtap: entered promiscuous mode [ 425.698798][ T5837] usb 2-1: config 0 interface 38 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 7 [ 425.777525][ T5837] usb 2-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=4b.63 [ 425.787780][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.796270][ T5837] usb 2-1: Product: syz [ 425.800783][ T5837] usb 2-1: Manufacturer: syz [ 425.808344][ T5837] usb 2-1: SerialNumber: syz [ 425.830645][ T5837] usb 2-1: config 0 descriptor?? [ 425.839665][ T7171] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 425.879360][ T5837] pn533_usb 2-1:0.38: NFC: Could not find bulk-in or bulk-out endpoint [ 425.891681][ T7023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.908156][ T7023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.918547][ T7023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.932899][ T7023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.944377][ T7023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.955407][ T7023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.966834][ T7023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.980696][ T7023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.991138][ T7023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 426.002321][ T7023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.020923][ T7023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 426.197176][ T7023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.213054][ T7023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.223566][ T7023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.237845][ T7023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.249179][ T7023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.260319][ T7023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.270740][ T7023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.281909][ T7023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.292339][ T7023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.303334][ T7023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.321443][ T7023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 426.450965][ T7023] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.461614][ T7023] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.471113][ T7023] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.480743][ T7023] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.563810][ T5836] usbhid 3-1:1.0: can't add hid device: -71 [ 426.570764][ T5836] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 426.683960][ T5836] usb 3-1: USB disconnect, device number 8 [ 426.914544][ T7187] tipc: Started in network mode [ 426.919947][ T7187] tipc: Node identity 7f000001, cluster identity 4711 [ 426.929240][ T7187] tipc: Enabled bearer , priority 10 [ 427.083535][ T7184] loop3: detected capacity change from 0 to 1024 [ 427.140014][ T7184] EXT4-fs: Ignoring removed nobh option [ 427.146673][ T7184] EXT4-fs: Ignoring removed orlov option [ 427.241438][ T7184] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 427.301135][ T7184] EXT4-fs error (device loop3): __ext4_remount:6749: comm syz.3.439: Abort forced by user [ 427.319293][ T7184] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: none. [ 427.745976][ T7198] netlink: 16 bytes leftover after parsing attributes in process `syz.2.443'. [ 427.781174][ T7198] ip6gretap0: entered promiscuous mode [ 427.850903][ T7198] ip6gretap0: left promiscuous mode [ 428.124568][ T7204] loop4: detected capacity change from 0 to 2048 [ 428.142390][ T5862] tipc: Node number set to 2130706433 [ 428.335509][ T5837] usb 2-1: USB disconnect, device number 9 [ 428.404521][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 428.714451][ T7204] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 428.727554][ T7204] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 428.973088][ T7217] loop1: detected capacity change from 0 to 2040 [ 429.024774][ T7217] udf: Unknown parameter 'udelete' [ 429.114605][ T5836] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 429.325160][ T5836] usb 3-1: Using ep0 maxpacket: 16 [ 429.352581][ T5836] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 429.455799][ T5836] usb 3-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice= 0.40 [ 429.465439][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 429.473875][ T5836] usb 3-1: Product: syz [ 429.478326][ T5836] usb 3-1: Manufacturer: syz [ 429.483437][ T5836] usb 3-1: SerialNumber: syz [ 429.577770][ T5836] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input8 [ 429.587421][ T5785] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 429.848919][ T7231] loop1: detected capacity change from 0 to 64 [ 429.936159][ T5836] usb 3-1: USB disconnect, device number 9 [ 430.152396][ T7234] tipc: Started in network mode [ 430.158040][ T7234] tipc: Node identity 7f000001, cluster identity 4711 [ 430.167234][ T7234] tipc: Enabled bearer , priority 10 [ 430.282200][ T5862] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 430.452710][ T5862] usb 2-1: Using ep0 maxpacket: 32 [ 430.486251][ T5862] usb 2-1: config 7 has an invalid interface number: 97 but max is 0 [ 430.495798][ T5862] usb 2-1: config 7 has no interface number 0 [ 430.502520][ T5862] usb 2-1: config 7 interface 97 has no altsetting 0 [ 430.544567][ T5862] usb 2-1: New USB device found, idVendor=1e2d, idProduct=00f4, bcdDevice=39.48 [ 430.554283][ T5862] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.562851][ T5862] usb 2-1: Product: း [ 430.567354][ T5862] usb 2-1: Manufacturer: щ [ 430.572294][ T5862] usb 2-1: SerialNumber: 昖 [ 430.921147][ T5862] option 2-1:7.97: GSM modem (1-port) converter detected [ 430.958266][ T5862] usb 2-1: USB disconnect, device number 10 [ 430.966846][ T5862] option 2-1:7.97: device disconnected [ 431.284003][ T5837] tipc: Node number set to 2130706433 [ 431.615581][ T7243] loop2: detected capacity change from 0 to 4096 [ 431.872569][ T5837] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 432.052377][ T5837] usb 5-1: Using ep0 maxpacket: 8 [ 432.107667][ T5837] usb 5-1: config 0 has an invalid interface number: 38 but max is 0 [ 432.116296][ T5837] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 432.126920][ T5837] usb 5-1: config 0 has no interface number 0 [ 432.133478][ T5837] usb 5-1: config 0 interface 38 altsetting 0 bulk endpoint 0xE has invalid maxpacket 32 [ 432.144263][ T5837] usb 5-1: config 0 interface 38 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 432.154552][ T5837] usb 5-1: config 0 interface 38 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 432.164789][ T5837] usb 5-1: config 0 interface 38 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 7 [ 432.334565][ T5837] usb 5-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=4b.63 [ 432.344500][ T5837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.353344][ T5837] usb 5-1: Product: syz [ 432.357836][ T5837] usb 5-1: Manufacturer: syz [ 432.364834][ T5837] usb 5-1: SerialNumber: syz [ 432.465965][ T5837] usb 5-1: config 0 descriptor?? [ 432.475525][ T7248] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 432.534974][ T5837] pn533_usb 5-1:0.38: NFC: Could not find bulk-in or bulk-out endpoint [ 432.543228][ T7258] Bluetooth: MGMT ver 1.23 [ 432.748484][ T3810] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.749510][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.757398][ T3810] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.766179][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 433.262110][ T29] kauditd_printk_skb: 40 callbacks suppressed [ 433.262202][ T29] audit: type=1326 audit(1735017784.469:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7259 comm="syz.2.461" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc633985d29 code=0x0 [ 433.653830][ T7270] tipc: Enabling of bearer rejected, already enabled [ 434.212715][ T5837] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 434.418926][ T5837] usb 2-1: Using ep0 maxpacket: 16 [ 434.572717][ T5837] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 434.618613][ T5786] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 434.626396][ T5786] Bluetooth: hci0: command 0x0c1a tx timeout [ 434.662937][ T5837] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice= 0.40 [ 434.672963][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.681305][ T5837] usb 2-1: Product: syz [ 434.685910][ T5837] usb 2-1: Manufacturer: syz [ 434.690795][ T5837] usb 2-1: SerialNumber: syz [ 434.745411][ T5837] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input9 [ 434.955255][ T5836] usb 5-1: USB disconnect, device number 6 [ 435.103825][ T44] usb 2-1: USB disconnect, device number 11 [ 435.285499][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 435.569898][ T7295] loop3: detected capacity change from 0 to 128 [ 436.036625][ T7299] 9pnet_fd: Insufficient options for proto=fd [ 436.047161][ T7303] FAULT_INJECTION: forcing a failure. [ 436.047161][ T7303] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 436.061210][ T7303] CPU: 1 UID: 0 PID: 7303 Comm: syz.3.475 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 436.072188][ T7303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 436.082542][ T7303] Call Trace: [ 436.086056][ T7303] [ 436.089211][ T7303] dump_stack_lvl+0x216/0x2d0 [ 436.094269][ T7303] dump_stack+0x1e/0x24 [ 436.098777][ T7303] should_fail_ex+0x748/0x7f0 [ 436.103846][ T7303] should_fail_alloc_page+0x235/0x2b0 [ 436.109581][ T7303] __alloc_pages_noprof+0x343/0xe00 [ 436.115168][ T7303] alloc_pages_mpol_noprof+0x299/0x990 [ 436.120997][ T7303] ? kmsan_get_metadata+0x13e/0x1c0 [ 436.126560][ T7303] alloc_pages_noprof+0x1bf/0x1e0 [ 436.131957][ T7303] pte_alloc_one+0x5b/0x380 [ 436.136817][ T7303] ? kmsan_get_metadata+0x13e/0x1c0 [ 436.142384][ T7303] __pte_alloc+0x3d/0x6a0 [ 436.147055][ T7303] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 436.153227][ T7303] handle_mm_fault+0x6237/0xdcc0 [ 436.158556][ T7303] ? kmsan_get_metadata+0x13e/0x1c0 [ 436.164158][ T7303] exc_page_fault+0x41b/0x700 [ 436.169230][ T7303] asm_exc_page_fault+0x2b/0x30 [ 436.174467][ T7303] RIP: 0033:0x7f7379a4b737 [ 436.179194][ T7303] Code: 00 66 0f 6f 7c 24 40 48 8d 05 25 49 45 00 48 8d 1d 5e 49 45 00 66 48 0f 6e c3 48 8d ac 24 30 04 00 00 48 8d 94 24 50 05 00 00 <0f> 29 3d e2 48 45 00 66 48 0f 6e f8 48 89 e8 66 0f 6c c7 0f 29 05 [ 436.199186][ T7303] RSP: 002b:00007f737a9284f0 EFLAGS: 00010202 [ 436.205619][ T7303] RAX: 00007f7379ea0040 RBX: 00007f7379ea0080 RCX: 0000000000000002 [ 436.213897][ T7303] RDX: 00007f737a928a40 RSI: 0000000000000002 RDI: 0000000000000001 [ 436.222179][ T7303] RBP: 00007f737a928920 R08: 0000000000000001 R09: 0000000000000019 [ 436.230449][ T7303] R10: 0000000020000282 R11: 00000000000001b2 R12: 0000000000000004 [ 436.238719][ T7303] R13: 00007f737a928ef0 R14: 00007f737a928eb0 R15: 00007f736f400000 [ 436.247036][ T7303] [ 436.254773][ T7303] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 436.349456][ T7299] loop4: detected capacity change from 0 to 64 [ 436.387596][ T7303] syz.3.475: attempt to access beyond end of device [ 436.387596][ T7303] loop3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 436.402422][ T7303] SQUASHFS error: Failed to read block 0x0: -5 [ 436.409038][ T7303] unable to read squashfs_super_block [ 436.417461][ T7301] tipc: Enabling of bearer rejected, already enabled [ 436.642537][ T7308] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 436.659060][ T7307] netlink: 60 bytes leftover after parsing attributes in process `syz.2.476'. [ 437.575843][ T7316] netlink: 8 bytes leftover after parsing attributes in process `syz.2.479'. [ 437.726384][ T7322] loop3: detected capacity change from 0 to 64 [ 439.030410][ T7334] netlink: 12 bytes leftover after parsing attributes in process `syz.1.485'. [ 439.823765][ T7341] tipc: Enabling of bearer rejected, already enabled [ 440.068810][ T7339] loop4: detected capacity change from 0 to 32768 [ 440.244506][ T7339] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 440.556957][ T5785] ocfs2: Unmounting device (7,4) on (node local) [ 441.747221][ T7354] netlink: 60 bytes leftover after parsing attributes in process `syz.1.489'. [ 442.695783][ T7363] loop2: detected capacity change from 0 to 2048 [ 442.891742][ T7363] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 442.957052][ T7363] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 442.963333][ T7372] FAULT_INJECTION: forcing a failure. [ 442.963333][ T7372] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 442.979851][ T7372] CPU: 0 UID: 0 PID: 7372 Comm: syz.3.499 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 442.990815][ T7372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 443.001162][ T7372] Call Trace: [ 443.004651][ T7372] [ 443.007786][ T7372] dump_stack_lvl+0x216/0x2d0 [ 443.012808][ T7372] dump_stack+0x1e/0x24 [ 443.017280][ T7372] should_fail_ex+0x748/0x7f0 [ 443.022297][ T7372] should_fail_alloc_page+0x235/0x2b0 [ 443.028011][ T7372] __alloc_pages_noprof+0x343/0xe00 [ 443.033605][ T7372] alloc_pages_mpol_noprof+0x299/0x990 [ 443.039420][ T7372] ? kmsan_get_metadata+0x13e/0x1c0 [ 443.044942][ T7372] alloc_pages_noprof+0x1bf/0x1e0 [ 443.050289][ T7372] pte_alloc_one+0x5b/0x380 [ 443.055105][ T7372] ? kmsan_get_metadata+0x13e/0x1c0 [ 443.060610][ T7372] __pte_alloc+0x3d/0x6a0 [ 443.065231][ T7372] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 443.071514][ T7372] handle_mm_fault+0x6237/0xdcc0 [ 443.076842][ T7372] ? kmsan_get_metadata+0x13e/0x1c0 [ 443.082398][ T7372] exc_page_fault+0x41b/0x700 [ 443.087430][ T7372] asm_exc_page_fault+0x2b/0x30 [ 443.092618][ T7372] RIP: 0033:0x7f7379a48ba3 [ 443.097289][ T7372] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 443.117223][ T7372] RSP: 002b:00007f737a9284a0 EFLAGS: 00010206 [ 443.123598][ T7372] RAX: 0000000000000000 RBX: 00007f737a928540 RCX: 00007f736f400000 [ 443.131838][ T7372] RDX: 00007f737a9286e0 RSI: 000000000000000f RDI: 00007f737a9285e0 [ 443.140093][ T7372] RBP: 000000000000013b R08: 0000000000000008 R09: 00000000000000b4 [ 443.148324][ T7372] R10: 00000000000000c2 R11: 00007f737a928540 R12: 00007f737a928540 [ 443.156568][ T7372] R13: 00007f7379c18fe0 R14: 00000000000000eb R15: 00007f737a9285e0 [ 443.164826][ T7372] [ 443.174968][ T7372] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 443.214652][ T7372] loop3: detected