last executing test programs: 8.81050033s ago: executing program 0 (id=3091): r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) shutdown(0xffffffffffffffff, 0x2000000) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) mmap$IORING_OFF_SQ_RING(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x2000005, 0x13, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, 0x0) ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000240)={{&(0x7f0000ff9000/0x4000)=nil, 0x4000}, 0x1}) lsetxattr$trusted_overlay_opaque(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280), &(0x7f00000002c0), 0x2, 0x2) r3 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x8100) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_RESET(r3, 0x4141, 0x0) close(r1) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r5, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600)={r6, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800000], [0x0, 0x1001000, 0x3], [0x0, 0xfffffffffffffffd, 0xe8a6, 0x3]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r7, 0x0, 0x0, r8], [0x2b8, 0x5], [0xff]}) close_range(r0, 0xffffffffffffffff, 0x0) (fail_nth: 1) 8.791529403s ago: executing program 3 (id=3092): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$l2tp(0x2, 0x2, 0x73) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0xfffffde6, &(0x7f0000000080)=ANY=[@ANYRES8], 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000070000000000000012000a14000000110001000000000000000000d3bc000a"], 0x28}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket(0xa, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001d008104e00f80ecdb4cb9f207c804a010000000880811fb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r5, 0x84, 0x15, &(0x7f00000000c0), 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, 0x0, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x400c0d4, 0x0, 0x0) writev(r5, &(0x7f0000000100), 0x0) write$UHID_SET_REPORT_REPLY(r5, &(0x7f00000007c0)=ANY=[], 0xffe0) r6 = socket$alg(0x26, 0x5, 0x0) accept4(r6, 0x0, 0x0, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r7, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) 8.606841896s ago: executing program 0 (id=3094): pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x129c81, 0x0) ppoll(&(0x7f0000000280)=[{r1, 0x2000}], 0x1, 0x0, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xff2e) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mprotect(&(0x7f000021f000/0x4000)=nil, 0x4000, 0x4) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200)={0x0, 0x6, 0x6, 0x6, 0x1, "42341f9b1000007e4f00"}) r2 = syz_open_pts(r1, 0x0) dup3(r2, r1, 0x0) splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r3, &(0x7f0000000380)={0xa, 0x3, 0x4, @local, 0x1}, 0x1c) r4 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x6, 0x356, 0x100, 0x0, 0x6, "793498ae49e546e6"}) r5 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x0, 0x0, 0xffffff00], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0x20000000}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4cd) sendmsg(r3, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="3310", 0xffd0}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 7.462142176s ago: executing program 0 (id=3100): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x101000541) write$UHID_INPUT(r0, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b3709094bf70e0dd038e7ff7fc6e5539b324c078b089b3438076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b39310d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e01000000138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12d3099dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f6dc7bcbf2a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509301815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827466cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d951061ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033095563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db87195358bfee2916580dacae008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2df086dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36ffffffff00000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817b97c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000f4ff000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1061}}, 0x1006) 7.215508178s ago: executing program 0 (id=3101): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="24000000190001090000000000000000021800000002c80b0000000008000100ac1414"], 0x24}}, 0x80) 6.742084773s ago: executing program 0 (id=3105): r0 = socket(0x10, 0x2, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000400)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000fddbdf252000000008000300", @ANYRES32=r5, @ANYBLOB="54002d800500010000000000050004000000000008000200"], 0x70}, 0x1, 0x0, 0x0, 0x8000}, 0x84) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000001000900010073797a30000000000800054000000022200011800a00010071756f7461000000100002800c000140fffffffffffffffe140000001000010000000000000000000284000a"], 0xa4}}, 0x24000000) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'syztnl2\x00', &(0x7f0000000080)={'ip6_vti0\x00', 0x0, 0x0, 0x7, 0xc, 0x800001, 0x51, @local, @private1, 0x10, 0x0, 0x8001}}) r7 = syz_open_dev$audion(&(0x7f0000000140), 0x5, 0x10000) ioctl$KVM_GET_CPUID2(r7, 0xc008ae91, &(0x7f0000000280)={0x4, 0x0, [{}, {}, {}, {}]}) 6.385903249s ago: executing program 0 (id=3107): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r2 = socket$netlink(0x10, 0x3, 0x9) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000017c0)=r1, 0x4) sendmsg$AUDIT_SET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f0000000040)={0x5}) r4 = socket$nl_route(0x10, 0x3, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x400001) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x4, 0x10ff}) setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0xc, &(0x7f0000000040)=0x1000007c, 0xfe4d) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c0000001a0001000020000000000000020020004df1"], 0x1c}}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) 6.304855106s ago: executing program 4 (id=3039): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d01"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000dc0)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) 6.125990031s ago: executing program 3 (id=3110): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x0) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) write$P9_RSTATu(r0, &(0x7f00000004c0)=ANY=[], 0x232) 4.828382493s ago: executing program 3 (id=3112): r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4}) ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405668, &(0x7f0000000100)={0x0, 0x1, 0x2}) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x9) r3 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="01000000000000000a000000000000e53329c24c00ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000001000"/142], 0x90) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100080", @ANYRES32=0x0, @ANYBLOB="89000200000000000a000100aaaaaaaaaabb0000140012800b000100697036746e6c000004000280"], 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) r7 = socket(0x40000000015, 0x5, 0x0) getsockname$packet(r7, 0x0, &(0x7f0000000e00)) bind$netlink(r6, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) socket$inet6(0xa, 0x3, 0x2f) socket(0x10, 0x803, 0x0) socket$xdp(0x2c, 0x3, 0x0) 4.004551621s ago: executing program 1 (id=3115): r0 = syz_io_uring_setup(0x1370, &(0x7f0000000340)={0x0, 0x49fa, 0x0, 0x0, 0x4e}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff], 0x1}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) syz_usb_connect$uac1(0x2, 0x71, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x20, {0x7}}}}}}}]}}, 0x0) 3.507588485s ago: executing program 3 (id=3118): r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='`\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000250000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008b00", @ANYRES32=r0, @ANYBLOB="080001007063690011000200303030303a30303a31302e300000000008008c0003000000"], 0x60}, 0x1, 0x0, 0x0, 0x44004}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) 3.153812678s ago: executing program 3 (id=3120): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000018dfde1035121000822953050a0109021200010000000009040001"], 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a010400000000080000000a0000070900010073797a31000000005800048054000180090001006d6574610000000044000280080001400000000f08ee024000000000080003400000000a0800024000000015080001400000000b0800014000000009080002400000001008000340"], 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x4000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40}, {0x6}]}, 0x10) syz_emit_ethernet(0x9a, &(0x7f0000000300)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x6, 0x6, "8a8f4e", 0x64, 0x11, 0x1, @loopback, @local, {[], {0x4e21, 0x4e23, 0x64, 0x0, @wg=@response={0x2, 0x1, 0x0, "188fd90740aa4bb8883a93b1bba877c8f40141df2f812152f35ec16a62d19632", "0946c6ad13ca73d3484af98d19424bf1", {"00d720fdc9b92b620c4d2c29416305dc", "bbbde51fd40e91bb6243d9d0c7eefa28"}}}}}}}}, 0x0) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @private1}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c) recvmsg(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x20) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(r5, 0x4b47, &(0x7f0000000080)={0xaa, 0x7f, 0x7fff}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 3.153487668s ago: executing program 4 (id=3121): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3, 0x1}, 0x18, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x5) r1 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r1, 0x207a98, 0x0, 0x0, 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000200), 0x3, r7}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r4, 0xc01864ba, &(0x7f0000000300)={0x21, r8, r5}) r9 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x2000011, r9, 0x0) ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000280)={'batadv_slave_1\x00', &(0x7f0000002fc0)=@ethtool_stats={0x33}}) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0xc3, 0x0) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r11, &(0x7f0000000040)=ANY=[], 0x118) ioctl$TUNGETIFF(r10, 0x800454d2, &(0x7f0000000000)={'pimreg1\x00'}) recvmmsg(r11, &(0x7f0000002800)=[{{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000140)=""/105, 0x69}, {&(0x7f00000001c0)=""/152, 0x98}, {&(0x7f00000002c0)=""/31, 0x1f}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/158, 0x9e}, {&(0x7f00000013c0)=""/95, 0x5f}, {&(0x7f0000001440)=""/175, 0xaf}, {&(0x7f0000001500)=""/13, 0xd}], 0x8, &(0x7f00000015c0)=""/214, 0xd6}, 0x4f8e}, {{&(0x7f00000016c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x80, &(0x7f0000001b00)=[{&(0x7f0000001740)=""/253, 0xfd}, {&(0x7f0000001840)=""/74, 0x4a}, {&(0x7f00000018c0)=""/205, 0xcd}, {&(0x7f00000019c0)=""/8, 0x8}, {&(0x7f0000001a00)=""/230, 0xe6}], 0x5, &(0x7f0000001b80)=""/171, 0xab}, 0x3}, {{&(0x7f0000001c40)=@caif=@util, 0x80, &(0x7f0000001d40)=[{&(0x7f0000001cc0)=""/100, 0x64}], 0x1, &(0x7f0000001d80)=""/46, 0x2e}, 0x4}, {{&(0x7f0000001dc0)=@caif=@dgm, 0x80, &(0x7f0000001f00)=[{&(0x7f0000001e40)=""/86, 0x56}, {&(0x7f0000001ec0)=""/19, 0x13}], 0x2}, 0x9}, {{&(0x7f0000001f40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f00000026c0)=[{&(0x7f0000001fc0)=""/119, 0x77}, {&(0x7f0000002040)=""/139, 0x8b}, {&(0x7f0000002100)=""/154, 0x9a}, {&(0x7f00000021c0)=""/206, 0xce}, {&(0x7f00000022c0)=""/217, 0xd9}, {&(0x7f00000023c0)=""/53, 0x35}, {&(0x7f0000002400)=""/78, 0x4e}, {&(0x7f0000002480)=""/59, 0x3b}, {&(0x7f00000024c0)=""/243, 0xf3}, {&(0x7f00000025c0)=""/226, 0xe2}], 0xa, &(0x7f0000002780)=""/75, 0x4b}, 0xf65}], 0x5, 0x1, &(0x7f0000002940)={0x77359400}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r11, 0x0) write$cgroup_devices(r10, &(0x7f0000000000)=ANY=[], 0xffdd) 2.893867838s ago: executing program 4 (id=3124): syz_io_uring_setup(0x8007c49, &(0x7f0000000200)={0x0, 0xcaff, 0x10000, 0x0, 0x37f}, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc044560f, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000400)=0xa4, 0x4) syz_emit_ethernet(0x66, &(0x7f0000000300)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x30, 0x3a, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, {[], @dest_unreach={0x1, 0xc8ff9f55e8dc000f, 0x0, 0x0, '\x00', {0x0, 0x6, "00b235", 0x0, 0x3a, 0x0, @dev={0xfe, 0x80, '\x00', 0x1d}, @remote}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2140, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000500)={0x0, 0x200, 0x0, 'queue0\x00', 0xf}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x3}, 0x7ff}) close_range(r2, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0xbf}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) writev(r4, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272) 2.230450815s ago: executing program 1 (id=3125): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a010100441405030000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0000009078"], 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff) r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1.979552157s ago: executing program 4 (id=3126): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200"/64, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c00000090"], 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff) r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1.636316329s ago: executing program 1 (id=3127): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000180)="450f011a66ba610066edc11e01f266662e40f444f4c4617969d22edbe3c744240057000000c744240210000000c7442406000000000f011c24400f01c3664f0f38f531", 0x43}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 1) 1.410107696s ago: executing program 2 (id=3128): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x118, 0x1f, 0x1, 0x0, 0x0, "", [@nested={0x105, 0x0, 0x0, 0x1, [@typed={0x14, 0x3, 0x0, 0x0, @ipv6=@private1}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@dev}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b504681000000000000009ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c"]}]}, 0x118}], 0x1}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)={0x1c, 0x43, 0x9, 0xffffffff, 0x25dfdbfd, {0x1}, [@nested={0x6, 0x4, 0x0, 0x1, [@generic='fM']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40088c0}, 0x0) setsockopt(r1, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000300)=ANY=[@ANYBLOB="03"], 0xa) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) rt_sigqueueinfo(r3, 0x18, &(0x7f0000000040)={0x22, 0x1, 0xfff}) 1.197488973s ago: executing program 4 (id=3129): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000000)={0x6, 'nr0\x00', {}, 0x100}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x0, 'veth0_to_bond\x00', {0x9}, 0x5}) 892.007039ms ago: executing program 4 (id=3130): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d01"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000dc0)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) 751.870085ms ago: executing program 1 (id=3131): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce0702000000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0000009078"], 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff) add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 750.801877ms ago: executing program 2 (id=3132): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) io_setup(0xffff, &(0x7f0000000080)) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) 491.832167ms ago: executing program 2 (id=3133): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x106, 0x0, @dev={0xac, 0x14, 0x14, 0x1c}}}}, 0x118) (fail_nth: 1) 377.925808ms ago: executing program 1 (id=3134): ioperm(0x0, 0x40, 0x80) setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, 0x0, 0x0) socket$rxrpc(0x21, 0x2, 0x2) socket$tipc(0x1e, 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) r2 = socket(0x2b, 0x80801, 0x1) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x10000, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0xffffffab, @loopback}, 0x1c) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = syz_io_uring_setup(0x495, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x7, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x4, 0x0}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r1, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = dup(r7) ioctl$TCSETSF(r8, 0x5404, &(0x7f0000000000)={0x0, 0xfffffffb, 0x0, 0x515f3157, 0x4, "78e1141009f593233bce41f20613341f43d01f"}) 293.833089ms ago: executing program 2 (id=3135): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000000000000850000007300000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0xa2) write$FUSE_INIT(r2, &(0x7f0000000140)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1}}, 0x50) readv(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/123, 0x7b}], 0x1) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r4 = openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_type(r4, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, 0x0, 0x20000000) write$cgroup_pid(r6, &(0x7f0000000080), 0x12) 233.141785ms ago: executing program 2 (id=3136): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000d80)=@delchain={0x144, 0x65, 