last executing test programs: 10.516195607s ago: executing program 2 (id=283): syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000002c0)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x3, 0x20, 0x3, [{{0x9, 0x4, 0x0, 0x49, 0x1, 0x7, 0x1, 0x1, 0x5, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0xfb, 0x3, 0x4}}}}}]}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000300)={0xa, 0x6, 0x300, 0x4, 0x8, 0xc, 0x40, 0x4f}, 0x5, &(0x7f0000000340)={0x5, 0xf, 0x5}}) syz_open_dev$sndpcmp(0x0, 0x7, 0x8001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffe, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3], 0x0, 0x41901}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8.068935175s ago: executing program 2 (id=290): socket$packet(0x11, 0x3, 0x300) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c000000100037040200"/20, @ANYRES32=r3, @ANYBLOB="a30d0500000000001c0012800e00010069703665727370616e00000008000280040012"], 0x3c}}, 0x8000) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="2ab50e65cd6b"}, 0x14) 7.749612s ago: executing program 0 (id=291): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) close(r0) preadv(r1, &(0x7f0000001300)=[{&(0x7f0000000340)=""/124, 0x7c}], 0x1, 0x0, 0x7) close(0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 7.249222994s ago: executing program 2 (id=293): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x3c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x3c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000500)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x48}}, 0x0) sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000140)={0x40, 0xb, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_NAME={0x9, 0x12, 'syz1\x00'}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x22}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x44080}, 0x4000002) 6.919200922s ago: executing program 0 (id=295): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000700000001"], 0x48) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000180)=0xa98) 6.591598743s ago: executing program 2 (id=297): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000007c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000180), 0x0) 6.373797508s ago: executing program 3 (id=298): r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x101301) ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000002680)) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002302230102090500000010000020d3"]) 6.08004385s ago: executing program 0 (id=300): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 6.063627448s ago: executing program 1 (id=301): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) truncate(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', 0x6) 5.836627391s ago: executing program 4 (id=302): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000006080)=@newtfilter={0x74, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x44, 0x2, [@TCA_BASIC_POLICE={0x40, 0x4, [@TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x20000000, 0x81, 0x8, 0x7, {0x2, 0x2, 0x8, 0xfff8, 0x9, 0xfffffffe}, {0x9, 0x1, 0x0, 0x5, 0x0, 0x9d}, 0x10001, 0x9, 0x4}}]}]}}]}, 0x74}}, 0x4000000) 5.712520066s ago: executing program 2 (id=303): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) close(r1) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x16d001, 0x80) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) close(0xffffffffffffffff) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) close(r2) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) 5.576773586s ago: executing program 3 (id=304): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000007c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000180), 0x0) 5.363749803s ago: executing program 1 (id=305): openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x6, 0x0}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x104}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.972212975s ago: executing program 2 (id=306): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000000)={0x2, 0x401, 0x0, 0x0}) socket$netlink(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r3, &(0x7f0000001240)=""/102400, 0x200000, 0x0) 4.799767826s ago: executing program 0 (id=307): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x3c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x3c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000140)={0x40, 0xb, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_NAME={0x9, 0x12, 'syz1\x00'}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x22}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x44080}, 0x4000002) 4.729428777s ago: executing program 4 (id=308): r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000fd41fd01020400000a00120002002800000019002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x6d}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0) 4.551866475s ago: executing program 3 (id=309): r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x80182) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) 4.001939731s ago: executing program 0 (id=310): r0 = socket$inet_sctp(0x2, 0x400000000001, 0x84) listen(r0, 0xda8c) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 3.903284397s ago: executing program 1 (id=311): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) 3.776035157s ago: executing program 4 (id=312): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) r1 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0xfffffffd}, {0xa, 0x0, 0x0, @mcast2, 0x2}}, 0x5c) 3.323334392s ago: executing program 1 (id=313): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) 3.059744263s ago: executing program 4 (id=314): fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6) 2.890159807s ago: executing program 3 (id=315): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1100"], 0x14) 2.524258401s ago: executing program 0 (id=316): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010100}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x400002}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x40c0080) 2.21328664s ago: executing program 4 (id=317): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000004140)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000000840)=""/245, 0xf5}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/243, 0xf3}], 0x5}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x10000}], 0x4, 0x20, 0x0) 2.104215357s ago: executing program 3 (id=318): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000006080)=@newtfilter={0x74, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x44, 0x2, [@TCA_BASIC_POLICE={0x40, 0x4, [@TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x20000000, 0x81, 0x8, 0x7, {0x2, 0x2, 0x8, 0xfff8, 0x9, 0xfffffffe}, {0x9, 0x1, 0x0, 0x5, 0x0, 0x9d}, 0x10001, 0x9, 0x4}}]}]}}]}, 0x74}}, 0x4000000) 1.063910122s ago: executing program 1 (id=319): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000140)="1397", 0x2}], 0x1) 986.434253ms ago: executing program 1 (id=320): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x3c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x3c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000140)={0x40, 0xb, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_NAME={0x9, 0x12, 'syz1\x00'}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x22}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x44080}, 0x4000002) 515.705947ms ago: executing program 3 (id=321): connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8, 0x1, @private1={0xfc, 0x1, '\x00', 0x3}}, 0x1c) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x11}}) 0s ago: executing program 4 (id=322): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0f00000004000000040000001200000000", @ANYRES32, @ANYBLOB="00000000000000000000000000e1fffffffffffff6991fc1427ebdca2e39269fab327f9a4682b8ddd7e11c0b", @ANYRES32=0x0], 0x48) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f00000aa000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000080)=0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x4, 0x8, 0xc, 0x0, 0x9, 0x10, 0x5, 0xd, 0xe, 0x3, 0x6, 0xd, 0x0, 0x0, 0x615, 0x3, 0x7, 0x71, 0x2, '\x00', 0x7, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): 49 > 4 [ 221.631986][ T5784] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 221.656463][ T5782] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 221.667663][ T5782] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 221.678037][ T5782] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 221.689061][ T5782] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 221.689503][ T5778] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 221.709988][ T5791] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 221.725145][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 221.794782][ T5791] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 221.843906][ T5791] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 222.546167][ T5777] chnl_net:caif_netlink_parms(): no params data found [ 223.099085][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 223.283797][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 223.456425][ T51] Bluetooth: hci0: command tx timeout [ 223.459518][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 223.634915][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.642727][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.650406][ T5777] bridge_slave_0: entered allmulticast mode [ 223.659626][ T5777] bridge_slave_0: entered promiscuous mode [ 223.701973][ T51] Bluetooth: hci1: command tx timeout [ 223.725255][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.733148][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.740760][ T5777] bridge_slave_1: entered allmulticast mode [ 223.749684][ T5777] bridge_slave_1: entered promiscuous mode [ 223.790049][ T51] Bluetooth: hci2: command tx timeout [ 223.855244][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 223.908909][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.936946][ T51] Bluetooth: hci4: command tx timeout [ 223.939764][ T5074] Bluetooth: hci3: command tx timeout [ 223.970758][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.316460][ T5777] team0: Port device team_slave_0 added [ 224.324143][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.335749][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.343495][ T5781] bridge_slave_0: entered allmulticast mode [ 224.352401][ T5781] bridge_slave_0: entered promiscuous mode [ 224.372401][ T5777] team0: Port device team_slave_1 added [ 224.383807][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 224.390422][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 224.417531][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.425584][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.433350][ T5781] bridge_slave_1: entered allmulticast mode [ 224.442229][ T5781] bridge_slave_1: entered promiscuous mode [ 224.723809][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 224.730970][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 224.757380][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 224.769921][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.777832][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.785627][ T5783] bridge_slave_0: entered allmulticast mode [ 224.796541][ T5783] bridge_slave_0: entered promiscuous mode [ 224.839802][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.847731][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.855442][ T5786] bridge_slave_0: entered allmulticast mode [ 224.863886][ T5786] bridge_slave_0: entered promiscuous mode [ 224.908037][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 224.915892][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 224.942303][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 