capacity change from 0 to 128 [ 444.029804][ T7375] tipc: Enabling of bearer rejected, already enabled [ 444.084290][ T7373] loop1: detected capacity change from 0 to 32768 [ 444.161140][ T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 444.404205][ T7373] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 444.628771][ T10] usb 3-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 444.638738][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.658644][ T10] usb 3-1: config 0 descriptor?? [ 444.745176][ T5792] ocfs2: Unmounting device (7,1) on (node local) [ 445.550128][ T7398] FAULT_INJECTION: forcing a failure. [ 445.550128][ T7398] name failslab, interval 1, probability 0, space 0, times 0 [ 445.563784][ T7398] CPU: 0 UID: 0 PID: 7398 Comm: syz.5.508 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 445.574769][ T7398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 445.585142][ T7398] Call Trace: [ 445.588651][ T7398] [ 445.591818][ T7398] dump_stack_lvl+0x216/0x2d0 [ 445.596898][ T7398] dump_stack+0x1e/0x24 [ 445.601546][ T7398] should_fail_ex+0x748/0x7f0 [ 445.606627][ T7398] should_failslab+0x17f/0x210 [ 445.611749][ T7398] kmem_cache_alloc_node_noprof+0xf4/0xe00 [ 445.617959][ T7398] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 445.624710][ T7398] ? __alloc_skb+0x1e9/0x7b0 [ 445.629638][ T7398] ? kmsan_get_metadata+0x13e/0x1c0 [ 445.635205][ T7398] __alloc_skb+0x1e9/0x7b0 [ 445.639969][ T7398] ? tipc_nl_compat_doit+0x1b4/0xa00 [ 445.645614][ T7398] ? tipc_nl_compat_recv+0xfbb/0x15f0 [ 445.651345][ T7398] tipc_nl_compat_doit+0x1d6/0xa00 [ 445.656820][ T7398] ? stack_depot_save_flags+0x2c/0x750 [ 445.662673][ T7398] ? kmsan_get_metadata+0x13e/0x1c0 [ 445.668234][ T7398] ? kmsan_get_metadata+0x13e/0x1c0 [ 445.673787][ T7398] ? kmsan_get_metadata+0x13e/0x1c0 [ 445.679370][ T7398] tipc_nl_compat_recv+0xfbb/0x15f0 [ 445.684927][ T7398] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 445.691311][ T7398] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 445.698130][ T7398] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 445.704134][ T7398] genl_rcv_msg+0x1214/0x12c0 [ 445.709169][ T7398] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 445.715208][ T7398] netlink_rcv_skb+0x375/0x650 [ 445.720361][ T7398] ? __pfx_genl_rcv_msg+0x10/0x10 [ 445.725740][ T7398] ? __pfx_genl_rcv+0x10/0x10 [ 445.730741][ T7398] genl_rcv+0x40/0x60 [ 445.735033][ T7398] netlink_unicast+0xf52/0x1260 [ 445.740295][ T7398] netlink_sendmsg+0x10da/0x11e0 [ 445.745645][ T7398] ? __pfx_netlink_sendmsg+0x10/0x10 [ 445.751316][ T7398] ? __pfx_netlink_sendmsg+0x10/0x10 [ 445.756992][ T7398] __sock_sendmsg+0x30f/0x380 [ 445.762096][ T7398] ____sys_sendmsg+0x877/0xb60 [ 445.767250][ T7398] ___sys_sendmsg+0x28d/0x3c0 [ 445.772308][ T7398] ? __rcu_read_unlock+0x7b/0xe0 [ 445.777643][ T7398] ? __fget_files+0x42b/0x500 [ 445.782669][ T7398] ? kmsan_get_metadata+0x13e/0x1c0 [ 445.788213][ T7398] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 445.794397][ T7398] __x64_sys_sendmsg+0x212/0x3c0 [ 445.799732][ T7398] ? kmsan_get_metadata+0x13e/0x1c0 [ 445.805309][ T7398] x64_sys_call+0x2ed6/0x3c30 [ 445.810400][ T7398] do_syscall_64+0xcd/0x1e0 [ 445.815253][ T7398] ? clear_bhb_loop+0x25/0x80 [ 445.820332][ T7398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.826630][ T7398] RIP: 0033:0x7fb77af85d29 [ 445.831342][ T7398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 445.851344][ T7398] RSP: 002b:00007fb77bd29038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 445.860165][ T7398] RAX: ffffffffffffffda RBX: 00007fb77b175fa0 RCX: 00007fb77af85d29 [ 445.868479][ T7398] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 445.876767][ T7398] RBP: 00007fb77bd29090 R08: 0000000000000000 R09: 0000000000000000 [ 445.885048][ T7398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 445.893341][ T7398] R13: 0000000000000000 R14: 00007fb77b175fa0 R15: 00007ffd10a3ff18 [ 445.901649][ T7398] [ 446.335400][ T10] usb 3-1: string descriptor 0 read error: -71 [ 446.349413][ T10] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 446.361015][ T10] asix 3-1:0.0: probe with driver asix failed with error -71 [ 446.384141][ T10] usb 3-1: USB disconnect, device number 10 [ 447.388452][ T7418] tipc: Enabling of bearer rejected, already enabled [ 447.682423][ T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 447.882948][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 447.933303][ T10] usb 5-1: config 0 has an invalid interface number: 124 but max is 0 [ 447.949669][ T10] usb 5-1: config 0 has no interface number 0 [ 447.958475][ T10] usb 5-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=e1.97 [ 447.971631][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.057601][ T10] usb 5-1: config 0 descriptor?? [ 448.157916][ T7431] loop3: detected capacity change from 0 to 256 [ 448.279622][ T7431] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 448.399942][ T7431] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 448.410166][ T7431] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 448.412172][ T44] usb 5-1: USB disconnect, device number 7 [ 448.418513][ T7431] UDF-fs: Scanning with blocksize 512 failed [ 448.569066][ T7431] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 448.608083][ T7431] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 449.094390][ T7440] loop5: detected capacity change from 0 to 128 [ 449.187989][ T7440] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 449.801625][ T7443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.814612][ T7443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 449.891206][ T7443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.901147][ T7443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 449.975609][ T7437] loop2: detected capacity change from 0 to 32768 [ 449.976663][ T7443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.996064][ T7443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.006230][ T44] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 450.069567][ T7443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 450.079708][ T7443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.141436][ T7443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 450.151332][ T7443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.180452][ T7437] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 450.253581][ T7449] netlink: 4 bytes leftover after parsing attributes in process `syz.5.525'. [ 450.941706][ T7449] netlink: 44 bytes leftover after parsing attributes in process `syz.5.525'. [ 450.956653][ T5794] ocfs2: Unmounting device (7,2) on (node local) [ 451.487451][ T7459] tipc: Enabling of bearer rejected, already enabled [ 452.682753][ T7477] syzkaller0: entered allmulticast mode [ 452.727913][ T7477] syzkaller0: left allmulticast mode [ 452.802585][ T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 452.983342][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 453.026066][ T10] usb 6-1: config 0 has an invalid interface number: 52 but max is 0 [ 453.034875][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 453.045694][ T10] usb 6-1: config 0 has no interface number 0 [ 453.052266][ T10] usb 6-1: config 0 interface 52 has no altsetting 0 [ 453.059472][ T10] usb 6-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 453.075113][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.188416][ T10] usb 6-1: config 0 descriptor?? [ 453.526041][ T7489] loop1: detected capacity change from 0 to 2048 [ 453.817302][ T7496] dccp_invalid_packet: invalid packet type [ 453.956579][ T7495] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 453.971082][ T29] audit: type=1326 audit(2000000012.300:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7497 comm="syz.3.542" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7379b85d29 code=0x0 [ 453.977563][ T5837] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 454.348371][ T5837] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 454.359149][ T5837] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 454.514568][ T5837] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 454.524623][ T5837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.533635][ T5837] usb 5-1: Product: syz [ 454.538106][ T5837] usb 5-1: Manufacturer: syz [ 454.543522][ T5837] usb 5-1: SerialNumber: syz [ 454.827975][ T10] usb 6-1: Can not set alternate setting to 1, error: -71 [ 454.835834][ T10] synaptics_usb 6-1:0.52: probe with driver synaptics_usb failed with error -71 [ 454.870587][ T10] usb 6-1: USB disconnect, device number 2 [ 455.079128][ T5837] usb 5-1: 0:2 : does not exist [ 455.158426][ T5837] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 455.249533][ T7509] netlink: 36 bytes leftover after parsing attributes in process `syz.2.545'. [ 455.299594][ T5837] usb 5-1: USB disconnect, device number 8 [ 455.393321][ T7507] tipc: Enabling of bearer rejected, already enabled [ 456.602655][ T7529] loop1: detected capacity change from 0 to 128 [ 456.637420][ T7528] loop5: detected capacity change from 0 to 512 [ 456.672934][ T7529] befs: (loop1): No write support. Marking filesystem read-only [ 456.688577][ T7529] befs: (loop1): invalid magic header [ 456.722670][ T7528] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 456.736307][ T7528] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 456.928160][ T7528] EXT4-fs (loop5): failed to initialize system zone (-117) [ 457.002574][ T7528] EXT4-fs (loop5): mount failed [ 457.017527][ T7532] netlink: 'syz.2.554': attribute type 1 has an invalid length. [ 457.205107][ T7538] FAULT_INJECTION: forcing a failure. [ 457.205107][ T7538] name failslab, interval 1, probability 0, space 0, times 0 [ 457.220730][ T7538] CPU: 0 UID: 0 PID: 7538 Comm: syz.1.556 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 457.231727][ T7538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 457.242086][ T7538] Call Trace: [ 457.245604][ T7538] [ 457.248772][ T7538] dump_stack_lvl+0x216/0x2d0 [ 457.253851][ T7538] dump_stack+0x1e/0x24 [ 457.258389][ T7538] should_fail_ex+0x748/0x7f0 [ 457.263461][ T7538] should_failslab+0x17f/0x210 [ 457.268594][ T7538] kmem_cache_alloc_lru_noprof+0xf5/0xe20 [ 457.274728][ T7538] ? shmem_alloc_inode+0x5a/0xd0 [ 457.280062][ T7538] ? __se_sys_memfd_create+0x604/0x1260 [ 457.285997][ T7538] ? kmsan_get_metadata+0x13e/0x1c0 [ 457.291584][ T7538] shmem_alloc_inode+0x5a/0xd0 [ 457.296751][ T7538] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 457.302644][ T7538] alloc_inode+0x86/0x460 [ 457.307356][ T7538] new_inode+0x38/0x480 [ 457.311862][ T7538] ? kmsan_get_metadata+0x13e/0x1c0 [ 457.317432][ T7538] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 457.323624][ T7538] shmem_get_inode+0x705/0x1c50 [ 457.328886][ T7538] __shmem_file_setup+0x249/0x4d0 [ 457.334304][ T7538] shmem_file_setup+0x61/0x80 [ 457.339359][ T7538] __se_sys_memfd_create+0x8a3/0x1260 [ 457.345135][ T7538] ? kmsan_get_metadata+0x13e/0x1c0 [ 457.350716][ T7538] __x64_sys_memfd_create+0x6c/0xa0 [ 457.356309][ T7538] x64_sys_call+0x3b63/0x3c30 [ 457.361405][ T7538] do_syscall_64+0xcd/0x1e0 [ 457.366236][ T7538] ? clear_bhb_loop+0x25/0x80 [ 457.371307][ T7538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.377601][ T7538] RIP: 0033:0x7f7263f85d29 [ 457.382307][ T7538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.402292][ T7538] RSP: 002b:00007f7264da2e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 457.411093][ T7538] RAX: ffffffffffffffda RBX: 00000000000004b1 RCX: 00007f7263f85d29 [ 457.419395][ T7538] RDX: 00007f7264da2ef0 RSI: 0000000000000000 RDI: 00007f7264002409 [ 457.427685][ T7538] RBP: 0000000020001d00 R08: 00007f7264da2bb7 R09: 00007f7264da2e40 [ 457.436062][ T7538] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000500 [ 457.444353][ T7538] R13: 00007f7264da2ef0 R14: 00007f7264da2eb0 R15: 0000000020000000 [ 457.452660][ T7538] [ 457.908735][ T7540] netlink: 36 bytes leftover after parsing attributes in process `syz.5.557'. [ 458.152180][ T7542] loop3: detected capacity change from 0 to 128 [ 458.267416][ T7548] loop2: detected capacity change from 0 to 64 [ 458.382214][ T44] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 458.596539][ T44] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 458.607187][ T44] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 458.872365][ T44] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 458.881940][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.890270][ T44] usb 2-1: Product: syz [ 458.894855][ T44] usb 2-1: Manufacturer: syz [ 458.903977][ T44] usb 2-1: SerialNumber: syz [ 459.235866][ T44] usb 2-1: 0:2 : does not exist [ 459.259071][ T7555] tipc: Enabling of bearer rejected, already enabled [ 459.268042][ T44] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 459.483711][ T44] usb 2-1: USB disconnect, device number 13 [ 459.547685][ T7558] netlink: 16 bytes leftover after parsing attributes in process `syz.5.564'. [ 460.056201][ T7563] tipc: Enabled bearer , priority 0 [ 460.172211][ T5837] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 460.342375][ T5837] usb 3-1: Using ep0 maxpacket: 32 [ 460.375248][ T5837] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 460.384105][ T5837] usb 3-1: config 0 has no interface number 0 [ 460.390674][ T5837] usb 3-1: config 0 interface 184 has no altsetting 0 [ 460.631569][ T5837] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 460.647411][ T5837] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.657722][ T5837] usb 3-1: Product: syz [ 460.662453][ T5837] usb 3-1: Manufacturer: syz [ 460.667375][ T5837] usb 3-1: SerialNumber: syz [ 460.733420][ T5837] usb 3-1: config 0 descriptor?? [ 460.876959][ T5837] smsc75xx v1.0.0 [ 461.240301][ T7564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 461.250418][ T7564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 461.754610][ T7571] loop3: detected capacity change from 0 to 40427 [ 461.793873][ T7571] F2FS-fs (loop3): Fix alignment : internally, start(4096) end(16896) block(12288) [ 461.832295][ T7571] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 461.838999][ T7571] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 461.843905][ T7576] netlink: 36 bytes leftover after parsing attributes in process `syz.1.571'. [ 461.883769][ T7571] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 463.643575][ T5837] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000040: -71 [ 463.655435][ T5837] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 463.877341][ T7586] tipc: Enabling of bearer rejected, already enabled [ 463.989094][ T5837] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 464.000556][ T5837] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 464.010777][ T5837] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 464.030680][ T5837] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 464.044349][ T5837] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 464.077017][ T7588] netlink: 12 bytes leftover after parsing attributes in process `syz.5.575'. [ 464.208076][ T7593] netlink: 80 bytes leftover after parsing attributes in process `syz.5.575'. [ 464.359918][ T5837] usb 3-1: USB disconnect, device number 11 [ 464.782805][ T44] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 464.791498][ T29] audit: type=1326 audit(2000000023.130:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.580" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7379b85d29 code=0x0 [ 464.917010][ T10] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 465.022382][ T44] usb 5-1: Using ep0 maxpacket: 16 [ 465.036496][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 465.051618][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 465.074400][ T44] usb 5-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a [ 465.084165][ T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.092629][ T44] usb 5-1: Product: syz [ 465.097113][ T44] usb 5-1: Manufacturer: syz [ 465.102095][ T44] usb 5-1: SerialNumber: syz [ 465.178605][ T44] usb 5-1: config 0 descriptor?? [ 465.210417][ T44] pegasus_notetaker 5-1:0.0: probe with driver pegasus_notetaker failed with error -22 [ 465.300515][ T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 465.311687][ T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 465.343055][ T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 465.343255][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.343441][ T10] usb 2-1: Product: syz [ 465.343574][ T10] usb 2-1: Manufacturer: syz [ 465.343811][ T10] usb 2-1: SerialNumber: syz [ 465.473263][ T44] usb 5-1: USB disconnect, device number 9 [ 465.625308][ T10] usb 2-1: 0:2 : does not exist [ 465.689079][ T10] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 465.838850][ T10] usb 2-1: USB disconnect, device number 14 [ 466.004241][ T7614] netlink: 16 bytes leftover after parsing attributes in process `syz.2.585'. [ 467.414941][ T7624] tipc: Started in network mode [ 467.420493][ T7624] tipc: Node identity 7f000001, cluster identity 4711 [ 467.429624][ T7624] tipc: Enabled bearer , priority 10 [ 468.552948][ T44] tipc: Node number set to 2130706433 [ 469.792349][ T7667] loop0: detected capacity change from 0 to 7 [ 469.819353][ T7667] Dev loop0: unable to read RDB block 7 [ 469.825867][ T7667] loop0: AHDI p1 [ 469.830088][ T7667] loop0: partition table partially beyond EOD, truncated [ 470.112442][ T7661] loop5: detected capacity change from 0 to 4096 [ 470.664862][ T7668] loop1: detected capacity change from 0 to 32768 [ 470.764593][ T7668] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 470.811505][ T7675] FAULT_INJECTION: forcing a failure. [ 470.811505][ T7675] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 470.825314][ T7675] CPU: 1 UID: 0 PID: 7675 Comm: syz.4.609 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 470.836286][ T7675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 470.846642][ T7675] Call Trace: [ 470.850159][ T7675] [ 470.853317][ T7675] dump_stack_lvl+0x216/0x2d0 [ 470.858383][ T7675] dump_stack+0x1e/0x24 [ 470.862888][ T7675] should_fail_ex+0x748/0x7f0 [ 470.867954][ T7675] should_fail+0x2a/0x40 [ 470.872596][ T7675] should_fail_usercopy+0x2e/0x40 [ 470.877998][ T7675] _copy_to_user+0x34/0x120 [ 470.882878][ T7675] simple_read_from_buffer+0x199/0x340 [ 470.888762][ T7675] proc_fail_nth_read+0x1e5/0x2c0 [ 470.894159][ T7675] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 470.900061][ T7675] vfs_read+0x29d/0xf50 [ 470.904595][ T7675] ? stack_depot_save_flags+0x2c/0x750 [ 470.910439][ T7675] ? kmsan_get_metadata+0x13e/0x1c0 [ 470.915993][ T7675] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 470.922766][ T7675] ksys_read+0x240/0x4b0 [ 470.927399][ T7675] ? kmsan_get_metadata+0x13e/0x1c0 [ 470.932963][ T7675] __x64_sys_read+0x93/0xe0 [ 470.937938][ T7675] x64_sys_call+0x314c/0x3c30 [ 470.943028][ T7675] do_syscall_64+0xcd/0x1e0 [ 470.947880][ T7675] ? clear_bhb_loop+0x25/0x80 [ 470.952959][ T7675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.959236][ T7675] RIP: 0033:0x7fc72f58473c [ 470.963946][ T7675] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 470.983937][ T7675] RSP: 002b:00007fc730483030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 470.992751][ T7675] RAX: ffffffffffffffda RBX: 00007fc72f775fa0 RCX: 00007fc72f58473c [ 471.001078][ T7675] RDX: 000000000000000f RSI: 00007fc7304830a0 RDI: 0000000000000004 [ 471.009353][ T7675] RBP: 00007fc730483090 R08: 0000000000000000 R09: 0000000000000000 [ 471.017621][ T7675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 471.025858][ T7675] R13: 0000000000000000 R14: 00007fc72f775fa0 R15: 00007fff8c21ce48 [ 471.034127][ T7675] [ 471.605722][ T5792] ocfs2: Unmounting device (7,1) on (node local) [ 472.753085][ T7702] netlink: 12 bytes leftover after parsing attributes in process `syz.1.611'. [ 472.874774][ T7701] loop0: detected capacity change from 0 to 7 [ 473.023791][ T7701] Dev loop0: unable to read RDB block 7 [ 473.034199][ T7701] loop0: AHDI p1 [ 473.038227][ T7701] loop0: partition table partially beyond EOD, truncated [ 473.502163][ T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 473.853629][ T44] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 474.025847][ T44] usb 2-1: Using ep0 maxpacket: 32 [ 474.046155][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 474.051323][ T10] usb 6-1: config 0 has an invalid interface number: 117 but max is 0 [ 474.062217][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 474.062477][ T44] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 474.062661][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.090548][ T44] usb 2-1: config 0 descriptor?? [ 474.094156][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 474.118053][ T10] usb 6-1: config 0 has no interface number 0 [ 474.128263][ T10] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 474.139186][ T10] usb 6-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 474.419343][ T10] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 474.429432][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.437958][ T10] usb 6-1: Product: syz [ 474.442566][ T10] usb 6-1: Manufacturer: syz [ 474.447467][ T10] usb 6-1: SerialNumber: syz [ 474.545473][ T10] usb 6-1: config 0 descriptor?? [ 474.658393][ T7717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 474.671432][ T7717] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 475.049368][ T7709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 475.059393][ T7709] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 475.170840][ T7709] netlink: 16 bytes leftover after parsing attributes in process `syz.5.624'. [ 475.277074][ T7709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 475.294824][ T7709] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 475.451300][ T7733] loop3: detected capacity change from 0 to 4096 [ 475.457038][ T10] usbtouchscreen 6-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 475.477893][ T7733] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 475.553626][ T10] usb 6-1: USB disconnect, device number 3 [ 475.683689][ T7733] ntfs3(loop3): Failed to load $BadClus (-22). [ 475.932662][ T44] usbhid 2-1:0.0: can't add hid device: -71 [ 475.939552][ T44] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 475.993368][ T44] usb 2-1: USB disconnect, device number 15 [ 476.319291][ T7744] loop1: detected capacity change from 0 to 4096 [ 476.332676][ T7746] netlink: 'syz.4.636': attribute type 7 has an invalid length. [ 476.356989][ T7746] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.366381][ T7746] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.375671][ T7746] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.384983][ T7746] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.482308][ T7744] NILFS (loop1): invalid segment: Checksum error in segment payload [ 476.490741][ T7744] NILFS (loop1): trying rollback from an earlier position [ 476.710889][ T7744] NILFS (loop1): recovery complete [ 476.827607][ T7752] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 476.905336][ T7756] loop0: detected capacity change from 0 to 7 [ 476.953066][ T7756] Dev loop0: unable to read RDB block 7 [ 476.958973][ T7756] loop0: AHDI p1 [ 476.963626][ T7756] loop0: partition table partially beyond EOD, truncated [ 477.075215][ T7746] 9pnet_fd: Insufficient options for proto=fd [ 477.472635][ T7759] loop2: detected capacity change from 0 to 256 [ 477.498034][ T7759] exfat: Unknown parameter 'disd' [ 477.603928][ T7759] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 477.631362][ T7759] CIFS mount error: No usable UNC path provided in device string! [ 477.631362][ T7759] [ 477.642323][ T7759] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 478.967198][ T7783] loop3: detected capacity change from 0 to 512 [ 479.104007][ T7781] loop5: detected capacity change from 0 to 4096 [ 479.181913][ T7781] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 479.408235][ T7783] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 479.470800][ T7781] ntfs3(loop5): Failed to load $BadClus (-22). [ 479.843634][ T7792] loop2: detected capacity change from 0 to 1024 [ 479.871358][ T7792] hfsplus: unable to find HFS+ superblock [ 480.629735][ T7802] netlink: 60 bytes leftover after parsing attributes in process `syz.3.659'. [ 480.819376][ T7798] loop0: detected capacity change from 0 to 7 [ 480.902839][ T7798] Dev loop0: unable to read RDB block 7 [ 480.908917][ T7798] loop0: AHDI p1 [ 480.920429][ T7798] loop0: partition table partially beyond EOD, truncated [ 480.976466][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 480.984315][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 481.059164][ T7809] loop5: detected capacity change from 0 to 64 [ 481.062286][ T7805] loop3: detected capacity change from 0 to 256 [ 481.460557][ T7805] FAT-fs (loop3): Directory bread(block 64) failed [ 481.468247][ T7805] FAT-fs (loop3): Directory bread(block 65) failed [ 481.475489][ T7805] FAT-fs (loop3): Directory bread(block 66) failed [ 481.482614][ T7805] FAT-fs (loop3): Directory bread(block 67) failed [ 481.496250][ T7805] FAT-fs (loop3): Directory bread(block 68) failed [ 481.503355][ T7805] FAT-fs (loop3): Directory bread(block 69) failed [ 481.510360][ T7805] FAT-fs (loop3): Directory bread(block 70) failed [ 481.517373][ T7805] FAT-fs (loop3): Directory bread(block 71) failed [ 481.524552][ T7805] FAT-fs (loop3): Directory bread(block 72) failed [ 481.538465][ T7805] FAT-fs (loop3): Directory bread(block 73) failed [ 481.751380][ T7805] syz.3.663: attempt to access beyond end of device [ 481.751380][ T7805] loop3: rw=524288, sector=1160, nr_sectors = 4 limit=256 [ 481.766008][ T7805] syz.3.663: attempt to access beyond end of device [ 481.766008][ T7805] loop3: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 482.471108][ T7821] loop1: detected capacity change from 0 to 512 [ 482.547542][ T7819] loop2: detected capacity change from 0 to 4096 [ 482.572280][ T7821] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 482.642876][ T7819] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 482.735887][ T7819] ntfs3(loop2): Failed to load $BadClus (-22). [ 483.117116][ T5786] Bluetooth: hci1: unexpected event for opcode 0x2031 [ 483.142277][ T7835] netlink: 60 bytes leftover after parsing attributes in process `syz.5.673'. [ 484.185662][ T7845] loop0: detected capacity change from 0 to 7 [ 484.274301][ T7845] Dev loop0: unable to read RDB block 7 [ 484.280255][ T7845] loop0: AHDI p1 [ 484.284824][ T7845] loop0: partition table partially beyond EOD, truncated [ 484.460221][ T7850] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 485.599385][ T7859] loop3: detected capacity change from 0 to 512 [ 485.673181][ T7859] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 485.704940][ T7865] netlink: 60 bytes leftover after parsing attributes in process `syz.5.687'. [ 485.724991][ T7861] loop4: detected capacity change from 0 to 4096 [ 485.850490][ T7861] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 486.060925][ T7861] ntfs3(loop4): Failed to load $BadClus (-22). [ 487.003909][ T7871] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 487.034233][ T7879] netlink: 8 bytes leftover after parsing attributes in process `syz.5.691'. [ 487.679796][ T7894] loop0: detected capacity change from 0 to 7 [ 487.799395][ T7895] loop1: detected capacity change from 0 to 64 [ 487.831440][ T7894] Dev loop0: unable to read RDB block 7 [ 487.839006][ T7894] loop0: AHDI p1 [ 487.843199][ T7894] loop0: partition table partially beyond EOD, truncated [ 488.482564][ T7891] loop2: detected capacity change from 0 to 32768 [ 488.864450][ T7891] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 489.180423][ T7909] netlink: 16 bytes leftover after parsing attributes in process `syz.1.701'. [ 489.294738][ T5794] ocfs2: Unmounting device (7,2) on (node local) [ 490.383908][ T7911] loop4: detected capacity change from 0 to 4096 [ 490.463937][ T7911] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 490.523676][ T7918] loop5: detected capacity change from 0 to 1024 [ 490.569856][ T7918] hfsplus: Unknown parameter '18446744073709551615 n3Dy@E3^iȚq A1ckv7Z*Hό[ԕF2c yf&M%X uȮ l1<4[sڵP.3'f+/6c+ [ 490.569856][ T7918] `tY%gK[AQSND2j' [ 490.904853][ T7918] netlink: 12 bytes leftover after parsing attributes in process `syz.5.709'. [ 490.914560][ T7918] netlink: 40 bytes leftover after parsing attributes in process `syz.5.709'. [ 490.981389][ T7911] ntfs3(loop4): Failed to load $BadClus (-22). [ 491.066952][ T7923] loop5: detected capacity change from 0 to 128 [ 491.331525][ T29] audit: type=1800 audit(2000000049.670:61): pid=7918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.709" name="file1" dev="loop5" ino=1048610 res=0 