0x2, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0x6}}, [@filter_kind_options=@f_bpf={{0x8}, {0xf8, 0x2, [@TCA_BPF_FLAGS={0x8, 0x8, 0x1}, @TCA_BPF_FLAGS={0x8, 0x8, 0x1}, @TCA_BPF_FD={0x8}, @TCA_BPF_ACT={0xdc, 0x1, [@m_sample={0xd8, 0x10, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x5}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x7}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x200}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x2}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x6, 0x674, 0x20000000, 0x5, 0x8}}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x2}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x800}]}, {0x61, 0x6, "9200fd45cfbfaf345fb3a8a997749fefa053a1e631f289e2733a34bfda3a1983d7027974d46e922209e9f418398e634151458aec78c3e590819e1ab74e5f08ce9f128c78176c6afb718af7f892cc43aa236ae8553e2bcb9475712e849a"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x8}, @TCA_RATE={0x6, 0x5, {0x6, 0x2}}, @filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x144}, 0x1, 0x0, 0x0, 0x81}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0), 0x0, 0x0, &(0x7f0000003700)={0x77359400}) 119.280368ms ago: executing program 2 (id=3137): bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[], 0x50) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0xc70, 0xf011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x40}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100003b7431087d077a62100001020301090224000200000000090400000203"], 0x0) (async) syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100003b7431087d077a62100001020301090224000200000000090400000203"], 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, &(0x7f0000000040)={0x3a, 0x21, 0x7, {0x7, 0x0, "34fe801d5e"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 112.960722ms ago: executing program 3 (id=3138): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r0, 0x2c9ab000) (fail_nth: 1) 0s ago: executing program 1 (id=3139): r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x88100, 0x0) ppoll(&(0x7f0000002200)=[{r0}], 0x1, &(0x7f0000002240)={0x0, 0x3938700}, 0x0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x30, &(0x7f0000000300)=""/236, &(0x7f0000000040)=0xec) r2 = socket$inet6(0xa, 0x3, 0xff) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0xb}) sendmsg$inet6(r2, &(0x7f0000000240)={&(0x7f0000000300)={0xa, 0x7, 0x3ae2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x100000}, 0x1c, 0x0, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="20010000000000002900000037"], 0x120}, 0x24044014) kernel console output (not intermixed with test programs): usb 3-1: config 0 has no interface number 0 [ 1141.473579][T12017] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 1141.500029][T12017] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1141.523563][T12017] usb 3-1: Product: syz [ 1141.590177][T13636] dccp_close: ABORT with 36 bytes unread [ 1141.696730][T12017] usb 3-1: Manufacturer: syz [ 1141.704051][T12017] usb 3-1: SerialNumber: syz [ 1141.743627][T12017] usb 3-1: config 0 descriptor?? [ 1142.477900][T12017] usb 3-1: Found UVC 0.00 device syz (046d:08f3) [ 1142.500346][T12017] usb 3-1: No valid video chain found. [ 1142.527470][T12017] usb 3-1: USB disconnect, device number 117 [ 1143.136528][T13657] FAULT_INJECTION: forcing a failure. [ 1143.136528][T13657] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1143.154954][T13657] CPU: 0 UID: 0 PID: 13657 Comm: syz.4.2013 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1143.154985][T13657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1143.154998][T13657] Call Trace: [ 1143.155007][T13657] [ 1143.155016][T13657] dump_stack_lvl+0x241/0x360 [ 1143.155052][T13657] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1143.155081][T13657] ? __pfx__printk+0x10/0x10 [ 1143.155122][T13657] should_fail_ex+0x424/0x570 [ 1143.155149][T13657] _copy_from_user+0x2d/0xb0 [ 1143.155181][T13657] do_sock_getsockopt+0x1d5/0x740 [ 1143.155209][T13657] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1143.155228][T13657] ? __fget_files+0x2a/0x420 [ 1143.155253][T13657] ? __fget_files+0x39d/0x420 [ 1143.155275][T13657] ? __fget_files+0x2a/0x420 [ 1143.155307][T13657] __x64_sys_getsockopt+0x2a3/0x370 [ 1143.155337][T13657] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 1143.155366][T13657] ? do_syscall_64+0xb6/0x230 [ 1143.155395][T13657] do_syscall_64+0xf3/0x230 [ 1143.155420][T13657] ? clear_bhb_loop+0x45/0xa0 [ 1143.155445][T13657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1143.155466][T13657] RIP: 0033:0x7ffa9318d169 [ 1143.155484][T13657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1143.155503][T13657] RSP: 002b:00007ffa94048038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1143.155525][T13657] RAX: ffffffffffffffda RBX: 00007ffa933a6080 RCX: 00007ffa9318d169 [ 1143.155540][T13657] RDX: 0000000000000001 RSI: 0000000000000084 RDI: 0000000000000003 [ 1143.155553][T13657] RBP: 00007ffa94048090 R08: 0000200000000080 R09: 0000000000000000 [ 1143.155568][T13657] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 1143.155581][T13657] R13: 0000000000000000 R14: 00007ffa933a6080 R15: 00007ffd4ecf39d8 [ 1143.155613][T13657] [ 1143.375686][T13662] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode [ 1143.383110][T13662] mac80211_hwsim hwsim4 syzkaller0: left allmulticast mode [ 1144.497239][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 1144.497260][ T30] audit: type=1800 audit(1744226169.312:121): pid=13663 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.2014" name="/" dev="fuse" ino=0 res=0 errno=0 [ 1145.606763][T13689] FAULT_INJECTION: forcing a failure. [ 1145.606763][T13689] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1145.665744][T13689] CPU: 0 UID: 0 PID: 13689 Comm: syz.2.2024 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1145.665776][T13689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1145.665791][T13689] Call Trace: [ 1145.665800][T13689] [ 1145.665810][T13689] dump_stack_lvl+0x241/0x360 [ 1145.665848][T13689] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1145.665878][T13689] ? __pfx__printk+0x10/0x10 [ 1145.665920][T13689] should_fail_ex+0x424/0x570 [ 1145.665948][T13689] _copy_from_user+0x2d/0xb0 [ 1145.665980][T13689] rawv6_setsockopt+0x237/0x6d0 [ 1145.666017][T13689] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 1145.666053][T13689] ? sock_common_setsockopt+0x37/0xc0 [ 1145.666087][T13689] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1145.666118][T13689] do_sock_setsockopt+0x3b1/0x710 [ 1145.666146][T13689] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1145.666175][T13689] ? ksys_write+0x266/0x2d0 [ 1145.666214][T13689] __x64_sys_setsockopt+0x1ee/0x280 [ 1145.666242][T13689] do_syscall_64+0xf3/0x230 [ 1145.666270][T13689] ? clear_bhb_loop+0x45/0xa0 [ 1145.666296][T13689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1145.666317][T13689] RIP: 0033:0x7f0c2978d169 [ 1145.666336][T13689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1145.666355][T13689] RSP: 002b:00007f0c2a5fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1145.666379][T13689] RAX: ffffffffffffffda RBX: 00007f0c299a5fa0 RCX: 00007f0c2978d169 [ 1145.666395][T13689] RDX: 0000000000000024 RSI: 0000000000000029 RDI: 0000000000000003 [ 1145.666409][T13689] RBP: 00007f0c2a5fd090 R08: 0000000000000019 R09: 0000000000000000 [ 1145.666423][T13689] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 1145.666438][T13689] R13: 0000000000000000 R14: 00007f0c299a5fa0 R15: 00007ffe6e24b128 [ 1145.666470][T13689] [ 1145.962686][T13702] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 1146.102973][T13702] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode [ 1146.957968][T13710] FAULT_INJECTION: forcing a failure. [ 1146.957968][T13710] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1147.012488][T13710] CPU: 1 UID: 0 PID: 13710 Comm: syz.3.2031 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1147.012520][T13710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1147.012542][T13710] Call Trace: [ 1147.012552][T13710] [ 1147.012561][T13710] dump_stack_lvl+0x241/0x360 [ 1147.012598][T13710] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1147.012627][T13710] ? __pfx__printk+0x10/0x10 [ 1147.012668][T13710] should_fail_ex+0x424/0x570 [ 1147.012695][T13710] _copy_from_user+0x2d/0xb0 [ 1147.012727][T13710] copy_msghdr_from_user+0xb3/0x580 [ 1147.012762][T13710] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1147.012788][T13710] ? __fget_files+0x2a/0x420 [ 1147.012815][T13710] ? __fget_files+0x2a/0x420 [ 1147.012848][T13710] __sys_sendmsg+0x20a/0x360 [ 1147.012876][T13710] ? __pfx___sys_sendmsg+0x10/0x10 [ 1147.012954][T13710] ? do_syscall_64+0xb6/0x230 [ 1147.012983][T13710] do_syscall_64+0xf3/0x230 [ 1147.013008][T13710] ? clear_bhb_loop+0x45/0xa0 [ 1147.013033][T13710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1147.013053][T13710] RIP: 0033:0x7ff7a918d169 [ 1147.013070][T13710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1147.013089][T13710] RSP: 002b:00007ff7a9f92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1147.013111][T13710] RAX: ffffffffffffffda RBX: 00007ff7a93a5fa0 RCX: 00007ff7a918d169 [ 1147.013127][T13710] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 1147.013141][T13710] RBP: 00007ff7a9f92090 R08: 0000000000000000 R09: 0000000000000000 [ 1147.013154][T13710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1147.013167][T13710] R13: 0000000000000000 R14: 00007ff7a93a5fa0 R15: 00007ffe6d62c548 [ 1147.013199][T13710] [ 1147.203434][ T5876] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 1147.675693][ T24] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 1147.875213][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 1148.208736][ T5876] usb 3-1: Using ep0 maxpacket: 8 [ 1148.225280][ T5876] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1148.234364][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1148.242654][ T5876] usb 3-1: Product: syz [ 1148.246896][ T5876] usb 3-1: Manufacturer: syz [ 1148.248486][ T24] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 1148.251497][ T5876] usb 3-1: SerialNumber: syz [ 1148.283569][ T5876] usb 3-1: config 0 descriptor?? [ 1148.308557][ T24] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1148.364698][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1148.378652][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1148.420252][ T24] usb 4-1: config 1 has no interface number 0 [ 1148.434964][ T24] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1148.454295][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1148.499194][ T24] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 1148.508622][ T5876] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1148.703874][ T24] snd_usb_pod 4-1:1.1: set_interface failed [ 1148.720789][ T24] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 1148.739556][ T24] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 1148.760343][ T24] usb 4-1: USB disconnect, device number 104 [ 1148.863357][T13735] syz.0.2041 uses obsolete (PF_INET,SOCK_PACKET) [ 1149.154635][ T5244] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 1149.324644][ T5244] usb 5-1: Using ep0 maxpacket: 8 [ 1149.343989][ T5244] usb 5-1: config 6 has an invalid interface number: 2 but max is 0 [ 1149.361703][ T5244] usb 5-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 1149.447715][ T5244] usb 5-1: config 6 has no interface number 0 [ 1149.463884][ T5244] usb 5-1: too many endpoints for config 6 interface 2 altsetting 255: 255, using maximum allowed: 30 [ 1149.532685][ T5244] usb 5-1: config 6 interface 2 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 1149.569930][ T5244] usb 5-1: config 6 interface 2 has no altsetting 0 [ 1149.863068][ T5244] usb 5-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 1150.014038][ T5244] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1150.164599][ T5244] usb 5-1: Product: syz [ 1150.258023][ T5244] usb 5-1: Manufacturer: syz [ 1150.276912][ T5244] usb 5-1: SerialNumber: syz [ 1150.318640][ T5244] hso 5-1:6.2: Not our interface [ 1150.575580][T13764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1150.600282][T13764] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1150.655407][ T5876] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1150.716760][ T24] usb 5-1: USB disconnect, device number 98 [ 1150.764455][ T5876] usb 3-1: USB disconnect, device number 118 [ 1151.180228][T13768] FAULT_INJECTION: forcing a failure. [ 1151.180228][T13768] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1151.210477][T13768] CPU: 1 UID: 0 PID: 13768 Comm: syz.3.2051 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1151.210508][T13768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1151.210522][T13768] Call Trace: [ 1151.210532][T13768] [ 1151.210542][T13768] dump_stack_lvl+0x241/0x360 [ 1151.210579][T13768] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1151.210609][T13768] ? __pfx__printk+0x10/0x10 [ 1151.210652][T13768] should_fail_ex+0x424/0x570 [ 1151.210680][T13768] _copy_from_user+0x2d/0xb0 [ 1151.210713][T13768] copy_msghdr_from_user+0xb3/0x580 [ 1151.210749][T13768] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1151.210787][T13768] ? __fget_files+0x2a/0x420 [ 1151.210815][T13768] ? __fget_files+0x2a/0x420 [ 1151.210849][T13768] __sys_sendmsg+0x20a/0x360 [ 1151.210877][T13768] ? __pfx___sys_sendmsg+0x10/0x10 [ 1151.210968][T13768] ? do_syscall_64+0xb6/0x230 [ 1151.210995][T13768] do_syscall_64+0xf3/0x230 [ 1151.211019][T13768] ? clear_bhb_loop+0x45/0xa0 [ 1151.211043][T13768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.211062][T13768] RIP: 0033:0x7ff7a918d169 [ 1151.211079][T13768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1151.211097][T13768] RSP: 002b:00007ff7a9f92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1151.211119][T13768] RAX: ffffffffffffffda RBX: 00007ff7a93a5fa0 RCX: 00007ff7a918d169 [ 1151.211133][T13768] RDX: 0000000004008040 RSI: 0000200000000000 RDI: 0000000000000003 [ 1151.211147][T13768] RBP: 00007ff7a9f92090 R08: 0000000000000000 R09: 0000000000000000 [ 1151.211160][T13768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1151.211172][T13768] R13: 0000000000000000 R14: 00007ff7a93a5fa0 R15: 00007ffe6d62c548 [ 1151.211201][T13768] [ 1151.392166][ C1] vkms_vblank_simulate: vblank timer overrun [ 1151.524402][T13773] FAULT_INJECTION: forcing a failure. [ 1151.524402][T13773] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1151.537623][T13773] CPU: 1 UID: 0 PID: 13773 Comm: syz.2.2054 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1151.537653][T13773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1151.537667][T13773] Call Trace: [ 1151.537677][T13773] [ 1151.537686][T13773] dump_stack_lvl+0x241/0x360 [ 1151.537725][T13773] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1151.537755][T13773] ? __pfx__printk+0x10/0x10 [ 1151.537797][T13773] should_fail_ex+0x424/0x570 [ 1151.537826][T13773] _copy_from_user+0x2d/0xb0 [ 1151.537858][T13773] core_sys_select+0x542/0xab0 [ 1151.537896][T13773] ? __pfx_core_sys_select+0x10/0x10 [ 1151.537915][T13773] ? rcu_read_lock_any_held+0xbb/0x160 [ 1151.537958][T13773] ? vfs_write+0xb29/0xd10 [ 1151.538014][T13773] ? __pfx_vfs_write+0x10/0x10 [ 1151.538044][T13773] ? __pfx_set_user_sigmask+0x10/0x10 [ 1151.538067][T13773] ? __pfx_do_sys_openat2+0x10/0x10 [ 1151.538090][T13773] ? put_files_struct+0x23d/0x310 [ 1151.538121][T13773] __se_sys_pselect6+0x356/0x3e0 [ 1151.538154][T13773] ? __pfx___se_sys_pselect6+0x10/0x10 [ 1151.538187][T13773] ? __x64_sys_pselect6+0x21/0xf0 [ 1151.538213][T13773] do_syscall_64+0xf3/0x230 [ 1151.538241][T13773] ? clear_bhb_loop+0x45/0xa0 [ 1151.538267][T13773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.538288][T13773] RIP: 0033:0x7f0c2978d169 [ 1151.538308][T13773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1151.538327][T13773] RSP: 002b:00007f0c2a5fd038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 1151.538351][T13773] RAX: ffffffffffffffda RBX: 00007f0c299a5fa0 RCX: 00007f0c2978d169 [ 1151.538367][T13773] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 1151.538381][T13773] RBP: 00007f0c2a5fd090 R08: 0000000000000000 R09: 0000000000000000 [ 1151.538395][T13773] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 1151.538409][T13773] R13: 0000000000000000 R14: 00007f0c299a5fa0 R15: 00007ffe6e24b128 [ 1151.538442][T13773] [ 1151.742438][ C1] vkms_vblank_simulate: vblank timer overrun [ 1151.989957][T13775] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 1153.361521][T13808] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2065'. [ 1154.012133][T13815] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2061'. [ 1155.491051][T13815] lo speed is unknown, defaulting to 1000 [ 1155.844756][ T5244] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 1156.562937][ T5244] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1156.610908][ T5244] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1156.849698][ T5244] usb 5-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 1156.965325][ T5244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1157.574656][ T5244] usb 5-1: config 0 descriptor?? [ 1157.656091][T13855] FAULT_INJECTION: forcing a failure. [ 1157.656091][T13855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1157.672682][T13855] CPU: 