224.957593][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.965358][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.973209][ T5783] bridge_slave_1: entered allmulticast mode [ 224.981104][ T5783] bridge_slave_1: entered promiscuous mode [ 224.998727][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.009797][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.017595][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.025567][ T5786] bridge_slave_1: entered allmulticast mode [ 225.033978][ T5786] bridge_slave_1: entered promiscuous mode [ 225.104026][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.111695][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.119306][ T5787] bridge_slave_0: entered allmulticast mode [ 225.128148][ T5787] bridge_slave_0: entered promiscuous mode [ 225.227530][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.277943][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.291596][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.299054][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.308388][ T5787] bridge_slave_1: entered allmulticast mode [ 225.317706][ T5787] bridge_slave_1: entered promiscuous mode [ 225.427484][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.481554][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.536152][ T5074] Bluetooth: hci0: command tx timeout [ 225.644964][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.666399][ T5777] hsr_slave_0: entered promiscuous mode [ 225.676503][ T5777] hsr_slave_1: entered promiscuous mode [ 225.696342][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.713279][ T5781] team0: Port device team_slave_0 added [ 225.728345][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.744526][ T5786] team0: Port device team_slave_0 added [ 225.760068][ T5781] team0: Port device team_slave_1 added [ 225.778778][ T5074] Bluetooth: hci1: command tx timeout [ 225.838467][ T5783] team0: Port device team_slave_0 added [ 225.851733][ T5074] Bluetooth: hci2: command tx timeout [ 225.926682][ T5786] team0: Port device team_slave_1 added [ 225.977542][ T5783] team0: Port device team_slave_1 added [ 226.011572][ T5074] Bluetooth: hci4: command tx timeout [ 226.017229][ T51] Bluetooth: hci3: command tx timeout [ 226.134997][ T5787] team0: Port device team_slave_0 added [ 226.176919][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 226.185381][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.211593][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 226.287791][ T5787] team0: Port device team_slave_1 added [ 226.296691][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 226.304006][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.330267][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 226.346431][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 226.353720][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.380042][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.394114][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 226.401241][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.427807][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.441948][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 226.449073][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.475637][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 226.503182][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 226.510321][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.536691][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.715719][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 226.723071][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.751609][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 226.767949][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 226.775291][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.801622][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.895842][ T5783] hsr_slave_0: entered promiscuous mode [ 226.905331][ T5783] hsr_slave_1: entered promiscuous mode [ 226.913710][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 226.921625][ T5783] Cannot create hsr debugfs directory [ 227.165076][ T5786] hsr_slave_0: entered promiscuous mode [ 227.174705][ T5786] hsr_slave_1: entered promiscuous mode [ 227.182988][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.190735][ T5786] Cannot create hsr debugfs directory [ 227.325795][ T5787] hsr_slave_0: entered promiscuous mode [ 227.335311][ T5787] hsr_slave_1: entered promiscuous mode [ 227.343836][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.352805][ T5787] Cannot create hsr debugfs directory [ 227.387737][ T5781] hsr_slave_0: entered promiscuous mode [ 227.397231][ T5781] hsr_slave_1: entered promiscuous mode [ 227.404848][ T5781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.412657][ T5781] Cannot create hsr debugfs directory [ 227.632834][ T51] Bluetooth: hci0: command tx timeout [ 227.851645][ T51] Bluetooth: hci1: command tx timeout [ 227.947985][ T51] Bluetooth: hci2: command tx timeout [ 228.091759][ T51] Bluetooth: hci3: command tx timeout [ 228.097383][ T51] Bluetooth: hci4: command tx timeout [ 228.298575][ T5777] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 228.420226][ T5777] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 228.479887][ T5783] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 228.519127][ T5777] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 228.620144][ T5783] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 228.651118][ T5777] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 228.728781][ T5783] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 228.828266][ T5783] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 228.862130][ T5787] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 228.937211][ T5787] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 228.965857][ T5787] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 229.010070][ T5787] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 