errno=0 [ 491.642203][ T5790] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 491.650269][ T5790] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 491.905052][ T7928] loop3: detected capacity change from 0 to 128 [ 492.026107][ T7928] befs: Unknown parameter '/dev/video36' [ 493.251371][ T7930] netlink: 44 bytes leftover after parsing attributes in process `syz.2.713'. [ 494.372762][ T10] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 494.622731][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 495.014693][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.027255][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 495.037546][ T10] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 495.053239][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.107565][ T7937] loop5: detected capacity change from 0 to 32768 [ 496.122020][ T10] usb 5-1: config 0 descriptor?? [ 496.246174][ T5790] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 496.255286][ T5790] Bluetooth: hci1: Injecting HCI hardware error event [ 496.264024][ T5790] Bluetooth: hci1: hardware error 0x00 [ 496.837787][ T7937] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 497.294361][ T7023] ocfs2: Unmounting device (7,5) on (node local) [ 497.540498][ T7932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 497.550437][ T7932] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 497.685284][ T7944] loop0: detected capacity change from 0 to 7 [ 497.876226][ T7944] Dev loop0: unable to read RDB block 7 [ 497.883679][ T7944] loop0: AHDI p1 [ 497.887817][ T7944] loop0: partition table partially beyond EOD, truncated [ 498.369541][ T5790] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 500.184329][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 500.191094][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 500.207953][ T10] usb 5-1: USB disconnect, device number 10 [ 500.582489][ T7964] netlink: 44 bytes leftover after parsing attributes in process `syz.5.724'. [ 500.843213][ T7961] loop3: detected capacity change from 0 to 4096 [ 501.024989][ T7961] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 501.125428][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 501.273416][ T7961] ntfs3(loop3): Failed to load $BadClus (-22). [ 501.801695][ T7970] loop2: detected capacity change from 0 to 32768 [ 502.306706][ T7970] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 502.320762][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 502.752676][ T5794] ocfs2: Unmounting device (7,2) on (node local) [ 503.060844][ T7980] loop0: detected capacity change from 0 to 7 [ 503.160502][ T7980] Dev loop0: unable to read RDB block 7 [ 503.166651][ T7980] loop0: AHDI p1 [ 503.171972][ T7980] loop0: partition table partially beyond EOD, truncated [ 504.371013][ T5790] Bluetooth: hci4: unexpected event for opcode 0x2031 [ 504.753435][ T7985] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 505.678750][ T8023] loop3: detected capacity change from 0 to 128 [ 506.426037][ T8022] loop4: detected capacity change from 0 to 32768 [ 506.628663][ T8022] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 506.755210][ T8026] loop1: detected capacity change from 0 to 4096 [ 506.817799][ T8026] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 506.967638][ T8036] loop0: detected capacity change from 0 to 7 [ 507.004829][ T8036] Dev loop0: unable to read RDB block 7 [ 507.010749][ T8036] loop0: AHDI p1 [ 507.015479][ T8036] loop0: partition table partially beyond EOD, truncated [ 507.119030][ T5785] ocfs2: Unmounting device (7,4) on (node local) [ 507.119520][ T8026] ntfs3(loop1): Failed to load $BadClus (-22). [ 507.463954][ T8040] FAULT_INJECTION: forcing a failure. [ 507.463954][ T8040] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 507.478545][ T8040] CPU: 0 UID: 0 PID: 8040 Comm: syz.3.748 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 507.489520][ T8040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 507.499872][ T8040] Call Trace: [ 507.503383][ T8040] [ 507.506552][ T8040] dump_stack_lvl+0x216/0x2d0 [ 507.511612][ T8040] dump_stack+0x1e/0x24 [ 507.516160][ T8040] should_fail_ex+0x748/0x7f0 [ 507.521231][ T8040] should_fail_alloc_page+0x235/0x2b0 [ 507.526978][ T8040] __alloc_pages_noprof+0x343/0xe00 [ 507.532578][ T8040] alloc_pages_mpol_noprof+0x299/0x990 [ 507.538394][ T8040] ? kmsan_get_metadata+0x13e/0x1c0 [ 507.543959][ T8040] alloc_pages_noprof+0x1bf/0x1e0 [ 507.549370][ T8040] pte_alloc_one+0x5b/0x380 [ 507.554296][ T8040] ? kmsan_get_metadata+0x13e/0x1c0 [ 507.559859][ T8040] __pte_alloc+0x3d/0x6a0 [ 507.564542][ T8040] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 507.570710][ T8040] handle_mm_fault+0x6237/0xdcc0 [ 507.576032][ T8040] ? kmsan_get_metadata+0x13e/0x1c0 [ 507.581635][ T8040] exc_page_fault+0x41b/0x700 [ 507.586716][ T8040] asm_exc_page_fault+0x2b/0x30 [ 507.591943][ T8040] RIP: 0033:0x7f7379a48ba3 [ 507.596654][ T8040] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 507.616644][ T8040] RSP: 002b:00007f737a9284a0 EFLAGS: 00010202 [ 507.623083][ T8040] RAX: 0000000000000000 RBX: 00007f7379ea0020 RCX: 00007f736f400000 [ 507.631366][ T8040] RDX: 00007f7379ea00a0 RSI: 0000000000000005 RDI: 00007f737a9285e0 [ 507.639654][ T8040] RBP: 00007f737a92895c R08: 0000000000000008 R09: 0000000000000000 [ 507.647924][ T8040] R10: 0000000000000030 R11: 00007f7379ea0020 R12: 0000000000000004 [ 507.656214][ T8040] R13: 00007f7379c18fe0 R14: 0000000000000068 R15: 00007f737a9285e0 [ 507.664670][ T8040] [ 507.674680][ T8040] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 507.719015][ T8040] syz.3.748: attempt to access beyond end of device [ 507.719015][ T8040] loop3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 507.733243][ T8040] SQUASHFS error: Failed to read block 0x0: -5 [ 507.739856][ T8040] unable to read squashfs_super_block [ 508.247976][ T8043] netlink: 36 bytes leftover after parsing attributes in process `syz.5.750'. [ 508.406314][ T8045] loop2: detected capacity change from 0 to 64 [ 508.913681][ T5794] hfs: node 4:3 still has 2 user(s)! [ 508.944781][ T8055] netlink: 16 bytes leftover after parsing attributes in process `syz.1.756'. [ 508.970360][ T8055] ip6gretap0: entered promiscuous mode [ 509.033484][ T8055] ip6gretap0: left promiscuous mode [ 509.794751][ T5836] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 509.910554][ T5860] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 509.919949][ T8068] loop0: detected capacity change from 0 to 7 [ 509.944769][ T8068] Dev loop0: unable to read RDB block 7 [ 509.950945][ T8068] loop0: AHDI p1 [ 509.955394][ T8068] loop0: partition table partially beyond EOD, truncated [ 509.993208][ T5836] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 510.007733][ T5836] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 510.016340][ T8069] netlink: 4 bytes leftover after parsing attributes in process `syz.3.761'. [ 510.054097][ T5836] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 510.063983][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.073068][ T5836] usb 3-1: Product: syz [ 510.077623][ T5836] usb 3-1: Manufacturer: syz [ 510.082666][ T5836] usb 3-1: SerialNumber: syz [ 510.122311][ T5860] usb 6-1: Using ep0 maxpacket: 16 [ 510.162917][ T5860] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 510.236413][ T5860] usb 6-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice= 0.40 [ 510.246198][ T5860] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.254625][ T5860] usb 6-1: Product: syz [ 510.259078][ T5860] usb 6-1: Manufacturer: syz [ 510.264124][ T5860] usb 6-1: SerialNumber: syz [ 510.331323][ T5860] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input12 [ 510.372089][ T5836] usb 3-1: 0:2 : does not exist [ 510.500622][ T5836] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 510.588216][ T5860] usb 6-1: USB disconnect, device number 4 [ 510.604291][ T5836] usb 3-1: USB disconnect, device number 12 [ 511.082419][ T8076] netlink: 16 bytes leftover after parsing attributes in process `syz.3.764'. [ 511.107522][ T8076] ip6gretap0: entered promiscuous mode [ 511.142311][ T8076] ip6gretap0: left promiscuous mode [ 512.094699][ T8091] FAULT_INJECTION: forcing a failure. [ 512.094699][ T8091] name failslab, interval 1, probability 0, space 0, times 0 [ 512.107898][ T8091] CPU: 1 UID: 0 PID: 8091 Comm: syz.4.768 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 512.118869][ T8091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 512.129234][ T8091] Call Trace: [ 512.132741][ T8091] [ 512.135905][ T8091] dump_stack_lvl+0x216/0x2d0 [ 512.140978][ T8091] dump_stack+0x1e/0x24 [ 512.145496][ T8091] should_fail_ex+0x748/0x7f0 [ 512.150638][ T8091] should_failslab+0x17f/0x210 [ 512.155747][ T8091] __kmalloc_noprof+0x176/0x1230 [ 512.161069][ T8091] ? filter_irq_stacks+0x60/0x1a0 [ 512.166445][ T8091] ? genl_family_rcv_msg_attrs_parse+0x114/0x430 [ 512.173149][ T8091] ? kmsan_get_metadata+0x13e/0x1c0 [ 512.178687][ T8091] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 512.184845][ T8091] genl_family_rcv_msg_attrs_parse+0x114/0x430 [ 512.191379][ T8091] ? genl_rcv_msg+0xc4e/0x12c0 [ 512.196477][ T8091] genl_rcv_msg+0xc83/0x12c0 [ 512.201416][ T8091] ? __pfx_ctrl_getfamily+0x10/0x10 [ 512.207050][ T8091] ? stack_depot_save_flags+0x2c/0x750 [ 512.212904][ T8091] ? kmsan_get_metadata+0x13e/0x1c0 [ 512.218501][ T8091] netlink_rcv_skb+0x375/0x650 [ 512.223658][ T8091] ? __pfx_genl_rcv_msg+0x10/0x10 [ 512.229037][ T8091] ? __pfx_genl_rcv+0x10/0x10 [ 512.234058][ T8091] genl_rcv+0x40/0x60 [ 512.238356][ T8091] netlink_unicast+0xf52/0x1260 [ 512.243591][ T8091] netlink_sendmsg+0x10da/0x11e0 [ 512.248935][ T8091] ? __pfx_netlink_sendmsg+0x10/0x10 [ 512.254613][ T8091] ? __pfx_netlink_sendmsg+0x10/0x10 [ 512.260259][ T8091] __sock_sendmsg+0x30f/0x380 [ 512.265291][ T8091] __sys_sendto+0x594/0x750 [ 512.270096][ T8091] ? kmsan_get_metadata+0x13e/0x1c0 [ 512.275627][ T8091] __x64_sys_sendto+0x125/0x1d0 [ 512.280785][ T8091] x64_sys_call+0x346a/0x3c30 [ 512.285859][ T8091] do_syscall_64+0xcd/0x1e0 [ 512.290666][ T8091] ? clear_bhb_loop+0x25/0x80 [ 512.295696][ T8091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.301946][ T8091] RIP: 0033:0x7fc72f587bbc [ 512.306632][ T8091] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 512.326599][ T8091] RSP: 002b:00007fc730481e60 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 512.335349][ T8091] RAX: ffffffffffffffda RBX: 00007fc730481fa0 RCX: 00007fc72f587bbc [ 512.343587][ T8091] RDX: 0000000000000020 RSI: 00007fc730481ff0 RDI: 0000000000000004 [ 512.351836][ T8091] RBP: 0000000000000000 R08: 00007fc730481eb4 R09: 000000000000000c [ 512.360094][ T8091] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 512.368322][ T8091] R13: 00007fc730481f08 R14: 00007fc730481ff0 R15: 0000000000000000 [ 512.376582][ T8091] [ 512.530683][ T8092] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 513.204224][ T8101] loop2: detected capacity change from 0 to 64 [ 513.637541][ T8104] loop0: detected capacity change from 0 to 7 [ 513.669755][ T8104] Dev loop0: unable to read RDB block 7 [ 513.676032][ T8104] loop0: AHDI p1 [ 513.680079][ T8104] loop0: partition table partially beyond EOD, truncated [ 514.153677][ T8109] loop5: detected capacity change from 0 to 4096 [ 514.173029][ T10] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 514.373529][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 514.427859][ T10] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 514.499672][ T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice= 0.40 [ 514.515865][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.526199][ T10] usb 3-1: Product: syz [ 514.530674][ T10] usb 3-1: Manufacturer: syz [ 514.536171][ T10] usb 3-1: SerialNumber: syz [ 514.742660][ T10] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input13 [ 514.949513][ T10] usb 3-1: USB disconnect, device number 13 [ 515.313478][ T29] audit: type=1800 audit(2000000073.640:62): pid=8109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.776" name=AEAEAEAEAEAEBEAEAEAEAEAEBEAEAEAE dev="loop5" ino=34 res=0 errno=0 [ 515.370804][ T8109] ntfs3(loop5): failed to convert "0080" to koi8-ru [ 515.460361][ T8109] ntfs3(loop5): failed to convert name for inode 1e. [ 515.487935][ T8109] ntfs3(loop5): failed to convert "255d" to koi8-ru [ 516.338864][ T8124] netlink: 44 bytes leftover after parsing attributes in process `syz.2.781'. [ 516.444328][ T8130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.781'. [ 516.610324][ T8130] netlink: 'syz.2.781': attribute type 11 has an invalid length. [ 518.002621][ T8138] loop2: detected capacity change from 0 to 512 [ 518.049728][ T8139] loop5: detected capacity change from 0 to 512 [ 518.153228][ T8138] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 518.580964][ T8139] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 518.600196][ T8139] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 519.057743][ T8151] loop0: detected capacity change from 0 to 7 [ 519.090188][ T8151] Dev loop0: unable to read RDB block 7 [ 519.096373][ T8151] loop0: AHDI p1 [ 519.100480][ T8151] loop0: partition table partially beyond EOD, truncated [ 519.194084][ T5790] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 519.202496][ T5790] Bluetooth: hci3: unexpected event for opcode 0x2062 [ 519.615797][ T8153] loop1: detected capacity change from 0 to 128 [ 519.849707][ T8153] befs: Unknown parameter '/dev/video36' [ 519.979841][ T7023] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 520.225702][ T8155] loop2: detected capacity change from 0 to 128 [ 520.316646][ T8155] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 520.493089][ T8155] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 521.102632][ T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 521.418376][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 521.435791][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 521.446541][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 521.457902][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 521.474301][ T10] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 521.486194][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 522.005984][ T10] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 522.015757][ T10] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 522.024338][ T10] usb 6-1: Manufacturer: syz [ 522.159287][ T10] usb 6-1: config 0 descriptor?? [ 522.644986][ T8157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 522.654347][ T8157] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 522.973351][ T5860] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 523.243499][ T5790] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 523.252557][ T5790] Bluetooth: hci3: Injecting HCI hardware error event [ 523.260754][ T5786] Bluetooth: hci3: hardware error 0x00 [ 523.267242][ T5860] usb 5-1: Using ep0 maxpacket: 32 [ 523.507370][ T5860] usb 5-1: config 0 interface 0 has no altsetting 0 [ 523.648925][ T10] rc_core: IR keymap rc-hauppauge not found [ 523.656046][ T10] Registered IR keymap rc-empty [ 523.662451][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 523.773840][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 523.941557][ T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 523.958581][ T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input14 [ 524.032567][ T5860] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 524.047619][ T5860] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.056607][ T5860] usb 5-1: Product: syz [ 524.061055][ T5860] usb 5-1: Manufacturer: syz [ 524.066016][ T5860] usb 5-1: SerialNumber: syz [ 524.370366][ T5860] usb 5-1: config 0 descriptor?? [ 524.403911][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 524.616334][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 524.774079][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 524.972459][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 525.143621][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 525.238858][ T8170] syz.2.797: attempt to access beyond end of device [ 525.238858][ T8170] loop2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 525.261600][ T8170] SQUASHFS error: Failed to read block 0x0: -5 [ 525.270455][ T8170] unable to read squashfs_super_block [ 525.322119][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 525.385089][ T5786] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 525.416844][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 525.434373][ T5860] gs_usb 5-1:0.0: Couldn't get device config: (err=-32) [ 525.442206][ T5860] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -32 [ 525.523982][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 525.592715][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 525.646480][ T10] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 525.745680][ T10] mceusb 6-1:0.0: Registered р with mce emulator interface version 1 [ 525.754344][ T10] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 526.006355][ T10] usb 6-1: USB disconnect, device number 5 [ 526.882162][ T5836] usb 5-1: USB disconnect, device number 11 [ 527.180364][ T8179] ip6_vti0: entered promiscuous mode [ 527.186353][ T8179] vlan2: entered promiscuous mode [ 527.253437][ T8179] ip6_vti0: left promiscuous mode [ 528.550478][ T8194] netlink: 8 bytes leftover after parsing attributes in process `syz.2.805'. [ 529.526637][ T8198] netlink: 12 bytes leftover after parsing attributes in process `syz.5.807'. [ 529.912030][ T8199] loop4: detected capacity change from 0 to 2048 [ 530.321201][ T8187] loop1: detected capacity change from 0 to 32768 [ 530.409051][ T8210] FAULT_INJECTION: forcing a failure. [ 530.409051][ T8210] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 530.423982][ T8210] CPU: 0 UID: 0 PID: 8210 Comm: syz.2.811 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 530.434966][ T8210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 530.445342][ T8210] Call Trace: [ 530.448857][ T8210] [ 530.452013][ T8210] dump_stack_lvl+0x216/0x2d0 [ 530.457100][ T8210] dump_stack+0x1e/0x24 [ 530.461616][ T8210] should_fail_ex+0x748/0x7f0 [ 530.466706][ T8210] should_fail_alloc_page+0x235/0x2b0 [ 530.472450][ T8210] __alloc_pages_noprof+0x343/0xe00 [ 530.478031][ T8210] alloc_pages_mpol_noprof+0x299/0x990 [ 530.483871][ T8210] ? kmsan_get_metadata+0x13e/0x1c0 [ 530.489402][ T8210] vma_alloc_folio_noprof+0x454/0x7f0 [ 530.495138][ T8210] handle_mm_fault+0xa40e/0xdcc0 [ 530.500451][ T8210] ? kmsan_get_metadata+0x13e/0x1c0 [ 530.506050][ T8210] exc_page_fault+0x41b/0x700 [ 530.511102][ T8210] asm_exc_page_fault+0x2b/0x30 [ 530.516313][ T8210] RIP: 0033:0x7fc633848ba3 [ 530.521059][ T8210] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 530.541037][ T8210] RSP: 002b:00007fc6348384a0 EFLAGS: 00010206 [ 530.547444][ T8210] RAX: 0000000000000000 RBX: 00007fc634838540 RCX: 00007fc629200000 [ 530.555713][ T8210] RDX: 00007fc6348386e0 RSI: 000000000000000f RDI: 00007fc6348385e0 [ 530.563983][ T8210] RBP: 000000000000013b R08: 0000000000000008 R09: 00000000000000b4 [ 530.572238][ T8210] R10: 00000000000000c2 R11: 00007fc634838540 R12: 00007fc634838540 [ 530.580526][ T8210] R13: 00007fc633a18fe0 R14: 00000000000000eb R15: 00007fc6348385e0 [ 530.588842][ T8210] [ 530.597861][ T8210] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 530.614624][ T8210] loop2: detected capacity change from 0 to 128 [ 530.633135][ T8187] read_mapping_page failed! [ 530.638037][ T8187] jfs_mount: Failed to read AGGREGATE_I [ 530.644073][ T8187] Mount JFS Failure: -5 [ 530.840091][ T8199] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 531.435107][ T5785] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 531.459173][ T8215] FAULT_INJECTION: forcing a failure. [ 531.459173][ T8215] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 531.473555][ T8215] CPU: 1 UID: 0 PID: 8215 Comm: syz.3.812 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 531.484612][ T8215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 531.494964][ T8215] Call Trace: [ 531.498470][ T8215] [ 531.501628][ T8215] dump_stack_lvl+0x216/0x2d0 [ 531.506684][ T8215] dump_stack+0x1e/0x24 [ 531.511192][ T8215] should_fail_ex+0x748/0x7f0 [ 531.516270][ T8215] should_fail_alloc_page+0x235/0x2b0 [ 531.522007][ T8215] __alloc_pages_noprof+0x343/0xe00 [ 531.527595][ T8215] alloc_pages_mpol_noprof+0x299/0x990 [ 531.533415][ T8215] ? kmsan_get_metadata+0x13e/0x1c0 [ 531.538961][ T8215] vma_alloc_folio_noprof+0x454/0x7f0 [ 531.544723][ T8215] handle_mm_fault+0xa40e/0xdcc0 [ 531.550053][ T8215] ? kmsan_get_metadata+0x13e/0x1c0 [ 531.555653][ T8215] exc_page_fault+0x41b/0x700 [ 531.560721][ T8215] asm_exc_page_fault+0x2b/0x30 [ 531.565946][ T8215] RIP: 0033:0x7f7379a48ba3 [ 531.570671][ T8215] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 531.590700][ T8215] RSP: 002b:00007f737a9284a0 EFLAGS: 00010206 [ 531.597120][ T8215] RAX: 0000000000000000 RBX: 00007f737a928540 RCX: 00007f736f400000 [ 531.605388][ T8215] RDX: 00007f737a9286e0 RSI: 0000000000000001 RDI: 00007f737a9285e0 [ 531.613668][ T8215] RBP: 000000000000013c R08: 000000000000000a R09: 00000000000003a3 [ 531.621908][ T8215] R10: 00000000000003b6 R11: 00007f737a928540 R12: 00007f737a928540 [ 531.630160][ T8215] R13: 00007f7379c18fe0 R14: 00000000000000eb R15: 00007f737a9285e0 [ 531.638483][ T8215] [ 531.646347][ T8215] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 531.845043][ T8216] netlink: 47 bytes leftover after parsing attributes in process `syz.5.813'. [ 532.289940][ T8226] loop4: detected capacity change from 0 to 128 [ 532.344327][ T8229] tipc: Enabling of bearer rejected, already enabled [ 532.964069][ T8234] netlink: 8 bytes leftover after parsing attributes in process `syz.5.818'. [ 533.213892][ T8215] loop3: detected capacity change from 0 to 4096 [ 533.367308][ T8237] netlink: 12 bytes leftover after parsing attributes in process `syz.2.819'. [ 533.647545][ T8243] loop1: detected capacity change from 0 to 256 [ 533.665706][ T8243] exfat: Deprecated parameter 'utf8' [ 533.903546][ T5836] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 534.025736][ T8243] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011ded, chksum : 0x9858084d, utbl_chksum : 0xe619d30d) [ 534.135761][ T5836] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 534.145473][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.153966][ T5836] usb 5-1: Product: syz [ 534.158419][ T5836] usb 5-1: Manufacturer: syz [ 534.167779][ T5836] usb 5-1: SerialNumber: syz [ 534.208932][ T5786] Bluetooth: hci0: command 0x0c1a tx timeout [ 534.236223][ T29] audit: type=1800 audit(2000000092.550:63): pid=8249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.821" name="file1" dev="loop1" ino=1048614 res=0 errno=0 [ 534.344422][ T5862] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 534.405320][ T5836] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 534.658318][ T44] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 534.706588][ T5862] usb 6-1: Using ep0 maxpacket: 32 [ 534.741498][ T5862] usb 6-1: config 0 interface 0 has no altsetting 0 [ 534.765926][ T5836] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 534.795262][ T5862] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 534.805762][ T5862] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.815213][ T5862] usb 6-1: Product: syz [ 534.820610][ T5862] usb 6-1: Manufacturer: syz [ 534.826691][ T5862] usb 6-1: SerialNumber: syz [ 534.855294][ T5862] usb 6-1: config 0 descriptor?? [ 535.015104][ T5836] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.027191][ T5836] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 535.037679][ T5836] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 535.048200][ T5836] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 535.134658][ T8239] netlink: 60 bytes leftover after parsing attributes in process `syz.4.820'. [ 535.171429][ T10] usb 5-1: USB disconnect, device number 12 [ 535.188735][ T5836] usb 3-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 535.219819][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.229498][ C1] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 535.237403][ T5836] usb 3-1: Product: syz [ 535.246274][ T5836] usb 3-1: Manufacturer: syz [ 535.251373][ T5836] usb 3-1: SerialNumber: syz [ 535.265225][ T5836] usb 3-1: config 0 descriptor?? [ 535.284518][ T5836] usb 3-1: ucan: probing device on interface #0 [ 535.296785][ T5836] usb 3-1: ucan: invalid endpoint configuration [ 535.305031][ T5836] usb 3-1: ucan: probe failed; try to update the device firmware [ 535.340981][ T5862] gs_usb 6-1:0.0: Couldn't get device config: (err=-32) [ 535.348941][ T5862] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -32 [ 535.585416][ T8252] loop2: detected capacity change from 0 to 8 [ 535.726905][ T44] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 535.735427][ T44] ath9k_htc: Failed to initialize the device [ 535.787080][ T10] usb 5-1: ath9k_htc: USB layer deinitialized [ 535.917424][ T8257] loop3: detected capacity change from 0 to 4096 [ 535.950399][ T5860] usb 3-1: USB disconnect, device number 14 [ 536.612428][ T5860] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 536.751106][ T8257] ntfs3(loop3): failed to convert "0080" to koi8-ru [ 536.792601][ T8257] ntfs3(loop3): failed to convert name for inode 1e. [ 536.822168][ T5860] usb 5-1: Using ep0 maxpacket: 32 [ 536.858859][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 536.870581][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 536.880896][ T5860] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 536.890505][ T5860] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.967391][ T5860] usb 5-1: config 0 descriptor?? [ 537.055435][ T8266] tipc: Enabling of bearer rejected, already enabled [ 537.457690][ T44] usb 6-1: USB disconnect, device number 6 [ 537.462212][ T8264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 537.474842][ T8264] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 537.808068][ T8270] loop1: detected capacity change from 0 to 128 [ 537.906735][ T8271] netlink: 36 bytes leftover after parsing attributes in process `syz.2.831'. [ 538.714071][ T8278] FAULT_INJECTION: forcing a failure. [ 538.714071][ T8278] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 538.727764][ T8278] CPU: 1 UID: 0 PID: 8278 Comm: syz.2.834 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 538.738716][ T8278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 538.749030][ T8278] Call Trace: [ 538.752505][ T8278] [ 538.755634][ T8278] dump_stack_lvl+0x216/0x2d0 [ 538.760654][ T8278] dump_stack+0x1e/0x24 [ 538.765117][ T8278] should_fail_ex+0x748/0x7f0 [ 538.770134][ T8278] should_fail+0x2a/0x40 [ 538.774729][ T8278] should_fail_usercopy+0x2e/0x40 [ 538.780122][ T8278] _copy_from_user+0x35/0x110 [ 538.785127][ T8278] sctp_setsockopt+0x1b0/0x2040 [ 538.790281][ T8278] ? __pfx_sctp_setsockopt+0x10/0x10 [ 538.795857][ T8278] sock_common_setsockopt+0xf9/0x140 [ 538.801492][ T8278] do_sock_setsockopt+0x4bb/0x7d0 [ 538.806823][ T8278] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 538.813073][ T8278] __x64_sys_setsockopt+0x33d/0x4f0 [ 538.818590][ T8278] x64_sys_call+0x30b9/0x3c30 [ 538.823613][ T8278] do_syscall_64+0xcd/0x1e0 [ 538.828395][ T8278] ? clear_bhb_loop+0x25/0x80 [ 538.833402][ T8278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.839631][ T8278] RIP: 0033:0x7fc633985d29 [ 538.844294][ T8278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 538.864212][ T8278] RSP: 002b:00007fc634839038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 538.872972][ T8278] RAX: ffffffffffffffda RBX: 00007fc633b75fa0 RCX: 00007fc633985d29 [ 538.881261][ T8278] RDX: 0000000000000064 RSI: 0000000000000084 RDI: 0000000000000003 [ 538.889490][ T8278] RBP: 00007fc634839090 R08: 000000000000002c R09: 0000000000000000 [ 538.897715][ T8278] R10: 0000000020000400 R11: 0000000000000246 R12: 0000000000000001 [ 538.905978][ T8278] R13: 0000000000000000 R14: 00007fc633b75fa0 R15: 00007ffcd06e7a98 [ 538.914228][ T8278] [ 538.922740][ T5860] usbhid 5-1:0.0: can't add hid device: -71 [ 538.929489][ T5860] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 538.948479][ T5860] usb 5-1: USB disconnect, device number 13 [ 539.191123][ T8286] FAULT_INJECTION: forcing a failure. [ 539.191123][ T8286] name failslab, interval 1, probability 0, space 0, times 0 [ 539.204740][ T8286] CPU: 0 UID: 0 PID: 8286 Comm: syz.5.837 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 539.215708][ T8286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 539.226068][ T8286] Call Trace: [ 539.229579][ T8286] [ 539.232736][ T8286] dump_stack_lvl+0x216/0x2d0 [ 539.237811][ T8286] dump_stack+0x1e/0x24 [ 539.242341][ T8286] should_fail_ex+0x748/0x7f0 [ 539.247411][ T8286] should_failslab+0x17f/0x210 [ 539.252529][ T8286] __kmalloc_noprof+0x176/0x1230 [ 539.257890][ T8286] ? kfree+0x20/0xdb0 [ 539.262220][ T8286] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 539.268407][ T8286] ? tomoyo_realpath_from_path+0x104/0xaa0 [ 539.274618][ T8286] ? kmsan_get_metadata+0x13e/0x1c0 [ 539.280156][ T8286] tomoyo_realpath_from_path+0x104/0xaa0 [ 539.286207][ T8286] ? __srcu_read_lock+0x76/0xd0 [ 539.291396][ T8286] tomoyo_path_number_perm+0x1d9/0x8f0 [ 539.297235][ T8286] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 539.303971][ T8286] ? kmsan_get_metadata+0x13e/0x1c0 [ 539.309517][ T8286] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 539.315706][ T8286] tomoyo_file_ioctl+0x3f/0x50 [ 539.320821][ T8286] security_file_ioctl+0x145/0x590 [ 539.326313][ T8286] __se_sys_ioctl+0xd0/0x440 [ 539.331290][ T8286] __x64_sys_ioctl+0x96/0xe0 [ 539.336263][ T8286] x64_sys_call+0x19f0/0x3c30 [ 539.341319][ T8286] do_syscall_64+0xcd/0x1e0 [ 539.346140][ T8286] ? clear_bhb_loop+0x25/0x80 [ 539.351189][ T8286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.357473][ T8286] RIP: 0033:0x7fb77af85d29 [ 539.362180][ T8286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 539.382168][ T8286] RSP: 002b:00007fb77bd29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 539.390968][ T8286] RAX: ffffffffffffffda RBX: 00007fb77b175fa0 RCX: 00007fb77af85d29 [ 539.399281][ T8286] RDX: 0000000020000400 RSI: 00000000c0cc5615 RDI: 0000000000000003 [ 539.407574][ T8286] RBP: 00007fb77bd29090 R08: 0000000000000000 R09: 0000000000000000 [ 539.415865][ T8286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 539.424149][ T8286] R13: 0000000000000000 R14: 00007fb77b175fa0 R15: 00007ffd10a3ff18 [ 539.432472][ T8286] [ 539.442760][ T8286] ERROR: Out of memory at tomoyo_realpath_from_path. [ 539.879598][ T8289] libceph: resolve '0.0' (ret=-3): failed [ 540.569123][ T8305] netlink: 36 bytes leftover after parsing attributes in process `syz.1.844'. [ 540.831597][ T8309] loop4: detected capacity change from 0 to 128 [ 541.160084][ T8301] loop2: detected capacity change from 0 to 4096 [ 541.787045][ T8301] ntfs3(loop2): failed to convert "0080" to koi8-ru [ 541.817910][ T8301] ntfs3(loop2): failed to convert name for inode 1e. [ 541.910732][ T8316] loop3: detected capacity change from 0 to 512 [ 541.984046][ T8316] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 542.093078][ T44] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 542.277384][ T44] usb 2-1: Using ep0 maxpacket: 16 [ 542.328718][ T44] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 542.339484][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 542.351026][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 542.361496][ T44] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 542.402946][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 542.403254][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 542.414583][ T5786] Bluetooth: hci0: command 0x0c1a tx timeout [ 542.417481][ T44] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 542.443109][ T5790] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 542.480264][ T44] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 542.490970][ T44] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 542.499495][ T44] usb 2-1: Manufacturer: syz [ 542.550995][ T8325] FAULT_INJECTION: forcing a failure. [ 542.550995][ T8325] name failslab, interval 1, probability 0, space 0, times 0 [ 542.551389][ T8323] loop4: detected capacity change from 0 to 64 [ 542.571083][ T8325] CPU: 0 UID: 0 PID: 8325 Comm: syz.2.852 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 542.585642][ T8325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 542.595989][ T8325] Call Trace: [ 542.599492][ T8325] [ 542.601369][ T44] usb 2-1: config 0 descriptor?? [ 542.602563][ T8325] dump_stack_lvl+0x216/0x2d0 [ 542.602778][ T8325] dump_stack+0x1e/0x24 [ 542.602958][ T8325] should_fail_ex+0x748/0x7f0 [ 542.603166][ T8325] should_failslab+0x17f/0x210 [ 542.603342][ T8325] __kmalloc_noprof+0x176/0x1230 [ 542.603564][ T8325] ? kmsan_get_metadata+0x13e/0x1c0 [ 542.638139][ T8325] ? tomoyo_encode+0x5f8/0xa40 [ 542.643313][ T8325] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 542.649516][ T8325] ? kmsan_get_metadata+0x13e/0x1c0 [ 542.655085][ T8325] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 542.661260][ T8325] tomoyo_encode+0x5f8/0xa40 [ 542.666278][ T8325] tomoyo_realpath_from_path+0x9dd/0xaa0 [ 542.672796][ T8325] tomoyo_path_number_perm+0x1d9/0x8f0 [ 542.678631][ T8325] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 542.685366][ T8325] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 542.691582][ T8325] tomoyo_file_ioctl+0x3f/0x50 [ 542.696687][ T8325] security_file_ioctl+0x145/0x590 [ 542.702172][ T8325] __se_sys_ioctl+0xd0/0x440 [ 542.707147][ T8325] __x64_sys_ioctl+0x96/0xe0 [ 542.712115][ T8325] x64_sys_call+0x19f0/0x3c30 [ 542.717181][ T8325] do_syscall_64+0xcd/0x1e0 [ 542.722028][ T8325] ? clear_bhb_loop+0x25/0x80 [ 542.727093][ T8325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.733380][ T8325] RIP: 0033:0x7fc633985d29 [ 542.738096][ T8325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 542.758086][ T8325] RSP: 002b:00007fc634839038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 542.766898][ T8325] RAX: ffffffffffffffda RBX: 00007fc633b75fa0 RCX: 00007fc633985d29 [ 542.775206][ T8325] RDX: 00000000200002c0 RSI: 0000000000004c0a RDI: 0000000000000003 [ 542.783482][ T8325] RBP: 00007fc634839090 R08: 0000000000000000 R09: 0000000000000000 [ 542.791773][ T8325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 542.800044][ T8325] R13: 0000000000000000 R14: 00007fc633b75fa0 R15: 00007ffcd06e7a98 [ 542.808369][ T8325] [ 542.824196][ T8325] ERROR: Out of memory at tomoyo_realpath_from_path. [ 542.846022][ T29] audit: type=1800 audit(2000000100.993:64): pid=8323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.851" name="file1" dev="loop4" ino=18 res=0 errno=0 [ 542.933752][ T5862] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 543.063394][ T8320] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 543.076465][ T8320] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 543.122060][ T5862] usb 5-1: Using ep0 maxpacket: 16 [ 543.132384][ T44] rc_core: IR keymap rc-hauppauge not found [ 543.138561][ T44] Registered IR keymap rc-empty [ 543.145754][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 543.177260][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 543.189202][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 543.199529][ T5862] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 543.213034][ T5862] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 543.222689][ T5862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.233874][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 543.244129][ T5862] usb 5-1: config 0 descriptor?? [ 543.254950][ T44] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 543.271443][ T44] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input15 [ 543.546597][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 543.653884][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 543.684140][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 543.730747][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 543.755312][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 543.783743][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 543.847455][ T5862] microsoft 0003:045E:07DA.0002: report_id 2624746607 is invalid [ 543.855970][ T5862] microsoft 0003:045E:07DA.0002: item 0 4 1 8 parsing failed [ 543.883717][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 543.922711][ T5862] microsoft 0003:045E:07DA.0002: parse failed [ 543.929560][ T5862] microsoft 0003:045E:07DA.0002: probe with driver microsoft failed with error -22 [ 543.944805][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 543.973627][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 544.002841][ T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 544.041130][ T44] mceusb 2-1:0.0: Registered р with mce emulator interface version 1 [ 544.050124][ T44] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 544.109292][ T8323] hfs: walked past end of dir [ 544.120789][ T44] usb 2-1: USB disconnect, device number 16 [ 544.170197][ T8323] fuse: Bad value for 'user_id' [ 544.175886][ T8323] fuse: Bad value for 'user_id' [ 544.925640][ T8347] netlink: 12 bytes leftover after parsing attributes in process `syz.2.858'. [ 545.079596][ T5860] usb 5-1: USB disconnect, device number 14 [ 545.097203][ T8350] netlink: 16 bytes leftover after parsing attributes in process `syz.1.860'. [ 545.128219][ T8352] loop5: detected capacity change from 0 to 2048 [ 545.258487][ T8352] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 545.593153][ T44] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 545.762266][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 545.794176][ T8360] loop1: detected capacity change from 0 to 128 [ 545.822582][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 545.834121][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 545.848126][ T44] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 545.858851][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.955174][ T44] usb 4-1: config 0 descriptor?? [ 546.478656][ T8354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 546.488605][ T8354] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 546.534052][ T8364] loop4: detected capacity change from 0 to 512 [ 546.633018][ T8364] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 546.704677][ T8368] macvlan0: entered allmulticast mode [ 546.710524][ T8368] veth1_vlan: entered allmulticast mode [ 546.775414][ T8368] veth1_vlan: left allmulticast mode [ 546.835635][ T8368] macvlan0 (unregistering): left allmulticast mode [ 546.872216][ T8371] loop1: detected capacity change from 0 to 64 [ 547.538931][ T5790] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 547.547063][ T5790] Bluetooth: hci0: unexpected event for opcode 0x2062 [ 548.013436][ T8375] loop5: detected capacity change from 0 to 128 [ 548.022649][ T8375] befs: Unknown parameter '/dev/video36' [ 548.303579][ T8378] fuse: Bad value for 'fd' [ 548.610530][ T8380] netlink: 'syz.1.871': attribute type 2 has an invalid length. [ 548.619081][ T8380] netlink: 244 bytes leftover after parsing attributes in process `syz.1.871'. [ 549.986297][ T8385] loop2: detected capacity change from 0 to 1024 [ 550.079355][ T8385] EXT4-fs: Ignoring removed oldalloc option [ 550.085880][ T8385] EXT4-fs: Ignoring removed bh option [ 550.363480][ T8385] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 550.578179][ T8389] netlink: 12 bytes leftover after parsing attributes in process `syz.1.876'. [ 550.714789][ T8395] netlink: 16 bytes leftover after parsing attributes in process `syz.3.874'. [ 551.444280][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 551.593972][ T5790] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 551.602728][ T5790] Bluetooth: hci0: Injecting HCI hardware error event [ 551.610481][ T5790] Bluetooth: hci0: hardware error 0x00 [ 551.630490][ T8397] loop4: detected capacity change from 0 to 128 [ 553.064743][ T8406] FAULT_INJECTION: forcing a failure. [ 553.064743][ T8406] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 553.078755][ T8406] CPU: 0 UID: 0 PID: 8406 Comm: syz.4.881 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 553.089710][ T8406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 553.100045][ T8406] Call Trace: [ 553.103556][ T8406] [ 553.106710][ T8406] dump_stack_lvl+0x216/0x2d0 [ 553.111773][ T8406] dump_stack+0x1e/0x24 [ 553.116273][ T8406] should_fail_ex+0x748/0x7f0 [ 553.121368][ T8406] should_fail_alloc_page+0x235/0x2b0 [ 553.127103][ T8406] __alloc_pages_noprof+0x343/0xe00 [ 553.132691][ T8406] alloc_pages_mpol_noprof+0x299/0x990 [ 553.138494][ T8406] ? kmsan_get_metadata+0x13e/0x1c0 [ 553.144039][ T8406] vma_alloc_folio_noprof+0x454/0x7f0 [ 553.149791][ T8406] do_wp_page+0x1860/0x7160 [ 553.154661][ T8406] ? filter_irq_stacks+0x164/0x1a0 [ 553.160180][ T8406] handle_mm_fault+0x5fe9/0xdcc0 [ 553.165499][ T8406] ? kmsan_get_metadata+0x13e/0x1c0 [ 553.171118][ T8406] exc_page_fault+0x41b/0x700 [ 553.176185][ T8406] asm_exc_page_fault+0x2b/0x30 [ 553.181402][ T8406] RIP: 0033:0x7fc72f448ba3 [ 553.186114][ T8406] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 553.206079][ T8406] RSP: 002b:00007fc7304824a0 EFLAGS: 00010206 [ 553.212493][ T8406] RAX: 0000000000001bf8 RBX: 00007fc730482540 RCX: 00007fc724e00000 [ 553.220774][ T8406] RDX: 00007fc7304826e0 RSI: 000000000000001b RDI: 00007fc7304825e0 [ 553.229049][ T8406] RBP: 0000000000000063 R08: 0000000000000009 R09: 00000000000001b0 [ 553.237307][ T8406] R10: 00000000000001ca R11: 00007fc730482540 R12: 0000000000000001 [ 553.245580][ T8406] R13: 00007fc72f618fe0 R14: 000000000000000f R15: 00007fc7304825e0 [ 553.253867][ T8406] [ 553.267040][ T8406] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 553.336679][ T8405] loop1: detected capacity change from 0 to 512 [ 553.405224][ T8405] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 553.642621][ T5790] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 553.760928][ T8406] loop4: detected capacity change from 0 to 1024 [ 553.832744][ T8406] hfsplus: failed to load attributes file [ 555.067812][ T5860] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 555.278352][ T5860] usb 5-1: Using ep0 maxpacket: 32 [ 555.320010][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 555.335656][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 555.346966][ T5860] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 555.356483][ T5860] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.554951][ T5860] usb 5-1: config 0 descriptor?? [ 555.586812][ T44] usbhid 4-1:0.0: can't add hid device: -71 [ 555.595137][ T44] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 555.608364][ T44] usb 4-1: USB disconnect, device number 6 [ 556.061505][ T8412] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 556.071033][ T8412] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 557.227181][ T8440] netlink: 16 bytes leftover after parsing attributes in process `syz.1.890'. [ 557.277910][ T5860] usbhid 5-1:0.0: can't