1 UID: 0 PID: 13855 Comm: syz.3.2076 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1157.672709][T13855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1157.672721][T13855] Call Trace: [ 1157.672729][T13855] [ 1157.672737][T13855] dump_stack_lvl+0x241/0x360 [ 1157.672770][T13855] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1157.672797][T13855] ? __pfx__printk+0x10/0x10 [ 1157.672834][T13855] should_fail_ex+0x424/0x570 [ 1157.672858][T13855] _copy_from_user+0x2d/0xb0 [ 1157.672888][T13855] copy_msghdr_from_user+0xb3/0x580 [ 1157.672918][T13855] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1157.672941][T13855] ? __fget_files+0x2a/0x420 [ 1157.672967][T13855] ? __fget_files+0x2a/0x420 [ 1157.672997][T13855] __sys_sendmmsg+0x361/0x7b0 [ 1157.673029][T13855] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1157.673099][T13855] ? rcu_read_lock_any_held+0xbb/0x160 [ 1157.673127][T13855] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1157.673160][T13855] ? vfs_write+0xb29/0xd10 [ 1157.673198][T13855] ? ksys_write+0x24e/0x2d0 [ 1157.673230][T13855] ? __mutex_unlock_slowpath+0x229/0x800 [ 1157.673286][T13855] ? ksys_write+0x275/0x2d0 [ 1157.673326][T13855] __x64_sys_sendmmsg+0xa0/0xb0 [ 1157.673351][T13855] do_syscall_64+0xf3/0x230 [ 1157.673376][T13855] ? clear_bhb_loop+0x45/0xa0 [ 1157.673402][T13855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1157.673429][T13855] RIP: 0033:0x7ff7a918d169 [ 1157.673447][T13855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1157.673466][T13855] RSP: 002b:00007ff7a9f92038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1157.673487][T13855] RAX: ffffffffffffffda RBX: 00007ff7a93a5fa0 RCX: 00007ff7a918d169 [ 1157.673502][T13855] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000015 [ 1157.673517][T13855] RBP: 00007ff7a9f92090 R08: 0000000000000000 R09: 0000000000000000 [ 1157.673531][T13855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1157.673543][T13855] R13: 0000000000000000 R14: 00007ff7a93a5fa0 R15: 00007ffe6d62c548 [ 1157.673574][T13855] [ 1157.882558][ C1] vkms_vblank_simulate: vblank timer overrun [ 1157.958214][ T10] usb 5-1: USB disconnect, device number 99 [ 1159.475841][T13864] netlink: 'syz.0.2077': attribute type 10 has an invalid length. [ 1159.489701][T13864] hsr0: entered promiscuous mode [ 1159.510025][T13864] : (slave hsr0): The slave device specified does not support setting the MAC address [ 1159.530548][T13864] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1159.548871][T13864] : (slave hsr0): Error -22 calling dev_set_mtu [ 1159.570493][T13870] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2078'. [ 1159.602042][T13872] ±ÿ: renamed from team_slave_1 [ 1159.648485][T13865] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2078'. [ 1159.683456][T13867] lo speed is unknown, defaulting to 1000 [ 1160.651243][T13884] tap0: tun_chr_ioctl cmd 1074025677 [ 1160.673950][T13884] tap0: linktype set to 778 [ 1160.771179][T13890] 9pnet: p9_errstr2errno: server reported unknown error — [ 1160.803201][T13867] FAULT_INJECTION: forcing a failure. [ 1160.803201][T13867] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1160.817127][T13867] CPU: 0 UID: 0 PID: 13867 Comm: syz.3.2080 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1160.817157][T13867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1160.817171][T13867] Call Trace: [ 1160.817180][T13867] [ 1160.817189][T13867] dump_stack_lvl+0x241/0x360 [ 1160.817229][T13867] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1160.817259][T13867] ? __pfx__printk+0x10/0x10 [ 1160.817302][T13867] should_fail_ex+0x424/0x570 [ 1160.817329][T13867] _copy_from_user+0x2d/0xb0 [ 1160.817362][T13867] copy_msghdr_from_user+0xb3/0x580 [ 1160.817398][T13867] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1160.817424][T13867] ? __fget_files+0x2a/0x420 [ 1160.817461][T13867] ? __fget_files+0x2a/0x420 [ 1160.817495][T13867] __sys_sendmsg+0x20a/0x360 [ 1160.817524][T13867] ? __pfx___sys_sendmsg+0x10/0x10 [ 1160.817596][T13867] ? do_syscall_64+0xb6/0x230 [ 1160.817623][T13867] do_syscall_64+0xf3/0x230 [ 1160.817646][T13867] ? clear_bhb_loop+0x45/0xa0 [ 1160.817669][T13867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1160.817688][T13867] RIP: 0033:0x7ff7a918d169 [ 1160.817706][T13867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1160.817723][T13867] RSP: 002b:00007ff7a9f92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1160.817744][T13867] RAX: ffffffffffffffda RBX: 00007ff7a93a5fa0 RCX: 00007ff7a918d169 [ 1160.817759][T13867] RDX: 0000000000000040 RSI: 0000200000000140 RDI: 0000000000000003 [ 1160.817772][T13867] RBP: 00007ff7a9f92090 R08: 0000000000000000 R09: 0000000000000000 [ 1160.817783][T13867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1160.817795][T13867] R13: 0000000000000000 R14: 00007ff7a93a5fa0 R15: 00007ffe6d62c548 [ 1160.817824][T13867] [ 1161.086775][T12017] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 1161.373554][T12017] usb 3-1: device descriptor read/64, error -71 [ 1161.749276][T12017] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 1162.065902][T12017] usb 3-1: device descriptor read/64, error -71 [ 1162.176708][T12017] usb usb3-port1: attempt power cycle [ 1162.292344][T13912] bridge0: port 3(team0) entered blocking state [ 1162.299178][T13912] bridge0: port 3(team0) entered disabled state [ 1162.307892][T13912] team0: entered allmulticast mode [ 1162.313421][T13912] team_slave_0: entered allmulticast mode [ 1162.321020][T13912] team_slave_1: entered allmulticast mode [ 1162.334306][T13912] team0: entered promiscuous mode [ 1162.339800][T13912] team_slave_0: entered promiscuous mode [ 1162.348181][T13912] team_slave_1: entered promiscuous mode [ 1162.355781][T13912] bridge0: port 3(team0) entered blocking state [ 1162.362164][T13912] bridge0: port 3(team0) entered forwarding state [ 1162.644866][T12017] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 1162.926372][T12017] usb 3-1: device descriptor read/8, error -71 [ 1163.307468][T12017] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 1163.336758][T12017] usb 3-1: device descriptor read/8, error -71 [ 1163.409360][T13922] netlink: 'syz.1.2097': attribute type 4 has an invalid length. [ 1163.475233][T12017] usb usb3-port1: unable to enumerate USB device [ 1163.476030][T13922] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2097'. [ 1163.657329][T13922] : renamed from  (while UP) [ 1163.935327][T13922] bond_slave_0: left promiscuous mode [ 1164.017826][T13922] bond_slave_1: left promiscuous mode [ 1164.353706][T13937] lo speed is unknown, defaulting to 1000 [ 1164.877097][T13948] overlayfs: missing 'lowerdir' [ 1165.166293][ T5244] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 1165.806365][ T5244] usb 5-1: device descriptor read/64, error -71 [ 1166.503356][T13958] overlayfs: missing 'workdir' [ 1166.597420][T13957] overlayfs: failed to clone upperpath [ 1166.619154][T13937] FAULT_INJECTION: forcing a failure. [ 1166.619154][T13937] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1166.632916][T13937] CPU: 0 UID: 0 PID: 13937 Comm: syz.2.2101 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1166.632966][T13937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1166.633002][T13937] Call Trace: [ 1166.633011][T13937] [ 1166.633020][T13937] dump_stack_lvl+0x241/0x360 [ 1166.633056][T13937] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1166.633085][T13937] ? __pfx__printk+0x10/0x10 [ 1166.633127][T13937] should_fail_ex+0x424/0x570 [ 1166.633155][T13937] _copy_from_user+0x2d/0xb0 [ 1166.633186][T13937] do_sock_getsockopt+0x1d5/0x740 [ 1166.633240][T13937] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1166.633264][T13937] ? __fget_files+0x2a/0x420 [ 1166.633291][T13937] ? __fget_files+0x39d/0x420 [ 1166.633314][T13937] ? __fget_files+0x2a/0x420 [ 1166.633361][T13937] __x64_sys_getsockopt+0x2a3/0x370 [ 1166.633416][T13937] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 1166.633447][T13937] ? do_syscall_64+0xb6/0x230 [ 1166.633477][T13937] do_syscall_64+0xf3/0x230 [ 1166.633503][T13937] ? clear_bhb_loop+0x45/0xa0 [ 1166.633529][T13937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1166.633557][T13937] RIP: 0033:0x7f0c2978d169 [ 1166.633576][T13937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1166.633594][T13937] RSP: 002b:00007f0c2a5fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1166.633616][T13937] RAX: ffffffffffffffda RBX: 00007f0c299a5fa0 RCX: 00007f0c2978d169 [ 1166.633632][T13937] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000004 [ 1166.633650][T13937] RBP: 00007f0c2a5fd090 R08: 0000200000000080 R09: 0000000000000000 [ 1166.633664][T13937] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1166.633678][T13937] R13: 0000000000000000 R14: 00007f0c299a5fa0 R15: 00007ffe6e24b128 [ 1166.633714][T13937] [ 1166.894661][ T5244] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 1167.059375][T13966] warning: `syz.3.2108' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1167.394915][ T5244] usb 5-1: device descriptor read/64, error -71 [ 1167.748528][ T5244] usb usb5-port1: attempt power cycle [ 1167.888511][T13972] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2110'. [ 1168.070273][T13979] netlink: 'syz.1.2114': attribute type 1 has an invalid length. [ 1168.356709][T13979] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1169.440281][T13982] bond1: (slave gretap1): making interface the new active one [ 1169.469434][T13982] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 1170.934159][T14014] overlayfs: missing 'workdir' [ 1171.617171][ T5876] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 1171.830346][ T5876] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1171.853751][ T5876] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1171.864883][ T5876] usb 5-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00 [ 1171.914664][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1171.940371][ T5876] usb 5-1: config 0 descriptor?? [ 1172.034821][T14024] FAULT_INJECTION: forcing a failure. [ 1172.034821][T14024] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1172.049122][T14024] CPU: 1 UID: 0 PID: 14024 Comm: syz.3.2123 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1172.049165][T14024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1172.049178][T14024] Call Trace: [ 1172.049187][T14024] [ 1172.049214][T14024] dump_stack_lvl+0x241/0x360 [ 1172.049257][T14024] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1172.049287][T14024] ? __pfx__printk+0x10/0x10 [ 1172.049329][T14024] should_fail_ex+0x424/0x570 [ 1172.049358][T14024] _copy_from_user+0x2d/0xb0 [ 1172.049391][T14024] do_sched_setscheduler+0xce/0x4b0 [ 1172.049419][T14024] ? __pfx_do_sched_setscheduler+0x10/0x10 [ 1172.049452][T14024] ? fput+0x9b/0xd0 [ 1172.049477][T14024] ? ksys_write+0x275/0x2d0 [ 1172.049521][T14024] __x64_sys_sched_setscheduler+0x79/0x90 [ 1172.049554][T14024] do_syscall_64+0xf3/0x230 [ 1172.049581][T14024] ? clear_bhb_loop+0x45/0xa0 [ 1172.049607][T14024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.049628][T14024] RIP: 0033:0x7ff7a918d169 [ 1172.049647][T14024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1172.049665][T14024] RSP: 002b:00007ff7a9f71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000090 [ 1172.049689][T14024] RAX: ffffffffffffffda RBX: 00007ff7a93a6080 RCX: 00007ff7a918d169 [ 1172.049705][T14024] RDX: 0000200000000200 RSI: 0000000000000002 RDI: 0000000000000000 [ 1172.049718][T14024] RBP: 00007ff7a9f71090 R08: 0000000000000000 R09: 0000000000000000 [ 1172.049731][T14024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1172.049744][T14024] R13: 0000000000000001 R14: 00007ff7a93a6080 R15: 00007ffe6d62c548 [ 1172.049777][T14024] [ 1172.221813][ C1] vkms_vblank_simulate: vblank timer overrun [ 1172.287840][T14025] netlink: 'syz.0.2126': attribute type 8 has an invalid length. [ 1172.876559][ T5876] hid-alps 0003:044E:1215.0034: collection stack underflow [ 1172.883864][ T5876] hid-alps 0003:044E:1215.0034: item 0 2 0 12 parsing failed [ 1172.968714][ T5876] hid-alps 0003:044E:1215.0034: parse failed [ 1172.975261][ T5876] hid-alps 0003:044E:1215.0034: probe with driver hid-alps failed with error -22 [ 1173.574215][ T1621] usb 5-1: USB disconnect, device number 103 [ 1173.643173][T14028] lo speed is unknown, defaulting to 1000 [ 1174.185792][ T10] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 1174.361527][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1174.374454][ T10] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1174.404611][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1174.437337][ T10] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 1174.474624][ T10] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1174.537784][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1174.588655][ T10] usb 4-1: config 0 descriptor?? [ 1174.800447][ T10] hdpvr 4-1:0.0: firmware version 0x12 dated [ 1175.245863][T14066] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2132'. [ 1175.280733][T14042] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2132'. [ 1175.355195][ T10] hdpvr 4-1:0.0: device init failed [ 1175.383958][ T10] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12 [ 1175.437619][ T10] usb 4-1: USB disconnect, device number 105 [ 1176.001552][T14072] input: syz0 as /devices/virtual/input/input111 [ 1176.395101][T14079] FAULT_INJECTION: forcing a failure. [ 1176.395101][T14079] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1176.445882][T14079] CPU: 1 UID: 0 PID: 14079 Comm: syz.3.2141 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1176.445926][T14079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1176.445938][T14079] Call Trace: [ 1176.445946][T14079] [ 1176.445955][T14079] dump_stack_lvl+0x241/0x360 [ 1176.445989][T14079] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1176.446016][T14079] ? __pfx__printk+0x10/0x10 [ 1176.446054][T14079] should_fail_ex+0x424/0x570 [ 1176.446080][T14079] _copy_from_user+0x2d/0xb0 [ 1176.446108][T14079] copy_msghdr_from_user+0xb3/0x580 [ 1176.446146][T14079] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1176.446188][T14079] ? __fget_files+0x2a/0x420 [ 1176.446217][T14079] ? __fget_files+0x2a/0x420 [ 1176.446252][T14079] __sys_recvmsg+0x210/0x3a0 [ 1176.446281][T14079] ? __pfx___sys_recvmsg+0x10/0x10 [ 1176.446320][T14079] ? __fget_files+0x2a/0x420 [ 1176.446372][T14079] ? do_syscall_64+0xb6/0x230 [ 1176.446403][T14079] do_syscall_64+0xf3/0x230 [ 1176.446428][T14079] ? clear_bhb_loop+0x45/0xa0 [ 1176.446455][T14079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1176.446476][T14079] RIP: 0033:0x7ff7a918d169 [ 1176.446495][T14079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1176.446513][T14079] RSP: 002b:00007ff7a9f92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 1176.446536][T14079] RAX: ffffffffffffffda RBX: 00007ff7a93a5fa0 RCX: 00007ff7a918d169 [ 1176.446552][T14079] RDX: 0000000000000003 RSI: 0000200000000d00 RDI: 0000000000000003 [ 1176.446565][T14079] RBP: 00007ff7a9f92090 R08: 0000000000000000 R09: 0000000000000000 [ 1176.446579][T14079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1176.446591][T14079] R13: 0000000000000000 R14: 00007ff7a93a5fa0 R15: 00007ffe6d62c548 [ 1176.446625][T14079] [ 1176.807816][T14086] FAULT_INJECTION: forcing a failure. [ 1176.807816][T14086] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1176.821019][T14086] CPU: 1 UID: 0 PID: 14086 Comm: syz.3.2144 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1176.821048][T14086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1176.821062][T14086] Call Trace: [ 1176.821071][T14086] [ 1176.821080][T14086] dump_stack_lvl+0x241/0x360 [ 1176.821117][T14086] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1176.821147][T14086] ? __pfx__printk+0x10/0x10 [ 1176.821189][T14086] should_fail_ex+0x424/0x570 [ 1176.821217][T14086] _copy_from_user+0x2d/0xb0 [ 1176.821248][T14086] copy_msghdr_from_user+0xb3/0x580 [ 1176.821283][T14086] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1176.821309][T14086] ? __fget_files+0x2a/0x420 [ 1176.821336][T14086] ? __fget_files+0x2a/0x420 [ 1176.821370][T14086] __sys_sendmsg+0x20a/0x360 [ 1176.821399][T14086] ? __pfx___sys_sendmsg+0x10/0x10 [ 1176.821480][T14086] ? do_syscall_64+0xb6/0x230 [ 1176.821509][T14086] do_syscall_64+0xf3/0x230 [ 1176.821534][T14086] ? clear_bhb_loop+0x45/0xa0 [ 1176.821559][T14086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1176.821580][T14086] RIP: 0033:0x7ff7a918d169 [ 1176.821599][T14086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1176.821616][T14086] RSP: 002b:00007ff7a9f92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1176.821638][T14086] RAX: ffffffffffffffda RBX: 00007ff7a93a5fa0 RCX: 00007ff7a918d169 [ 1176.821654][T14086] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 1176.821667][T14086] RBP: 00007ff7a9f92090 R08: 0000000000000000 R09: 0000000000000000 [ 1176.821680][T14086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1176.821692][T14086] R13: 0000000000000000 R14: 00007ff7a93a5fa0 R15: 00007ffe6d62c548 [ 1176.821722][T14086] [ 1177.200252][T14091] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2145'. [ 1177.451404][T14094] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2147'. [ 1177.534310][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.544945][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1181.425184][T14158] overlayfs: failed to clone upperpath [ 1181.494971][T14163] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2159'. [ 1181.521224][T14164] lo speed is unknown, defaulting to 1000 [ 1181.745771][T14168] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2158'. [ 1182.291402][T12017] libceph: connect (1)[c::]:6789 error -101 [ 1182.297981][T12017] libceph: mon0 (1)[c::]:6789 connect error [ 1182.561263][T14168] lo speed is unknown, defaulting to 1000 [ 1182.576586][T12017] libceph: connect (1)[c::]:6789 error -101 [ 1182.584470][T12017] libceph: mon0 (1)[c::]:6789 connect error [ 1183.080227][T14184] ceph: No mds server is up or the cluster is laggy [ 1183.105341][T12017] libceph: connect (1)[c::]:6789 error -101 [ 1183.112139][T12017] libceph: mon0 (1)[c::]:6789 connect error [ 1184.189540][T14215] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2172'. [ 1184.218112][T14216] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2173'. [ 1185.046847][T14215] lo speed is unknown, defaulting to 1000 [ 1185.516405][T14216] lo speed is unknown, defaulting to 1000 [ 1186.868206][T14242] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2180'. [ 1187.231770][T14250] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2180'. [ 1190.888851][T14259] netlink: 'syz.4.2185': attribute type 6 has an invalid length. [ 1191.013141][T14265] 8021q: VLANs not supported on ip6gre0 [ 1191.269867][T14268] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2188'. [ 1191.950126][ T30] audit: type=1326 audit(1744226216.772:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.3.