229.094034][ T5786] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 229.258262][ T5786] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 229.335363][ T5781] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 229.377353][ T5786] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 229.412369][ T5781] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 229.437138][ T5781] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 229.466424][ T5786] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 229.515605][ T5781] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 229.691661][ T51] Bluetooth: hci0: command tx timeout [ 229.772967][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.939761][ T51] Bluetooth: hci1: command tx timeout [ 229.967314][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.011926][ T51] Bluetooth: hci2: command tx timeout [ 230.054884][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.172557][ T51] Bluetooth: hci4: command tx timeout [ 230.178193][ T51] Bluetooth: hci3: command tx timeout [ 230.219810][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.263863][ T4908] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.271271][ T4908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.299443][ T4908] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.307121][ T4908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.377899][ T4230] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.385591][ T4230] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.463738][ T4908] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.471492][ T4908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.909062][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.057638][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.111807][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.126192][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.215318][ T4908] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.223142][ T4908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.307112][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.341441][ T4908] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.349062][ T4908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.377712][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.487255][ T4908] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.495121][ T4908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.509985][ T4908] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.517659][ T4908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.615965][ T4908] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.624079][ T4908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.815203][ T4908] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.823384][ T4908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.934228][ T5787] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 231.944943][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 231.970755][ T5781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 232.686330][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.910611][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 233.160537][ T5777] veth0_vlan: entered promiscuous mode [ 233.288552][ T5777] veth1_vlan: entered promiscuous mode [ 233.486693][ T5783] veth0_vlan: entered promiscuous mode [ 233.637454][ T5783] veth1_vlan: entered promiscuous mode [ 233.702905][ T5777] veth0_macvtap: entered promiscuous mode [ 233.778268][ T5777] veth1_macvtap: entered promiscuous mode [ 233.887179][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.005993][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 234.071235][ T5783] veth0_macvtap: entered promiscuous mode [ 234.119505][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 234.169561][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.209640][ T5783] veth1_macvtap: entered promiscuous mode [ 234.243919][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.257004][ T5777] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.266553][ T5777] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.275745][ T5777] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.284902][ T5777] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.466074][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.478393][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.494698][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 234.591916][ T5787] veth0_vlan: entered promiscuous mode [ 234.663831][ T5787] veth1_vlan: entered promiscuous mode [ 234.723538][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.735243][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.752962][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 234.859260][ T5781] veth0_vlan: entered promiscuous mode [ 234.879292][ T5783] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.889273][ T5783] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.898438][ T5783] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.907537][ T5783] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.997935][ T5781] veth1_vlan: entered promiscuous mode [ 235.039063][ T5787] veth0_macvtap: entered promiscuous mode [ 235.119424][ T5787] veth1_macvtap: entered promiscuous mode [ 235.304674][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.317086][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.328736][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.340367][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.355005][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 235.469718][ T5781] veth0_macvtap: entered promiscuous mode [ 235.540177][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.551549][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.561779][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.572615][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.587092][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 