add hid device: -71 [ 557.284832][ T5860] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 557.347728][ T5860] usb 5-1: USB disconnect, device number 15 [ 557.563385][ T8441] netlink: 12 bytes leftover after parsing attributes in process `syz.2.889'. [ 558.031433][ T5860] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 558.272313][ T5860] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 558.283787][ T5860] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 558.418810][ T5860] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 558.428626][ T5860] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.442884][ T5860] usb 4-1: Product: syz [ 558.447456][ T5860] usb 4-1: Manufacturer: syz [ 558.459498][ T5860] usb 4-1: SerialNumber: syz [ 558.492393][ T5862] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 558.642915][ T44] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 558.782778][ T5862] usb 6-1: Using ep0 maxpacket: 16 [ 558.802578][ T5862] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 558.813604][ T5862] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 558.825138][ T5862] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 558.835260][ T5862] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 558.849398][ T5862] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 558.873983][ T5860] usb 4-1: 0:2 : does not exist [ 559.153947][ T5860] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 559.603203][ T8453] loop1: detected capacity change from 0 to 32768 [ 559.783920][ T5862] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 559.793705][ T5862] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 559.800011][ T8460] loop3: detected capacity change from 0 to 512 [ 559.804574][ T5862] usb 6-1: Manufacturer: syz [ 559.813204][ T44] usb 5-1: Using ep0 maxpacket: 32 [ 559.948269][ T8460] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 560.050327][ T5862] usb 6-1: config 0 descriptor?? [ 560.191619][ T44] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 560.237345][ T44] usb 5-1: New USB device found, idVendor=05ac, idProduct=b0c5, bcdDevice=61.c8 [ 560.245313][ T5860] usb 4-1: USB disconnect, device number 7 [ 560.247274][ T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.261425][ T44] usb 5-1: Product: syz [ 560.266228][ T44] usb 5-1: Manufacturer: syz [ 560.267529][ T8453] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 560.271137][ T44] usb 5-1: SerialNumber: syz [ 560.411708][ T44] usb 5-1: config 0 descriptor?? [ 560.535866][ T8451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 560.545455][ T8451] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 560.638144][ T44] usb 5-1: USB disconnect, device number 16 [ 560.720102][ T5792] ocfs2: Unmounting device (7,1) on (node local) [ 560.764240][ T5862] rc_core: IR keymap rc-hauppauge not found [ 560.770576][ T5862] Registered IR keymap rc-empty [ 560.776595][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 560.805432][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 560.834171][ T5862] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 560.852510][ T5862] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input16 [ 560.898279][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 560.925316][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 560.955080][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 560.984891][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 561.015077][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 561.042826][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 561.064218][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 561.112569][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 561.152822][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 561.189749][ T5862] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 561.273345][ T5862] mceusb 6-1:0.0: Registered р with mce emulator interface version 1 [ 561.282146][ T5862] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 561.532256][ T5862] usb 6-1: USB disconnect, device number 7 [ 561.729275][ T8473] loop1: detected capacity change from 0 to 128 [ 561.739194][ T8473] befs: (loop1): No write support. Marking filesystem read-only [ 561.799365][ T8473] befs: (loop1): invalid magic header [ 561.962657][ T44] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 562.433319][ T44] usb 3-1: Using ep0 maxpacket: 32 [ 562.455419][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 562.467065][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 562.477507][ T44] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 562.487222][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.537157][ T8481] netlink: 12 bytes leftover after parsing attributes in process `syz.5.906'. [ 562.550145][ T44] usb 3-1: config 0 descriptor?? [ 562.876096][ T8477] loop1: detected capacity change from 0 to 4096 [ 563.260466][ T8472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 563.270463][ T8472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 563.374491][ T8477] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 563.401113][ T8477] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [ 563.574146][ T5862] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 563.636438][ T8488] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 563.782749][ T5862] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 563.793804][ T5862] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 563.876791][ T5862] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 563.887645][ T5862] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.896347][ T5862] usb 5-1: Product: syz [ 563.901013][ T5862] usb 5-1: Manufacturer: syz [ 563.906536][ T5862] usb 5-1: SerialNumber: syz [ 564.163618][ T5862] usb 5-1: 0:2 : does not exist [ 564.206477][ T5862] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 564.242935][ T44] usbhid 3-1:0.0: can't add hid device: -71 [ 564.249713][ T44] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 564.291112][ T44] usb 3-1: USB disconnect, device number 15 [ 564.433029][ T5862] usb 5-1: USB disconnect, device number 17 [ 565.158943][ T8500] FAULT_INJECTION: forcing a failure. [ 565.158943][ T8500] name failslab, interval 1, probability 0, space 0, times 0 [ 565.172508][ T8500] CPU: 1 UID: 0 PID: 8500 Comm: syz.2.913 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 565.183481][ T8500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 565.193859][ T8500] Call Trace: [ 565.197397][ T8500] [ 565.200559][ T8500] dump_stack_lvl+0x216/0x2d0 [ 565.205639][ T8500] dump_stack+0x1e/0x24 [ 565.210157][ T8500] should_fail_ex+0x748/0x7f0 [ 565.215241][ T8500] should_failslab+0x17f/0x210 [ 565.220357][ T8500] kmem_cache_alloc_node_noprof+0xf4/0xe00 [ 565.226563][ T8500] ? __alloc_skb+0x1e9/0x7b0 [ 565.231486][ T8500] ? kmsan_get_metadata+0x13e/0x1c0 [ 565.237079][ T8500] __alloc_skb+0x1e9/0x7b0 [ 565.241838][ T8500] netlink_alloc_large_skb+0x1b4/0x280 [ 565.247675][ T8500] netlink_sendmsg+0xa96/0x11e0 [ 565.252915][ T8500] ? __pfx_netlink_sendmsg+0x10/0x10 [ 565.258573][ T8500] ? __pfx_netlink_sendmsg+0x10/0x10 [ 565.264248][ T8500] __sock_sendmsg+0x30f/0x380 [ 565.269322][ T8500] ____sys_sendmsg+0x877/0xb60 [ 565.274471][ T8500] ___sys_sendmsg+0x28d/0x3c0 [ 565.279515][ T8500] ? __rcu_read_unlock+0x7b/0xe0 [ 565.284860][ T8500] ? __fget_files+0x42b/0x500 [ 565.289880][ T8500] ? kmsan_get_metadata+0x13e/0x1c0 [ 565.295418][ T8500] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 565.301579][ T8500] __x64_sys_sendmsg+0x212/0x3c0 [ 565.306883][ T8500] ? kmsan_get_metadata+0x13e/0x1c0 [ 565.312427][ T8500] x64_sys_call+0x2ed6/0x3c30 [ 565.317501][ T8500] do_syscall_64+0xcd/0x1e0 [ 565.322335][ T8500] ? clear_bhb_loop+0x25/0x80 [ 565.327388][ T8500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.333668][ T8500] RIP: 0033:0x7fc633985d29 [ 565.338379][ T8500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.358366][ T8500] RSP: 002b:00007fc634839038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 565.367164][ T8500] RAX: ffffffffffffffda RBX: 00007fc633b75fa0 RCX: 00007fc633985d29 [ 565.375453][ T8500] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 565.383756][ T8500] RBP: 00007fc634839090 R08: 0000000000000000 R09: 0000000000000000 [ 565.392026][ T8500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 565.400413][ T8500] R13: 0000000000000000 R14: 00007fc633b75fa0 R15: 00007ffcd06e7a98 [ 565.408728][ T8500] [ 565.517210][ T8502] loop5: detected capacity change from 0 to 512 [ 565.618331][ T8502] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities [ 565.676399][ T8504] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 566.257410][ T5862] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 566.663569][ T5862] usb 4-1: Using ep0 maxpacket: 32 [ 567.036573][ T5862] usb 4-1: config 0 interface 0 has no altsetting 0 [ 567.151923][ T5862] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 567.161516][ T5862] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.170162][ T5862] usb 4-1: Product: syz [ 567.174884][ T5862] usb 4-1: Manufacturer: syz [ 567.179779][ T5862] usb 4-1: SerialNumber: syz [ 567.233090][ T5862] usb 4-1: config 0 descriptor?? [ 567.334785][ T8515] netlink: 12 bytes leftover after parsing attributes in process `syz.5.920'. [ 567.848820][ T5862] gs_usb 4-1:0.0: Couldn't get device config: (err=-121) [ 567.862035][ T5862] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -121 [ 568.242158][ T5862] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 568.370826][ T8524] loop5: detected capacity change from 0 to 64 [ 568.472227][ T5862] usb 3-1: Using ep0 maxpacket: 32 [ 568.511542][ T5862] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 568.527490][ T5862] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 568.538453][ T5862] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 568.548064][ T5862] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.679387][ T5862] usb 3-1: config 0 descriptor?? [ 568.992320][ T10] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 569.193024][ T8522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 569.202762][ T8522] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 569.206069][ T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 569.221890][ T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 569.271059][ T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 569.281093][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.295496][ T10] usb 5-1: Product: syz [ 569.299971][ T10] usb 5-1: Manufacturer: syz [ 569.306776][ T10] usb 5-1: SerialNumber: syz [ 569.648008][ T10] usb 5-1: 0:2 : does not exist [ 569.648977][ T44] usb 4-1: USB disconnect, device number 8 [ 569.730172][ T10] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 569.960496][ T10] usb 5-1: USB disconnect, device number 18 [ 570.172116][ T5862] usbhid 3-1:0.0: can't add hid device: -71 [ 570.179030][ T5862] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 570.260628][ T5862] usb 3-1: USB disconnect, device number 16 [ 570.823845][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 571.236204][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 571.251218][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 571.524831][ T8552] 9pnet_virtio: no channels available for device syz [ 588.889043][ T5786] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 589.092924][ T5786] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 589.192871][ T5786] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 589.423260][ T5786] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 589.438582][ T5786] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 589.478051][ T5786] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 591.592673][ T5790] Bluetooth: hci5: command tx timeout [ 594.403803][ T5790] Bluetooth: hci5: command tx timeout [ 595.164842][ T8607] chnl_net:caif_netlink_parms(): no params data found [ 595.365353][ T8637] input: syz0 as /devices/virtual/input/input17 [ 596.145030][ T8646] netlink: 'syz.4.959': attribute type 29 has an invalid length. [ 596.210759][ T8646] netlink: 'syz.4.959': attribute type 29 has an invalid length. [ 596.472828][ T5786] Bluetooth: hci5: command tx timeout [ 598.542762][ T5786] Bluetooth: hci5: command tx timeout [ 599.035885][ T8607] bridge0: port 1(bridge_slave_0) entered blocking state [ 599.045900][ T8607] bridge0: port 1(bridge_slave_0) entered disabled state [ 599.054001][ T8607] bridge_slave_0: entered allmulticast mode [ 599.063809][ T8607] bridge_slave_0: entered promiscuous mode [ 599.356249][ T8607] bridge0: port 2(bridge_slave_1) entered blocking state [ 599.364147][ T8607] bridge0: port 2(bridge_slave_1) entered disabled state [ 599.372085][ T8607] bridge_slave_1: entered allmulticast mode [ 599.380791][ T8607] bridge_slave_1: entered promiscuous mode [ 599.489035][ T8607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 599.564786][ T8607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 600.028291][ T8607] team0: Port device team_slave_0 added [ 600.095356][ T8607] team0: Port device team_slave_1 added [ 600.430504][ T5786] Bluetooth: hci4: unexpected event for opcode 0x100c [ 600.459781][ T8607] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 600.467356][ T8607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 600.493644][ T8607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 600.592783][ T8607] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 600.600363][ T8607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 600.631377][ T8607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 600.793331][ T5862] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 601.513818][ T8607] hsr_slave_0: entered promiscuous mode [ 601.674472][ T8607] hsr_slave_1: entered promiscuous mode [ 601.766975][ T5862] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 601.775673][ T5862] usb 2-1: config 0 has no interface number 0 [ 601.782211][ T5862] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 601.793473][ T5862] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 601.809517][ T5862] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 601.821588][ T5862] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64 [ 601.833478][ T5862] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 601.846992][ T5862] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 