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a918d169 code=0x7ffc0000 [ 1191.983644][T14278] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2191'. [ 1192.221779][ T30] audit: type=1326 audit(1744226216.792:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.3.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a918d169 code=0x7ffc0000 [ 1192.250569][ T30] audit: type=1326 audit(1744226216.802:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.3.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7a918d169 code=0x7ffc0000 [ 1192.272568][ T30] audit: type=1326 audit(1744226216.802:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.3.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a918d169 code=0x7ffc0000 [ 1192.294397][ T30] audit: type=1326 audit(1744226216.802:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.3.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a918d169 code=0x7ffc0000 [ 1192.316296][ T30] audit: type=1326 audit(1744226216.802:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.3.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7a918d169 code=0x7ffc0000 [ 1192.339223][ T30] audit: type=1326 audit(1744226216.802:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.3.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a918d169 code=0x7ffc0000 [ 1192.361255][ T30] audit: type=1326 audit(1744226216.802:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.3.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7ff7a918d169 code=0x7ffc0000 [ 1193.075441][ T30] audit: type=1326 audit(1744226216.802:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.3.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a918d169 code=0x7ffc0000 [ 1193.114569][ T30] audit: type=1326 audit(1744226216.802:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.3.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a918d169 code=0x7ffc0000 [ 1193.971399][T14308] tap0: tun_chr_ioctl cmd 1074025677 [ 1193.977972][T14308] tap0: linktype set to 778 [ 1194.819956][T14302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2197'. [ 1195.421431][T14319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1195.484756][ T5875] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 1195.669331][T14323] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1195.677026][T14323] IPv6: NLM_F_CREATE should be set when creating new route [ 1195.684391][T14323] IPv6: NLM_F_CREATE should be set when creating new route [ 1195.691694][T14323] IPv6: NLM_F_CREATE should be set when creating new route [ 1195.734935][ T5875] usb 4-1: Using ep0 maxpacket: 16 [ 1197.419058][T14345] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2208'. [ 1198.872208][T14353] FAULT_INJECTION: forcing a failure. [ 1198.872208][T14353] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1198.891314][T14353] CPU: 0 UID: 0 PID: 14353 Comm: syz.2.2211 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1198.891356][T14353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1198.891368][T14353] Call Trace: [ 1198.891376][T14353] [ 1198.891385][T14353] dump_stack_lvl+0x241/0x360 [ 1198.891419][T14353] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1198.891449][T14353] ? __pfx__printk+0x10/0x10 [ 1198.891487][T14353] should_fail_ex+0x424/0x570 [ 1198.891513][T14353] _copy_from_user+0x2d/0xb0 [ 1198.891543][T14353] copy_msghdr_from_user+0xb3/0x580 [ 1198.891576][T14353] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1198.891600][T14353] ? __fget_files+0x2a/0x420 [ 1198.891627][T14353] ? __fget_files+0x2a/0x420 [ 1198.891658][T14353] __sys_sendmsg+0x20a/0x360 [ 1198.891685][T14353] ? __pfx___sys_sendmsg+0x10/0x10 [ 1198.891759][T14353] ? do_syscall_64+0xb6/0x230 [ 1198.891787][T14353] do_syscall_64+0xf3/0x230 [ 1198.891810][T14353] ? clear_bhb_loop+0x45/0xa0 [ 1198.891833][T14353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1198.891852][T14353] RIP: 0033:0x7f0c2978d169 [ 1198.891870][T14353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1198.891887][T14353] RSP: 002b:00007f0c2a5fd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1198.891908][T14353] RAX: ffffffffffffffda RBX: 00007f0c299a5fa0 RCX: 00007f0c2978d169 [ 1198.891923][T14353] RDX: 0000000000000000 RSI: 00002000000096c0 RDI: 0000000000000003 [ 1198.891936][T14353] RBP: 00007f0c2a5fd090 R08: 0000000000000000 R09: 0000000000000000 [ 1198.891948][T14353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1198.891960][T14353] R13: 0000000000000000 R14: 00007f0c299a5fa0 R15: 00007ffe6e24b128 [ 1198.891991][T14353] [ 1199.804135][T14363] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1199.861678][T14364] FAULT_INJECTION: forcing a failure. [ 1199.861678][T14364] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1199.926856][T14364] CPU: 1 UID: 0 PID: 14364 Comm: syz.2.2214 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1199.926900][T14364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1199.926914][T14364] Call Trace: [ 1199.926924][T14364] [ 1199.926933][T14364] dump_stack_lvl+0x241/0x360 [ 1199.926971][T14364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1199.927002][T14364] ? __pfx__printk+0x10/0x10 [ 1199.927044][T14364] should_fail_ex+0x424/0x570 [ 1199.927073][T14364] _copy_to_user+0x31/0xb0 [ 1199.927107][T14364] simple_read_from_buffer+0xc4/0x170 [ 1199.927136][T14364] proc_fail_nth_read+0x1ef/0x260 [ 1199.927169][T14364] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1199.927200][T14364] ? rw_verify_area+0x246/0x630 [ 1199.927228][T14364] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1199.927258][T14364] vfs_read+0x21f/0xb90 [ 1199.927298][T14364] ? __pfx_vfs_read+0x10/0x10 [ 1199.927327][T14364] ? irqentry_exit+0x63/0x90 [ 1199.927350][T14364] ? lockdep_hardirqs_on+0x9d/0x150 [ 1199.927395][T14364] ksys_read+0x19d/0x2d0 [ 1199.927427][T14364] ? __pfx_ksys_read+0x10/0x10 [ 1199.927468][T14364] ? do_syscall_64+0xb6/0x230 [ 1199.927497][T14364] do_syscall_64+0xf3/0x230 [ 1199.927521][T14364] ? clear_bhb_loop+0x45/0xa0 [ 1199.927546][T14364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1199.927567][T14364] RIP: 0033:0x7f0c2978bb7c [ 1199.927587][T14364] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1199.927604][T14364] RSP: 002b:00007f0c2a5dc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1199.927627][T14364] RAX: ffffffffffffffda RBX: 00007f0c299a6080 RCX: 00007f0c2978bb7c [ 1199.927643][T14364] RDX: 000000000000000f RSI: 00007f0c2a5dc0a0 RDI: 0000000000000003 [ 1199.927656][T14364] RBP: 00007f0c2a5dc090 R08: 0000000000000000 R09: 0000000000000000 [ 1199.927670][T14364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1199.927683][T14364] R13: 0000000000000000 R14: 00007f0c299a6080 R15: 00007ffe6e24b128 [ 1199.927716][T14364] [ 1200.223346][ T5875] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1200.270901][ T5875] usb 4-1: can't read configurations, error -71 [ 1200.579780][T14379] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2221'. [ 1200.654723][T12017] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 1200.745772][ T5875] usb 4-1: new high-speed USB device number 107 using dummy_hcd [ 1201.004729][ T5875] usb 4-1: Using ep0 maxpacket: 8 [ 1201.484011][ T5875] usb 4-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 16 [ 1201.499106][T12017] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1201.520340][T12017] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1201.590818][T12017] usb 3-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00 [ 1201.600027][ T5875] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1201.609095][ T5875] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1201.654904][T12017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1201.658509][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1201.681247][ T5875] usb 4-1: Product: syz [ 1201.696549][ T5875] usb 4-1: Manufacturer: syz [ 1201.697616][T12017] usb 3-1: config 0 descriptor?? [ 1201.701180][ T5875] usb 4-1: SerialNumber: syz [ 1201.735464][T14369] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1201.939993][T14420] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2227'. [ 1202.025117][ T5875] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 107 if 0 alt 4 proto 1 vid 0x0525 pid 0xA4A8 [ 1202.059551][ T5875] usb 4-1: USB disconnect, device number 107 [ 1202.081580][ T5875] usblp0: removed [ 1202.168652][T12017] hid-alps 0003:044E:1215.0035: collection stack underflow [ 1202.176143][T12017] hid-alps 0003:044E:1215.0035: item 0 2 0 12 parsing failed [ 1202.194752][T12017] hid-alps 0003:044E:1215.0035: parse failed [ 1202.228741][T12017] hid-alps 0003:044E:1215.0035: probe with driver hid-alps failed with error -22 [ 1202.246143][T14420] lo speed is unknown, defaulting to 1000 [ 1202.711642][T14423] syz.0.2228(14423): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1203.358238][T14433] FAULT_INJECTION: forcing a failure. [ 1203.358238][T14433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1203.375136][T14433] CPU: 1 UID: 0 PID: 14433 Comm: syz.3.2231 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1203.375166][T14433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1203.375179][T14433] Call Trace: [ 1203.375188][T14433] [ 1203.375197][T14433] dump_stack_lvl+0x241/0x360 [ 1203.375233][T14433] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1203.375263][T14433] ? __pfx__printk+0x10/0x10 [ 1203.375304][T14433] should_fail_ex+0x424/0x570 [ 1203.375331][T14433] _copy_from_user+0x2d/0xb0 [ 1203.375363][T14433] copy_msghdr_from_user+0xb3/0x580 [ 1203.375398][T14433] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1203.375423][T14433] ? __fget_files+0x2a/0x420 [ 1203.375450][T14433] ? __fget_files+0x2a/0x420 [ 1203.375483][T14433] __sys_sendmmsg+0x361/0x7b0 [ 1203.375519][T14433] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1203.375591][ T5875] usb 3-1: USB disconnect, device number 123 [ 1203.375590][T14433] ? rcu_read_lock_any_held+0xbb/0x160 [ 1203.375619][T14433] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1203.375646][T14433] ? vfs_write+0xb29/0xd10 [ 1203.375685][T14433] ? ksys_write+0x24e/0x2d0 [ 1203.375721][T14433] ? __mutex_unlock_slowpath+0x229/0x800 [ 1203.375783][T14433] ? ksys_write+0x275/0x2d0 [ 1203.375834][T14433] __x64_sys_sendmmsg+0xa0/0xb0 [ 1203.375861][T14433] do_syscall_64+0xf3/0x230 [ 1203.375889][T14433] ? clear_bhb_loop+0x45/0xa0 [ 1203.375915][T14433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1203.375937][T14433] RIP: 0033:0x7ff7a918d169 [ 1203.375958][T14433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1203.375995][T14433] RSP: 002b:00007ff7a9f92038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1203.376019][T14433] RAX: ffffffffffffffda RBX: 00007ff7a93a5fa0 RCX: 00007ff7a918d169 [ 1203.376037][T14433] RDX: 0000000000000318 RSI: 00002000000bd000 RDI: 0000000000000005 [ 1203.376054][T14433] RBP: 00007ff7a9f92090 R08: 0000000000000000 R09: 0000000000000000 [ 1203.376069][T14433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1203.376082][T14433] R13: 0000000000000000 R14: 00007ff7a93a5fa0 R15: 00007ffe6d62c548 [ 1203.376117][T14433] [ 1203.449436][ T5842] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 1203.630465][T14417] mmap: syz.1.2226 (14417): VmData 25972736 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data. [ 1203.673127][T14414] af_packet: tpacket_rcv: packet too big, clamped from 24 to 4294967272. macoff=96 [ 1204.338877][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: kworker/u9:5 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1204.338910][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1204.338925][ T5842] Workqueue: hci1 hci_rx_work [ 1204.338957][ T5842] Call Trace: [ 1204.338965][ T5842] [ 1204.338974][ T5842] dump_stack_lvl+0x241/0x360 [ 1204.339006][ T5842] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1204.339031][ T5842] ? __pfx__printk+0x10/0x10 [ 1204.339055][ T5842] ? kernfs_path_from_node+0x2b/0x250 [ 1204.339083][ T5842] ? kernfs_path_from_node+0x217/0x250 [ 1204.339110][ T5842] sysfs_create_dir_ns+0x2fd/0x3f0 [ 1204.339137][ T5842] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1204.339171][ T5842] kobject_add_internal+0x435/0x8d0 [ 1204.339204][ T5842] kobject_add+0x15b/0x230 [ 1204.339228][ T5842] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1204.339255][ T5842] ? device_add+0x3e7/0xbf0 [ 1204.339279][ T5842] ? __pfx_kobject_add+0x10/0x10 [ 1204.339304][ T5842] ? _raw_spin_unlock+0x28/0x50 [ 1204.339328][ T5842] ? get_device_parent+0x165/0x410 [ 1204.339353][ T5842] device_add+0x4e5/0xbf0 [ 1204.339380][ T5842] hci_conn_add_sysfs+0xe8/0x200 [ 1204.339411][ T5842] le_conn_complete_evt+0xc6e/0x12a0 [ 1204.339447][ T5842] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1204.339469][ T5842] ? __mutex_unlock_slowpath+0x229/0x800 [ 1204.339497][ T5842] ? __skb_clone+0x5c/0x6d0 [ 1204.339520][ T5842] ? skb_pull_data+0x112/0x230 [ 1204.339549][ T5842] hci_le_conn_complete_evt+0x18c/0x420 [ 1204.339580][ T5842] hci_event_packet+0xa5c/0x1550 [ 1204.339615][ T5842] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1204.339640][ T5842] ? __pfx_hci_event_packet+0x10/0x10 [ 1204.339673][ T5842] ? kcov_remote_start+0x440/0x7d0 [ 1204.339700][ T5842] ? lockdep_hardirqs_on+0x9d/0x150 [ 1204.339724][ T5842] ? hci_send_to_monitor+0xdc/0x530 [ 1204.339750][ T5842] hci_rx_work+0x3f3/0xdb0 [ 1204.339796][ T5842] ? process_scheduled_works+0x9cb/0x18e0 [ 1204.339817][ T5842] process_scheduled_works+0xac3/0x18e0 [ 1204.339867][ T5842] ? __pfx_process_scheduled_works+0x10/0x10 [ 1204.339898][ T5842] ? assign_work+0x367/0x3d0 [ 1204.339924][ T5842] worker_thread+0x870/0xd50 [ 1204.339960][ T5842] ? __kthread_parkme+0x1a8/0x200 [ 1204.339986][ T5842] ? __pfx_worker_thread+0x10/0x10 [ 1204.340008][ T5842] kthread+0x7b7/0x940 [ 1204.340034][ T5842] ? __pfx_worker_thread+0x10/0x10 [ 1204.340055][ T5842] ? __pfx_kthread+0x10/0x10 [ 1204.340077][ T5842] ? __pfx_kthread+0x10/0x10 [ 1204.340100][ T5842] ? __pfx_kthread+0x10/0x10 [ 1204.340122][ T5842] ? __pfx_kthread+0x10/0x10 [ 1204.340145][ T5842] ? _raw_spin_unlock_irq+0x23/0x50 [ 1204.340162][ T5842] ? lockdep_hardirqs_on+0x9d/0x150 [ 1204.340181][ T5842] ? __pfx_kthread+0x10/0x10 [ 1204.340207][ T5842] ret_from_fork+0x4b/0x80 [ 1204.340224][ T5842] ? __pfx_kthread+0x10/0x10 [ 1204.340259][ T5842] ret_from_fork_asm+0x1a/0x30 [ 1204.340301][ T5842] [ 1204.340329][ T5842] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1204.633610][ T5842] Bluetooth: hci1: failed to register connection device [ 1204.908057][T14440] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2233'. [ 1204.994332][T14442] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2234'. [ 1206.348473][T14455] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1206.492919][T14454] overlayfs: failed to clone upperpath [ 1207.123670][T14479] FAULT_INJECTION: forcing a failure. [ 1207.123670][T14479] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1207.156047][T14479] CPU: 1 UID: 0 PID: 14479 Comm: syz.3.2247 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1207.156079][T14479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1207.156093][T14479] Call Trace: [ 1207.156102][T14479] [ 1207.156112][T14479] dump_stack_lvl+0x241/0x360 [ 1207.156150][T14479] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1207.156179][T14479] ? __pfx__printk+0x10/0x10 [ 1207.156222][T14479] should_fail_ex+0x424/0x570 [ 1207.156250][T14479] _copy_from_user+0x2d/0xb0 [ 1207.156289][T14479] __sys_bpf+0x1c5/0x8b0 [ 1207.156313][T14479] ? __pfx___sys_bpf+0x10/0x10 [ 1207.156347][T14479] ? ksys_write+0x275/0x2d0 [ 1207.156391][T14479] __x64_sys_bpf+0x7c/0x90 [ 1207.156422][T14479] do_syscall_64+0xf3/0x230 [ 1207.156449][T14479] ? clear_bhb_loop+0x45/0xa0 [ 1207.156475][T14479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1207.156496][T14479] RIP: 0033:0x7ff7a918d169 [ 1207.156514][T14479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1207.156533][T14479] RSP: 002b:00007ff7a9f92038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1207.156557][T14479] RAX: ffffffffffffffda RBX: 00007ff7a93a5fa0 RCX: 00007ff7a918d169 [ 1207.156574][T14479] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005 [ 1207.156588][T14479] RBP: 00007ff7a9f92090 R08: 0000000000000000 R09: 0000000000000000 [ 1207.156602][T14479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1207.156615][T14479] R13: 0000000000000000 R14: 00007ff7a93a5fa0 R15: 00007ffe6d62c548 [ 1207.156647][T14479] [ 1208.372727][T14499] overlayfs: failed to clone upperpath [ 1209.084590][T12017] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 1209.354584][T12017] usb 4-1: Using ep0 maxpacket: 8 [ 1209.373954][T12017] usb 4-1: config 0 has no interfaces? [ 1209.380006][T12017] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1209.389842][T12017] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1209.413372][T12017] usb 4-1: config 0 descriptor?? [ 1210.406389][T14512] loop9: detected capacity change from 0 to 7 [ 1210.414375][T14512] buffer_io_error: 4 callbacks suppressed [ 1210.414417][T14512] Buffer I/O error on dev loop9, logical block 0, async page read [ 1210.449131][T14512] Buffer I/O error on dev loop9, logical block 0, async page read [ 1210.489751][T14512] Buffer I/O error on dev loop9, logical block 0, async page read [ 1210.514127][T14512] Buffer I/O error on dev loop9, logical block 0, async page read [ 1210.527177][T14512] Buffer I/O error on dev loop9, logical block 0, async page read [ 1210.710455][T14533] overlayfs: failed to clone upperpath [ 1210.716359][T14512] Buffer I/O error on dev loop9, logical block 0, async page read [ 1210.724395][T14512] Buffer I/O error on dev loop9, logical block 0, async page read [ 1210.732368][T14512] ldm_validate_partition_table(): Disk read failed. [ 1210.739215][T14512] Buffer I/O error on dev loop9, logical block 0, async page read [ 1210.747996][T14512] Buffer I/O error on dev loop9, logical block 0, async page read [ 1210.757122][T14512] Buffer I/O error on dev loop9, logical block 0, async page read [ 1210.803505][T14512] Dev loop9: unable to read RDB block 0 [ 1210.924151][T14512] loop9: unable to read partition table [ 1210.932915][T14512] loop9: partition table beyond EOD, truncated [ 1210.953824][T14512] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 1214.940376][T14574] overlayfs: failed to clone upperpath [ 1214.952624][ T5875] usb 4-1: USB disconnect, device number 108 [ 1216.974758][T14608] input: syz0 as /devices/virtual/input/input112 [ 1217.070466][T14611] FAULT_INJECTION: forcing a failure. [ 1217.070466][T14611] name failslab, interval 1, probability 0, space 0, times 0 [ 1217.088812][T14611] CPU: 1 UID: 0 PID: 14611 Comm: syz.3.2288 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1217.088842][T14611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1217.088856][T14611] Call Trace: [ 1217.088864][T14611] [ 1217.088873][T14611] dump_stack_lvl+0x241/0x360 [ 1217.088910][T14611] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1217.088939][T14611] ? __pfx__printk+0x10/0x10 [ 1217.088972][T14611] ? __pfx___might_resched+0x10/0x10 [ 1217.089000][T14611] should_fail_ex+0x424/0x570 [ 1217.089027][T14611] should_failslab+0xac/0x100 [ 1217.089052][T14611] __kmalloc_noprof+0xdf/0x4d0 [ 1217.089072][T14611] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 1217.089093][T14611] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1217.089120][T14611] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1217.089157][T14611] tomoyo_path_number_perm+0x245/0x790 [ 1217.089192][T14611] ? tomoyo_path_number_perm+0x215/0x790 [ 1217.089225][T14611] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1217.089263][T14611] ? ksys_write+0x24e/0x2d0 [ 1217.089301][T14611] ? __lock_acquire+0xad5/0xd80 [ 1217.089342][T14611] ? __fget_files+0x2a/0x420 [ 1217.089366][T14611] ? __fget_files+0x2a/0x420 [ 1217.089394][T14611] ? __fget_files+0x2a/0x420 [ 1217.089433][T14611] security_file_ioctl+0xc6/0x2a0 [ 1217.089479][T14611] __se_sys_ioctl+0x46/0x160 [ 1217.089512][T14611] do_syscall_64+0xf3/0x230 [ 1217.089538][T14611] ? clear_bhb_loop+0x45/0xa0 [ 1217.089564][T14611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1217.089585][T14611] RIP: 0033:0x7ff7a918d169 [ 1217.089603][T14611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1217.089621][T14611] RSP: 002b:00007ff7a9f71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1217.089643][T14611] RAX: ffffffffffffffda RBX: 00007ff7a93a6080 RCX: 00007ff7a918d169 [ 1217.089658][T14611] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 1217.089671][T14611] RBP: 00007ff7a9f71090 R08: 0000000000000000 R09: 0000000000000000 [ 1217.089684][T14611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1217.089697][T14611] R13: 0000000000000001 R14: 00007ff7a93a6080 R15: 00007ffe6d62c548 [ 1217.089729][T14611] [ 1217.321357][T14611] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1217.375293][T14610] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2286'. [ 1218.417948][T14610] lo speed is unknown, defaulting to 1000 [ 1219.021833][T14436] Bluetooth: hci1: unexpected event for opcode 0x0c6d [ 1224.558572][T14692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2318'. [ 1224.894806][ T10] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 1225.069178][ T10] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1225.093618][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1225.100591][ T10] usb 4-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00 [ 1225.113526][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1225.132816][ T10] usb 4-1: config 0 descriptor?? [ 1226.447019][ T10] hid-alps 0003:044E:1215.0036: collection stack underflow [ 1226.455243][ T10] hid-alps 0003:044E:1215.0036: item 0 2 0 12 parsing failed [ 1226.463399][ T10] hid-alps 0003:044E:1215.0036: parse failed [ 1226.470828][ T10] hid-alps 0003:044E:1215.0036: probe with driver hid-alps failed with error -22 [ 1228.600421][T14724] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2332'. [ 1228.609620][T14724] syz_tun: left allmulticast mode [ 1228.614749][T14724] syz_tun: left promiscuous mode [ 1228.620889][T14724] bridge0: port 3(syz_tun) entered disabled state [ 1228.661149][T14724] bridge_slave_1: left allmulticast mode [ 1228.667072][T14724] bridge_slave_1: left promiscuous mode [ 1228.672881][T14724] bridge0: port 2(bridge_slave_1) entered disabled state [ 1228.686143][T14724] bridge_slave_0: left allmulticast mode [ 1228.692126][T14724] bridge_slave_0: left promiscuous mode [ 1228.697981][T14724] bridge0: port 1(bridge_slave_0) entered disabled state [ 1228.815716][T10185] usb 4-1: USB disconnect, device number 109 [ 1232.875379][T14436] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1236.989482][T14836] netlink: 'syz.0.2373': attribute type 37 has an invalid length. [ 1238.356317][T14850] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2378'. [ 1238.736536][T14867] 9pnet_fd: p9_fd_create_unix (14867): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 1238.820051][T14869] gtp0: entered promiscuous mode [ 1238.936464][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.942902][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1241.036749][T14922] netlink: 'syz.1.2405': attribute type 10 has an invalid length. [ 1241.073776][T14922] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2405'. [ 1241.100145][T14922] bridge0: port 3(veth1_vlan) entered blocking state [ 1241.113119][T14922] bridge0: port 3(veth1_vlan) entered disabled state [ 1241.183823][T14922] veth1_vlan: entered allmulticast mode [ 1241.210826][T14922] veth1_vlan: left allmulticast mode [ 1241.219116][T14927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2406'. [ 1241.251486][T14922] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 1244.356338][T14974] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2426'. [ 1246.042509][T15002] 9pnet_fd: Insufficient options for proto=fd [ 1246.689989][T14436] Bluetooth: hci1: unexpected event for opcode 0x0c6d [ 1252.285411][T15051] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2452'. [ 1252.368005][T15056] netlink: 'syz.3.2454': attribute type 1 has an invalid length. [ 1252.376059][T15056] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1252.383332][T15056] IPv6: NLM_F_CREATE should be set when creating new route [ 1252.970186][T15062] pimreg: entered allmulticast mode [ 1253.008185][T15062] overlayfs: failed to clone upperpath [ 1256.495999][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 1256.496018][ T30] audit: type=1326 audit(1744226281.322:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15112 comm="syz.0.2475" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed44b8d169 code=0x0 [ 1257.837368][T15141] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2482'. [ 1260.363025][T15167] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2493'. [ 1260.515988][T15166] lo speed is unknown, defaulting to 1000 [ 1269.674123][T15253] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2521'. [ 1269.867427][T15256] 9pnet_fd: Insufficient options for proto=fd [ 1270.165438][T15253] lo speed is unknown, defaulting to 1000 [ 1272.970817][T14436] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 1272.981789][T14436] CPU: 1 UID: 0 PID: 14436 Comm: kworker/u9:1 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1272.981824][T14436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1272.981841][T14436] Workqueue: hci2 hci_rx_work [ 1272.981882][T14436] Call Trace: [ 1272.981892][T14436] [ 1272.981902][T14436] dump_stack_lvl+0x241/0x360 [ 1272.981941][T14436] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1272.981972][T14436] ? __pfx__printk+0x10/0x10 [ 1272.982000][T14436] ? kernfs_path_from_node+0x2b/0x250 [ 1272.982034][T14436] ? kernfs_path_from_node+0x217/0x250 [ 1272.982067][T14436] sysfs_create_dir_ns+0x2fd/0x3f0 [ 1272.982099][T14436] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1272.982138][T14436] kobject_add_internal+0x435/0x8d0 [ 1272.982178][T14436] kobject_add+0x15b/0x230 [ 1272.982206][T14436] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1272.982237][T14436] ? device_add+0x3e7/0xbf0 [ 1272.982264][T14436] ? __pfx_kobject_add+0x10/0x10 [ 1272.982293][T14436] ? _raw_spin_unlock+0x28/0x50 [ 1272.982319][T14436] ? get_device_parent+0x165/0x410 [ 1272.982349][T14436] device_add+0x4e5/0xbf0 [ 1272.982384][T14436] hci_conn_add_sysfs+0xe8/0x200 [ 1272.982420][T14436] le_conn_complete_evt+0xc6e/0x12a0 [ 1272.982461][T14436] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1272.982485][T14436] ? __mutex_unlock_slowpath+0x229/0x800 [ 1272.982516][T14436] ? __skb_clone+0x5c/0x6d0 [ 1272.982545][T14436] ? skb_pull_data+0x112/0x230 [ 1272.982579][T14436] hci_le_conn_complete_evt+0x18c/0x420 [ 1272.982613][T14436] hci_event_packet+0xa5c/0x1550 [ 1272.982652][T14436] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1272.982683][T14436] ? __pfx_hci_event_packet+0x10/0x10 [ 1272.982723][T14436] ? kcov_remote_start+0x440/0x7d0 [ 1272.982755][T14436] ? lockdep_hardirqs_on+0x9d/0x150 [ 1272.982795][T14436] ? hci_send_to_monitor+0xdc/0x530 [ 1272.982825][T14436] hci_rx_work+0x3f3/0xdb0 [ 1272.982871][T14436] ? process_scheduled_works+0x9cb/0x18e0 [ 1272.982894][T14436] process_scheduled_works+0xac3/0x18e0 [ 1272.982952][T14436] ? __pfx_process_scheduled_works+0x10/0x10 [ 1272.982988][T14436] ? assign_work+0x367/0x3d0 [ 1272.983017][T14436] worker_thread+0x870/0xd50 [ 1272.983060][T14436] ? __kthread_parkme+0x1a8/0x200 [ 1272.983090][T14436] ? __pfx_worker_thread+0x10/0x10 [ 1272.983115][T14436] kthread+0x7b7/0x940 [ 1272.983146][T14436] ? __pfx_worker_thread+0x10/0x10 [ 1272.983172][T14436] ? __pfx_kthread+0x10/0x10 [ 1272.983199][T14436] ? __pfx_kthread+0x10/0x10 [ 1272.983227][T14436] ? __pfx_kthread+0x10/0x10 [ 1272.983254][T14436] ? __pfx_kthread+0x10/0x10 [ 1272.983283][T14436] ? _raw_spin_unlock_irq+0x23/0x50 [ 1272.983303][T14436] ? lockdep_hardirqs_on+0x9d/0x150 [ 1272.983327][T14436] ? __pfx_kthread+0x10/0x10 [ 1272.983357][T14436] ret_from_fork+0x4b/0x80 [ 1272.983378][T14436] ? __pfx_kthread+0x10/0x10 [ 1272.983408][T14436] ret_from_fork_asm+0x1a/0x30 [ 1272.983458][T14436] [ 1272.983492][T14436] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1273.291770][T14436] Bluetooth: hci2: failed to register connection device [ 1275.845131][ T5842] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1277.973454][T15350] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2552'. [ 1280.119947][T15372] overlayfs: failed to clone upperpath [ 1280.594898][T15379] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2560'. [ 1280.836054][T15379] lo speed is unknown, defaulting to 1000 [ 1282.004357][T14436] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1283.110244][T15406] capability: warning: `syz.3.2568' uses deprecated v2 capabilities in a way that may be insecure [ 1284.117988][T15422] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2574'. [ 1284.762583][T15442] netlink: 'syz.4.2577': attribute type 28 has an invalid length. [ 1285.855035][T14436] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1288.402823][T15490] geneve1: entered promiscuous mode [ 1288.632637][T15499] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2604'. [ 1291.524096][T15527] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2610'. [ 1292.047482][T15535] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2612'. [ 1292.159730][T15535] lo speed is unknown, defaulting to 1000 [ 1294.422992][T15565] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2625'. [ 1294.700519][T14436] Bluetooth: hci2: ACL packet too small [ 1299.473929][T15606] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2639'. [ 1300.960681][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1301.119683][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1301.426263][T15631] overlayfs: failed to clone upperpath [ 1303.521015][T15661] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2653'. [ 1308.369518][T15694] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2664'. [ 1308.594692][T15704] overlayfs: failed to clone upperpath [ 1313.465097][T15752] overlayfs: failed to clone upperpath [ 1313.982062][T15755] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2681'. [ 1318.725095][T15800] overlayfs: failed to clone upperpath [ 1327.052076][T15870] overlayfs: failed to clone upperpath [ 1337.202900][T15953] overlayfs: failed to clone upperpath [ 1338.291965][T14436] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1345.233682][ T5842] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1359.110148][T16156] netlink: 'syz.4.2802': attribute type 1 has an invalid length. [ 1361.955900][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1362.545827][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1364.123278][T16198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2814'. [ 1370.881262][T16278] overlayfs: failed to clone upperpath [ 1374.675924][T16315] overlayfs: failed to clone upperpath [ 1376.530951][T14411] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1376.600042][T14411] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1376.618796][T14411] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1376.846134][T14411] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1376.882703][T14411] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1376.918273][T14411] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1377.956525][T14436] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1377.967397][T14436] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1377.976094][T14436] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1377.984371][T14436] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1377.995349][T14436] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1378.259041][T16364] overlayfs: failed to clone upperpath [ 1379.162215][T14411] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1379.179042][T14411] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1379.193748][T14411] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1380.059149][T16351] lo speed is unknown, defaulting to 1000 [ 1380.104812][T14436] Bluetooth: hci0: command tx timeout [ 1380.346839][T14411] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1380.404879][T14411] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1380.454582][T14411] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1381.248600][T16399] overlayfs: failed to clone upperpath [ 1382.186664][T14436] Bluetooth: hci0: command tx timeout [ 1382.244841][T16409] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2874'. [ 1382.932859][T14411] bridge_slave_1: left allmulticast mode [ 1383.101041][T14411] bridge_slave_1: left promiscuous mode [ 1383.116006][T14411] bridge0: port 2(bridge_slave_1) entered disabled state [ 1383.170194][T14411] bridge_slave_0: left allmulticast mode [ 1383.176537][T14411] bridge_slave_0: left promiscuous mode [ 1383.192041][T14411] bridge0: port 1(bridge_slave_0) entered disabled state [ 1383.686153][T14411] bond1 (unregistering): (slave gretap1): Releasing active interface [ 1384.131493][T14411] team0: Port device geneve0 removed [ 1384.275007][T14436] Bluetooth: hci0: command tx timeout [ 1384.508721][T14411]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 1384.555545][T14411]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 1384.571116][T14411]  (unregistering): (slave batadv0): Releasing backup interface [ 1384.590059][T14411]  (unregistering): Released all slaves [ 1384.635662][T14411] bond0 (unregistering): Released all slaves [ 1384.848818][T16440] overlayfs: failed to clone upperpath [ 1384.953900][T14411] bond1 (unregistering): Released all slaves [ 1385.370912][T16351] chnl_net:caif_netlink_parms(): no params data found [ 1385.783006][T16351] bridge0: port 1(bridge_slave_0) entered blocking state [ 1385.825454][T16351] bridge0: port 1(bridge_slave_0) entered disabled state [ 1385.834158][T16351] bridge_slave_0: entered allmulticast mode [ 1385.842429][T16351] bridge_slave_0: entered promiscuous mode [ 1385.861664][T16351] bridge0: port 2(bridge_slave_1) entered blocking state [ 1385.869233][T16351] bridge0: port 2(bridge_slave_1) entered disabled state [ 1385.881876][T16351] bridge_slave_1: entered allmulticast mode [ 1385.890513][T16351] bridge_slave_1: entered promiscuous mode [ 1385.954978][T14436] Bluetooth: hci2: unexpected event for opcode 0x0c6d [ 1386.207970][T16351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1386.269186][T16351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1386.344779][T14436] Bluetooth: hci0: command tx timeout [ 1386.634634][T16351] team0: Port device team_slave_0 added [ 1386.643841][T16351] team0: Port device team_slave_1 added [ 1387.126416][T14411] tipc: Disabling bearer [ 1387.139196][T14411] tipc: Left network mode [ 1387.144623][T16351] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1387.152719][T16351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1387.179560][T16351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1387.195811][T16351] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1387.203358][T16351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1387.539631][T16351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1388.405881][T16351] hsr_slave_0: entered promiscuous mode [ 1388.413561][T16351] hsr_slave_1: entered promiscuous mode [ 1388.428384][T16351] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1388.524595][T16351] Cannot create hsr debugfs directory [ 1388.737122][T16501] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2900'. [ 1390.760486][T14411] hsr_slave_0: left promiscuous mode [ 1390.956295][T14411] hsr_slave_1: left promiscuous mode [ 1391.675125][T14411] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1391.682649][T14411] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1391.746629][T14411] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1391.754110][T14411] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1392.769249][T14411] veth1_macvtap: left promiscuous mode [ 1392.971872][T14411] veth0_macvtap: left promiscuous mode [ 1393.380991][T14411] veth1_vlan: left promiscuous mode [ 1393.412280][T14411] veth0_vlan: left promiscuous mode [ 1395.316807][T14411] team0 (unregistering): Port device team_slave_1 removed [ 1396.364259][T14411] team0 (unregistering): Port device team_slave_0 removed [ 1404.376570][T16351] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1404.414538][T16351] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1404.445035][T16351] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1404.482740][T16351] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1404.711777][T16351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1404.781246][T16351] 8021q: adding VLAN 0 to HW filter on device team0 [ 1404.822821][T14407] bridge0: port 1(bridge_slave_0) entered blocking state [ 1404.830083][T14407] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1405.057896][T14407] bridge0: port 2(bridge_slave_1) entered blocking state [ 1405.065142][T14407] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1407.016723][T16351] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1407.083944][T16351] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1408.887418][T16741] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 1409.796674][T16737] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 1410.930895][T16351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1410.937079][T14436] Bluetooth: hci1: unexpected event for opcode 0x0c6d [ 1411.222287][T16351] veth0_vlan: entered promiscuous mode [ 1411.238514][T16772] overlay: Unknown parameter '\' [ 1411.263229][T16351] veth1_vlan: entered promiscuous mode [ 1411.453214][T16351] veth0_macvtap: entered promiscuous mode [ 1411.463646][T16351] veth1_macvtap: entered promiscuous mode [ 1411.484142][T16351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1411.534468][T16351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1411.564959][T16351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1411.616400][T16351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1411.681424][T16351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1411.727583][T16351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1411.790895][T16351] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1411.887858][T16351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1411.921612][T16351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1411.976546][T16351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1412.161393][T16351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1412.185159][T16351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1412.206301][T16351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1412.428936][T16351] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1412.947631][T16351] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1412.989614][T16351] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1412.999443][T16351] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1413.008512][T16351] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1413.039347][T16795] bridge0: port 3(netdevsim2) entered blocking state [ 1413.054617][T16795] bridge0: port 3(netdevsim2) entered disabled state [ 1413.063712][T16795] netdevsim netdevsim4 netdevsim2: entered allmulticast mode [ 1413.077993][T16795] netdevsim netdevsim4 netdevsim2: entered promiscuous mode [ 1413.085974][T16795] bridge0: port 3(netdevsim2) entered blocking state [ 1413.092779][T16795] bridge0: port 3(netdevsim2) entered forwarding state [ 1414.335147][T14412] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1414.364476][T14412] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1414.431565][T14405] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1414.440215][T14405] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1416.704487][ T1621] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 1417.184573][ T1621] usb 2-1: Using ep0 maxpacket: 32 [ 1417.346248][ T1621] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1417.366368][ T1621] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1417.410717][ T1621] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1418.179299][ T1621] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 1418.188504][ T1621] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1418.236989][ T1621] usb 2-1: config 0 descriptor?? [ 1418.442579][T15863] syz_tun (unregistering): left allmulticast mode [ 1418.799922][ T1621] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0037/input/input113 [ 1419.410149][T16839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1419.503309][T16839] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1419.550362][ T1621] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0037/input/input114 [ 1419.585526][ T1621] kye 0003:0458:5011.0037: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0 [ 1419.868338][T16874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1419.944279][T16874] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1420.665131][ C1] kye 0003:0458:5011.0037: usb_submit_urb(ctrl) failed: -1 [ 1420.834624][ T1621] usb 2-1: reset high-speed USB device number 83 using dummy_hcd [ 1421.005344][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1421.015185][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1421.023688][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1421.044987][ T1621] usb 2-1: device descriptor read/64, error -32 [ 1421.057260][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1421.066126][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1421.397777][T16891] lo speed is unknown, defaulting to 1000 [ 1422.473478][T16876] overlayfs: failed to clone upperpath [ 1422.547388][T12017] usb 2-1: USB disconnect, device number 83 [ 1423.515044][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.521407][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.523870][T14436] Bluetooth: hci2: command tx timeout [ 1423.682436][T16891] chnl_net:caif_netlink_parms(): no params data found [ 1423.849822][T16926] FAULT_INJECTION: forcing a failure. [ 1423.849822][T16926] name failslab, interval 1, probability 0, space 0, times 0 [ 1423.862998][T16926] CPU: 0 UID: 0 PID: 16926 Comm: syz.1.2992 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1423.863029][T16926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1423.863044][T16926] Call Trace: [ 1423.863053][T16926] [ 1423.863062][T16926] dump_stack_lvl+0x241/0x360 [ 1423.863102][T16926] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1423.863132][T16926] ? __pfx__printk+0x10/0x10 [ 1423.863166][T16926] ? __pfx___might_resched+0x10/0x10 [ 1423.863197][T16926] should_fail_ex+0x424/0x570 [ 1423.863226][T16926] should_failslab+0xac/0x100 [ 1423.863249][T16926] kmem_cache_alloc_noprof+0x78/0x390 [ 1423.863272][T16926] ? getname_flags+0xb6/0x530 [ 1423.863302][T16926] getname_flags+0xb6/0x530 [ 1423.863331][T16926] __se_sys_move_mount+0x1a2/0x5a0 [ 1423.863372][T16926] ? __pfx___se_sys_move_mount+0x10/0x10 [ 1423.863409][T16926] ? __x64_sys_move_mount+0x20/0xc0 [ 1423.863439][T16926] do_syscall_64+0xf3/0x230 [ 1423.863466][T16926] ? clear_bhb_loop+0x45/0xa0 [ 1423.863493][T16926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1423.863514][T16926] RIP: 0033:0x7f0b2078d169 [ 1423.863534][T16926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1423.863553][T16926] RSP: 002b:00007f0b2154e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad [ 1423.863577][T16926] RAX: ffffffffffffffda RBX: 00007f0b209a6080 RCX: 00007f0b2078d169 [ 1423.863593][T16926] RDX: ffffffffffffff9c RSI: 0000200000000140 RDI: 0000000000000008 [ 1423.863608][T16926] RBP: 00007f0b2154e090 R08: 0000000000000262 R09: 0000000000000000 [ 1423.863622][T16926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1423.863635][T16926] R13: 0000000000000000 R14: 00007f0b209a6080 R15: 00007ffe97cd2088 [ 1423.863669][T16926] [ 1425.552857][T14436] Bluetooth: hci2: command tx timeout [ 1426.566004][T16891] bridge0: port 1(bridge_slave_0) entered blocking state [ 1426.592168][T16891] bridge0: port 1(bridge_slave_0) entered disabled state [ 1426.617095][T16891] bridge_slave_0: entered allmulticast mode [ 1426.638722][T16891] bridge_slave_0: entered promiscuous mode [ 1426.659758][T16891] bridge0: port 2(bridge_slave_1) entered blocking state [ 1426.683459][T16891] bridge0: port 2(bridge_slave_1) entered disabled state [ 1426.709317][T16891] bridge_slave_1: entered allmulticast mode [ 1426.910652][T16891] bridge_slave_1: entered promiscuous mode [ 1427.664570][T14436] Bluetooth: hci2: command tx timeout [ 1427.812016][T16891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1427.856975][T16891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1427.944743][ T5878] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1428.980966][ T5878] usb 2-1: config 0 has no interfaces? [ 1429.005627][ T5878] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1429.015248][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1429.048187][ T5878] usb 2-1: Product: syz [ 1429.083199][ T5878] usb 2-1: Manufacturer: syz [ 1429.109717][ T5878] usb 2-1: SerialNumber: syz [ 1429.115828][T16891] team0: Port device team_slave_0 added [ 1429.130907][ T5878] usb 2-1: config 0 descriptor?? [ 1429.147553][T16891] team0: Port device team_slave_1 added [ 1429.509621][T16891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1429.524957][T16891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1429.564354][T16891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1429.715595][T14436] Bluetooth: hci2: command tx timeout [ 1429.750676][T16891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1429.757767][T16891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1429.784058][T16891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1429.860501][T16987] overlayfs: failed to clone upperpath [ 1430.320689][T16891] hsr_slave_0: entered promiscuous mode [ 1430.328536][T16891] hsr_slave_1: entered promiscuous mode [ 1430.986866][T16891] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1431.024599][T16891] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1431.054607][T16891] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1431.302572][ T5244] usb 2-1: USB disconnect, device number 84 [ 1431.427576][T16891] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1431.523444][T16891] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1431.606144][T16891] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1432.298662][T16891] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1432.337918][T16891] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1432.362937][T16891] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1432.543786][T16891] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1432.624897][T16891] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1432.652753][T16891] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1433.122696][T16891] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1433.351318][T16891] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1434.165101][T16891] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1434.234816][T16891] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1435.348857][T16891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1435.402329][T16891] 8021q: adding VLAN 0 to HW filter on device team0 [ 1435.465758][T14144] bridge0: port 1(bridge_slave_0) entered blocking state [ 1435.472912][T14144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1435.514903][T14144] bridge0: port 2(bridge_slave_1) entered blocking state [ 1435.522137][T14144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1436.232197][T16891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1439.334108][T16891] veth0_vlan: entered promiscuous mode [ 1439.549696][T14436] Bluetooth: hci1: unexpected event for opcode 0x0c6d [ 1440.133631][T16891] veth1_vlan: entered promiscuous mode [ 1440.244183][T16891] veth0_macvtap: entered promiscuous mode [ 1440.270524][T16891] veth1_macvtap: entered promiscuous mode [ 1440.356799][T16891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1440.404514][T16891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.595966][T16891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1440.615085][T16891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.625352][T16891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1440.637522][T16891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.647835][T16891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1440.664163][T16891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.676081][T16891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1440.739994][T16891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1440.778208][T16891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.797408][T16891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1440.808304][T16891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.818471][T16891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1440.844532][T16891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.883762][T16891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1440.913914][T16891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.959768][T16891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1441.022693][T16891] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1441.037436][T16891] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1441.049193][T16891] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1441.058609][T16891] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1442.285806][T14409] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1442.486005][T14412] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1442.498437][T14409] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1442.524709][T14412] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1447.032717][T12017] libceph: connect (1)[c::]:6789 error -101 [ 1447.055669][T12017] libceph: mon0 (1)[c::]:6789 connect error [ 1447.344914][T12017] libceph: connect (1)[c::]:6789 error -101 [ 1447.351024][T12017] libceph: mon0 (1)[c::]:6789 connect error [ 