235.619074][ T5781] veth1_macvtap: entered promiscuous mode [ 235.769749][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.780953][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.790214][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.799279][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.936698][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.948875][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.959214][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.969906][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.980103][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.990832][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.005643][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.166969][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.179111][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.190564][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.202296][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.212465][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.223175][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.238759][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 236.488772][ T5781] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.497987][ T5781] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.507192][ T5781] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.516321][ T5781] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.851058][ T5786] veth0_vlan: entered promiscuous mode [ 237.003298][ T5786] veth1_vlan: entered promiscuous mode [ 237.372383][ T5786] veth0_macvtap: entered promiscuous mode [ 237.468242][ T5786] veth1_macvtap: entered promiscuous mode [ 237.687343][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.698363][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.709326][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.720128][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.730345][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.741116][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.751446][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.762243][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.776837][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 238.100656][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.111610][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.121825][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.133777][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.144026][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.154775][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.164877][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.176440][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.193473][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 238.469308][ T5786] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.478668][ T5786] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.490115][ T5786] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.499360][ T5786] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.112224][ T1114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.120298][ T1114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.318478][ T4710] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.327206][ T4710] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.738672][ T5777] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 241.792830][ T3649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.800883][ T3649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.979487][ T4139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.988041][ T4139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.210052][ T5949] loop1: detected capacity change from 0 to 512 [ 242.354079][ T5949] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 242.367667][ T5949] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 242.552607][ T5949] EXT4-fs (loop1): 1 truncate cleaned up [ 242.594525][ T4230] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.603719][ T4230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.615957][ T5949] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 242.965032][ T4100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.973197][ T4100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.428293][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.560430][ T5956] loop0: detected capacity change from 0 to 32768 [ 243.584825][ T5956] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1 (5956) [ 243.639492][ T4222] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.647657][ T4222] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.699446][ T5956] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 243.710121][ T5956] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 243.719456][ T5956] BTRFS info (device loop0): using free-space-tree [ 243.975710][ T4222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.984127][ T4222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.099872][ T5837] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 244.205781][ T5836] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 244.341935][ T5837] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 244.353622][ T5837] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.363832][ T5837] usb 3-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 244.373305][ T5837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.439970][ T5836] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 244.446965][ T5837] usb 3-1: config 0 descriptor?? [ 244.451508][ T5836] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.466202][ T5836] usb 2-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 244.475670][ T5836] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.623005][ T5836] usb 2-1: config 0 descriptor?? [ 244.768081][ T5783] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 