601.860062][ T5862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.632723][ T8607] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 603.640495][ T8607] Cannot create hsr debugfs directory [ 603.825565][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 603.832314][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 603.980113][ T5862] usb 2-1: config 0 descriptor?? [ 604.221184][ T5862] usb 2-1: can't set config #0, error -71 [ 604.294039][ T5862] usb 2-1: USB disconnect, device number 17 [ 604.432265][ T44] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 605.380223][ T44] usb 6-1: Using ep0 maxpacket: 8 [ 605.424834][ T44] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 605.436786][ T44] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 605.449798][ T44] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 605.462082][ T44] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 605.473765][ T44] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 605.616697][ T8683] input: syz0 as /devices/virtual/input/input18 [ 605.623644][ T8683] input: failed to attach handler leds to device input18, error: -6 [ 606.286773][ T8685] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 607.559099][ T8607] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 607.894087][ T44] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 607.903336][ T44] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 607.915195][ T44] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 607.927346][ T44] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 607.938917][ T44] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 608.213897][ T8607] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 608.252509][ T44] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 608.260363][ T44] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 608.273289][ T44] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 608.285467][ T44] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 608.297091][ T44] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 608.354919][ T8607] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 608.418058][ T8607] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 608.749775][ T5786] Bluetooth: hci4: unexpected event for opcode 0x0c5b [ 609.109109][ T44] usb 6-1: string descriptor 0 read error: -71 [ 609.116393][ T44] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 609.130581][ T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.178708][ T8696] netlink: 8 bytes leftover after parsing attributes in process `syz.1.972'. [ 609.195891][ T44] usb 6-1: can't set config #168, error -71 [ 609.311973][ T44] usb 6-1: USB disconnect, device number 8 [ 610.559705][ T5860] libceph: connect (1)[c::]:6789 error -101 [ 610.566330][ T5860] libceph: mon0 (1)[c::]:6789 connect error [ 610.833819][ T10] libceph: connect (1)[c::]:6789 error -101 [ 610.840167][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 610.920651][ T8708] ceph: No mds server is up or the cluster is laggy [ 611.457464][ T8607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 611.864819][ T8607] 8021q: adding VLAN 0 to HW filter on device team0 [ 611.940262][ T4838] bridge0: port 1(bridge_slave_0) entered blocking state [ 611.948264][ T4838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 611.965851][ T4838] bridge0: port 2(bridge_slave_1) entered blocking state [ 611.973795][ T4838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 612.174243][ T8723] lo speed is unknown, defaulting to 1000 [ 612.180536][ T8723] lo speed is unknown, defaulting to 1000 [ 612.187763][ T8723] lo speed is unknown, defaulting to 1000 [ 612.219033][ T8723] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 612.258378][ T8723] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 612.446409][ T8607] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 612.458496][ T8607] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 612.546491][ T8723] lo speed is unknown, defaulting to 1000 [ 612.555740][ T8723] lo speed is unknown, defaulting to 1000 [ 612.564829][ T8723] lo speed is unknown, defaulting to 1000 [ 612.573836][ T8723] lo speed is unknown, defaulting to 1000 [ 612.582726][ T8723] lo speed is unknown, defaulting to 1000 [ 612.591578][ T8723] lo speed is unknown, defaulting to 1000 [ 612.605054][ T8723] lo speed is unknown, defaulting to 1000 [ 613.086500][ T10] IPVS: starting estimator thread 0... [ 613.092980][ T5790] Bluetooth: hci5: command 0x0405 tx timeout [ 613.224183][ T8733] IPVS: using max 192 ests per chain, 9600 per kthread [ 615.317910][ T8607] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 615.527785][ T8753] delete_channel: no stack [ 617.646983][ T8607] veth0_vlan: entered promiscuous mode [ 617.707810][ T8607] veth1_vlan: entered promiscuous mode [ 617.831072][ T8607] veth0_macvtap: entered promiscuous mode [ 617.855016][ T8607] veth1_macvtap: entered promiscuous mode [ 617.912629][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 617.923496][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.938301][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 617.950545][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.960909][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 617.972723][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.982891][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 617.993761][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.003967][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 618.015791][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.026050][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 618.041412][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.064761][ T8607] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 618.598141][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.612648][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.624735][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.636502][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.652837][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.667218][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.677481][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.688837][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.698920][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.709648][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.719768][ T8607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.730508][ T8607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.753258][ T8607] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 618.888525][ T8775] ===================================================== [ 618.895974][ T8775] BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x470 [ 618.902764][ T8775] ax25cmp+0x3a5/0x470 [ 618.907067][ T8775] nr_dev_get+0x20e/0x450 [ 618.911642][ T8775] nr_route_frame+0x1a2/0xfe0 [ 618.916659][ T8775] nr_xmit+0x5a/0x1c0 [ 618.920848][ T8775] dev_hard_start_xmit+0x247/0xa20 [ 618.926297][ T8775] __dev_queue_xmit+0x366a/0x57d0 [ 618.931568][ T8775] raw_sendmsg+0x6b5/0xdf0 [ 618.936385][ T8775] ieee802154_sock_sendmsg+0x96/0xd0 [ 618.942076][ T8775] __sock_sendmsg+0x30f/0x380 [ 618.947027][ T8775] ____sys_sendmsg+0x903/0xb60 [ 618.952150][ T8775] ___sys_sendmsg+0x28d/0x3c0 [ 618.957053][ T8775] __sys_sendmmsg+0x2ff/0x880 [ 618.962080][ T8775] __x64_sys_sendmmsg+0xbc/0x120 [ 618.967260][ T8775] x64_sys_call+0x33c2/0x3c30 [ 618.972341][ T8775] do_syscall_64+0xcd/0x1e0 [ 618.977061][ T8775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.983354][ T8775] [ 618.985802][ T8775] Uninit was created at: [ 618.990371][ T8775] kmem_cache_alloc_node_noprof+0x907/0xe00 [ 618.996702][ T8775] kmalloc_reserve+0x13d/0x4a0 [ 619.001811][ T8775] __alloc_skb+0x363/0x7b0 [ 619.006442][ T8775] alloc_skb_with_frags+0xc8/0xd00 [ 619.012020][ T8775] sock_alloc_send_pskb+0xa81/0xbf0 [ 619.017470][ T8775] raw_sendmsg+0x367/0xdf0 [ 619.022242][ T8775] ieee802154_sock_sendmsg+0x96/0xd0 [ 619.027793][ T8775] __sock_sendmsg+0x30f/0x380 [ 619.032864][ T8775] ____sys_sendmsg+0x903/0xb60 [ 619.037872][ T8775] ___sys_sendmsg+0x28d/0x3c0 [ 619.042937][ T8775] __sys_sendmmsg+0x2ff/0x880 [ 619.047868][ T8775] __x64_sys_sendmmsg+0xbc/0x120 [ 619.053188][ T8775] x64_sys_call+0x33c2/0x3c30 [ 619.058145][ T8775] do_syscall_64+0xcd/0x1e0 [ 619.062992][ T8775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.069169][ T8775] [ 619.071625][ T8775] CPU: 1 UID: 0 PID: 8775 Comm: syz.5.992 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 619.082729][ T8775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 619.093107][ T8775] ===================================================== [ 619.100203][ T8775] Disabling lock debugging due to kernel taint [ 619.106692][ T8775] Kernel panic - not syncing: kmsan.panic set ... [ 619.113284][ T8775] CPU: 1 UID: 0 PID: 8775 Comm: syz.5.992 Tainted: G B 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 619.125607][ T8775] Tainted: [B]=BAD_PAGE [ 619.129884][ T8775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 619.140108][ T8775] Call Trace: [ 619.143535][ T8775] [ 619.146606][ T8775] dump_stack_lvl+0x216/0x2d0 [ 619.151551][ T8775] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 619.157601][ T8775] dump_stack+0x1e/0x24 [ 619.162015][ T8775] panic+0x4e2/0xcf0 [ 619.166160][ T8775] ? kmsan_get_metadata+0x71/0x1c0 [ 619.171524][ T8775] kmsan_report+0x2c7/0x2d0 [ 619.176235][ T8775] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 619.182296][ T8775] ? __msan_warning+0x95/0x120 [ 619.187302][ T8775] ? ax25cmp+0x3a5/0x470 [ 619.191756][ T8775] ? nr_dev_get+0x20e/0x450 [ 619.196503][ T8775] ? nr_route_frame+0x1a2/0xfe0 [ 619.201572][ T8775] ? nr_xmit+0x5a/0x1c0 [ 619.205921][ T8775] ? dev_hard_start_xmit+0x247/0xa20 [ 619.211405][ T8775] ? __dev_queue_xmit+0x366a/0x57d0 [ 619.216808][ T8775] ? raw_sendmsg+0x6b5/0xdf0 [ 619.221606][ T8775] ? ieee802154_sock_sendmsg+0x96/0xd0 [ 619.227297][ T8775] ? __sock_sendmsg+0x30f/0x380 [ 619.232387][ T8775] ? ____sys_sendmsg+0x903/0xb60 [ 619.237565][ T8775] ? ___sys_sendmsg+0x28d/0x3c0 [ 619.242640][ T8775] ? __sys_sendmmsg+0x2ff/0x880 [ 619.247701][ T8775] ? __x64_sys_sendmmsg+0xbc/0x120 [ 619.253032][ T8775] ? x64_sys_call+0x33c2/0x3c30 [ 619.258144][ T8775] ? do_syscall_64+0xcd/0x1e0 [ 619.263099][ T8775] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.269441][ T8775] ? kmsan_internal_poison_memory+0x7d/0x90 [ 619.275609][ T8775] ? kmsan_get_metadata+0x13e/0x1c0 [ 619.281020][ T8775] ? kmsan_internal_poison_memory+0x49/0x90 [ 619.287161][ T8775] ? kmsan_slab_alloc+0xdf/0x160 [ 619.292346][ T8775] ? kmem_cache_alloc_node_noprof+0x907/0xe00 [ 619.298660][ T8775] ? kmalloc_reserve+0x13d/0x4a0 [ 619.303798][ T8775] ? __alloc_skb+0x363/0x7b0 [ 619.308571][ T8775] ? alloc_skb_with_frags+0xc8/0xd00 [ 619.314065][ T8775] ? sock_alloc_send_pskb+0xa81/0xbf0 [ 619.319660][ T8775] ? raw_sendmsg+0x367/0xdf0 [ 619.324460][ T8775] ? ieee802154_sock_sendmsg+0x96/0xd0 [ 619.330147][ T8775] ? __sock_sendmsg+0x30f/0x380 [ 619.335233][ T8775] ? ____sys_sendmsg+0x903/0xb60 [ 619.340380][ T8775] ? ___sys_sendmsg+0x28d/0x3c0 [ 619.345443][ T8775] ? __sys_sendmmsg+0x2ff/0x880 [ 619.350531][ T8775] ? __x64_sys_sendmmsg+0xbc/0x120 [ 619.355890][ T8775] ? x64_sys_call+0x33c2/0x3c30 [ 619.361009][ T8775] ? do_syscall_64+0xcd/0x1e0 [ 619.365900][ T8775] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.372238][ T8775] ? __alloc_skb+0x1e9/0x7b0 [ 619.377056][ T8775] ? kmsan_get_metadata+0x13e/0x1c0 [ 619.382462][ T8775] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 619.388477][ T8775] ? kmem_cache_alloc_node_noprof+0x79/0xe00 [ 619.394708][ T8775] ? kmsan_get_metadata+0x13e/0x1c0 [ 619.400108][ T8775] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 619.406122][ T8775] ? kmsan_get_metadata+0x13e/0x1c0 [ 619.411659][ T8775] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 619.417743][ T8775] __msan_warning+0x95/0x120 [ 619.422592][ T8775] ax25cmp+0x3a5/0x470 [ 619.426928][ T8775] nr_dev_get+0x20e/0x450 [ 619.431476][ T8775] nr_route_frame+0x1a2/0xfe0 [ 619.436383][ T8775] ? validate_xmit_xfrm+0x8b/0x1bc0 [ 619.441872][ T8775] ? kmsan_get_metadata+0x13e/0x1c0 [ 619.447291][ T8775] nr_xmit+0x5a/0x1c0 [ 619.451467][ T8775] ? __pfx_nr_xmit+0x10/0x10 [ 619.456271][ T8775] dev_hard_start_xmit+0x247/0xa20 [ 619.461637][ T8775] __dev_queue_xmit+0x366a/0x57d0 [ 619.466897][ T8775] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 619.472936][ T8775] ? _copy_from_iter+0x9ae/0x2b00 [ 619.478220][ T8775] ? __dev_queue_xmit+0x3d6/0x57d0 [ 619.483581][ T8775] raw_sendmsg+0x6b5/0xdf0 [ 619.488234][ T8775] ? __pfx_raw_sendmsg+0x10/0x10 [ 619.493392][ T8775] ieee802154_sock_sendmsg+0x96/0xd0 [ 619.498925][ T8775] ? __pfx_ieee802154_sock_sendmsg+0x10/0x10 [ 619.505137][ T8775] ? __pfx_ieee802154_sock_sendmsg+0x10/0x10 [ 619.511355][ T8775] __sock_sendmsg+0x30f/0x380 [ 619.516294][ T8775] ____sys_sendmsg+0x903/0xb60 [ 619.521298][ T8775] ___sys_sendmsg+0x28d/0x3c0 [ 619.526201][ T8775] ? __rcu_read_unlock+0x7b/0xe0 [ 619.531389][ T8775] ? __fget_files+0x42b/0x500 [ 619.536327][ T8775] ? kmsan_get_metadata+0x13e/0x1c0 [ 619.541728][ T8775] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 619.547775][ T8775] __sys_sendmmsg+0x2ff/0x880 [ 619.552701][ T8775] ? do_futex+0x341/0x4a0 [ 619.557269][ T8775] ? kmsan_get_metadata+0x13e/0x1c0 [ 619.562730][ T8775] __x64_sys_sendmmsg+0xbc/0x120 [ 619.567935][ T8775] x64_sys_call+0x33c2/0x3c30 [ 619.572903][ T8775] do_syscall_64+0xcd/0x1e0 [ 619.577619][ T8775] ? clear_bhb_loop+0x25/0x80 [ 619.582547][ T8775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.588687][ T8775] RIP: 0033:0x7fb77af85d29 [ 619.593268][ T8775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 619.613115][ T8775] RSP: 002b:00007fb77bd08038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 619.621759][ T8775] RAX: ffffffffffffffda RBX: 00007fb77b176080 RCX: 00007fb77af85d29 [ 619.629950][ T8775] RDX: 000000000000fdef RSI: 00000000200020c0 RDI: 0000000000000004 [ 619.638095][ T8775] RBP: 00007fb77b001aa8 R08: 0000000000000000 R09: 0000000000000000 [ 619.646255][ T8775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 619.654398][ T8775] R13: 0000000000000000 R14: 00007fb77b176080 R15: 00007ffd10a3ff18 [ 619.662569][ T8775] [ 619.666076][ T8775] Kernel Offset: disabled [ 619.670492][ T8775] Rebooting in 86400 seconds..