1448.595291][ T1621] libceph: connect (1)[c::]:6789 error -101 [ 1448.601407][ T1621] libceph: mon0 (1)[c::]:6789 connect error [ 1448.643899][T17114] ceph: No mds server is up or the cluster is laggy [ 1449.440389][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1449.456153][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1449.467365][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1449.479814][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1449.490111][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1450.023476][T17133] lo speed is unknown, defaulting to 1000 [ 1450.119615][T17135] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 1450.174198][T17132] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 1450.524316][T17133] chnl_net:caif_netlink_parms(): no params data found [ 1450.694564][T17079] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 1450.959053][T17133] bridge0: port 1(bridge_slave_0) entered blocking state [ 1450.973012][T17133] bridge0: port 1(bridge_slave_0) entered disabled state [ 1450.984624][T17079] usb 4-1: Using ep0 maxpacket: 32 [ 1450.993351][T17079] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1451.005018][T17079] usb 4-1: config 0 has no interface number 0 [ 1451.011316][T17079] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1451.078103][T17133] bridge_slave_0: entered allmulticast mode [ 1451.110182][T17079] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1451.967294][ T5842] Bluetooth: hci4: command tx timeout [ 1452.001099][T17079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1452.005732][T17133] bridge_slave_0: entered promiscuous mode [ 1452.010507][T17079] usb 4-1: Product: syz [ 1452.019502][T17079] usb 4-1: Manufacturer: syz [ 1452.025887][T17079] usb 4-1: SerialNumber: syz [ 1452.162617][T17079] usb 4-1: config 0 descriptor?? [ 1452.218265][T17079] smsc75xx v1.0.0 [ 1452.230007][T17133] bridge0: port 2(bridge_slave_1) entered blocking state [ 1452.340576][T17133] bridge0: port 2(bridge_slave_1) entered disabled state [ 1452.349481][T17133] bridge_slave_1: entered allmulticast mode [ 1452.360167][T17133] bridge_slave_1: entered promiscuous mode [ 1452.563533][ T5842] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1453.405448][T17133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1453.499262][T17133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1453.682638][T17133] team0: Port device team_slave_0 added [ 1453.697531][T17133] team0: Port device team_slave_1 added [ 1453.714511][T17079] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 1453.732841][T17079] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 1453.784355][T17079] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1453.803535][T17079] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -32 [ 1453.937119][T17133] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1453.962244][T17133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1453.993320][T17133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1454.012549][T17133] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1454.020766][T17133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1454.193197][T14436] Bluetooth: hci4: command tx timeout [ 1454.234032][T17133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1454.487079][T17133] hsr_slave_0: entered promiscuous mode [ 1454.503261][T17133] hsr_slave_1: entered promiscuous mode [ 1454.524746][T17133] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1454.555480][T17133] Cannot create hsr debugfs directory [ 1454.826896][T17079] usb 4-1: USB disconnect, device number 110 [ 1455.747232][T17133] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1455.804525][T17133] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1456.072236][T17133] bridge0: port 3(netdevsim2) entered disabled state [ 1456.159343][T17133] netdevsim netdevsim4 netdevsim2 (unregistering): left allmulticast mode [ 1456.189861][T17133] netdevsim netdevsim4 netdevsim2 (unregistering): left promiscuous mode [ 1456.213604][T17133] bridge0: port 3(netdevsim2) entered disabled state [ 1456.229924][T17220] FAULT_INJECTION: forcing a failure. [ 1456.229924][T17220] name failslab, interval 1, probability 0, space 0, times 0 [ 1456.244637][T17220] CPU: 0 UID: 0 PID: 17220 Comm: syz.3.3068 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1456.244668][T17220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1456.244681][T17220] Call Trace: [ 1456.244689][T17220] [ 1456.244700][T17220] dump_stack_lvl+0x241/0x360 [ 1456.244736][T17220] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1456.244765][T17220] ? __pfx__printk+0x10/0x10 [ 1456.244797][T17220] ? __pfx___might_resched+0x10/0x10 [ 1456.244825][T17220] should_fail_ex+0x424/0x570 [ 1456.244853][T17220] should_failslab+0xac/0x100 [ 1456.244876][T17220] __kvmalloc_node_noprof+0x170/0x5a0 [ 1456.244899][T17220] ? traverse+0xd6/0x550 [ 1456.244933][T17220] traverse+0xd6/0x550 [ 1456.244964][T17220] ? kstrtoull+0x1d3/0x2f0 [ 1456.244984][T17220] seq_read_iter+0xc7f/0xda0 [ 1456.245032][T17220] seq_read+0x3ab/0x4f0 [ 1456.245065][T17220] ? __pfx_seq_read+0x10/0x10 [ 1456.245117][T17220] ? __pfx_seq_read+0x10/0x10 [ 1456.245143][T17220] proc_reg_read+0x201/0x2f0 [ 1456.245177][T17220] vfs_readv+0x6be/0xa80 [ 1456.245210][T17220] ? __pfx_proc_reg_read+0x10/0x10 [ 1456.245239][T17220] ? __pfx_vfs_readv+0x10/0x10 [ 1456.245279][T17220] ? __fget_files+0x2a/0x420 [ 1456.245304][T17220] ? __fget_files+0x39d/0x420 [ 1456.245325][T17220] ? __fget_files+0x2a/0x420 [ 1456.245357][T17220] __x64_sys_preadv+0x1ba/0x2d0 [ 1456.245391][T17220] ? __pfx___x64_sys_preadv+0x10/0x10 [ 1456.245448][T17220] ? do_syscall_64+0xb6/0x230 [ 1456.245475][T17220] do_syscall_64+0xf3/0x230 [ 1456.245498][T17220] ? clear_bhb_loop+0x45/0xa0 [ 1456.245522][T17220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1456.245540][T17220] RIP: 0033:0x7f3b0858d169 [ 1456.245558][T17220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1456.245575][T17220] RSP: 002b:00007f3b093df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1456.245596][T17220] RAX: ffffffffffffffda RBX: 00007f3b087a6080 RCX: 00007f3b0858d169 [ 1456.245611][T17220] RDX: 0000000000000001 RSI: 0000200000000740 RDI: 0000000000000004 [ 1456.245624][T17220] RBP: 00007f3b093df090 R08: 0000000000000000 R09: 0000000000000000 [ 1456.245636][T17220] R10: 000000000000002f R11: 0000000000000246 R12: 0000000000000001 [ 1456.245647][T17220] R13: 0000000000000000 R14: 00007f3b087a6080 R15: 00007ffcd7c99bb8 [ 1456.245676][T17220] [ 1456.255037][T17133] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1456.300430][T14436] Bluetooth: hci4: command tx timeout [ 1456.303693][T17133] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1456.612771][ T5244] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 1456.685746][T17133] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1456.703318][T17133] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1456.776848][ T5244] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1456.788402][ T5244] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1456.805724][ T5244] usb 2-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00 [ 1456.824464][ T5244] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1456.853928][ T5244] usb 2-1: config 0 descriptor?? [ 1456.873454][T17133] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1456.984837][T17133] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1457.273298][ T5244] usbhid 2-1:0.0: can't add hid device: -71 [ 1457.284701][ T5244] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1457.344368][ T5244] usb 2-1: USB disconnect, device number 85 [ 1457.400768][T17235] netlink: 'syz.0.3073': attribute type 9 has an invalid length. [ 1457.427475][T17133] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1457.468386][T17133] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1457.506403][T17133] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1457.533447][T17133] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1457.765492][T17133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1457.824061][T17133] 8021q: adding VLAN 0 to HW filter on device team0 [ 1457.851788][T14407] bridge0: port 1(bridge_slave_0) entered blocking state [ 1457.859009][T14407] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1457.897419][T14412] bridge0: port 2(bridge_slave_1) entered blocking state [ 1457.904665][T14412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1457.992590][T17133] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1458.003251][T17133] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1458.114867][T17079] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 1458.174826][T14436] Bluetooth: hci1: unexpected event for opcode 0x0c6d [ 1458.287314][T17079] usb 2-1: Using ep0 maxpacket: 32 [ 1458.337993][T17079] usb 2-1: config 0 has an invalid interface number: 227 but max is 0 [ 1458.346394][T14436] Bluetooth: hci4: command tx timeout [ 1458.381202][T17079] usb 2-1: config 0 has an invalid descriptor of length 36, skipping remainder of the config [ 1458.410036][T17079] usb 2-1: config 0 has no interface number 0 [ 1458.428290][T17079] usb 2-1: New USB device found, idVendor=0840, idProduct=0085, bcdDevice= 0.01 [ 1458.438207][T17079] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1458.743834][T17079] usb 2-1: Product: syz [ 1458.748573][T17079] usb 2-1: Manufacturer: syz [ 1458.753261][T17079] usb 2-1: SerialNumber: syz [ 1458.766537][T17079] usb 2-1: config 0 descriptor?? [ 1458.774073][T17079] usb-storage 2-1:0.227: USB Mass Storage device detected [ 1458.855688][T17079] usb-storage 2-1:0.227: Quirks match for vid 0840 pid 0085: 10 [ 1459.016044][T17079] usb 2-1: USB disconnect, device number 86 [ 1459.060019][T17133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1459.736862][T17133] veth0_vlan: entered promiscuous mode [ 1459.799819][T17133] veth1_vlan: entered promiscuous mode [ 1459.862914][T17299] netlink: 830 bytes leftover after parsing attributes in process `syz.3.3092'. [ 1460.048724][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.068680][T17133] veth0_macvtap: entered promiscuous mode [ 1460.122837][T17309] Error validating options; rc = [-22] [ 1460.148243][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.148770][T17133] veth1_macvtap: entered promiscuous mode [ 1460.168018][T17309] Error validating options; rc = [-22] [ 1460.191393][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.205447][T17309] Error validating options; rc = [-22] [ 1460.236548][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.251087][T17309] Error validating options; rc = [-22] [ 1460.259848][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.283648][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1460.295524][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1460.305450][T17309] Error validating options; rc = [-22] [ 1460.315398][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1460.323428][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.339611][T17309] Error validating options; rc = [-22] [ 1460.340442][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1460.407259][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.422518][T17309] Error validating options; rc = [-22] [ 1460.512240][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.527020][T17309] Error validating options; rc = [-22] [ 1460.563386][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.577186][T17309] Error validating options; rc = [-22] [ 1460.601093][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1460.624345][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1460.634529][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.634556][T17309] Error validating options; rc = [-22] [ 1460.634998][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.697028][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1460.731414][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1460.741408][T17309] Error validating options; rc = [-22] [ 1460.760263][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1460.764622][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.784660][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1460.797036][T17133] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1460.808536][T17309] Error validating options; rc = [-22] [ 1460.817053][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.831082][T17309] Error validating options; rc = [-22] [ 1460.845083][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.890285][T17309] Error validating options; rc = [-22] [ 1460.942792][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1460.957010][T17309] Error validating options; rc = [-22] [ 1460.962861][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1461.039377][T17309] Error validating options; rc = [-22] [ 1461.063263][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1461.125595][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1461.165030][T17309] Error validating options; rc = [-22] [ 1461.177490][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1461.207164][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1461.220520][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1461.220546][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1461.220562][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1461.220578][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1461.220618][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1461.220634][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1461.220654][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1461.220669][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1461.223350][T17133] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1461.324749][T17309] Error validating options; rc = [-22] [ 1461.348526][T17133] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1461.364949][T17309] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1461.453472][T17309] Error validating options; rc = [-22] [ 1461.475992][T17133] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1461.485417][T17133] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1461.494167][T17133] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1461.705448][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1461.725072][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1461.762753][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1461.772088][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1462.509528][ T5878] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 1462.674511][ T5878] usb 5-1: Using ep0 maxpacket: 8 [ 1462.684739][ T5878] usb 5-1: no configurations [ 1462.689451][ T5878] usb 5-1: can't read configurations, error -22 [ 1463.344532][ T5878] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 1463.534612][ T5878] usb 5-1: Using ep0 maxpacket: 8 [ 1463.569385][ T5878] usb 5-1: no configurations [ 1463.614569][ T5878] usb 5-1: can't read configurations, error -22 [ 1463.736542][ T5878] usb usb5-port1: attempt power cycle [ 1463.767438][T17354] ubi31: attaching mtd0 [ 1463.829563][T17354] ubi31: scanning is finished [ 1463.834667][T17354] ubi31: empty MTD device detected [ 1464.296258][ T5878] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 1464.343819][ T5878] usb 5-1: Using ep0 maxpacket: 8 [ 1464.361788][ T5878] usb 5-1: no configurations [ 1464.368565][ T5878] usb 5-1: can't read configurations, error -22 [ 1464.375342][T17354] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1464.411519][T17354] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1464.421085][T17354] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1464.464593][T17354] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 1464.472179][T17354] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1464.485251][T17354] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1464.496179][T17354] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4119226975 [ 1464.507249][T17354] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1464.544951][T17361] ubi31: background thread "ubi_bgt31d" started, PID 17361 [ 1464.571841][ T5878] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 1464.615128][ T5878] usb 5-1: Using ep0 maxpacket: 8 [ 1464.621872][ T5878] usb 5-1: no configurations [ 1464.629717][ T5878] usb 5-1: can't read configurations, error -22 [ 1464.646858][ T5878] usb usb5-port1: unable to enumerate USB device [ 1464.714517][T17079] usb 2-1: new full-speed USB device number 87 using dummy_hcd [ 1464.768358][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1464.809998][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1464.825395][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1464.833909][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1464.852508][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1464.885072][T17079] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1464.907932][T17369] lo speed is unknown, defaulting to 1000 [ 1464.934668][T17079] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1464.964313][T17079] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1465.036780][T17079] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1465.054569][T17079] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1465.062632][T17079] usb 2-1: Product: syz [ 1465.075097][T17079] usb 2-1: Manufacturer: syz [ 1465.079761][T17079] usb 2-1: SerialNumber: syz [ 1465.259304][T17369] chnl_net:caif_netlink_parms(): no params data found [ 1465.325620][T17079] usb 2-1: 0:2 : does not exist [ 1465.379971][T17079] usb 2-1: USB disconnect, device number 87 [ 1465.424490][ T5878] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 1465.584440][ T5878] usb 4-1: Using ep0 maxpacket: 16 [ 1465.628857][ T5878] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1465.701082][ T5878] usb 4-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 1465.702386][T17232] udevd[17232]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1465.710824][ T5878] usb 4-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 1466.060100][ T5878] usb 4-1: Product: syz [ 1466.074521][ T5878] usb 4-1: Manufacturer: syz [ 1466.089600][ T5878] usb 4-1: SerialNumber: syz [ 1466.140092][ T5878] usb 4-1: config 0 descriptor?? [ 1466.179544][T17369] bridge0: port 1(bridge_slave_0) entered blocking state [ 1466.218119][T17369] bridge0: port 1(bridge_slave_0) entered disabled state [ 1466.270715][T17369] bridge_slave_0: entered allmulticast mode [ 1466.315005][T17369] bridge_slave_0: entered promiscuous mode [ 1466.360919][T17369] bridge0: port 2(bridge_slave_1) entered blocking state [ 1466.374582][T17369] bridge0: port 2(bridge_slave_1) entered disabled state [ 1466.400509][T17369] bridge_slave_1: entered allmulticast mode [ 1466.447261][T17369] bridge_slave_1: entered promiscuous mode [ 1466.550510][ T5878] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 1466.640444][T17232] udevd[17232]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1466.710522][T17369] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1466.785949][T17369] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1466.906808][ T5842] Bluetooth: hci1: command tx timeout [ 1466.957562][T17369] team0: Port device team_slave_0 added [ 1466.970943][T17369] team0: Port device team_slave_1 added [ 1466.993378][T17407] FAULT_INJECTION: forcing a failure. [ 1466.993378][T17407] name failslab, interval 1, probability 0, space 0, times 0 [ 1467.016981][T17407] CPU: 0 UID: 0 PID: 17407 Comm: syz.1.3127 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1467.017013][T17407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1467.017027][T17407] Call Trace: [ 1467.017036][T17407] [ 1467.017045][T17407] dump_stack_lvl+0x241/0x360 [ 1467.017083][T17407] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1467.017112][T17407] ? __pfx__printk+0x10/0x10 [ 1467.017144][T17407] ? __pfx___might_resched+0x10/0x10 [ 1467.017173][T17407] should_fail_ex+0x424/0x570 [ 1467.017202][T17407] should_failslab+0xac/0x100 [ 1467.017226][T17407] __kmalloc_noprof+0xdf/0x4d0 [ 1467.017247][T17407] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 1467.017268][T17407] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1467.017296][T17407] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1467.017332][T17407] tomoyo_path_number_perm+0x245/0x790 [ 1467.017367][T17407] ? tomoyo_path_number_perm+0x215/0x790 [ 1467.017400][T17407] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1467.017438][T17407] ? ksys_write+0x24e/0x2d0 [ 1467.017487][T17407] ? __lock_acquire+0xad5/0xd80 [ 1467.017528][T17407] ? __fget_files+0x2a/0x420 [ 1467.017551][T17407] ? __fget_files+0x2a/0x420 [ 1467.017578][T17407] ? __fget_files+0x2a/0x420 [ 1467.017607][T17407] security_file_ioctl+0xc6/0x2a0 [ 1467.017640][T17407] __se_sys_ioctl+0x46/0x160 [ 1467.017671][T17407] do_syscall_64+0xf3/0x230 [ 1467.017698][T17407] ? clear_bhb_loop+0x45/0xa0 [ 1467.017723][T17407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1467.017751][T17407] RIP: 0033:0x7f0b2078d169 [ 1467.017770][T17407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1467.017788][T17407] RSP: 002b:00007f0b2154e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1467.017812][T17407] RAX: ffffffffffffffda RBX: 00007f0b209a6080 RCX: 00007f0b2078d169 [ 1467.017827][T17407] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1467.017840][T17407] RBP: 00007f0b2154e090 R08: 0000000000000000 R09: 0000000000000000 [ 1467.017854][T17407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1467.017866][T17407] R13: 0000000000000001 R14: 00007f0b209a6080 R15: 00007ffe97cd2088 [ 1467.017898][T17407] [ 1467.017908][T17407] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1467.360928][T17369] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1467.370238][T17369] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1467.396193][ C1] vkms_vblank_simulate: vblank timer overrun [ 1467.419041][T17369] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1467.452649][T17369] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1467.475494][T17369] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1467.532078][T17369] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1467.593108][T10185] usb 4-1: USB disconnect, device number 111 [ 1467.715519][T17369] hsr_slave_0: entered promiscuous mode [ 1467.722652][T17369] hsr_slave_1: entered promiscuous mode [ 1467.737637][T17369] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1467.745431][T12017] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 1467.755356][T17369] Cannot create hsr debugfs directory [ 1467.894652][T12017] usb 5-1: Using ep0 maxpacket: 8 [ 1467.900644][T12017] usb 5-1: no configurations [ 1467.910888][T12017] usb 5-1: can't read configurations, error -22 [ 1468.054691][T12017] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 1468.139621][T17369] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.160343][T17369] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1468.214607][T12017] usb 5-1: Using ep0 maxpacket: 8 [ 1468.232042][T12017] usb 5-1: no configurations [ 1468.236901][T12017] usb 5-1: can't read configurations, error -22 [ 1468.269130][T12017] usb usb5-port1: attempt power cycle [ 1468.361943][T17432] FAULT_INJECTION: forcing a failure. [ 1468.361943][T17432] name failslab, interval 1, probability 0, space 0, times 0 [ 1468.386130][T17369] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.411412][T17432] CPU: 0 UID: 0 PID: 17432 Comm: syz.3.3138 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1468.411444][T17432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1468.411457][T17432] Call Trace: [ 1468.411467][T17432] [ 1468.411480][T17432] dump_stack_lvl+0x241/0x360 [ 1468.411519][T17432] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1468.411548][T17432] ? __pfx__printk+0x10/0x10 [ 1468.411582][T17432] ? __pfx___might_resched+0x10/0x10 [ 1468.411611][T17432] should_fail_ex+0x424/0x570 [ 1468.411640][T17432] should_failslab+0xac/0x100 [ 1468.411665][T17432] kmem_cache_alloc_noprof+0x78/0x390 [ 1468.411686][T17432] ? vm_area_dup+0x2b/0x5b0 [ 1468.411722][T17432] vm_area_dup+0x2b/0x5b0 [ 1468.411758][T17432] __split_vma+0x1b8/0xb20 [ 1468.411790][T17432] ? __pfx___split_vma+0x10/0x10 [ 1468.411818][T17432] ? mas_find+0x950/0xbb0 [ 1468.411849][T17432] vms_gather_munmap_vmas+0x4e1/0x13d0 [ 1468.411903][T17432] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 1468.411947][T17432] ? mas_find+0x8c0/0xbb0 [ 1468.411978][T17432] mmap_region+0xa13/0x2ea0 [ 1468.412037][T17432] ? __pfx_mmap_region+0x10/0x10 [ 1468.412054][T17432] ? is_bpf_text_address+0x26/0x2a0 [ 1468.412084][T17432] ? is_bpf_text_address+0x26/0x2a0 [ 1468.412108][T17432] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1468.412189][T17432] ? arch_get_unmapped_area_topdown+0x2b0/0xd50 [ 1468.412226][T17432] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 1468.412266][T17432] ? mm_get_unmapped_area+0xa8/0xd0 [ 1468.412287][T17432] ? cap_mmap_addr+0xaa/0xf0 [ 1468.412318][T17432] ? bpf_lsm_mmap_addr+0x9/0x10 [ 1468.412339][T17432] ? security_mmap_addr+0x6f/0x250 [ 1468.412378][T17432] ? shmem_mapping+0xd/0x50 [ 1468.412402][T17432] do_mmap+0xd42/0x1420 [ 1468.412438][T17432] ? __pfx_do_mmap+0x10/0x10 [ 1468.412458][T17432] ? down_write_killable+0x1a0/0x260 [ 1468.412487][T17432] ? vm_mmap_pgoff+0x214/0x530 [ 1468.412509][T17432] ? __pfx_down_write_killable+0x10/0x10 [ 1468.412547][T17432] vm_mmap_pgoff+0x2a2/0x530 [ 1468.412581][T17432] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1468.412620][T17432] ? __fget_files+0x2a/0x420 [ 1468.412646][T17432] ? __fget_files+0x39d/0x420 [ 1468.412669][T17432] ? __fget_files+0x2a/0x420 [ 1468.412698][T17432] ksys_mmap_pgoff+0x4ee/0x720 [ 1468.412721][T17432] ? __x64_sys_mmap+0x7f/0x140 [ 1468.412747][T17432] do_syscall_64+0xf3/0x230 [ 1468.412773][T17432] ? clear_bhb_loop+0x45/0xa0 [ 1468.412799][T17432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1468.412819][T17432] RIP: 0033:0x7f3b0858d169 [ 1468.412838][T17432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1468.412856][T17432] RSP: 002b:00007f3b09400038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1468.412878][T17432] RAX: ffffffffffffffda RBX: 00007f3b087a5fa0 RCX: 00007f3b0858d169 [ 1468.412894][T17432] RDX: 0000000001000007 RSI: 0000000000b36000 RDI: 0000200000000000 [ 1468.412908][T17432] RBP: 00007f3b09400090 R08: 0000000000000003 R09: 000000002c9ab000 [ 1468.412922][T17432] R10: 0000000000038011 R11: 0000000000000246 R12: 0000000000000001 [ 1468.412934][T17432] R13: 0000000000000000 R14: 00007f3b087a5fa0 R15: 00007ffcd7c99bb8 [ 1468.412966][T17432] [ 1468.413353][T17369] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1468.529244][T17435] [ 1468.742221][T17435] ====================================================== [ 1468.749242][T17435] WARNING: possible circular locking dependency detected [ 1468.756260][T17435] 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 Not tainted [ 1468.763362][T17435] ------------------------------------------------------ [ 1468.770374][T17435] syz.1.3139/17435 is trying to acquire lock: [ 1468.776439][T17435] ffffffff900eb108 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_getsockopt+0x11ae/0x2ba0 [ 1468.785512][T17435] [ 1468.785512][T17435] but task is already holding lock: [ 1468.792887][T17435] ffff888032d77220 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_getsockopt+0x131/0x400 [ 1468.802994][T17435] [ 1468.802994][T17435] which lock already depends on the new lock. [ 1468.802994][T17435] [ 1468.813433][T17435] [ 1468.813433][T17435] the existing dependency chain (in reverse order) is: [ 1468.822449][T17435] [ 1468.822449][T17435] -> #2 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 1468.831066][T17435] lock_acquire+0x116/0x2f0 [ 1468.836104][T17435] __mutex_lock+0x1a5/0x10c0 [ 1468.841248][T17435] smc_switch_to_fallback+0x35/0xda0 [ 1468.847057][T17435] smc_sendmsg+0x11f/0x530 [ 1468.851996][T17435] __sock_sendmsg+0x221/0x270 [ 1468.857205][T17435] __sys_sendto+0x365/0x4c0 [ 1468.862248][T17435] __x64_sys_sendto+0xde/0x100 [ 1468.867550][T17435] do_syscall_64+0xf3/0x230 [ 1468.872595][T17435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1468.879019][T17435] [ 1468.879019][T17435] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 1468.886675][T17435] lock_acquire+0x116/0x2f0 [ 1468.891699][T17435] lock_sock_nested+0x48/0x100 [ 1468.896993][T17435] do_ip_setsockopt+0x17e9/0x39c0 [ 1468.902550][T17435] ip_setsockopt+0x63/0x100 [ 1468.907583][T17435] do_sock_setsockopt+0x3b1/0x710 [ 1468.913135][T17435] __x64_sys_setsockopt+0x1ee/0x280 [ 1468.918859][T17435] do_syscall_64+0xf3/0x230 [ 1468.923891][T17435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1468.930310][T17435] [ 1468.930310][T17435] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 1468.937545][T17435] validate_chain+0xa69/0x24e0 [ 1468.942929][T17435] __lock_acquire+0xad5/0xd80 [ 1468.948127][T17435] lock_acquire+0x116/0x2f0 [ 1468.953152][T17435] __mutex_lock+0x1a5/0x10c0 [ 1468.958267][T17435] do_ip_getsockopt+0x11ae/0x2ba0 [ 1468.963819][T17435] ip_getsockopt+0xef/0x2e0 [ 1468.968849][T17435] tcp_getsockopt+0x16f/0x1d0 [ 1468.974054][T17435] smc_getsockopt+0x1c6/0x400 [ 1468.979256][T17435] do_sock_getsockopt+0x391/0x740 [ 1468.984804][T17435] __x64_sys_getsockopt+0x2a3/0x370 [ 1468.990526][T17435] do_syscall_64+0xf3/0x230 [ 1468.995554][T17435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1469.001993][T17435] [ 1469.001993][T17435] other info that might help us debug this: [ 1469.001993][T17435] [ 1469.012231][T17435] Chain exists of: [ 1469.012231][T17435] rtnl_mutex --> sk_lock-AF_INET --> &smc->clcsock_release_lock [ 1469.012231][T17435] [ 1469.025821][T17435] Possible unsafe locking scenario: [ 1469.025821][T17435] [ 1469.033284][T17435] CPU0 CPU1 [ 1469.038672][T17435] ---- ---- [ 1469.044034][T17435] lock(&smc->clcsock_release_lock); [ 1469.049414][T17435] lock(sk_lock-AF_INET); [ 1469.056366][T17435] lock(&smc->clcsock_release_lock); [ 1469.064279][T17435] lock(rtnl_mutex); [ 1469.068280][T17435] [ 1469.068280][T17435] *** DEADLOCK *** [ 1469.068280][T17435] [ 1469.076439][T17435] 1 lock held by syz.1.3139/17435: [ 1469.081551][T17435] #0: ffff888032d77220 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_getsockopt+0x131/0x400 [ 1469.092118][T17435] [ 1469.092118][T17435] stack backtrace: [ 1469.098009][T17435] CPU: 1 UID: 0 PID: 17435 Comm: syz.1.3139 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) [ 1469.098031][T17435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1469.098041][T17435] Call Trace: [ 1469.098049][T17435] [ 1469.098057][T17435] dump_stack_lvl+0x241/0x360 [ 1469.098081][T17435] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1469.098103][T17435] ? __pfx__printk+0x10/0x10 [ 1469.098124][T17435] ? print_lock+0x171/0x1a0 [ 1469.098161][T17435] print_circular_bug+0x2e1/0x300 [ 1469.098184][T17435] check_noncircular+0x142/0x160 [ 1469.098207][T17435] validate_chain+0xa69/0x24e0 [ 1469.098238][T17435] __lock_acquire+0xad5/0xd80 [ 1469.098257][T17435] lock_acquire+0x116/0x2f0 [ 1469.098272][T17435] ? do_ip_getsockopt+0x11ae/0x2ba0 [ 1469.098297][T17435] __mutex_lock+0x1a5/0x10c0 [ 1469.098318][T17435] ? do_ip_getsockopt+0x11ae/0x2ba0 [ 1469.098339][T17435] ? __lock_acquire+0xad5/0xd80 [ 1469.098363][T17435] ? do_ip_getsockopt+0x11ae/0x2ba0 [ 1469.098383][T17435] ? __pfx___mutex_lock+0x10/0x10 [ 1469.098411][T17435] do_ip_getsockopt+0x11ae/0x2ba0 [ 1469.098434][T17435] ? __pfx_do_ip_getsockopt+0x10/0x10 [ 1469.098460][T17435] ? look_up_lock_class+0x7b/0x170 [ 1469.098481][T17435] ? register_lock_class+0x54/0x330 [ 1469.098498][T17435] ? __lock_acquire+0xad5/0xd80 [ 1469.098514][T17435] ? __mutex_trylock_common+0x184/0x2e0 [ 1469.098538][T17435] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1469.098562][T17435] ip_getsockopt+0xef/0x2e0 [ 1469.098583][T17435] ? __pfx_ip_getsockopt+0x10/0x10 [ 1469.098607][T17435] ? smc_getsockopt+0x131/0x400 [ 1469.098645][T17435] tcp_getsockopt+0x16f/0x1d0 [ 1469.098671][T17435] ? __pfx_tcp_getsockopt+0x10/0x10 [ 1469.098697][T17435] ? sock_common_getsockopt+0x2e/0xb0 [ 1469.098723][T17435] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1469.098747][T17435] smc_getsockopt+0x1c6/0x400 [ 1469.098767][T17435] ? __pfx_smc_getsockopt+0x10/0x10 [ 1469.098789][T17435] ? __pfx_smc_getsockopt+0x10/0x10 [ 1469.098809][T17435] do_sock_getsockopt+0x391/0x740 [ 1469.098829][T17435] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1469.098845][T17435] ? __fget_files+0x2a/0x420 [ 1469.098866][T17435] ? __fget_files+0x39d/0x420 [ 1469.098885][T17435] ? __fget_files+0x2a/0x420 [ 1469.098906][T17435] __x64_sys_getsockopt+0x2a3/0x370 [ 1469.098927][T17435] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 1469.098947][T17435] ? do_syscall_64+0xb6/0x230 [ 1469.098969][T17435] do_syscall_64+0xf3/0x230 [ 1469.098990][T17435] ? clear_bhb_loop+0x45/0xa0 [ 1469.099010][T17435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1469.099027][T17435] RIP: 0033:0x7f0b2078d169 [ 1469.099043][T17435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1469.099060][T17435] RSP: 002b:00007f0b2156f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1469.099078][T17435] RAX: ffffffffffffffda RBX: 00007f0b209a5fa0 RCX: 00007f0b2078d169 [ 1469.099092][T17435] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000004 [ 1469.099103][T17435] RBP: 00007f0b2080e730 R08: 0000200000000040 R09: 0000000000000000 [ 1469.099115][T17435] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000000 [ 1469.099126][T17435] R13: 0000000000000000 R14: 00007f0b209a5fa0 R15: 00007ffe97cd2088 [ 1469.099145][T17435] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1469.418044][ C1] vkms_vblank_simulate: vblank timer overrun [ 1469.438511][ T5842] Bluetooth: hci1: command tx timeout [ 1469.687571][T12017] usb 5-1: new high-speed USB device number 110 using dummy_hcd [ 1469.714852][T12017] usb 5-1: Using ep0 maxpacket: 8 [ 1469.720397][T12017] usb 5-1: no configurations [ 1469.725091][T12017] usb 5-1: can't read configurations, error -22 [ 1469.854662][T12017] usb 5-1: new high-speed USB device number 111 using dummy_hcd [ 1469.870491][T17369] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1469.904446][T17369] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1470.056169][T17369] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1470.085130][T17369] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1470.289591][T12017] usb 5-1: device descriptor read/8, error -71 [ 1470.404613][T12017] usb usb5-port1: unable to enumerate USB device