244.920329][ T5987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 245.002403][ T5987] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 245.262725][ T5836] hid-generic 0003:05AC:4262.0001: unbalanced delimiter at end of report description [ 245.308923][ T5836] hid-generic 0003:05AC:4262.0001: probe with driver hid-generic failed with error -22 [ 245.514351][ T5837] hid-generic 0003:05AC:4262.0002: unbalanced delimiter at end of report description [ 245.616323][ T5837] hid-generic 0003:05AC:4262.0002: probe with driver hid-generic failed with error -22 [ 245.683052][ T5992] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4'. [ 245.743608][ T5837] usb 3-1: USB disconnect, device number 2 [ 245.787471][ T5836] usb 2-1: USB disconnect, device number 2 [ 245.960943][ T5989] xt_connbytes: Forcing CT accounting to be enabled [ 245.968099][ T5989] Cannot find set identified by id 0 to match [ 246.257651][ T4139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.266393][ T4139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.508691][ T4222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.517017][ T4222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 247.502595][ T5837] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 247.803301][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 247.815086][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 247.825420][ T5837] usb 2-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 247.825553][ T5837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.863860][ T6012] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11'. [ 247.873543][ T6012] xt_connbytes: Forcing CT accounting to be enabled [ 247.873622][ T6012] Cannot find set identified by id 0 to match [ 247.882071][ T5837] usb 2-1: config 0 descriptor?? [ 248.496547][ T5837] hid-generic 0003:05AC:4262.0003: unbalanced delimiter at end of report description [ 248.562184][ T5837] hid-generic 0003:05AC:4262.0003: probe with driver hid-generic failed with error -22 [ 248.815106][ T1857] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 248.868950][ T5837] usb 2-1: USB disconnect, device number 3 [ 248.871160][ T6021] loop4: detected capacity change from 0 to 256 [ 249.043090][ T1857] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 249.055619][ T1857] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 249.066903][ T1857] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 249.077076][ T1857] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 249.090535][ T1857] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 249.099926][ T1857] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.189353][ T6023] fuse: Bad value for 'user_id' [ 249.195314][ T6023] fuse: Bad value for 'user_id' [ 249.244640][ T6025] loop2: detected capacity change from 0 to 256 [ 249.364105][ T1857] usb 4-1: config 0 descriptor?? [ 249.544152][ T6027] loop0: detected capacity change from 0 to 1024 [ 249.575202][ T6027] hfsplus: Unknown parameter 'nodecom…' [ 249.706788][ T5836] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 249.903703][ T5836] usb 3-1: Using ep0 maxpacket: 16 [ 249.971825][ T5836] usb 3-1: config 0 has an invalid interface number: 231 but max is 1 [ 249.980526][ T5836] usb 3-1: config 0 has no interface number 1 [ 249.987209][ T5836] usb 3-1: too many endpoints for config 0 interface 231 altsetting 15: 203, using maximum allowed: 30 [ 249.998668][ T5836] usb 3-1: config 0 interface 231 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 203 [ 250.013484][ T5836] usb 3-1: config 0 interface 231 has no altsetting 0 [ 250.158643][ T5836] usb 3-1: New USB device found, idVendor=413c, idProduct=81d2, bcdDevice=25.e8 [ 250.168594][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.177093][ T5836] usb 3-1: Product: syz [ 250.181582][ T5836] usb 3-1: Manufacturer: syz [ 250.186392][ T5836] usb 3-1: SerialNumber: syz [ 250.237336][ T5836] usb 3-1: config 0 descriptor?? [ 250.466973][ T6025] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 250.477676][ T6025] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 250.643772][ T6036] loop1: detected capacity change from 0 to 512 [ 250.685812][ T6037] mmap: syz.2.15 (6037) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 250.706504][ T1857] usbhid 4-1:0.0: can't add hid device: -71 [ 250.713197][ T1857] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 250.754788][ T6036] ======================================================= [ 250.754788][ T6036] WARNING: The mand mount option has been deprecated and [ 250.754788][ T6036] and is ignored by this kernel. Remove the mand [ 250.754788][ T6036] option from the mount to silence this warning. [ 250.754788][ T6036] ======================================================= [ 250.789886][ C0] vkms_vblank_simulate: vblank timer overrun [ 250.814425][ T1857] usb 4-1: USB disconnect, device number 2 [ 250.919170][ T6036] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 251.143114][ T6036] EXT4-fs (loop1): 1 truncate cleaned up [ 251.152193][ T6036] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.322333][ T10] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 251.532885][ T10] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 251.542773][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.903700][ T10] usb 1-1: config 0 descriptor?? [ 252.088948][ T10] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 252.536436][ T10] gp8psk: usb in 128 operation failed. [ 252.651528][ T5074] Bluetooth: hci4: command 0x0405 tx timeout [ 252.668932][ T6043] FAULT_INJECTION: forcing a failure. [ 252.668932][ T6043] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 252.682538][ T6043] CPU: 1 UID: 0 PID: 6043 Comm: syz.4.19 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 252.682660][ T6043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 252.682739][ T6043] Call Trace: [ 252.682787][ T6043] [ 252.682829][ T6043] dump_stack_lvl+0x216/0x2d0 [ 252.682981][ T6043] dump_stack+0x1e/0x24 [ 252.683086][ T6043] should_fail_ex+0x748/0x7f0 [ 252.683265][ T6043] should_fail+0x2a/0x40 [ 252.683417][ T6043] should_fail_usercopy+0x2e/0x40 [ 252.683596][ T6043] _copy_to_iter+0x1cb/0x2b30 [ 252.683761][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.683919][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.684076][ T6043] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 252.684228][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.684394][ T6043] __skb_datagram_iter+0x77d/0x1190 [ 252.684579][ T6043] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 252.684773][ T6043] skb_copy_datagram_iter+0x5c/0x200 [ 252.684954][ T6043] tcp_recvmsg_locked+0x1d9f/0x5860 [ 252.685120][ T6043] ? __rcu_read_unlock+0x7b/0xe0 [ 252.685255][ T6043] ? ima_match_policy+0x3224/0x3270 [ 252.685420][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.685597][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.685757][ T6043] ? tcp_recvmsg+0x7b/0xad0 [ 252.685908][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.686067][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.686225][ T6043] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 252.686391][ T6043] ? __local_bh_enable_ip+0x74/0xb0 [ 252.686555][ T6043] tcp_recvmsg+0x279/0xad0 [ 252.686702][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.686857][ T6043] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 252.687011][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.687167][ T6043] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 252.687335][ T6043] ? __pfx_tcp_recvmsg+0x10/0x10 [ 252.687491][ T6043] inet_recvmsg+0x167/0x6a0 [ 252.687657][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.687813][ T6043] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 252.687981][ T6043] ? __pfx_inet_recvmsg+0x10/0x10 [ 252.688139][ T6043] sock_recvmsg+0x235/0x340 [ 252.688292][ T6043] ____sys_recvmsg+0x18a/0x620 [ 252.688409][ T6043] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 252.688554][ T6043] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 252.688719][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.688885][ T6043] ___sys_recvmsg+0x223/0x840 [ 252.689027][ T6043] ? kmsan_get_metadata+0x13e/0x1c0 [ 252.689182][ T6043] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 252.689350][ T6043] do_recvmmsg+0x45a/0xfc0 [ 252.689480][ T6043] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 252.689609][ T6043] ? stack_depot_save_flags+0x6db/0x750 [ 252.689790][ T6043] ? x64_sys_call+0x35ba/0x3c30 [ 252.689923][ T6043] __x64_sys_recvmmsg+0x397/0x490 [ 252.690059][ T6043] x64_sys_call+0x35ba/0x3c30 [ 252.690191][ T6043] do_syscall_64+0xcd/0x1e0 [ 252.690337][ T6043] ? clear_bhb_loop+0x25/0x80 [ 252.690499][ T6043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.690662][ T6043] RIP: 0033:0x7f070598cd29 [ 252.690766][ T6043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.690873][ T6043] RSP: 002b:00007f070677d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 252.690996][ T6043] RAX: ffffffffffffffda RBX: 00007f0705ba5fa0 RCX: 00007f070598cd29 [ 252.691085][ T6043] RDX: 0000000000000002 RSI: 0000000020000dc0 RDI: 0000000000000003 [ 252.691161][ T6043] RBP: 00007f070677d090 R08: 0000000000000000 R09: 0000000000000000 [ 252.691236][ T6043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.691308][ T6043] R13: 0000000000000000 R14: 00007f0705ba5fa0 R15: 00007ffe388b0228 [ 252.691406][ T6043] [ 253.089840][ T6036] EXT4-fs error (device loop1): ext4_generic_delete_entry:2687: inode #2: block 13: comm syz.1.17: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 253.236439][ T6036] EXT4-fs error (device loop1) in ext4_delete_entry:2758: Corrupt filesystem [ 253.297601][ T6036] EXT4-fs warning (device loop1): ext4_rename_delete:3742: inode #2: comm syz.1.17: Deleting old file: nlink 4, error=-117 [ 253.433998][ T6039] loop0: detected capacity change from 0 to 512 [ 253.854256][ T5836] usb 3-1: Could not set interface, error -71 [ 253.864080][ T6039] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.877304][ T6039] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 253.961130][ T5836] usb 3-1: USB disconnect, device number 3 [ 254.136789][ T6054] netlink: 14 bytes leftover after parsing attributes in process `syz.4.21'. [ 254.233998][ T1857] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 254.317413][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.423206][ T1857] usb 4-1: Using ep0 maxpacket: 32 [ 254.479217][ T10] gp8psk: usb in 146 operation failed. [ 254.485124][ T10] gp8psk: failed to get FW version [ 254.507916][ T1857] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.519857][ T1857] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 254.530150][ T1857] usb 4-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.00 [ 254.543300][ T1857] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.549000][ T10] gp8psk: usb in 149 operation failed. [ 254.557288][ T10] gp8psk: failed to get FPGA version [ 254.616253][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.657751][ T10] gp8psk: usb in 138 operation failed. [ 254.665266][ T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 254.678785][ T10] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 254.729549][ T1857] usb 4-1: config 0 descriptor?? [ 254.756138][ T10] usb 1-1: USB disconnect, device number 2 [ 254.985908][ T6059] FAULT_INJECTION: forcing a failure. [ 254.985908][ T6059] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 255.000144][ T6059] CPU: 0 UID: 0 PID: 6059 Comm: syz.4.25 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 255.000267][ T6059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 255.000336][ T6059] Call Trace: [ 255.000385][ T6059] [ 255.000427][ T6059] dump_stack_lvl+0x216/0x2d0 [ 255.000561][ T6059] dump_stack+0x1e/0x24 [ 255.000669][ T6059] should_fail_ex+0x748/0x7f0 [ 255.000846][ T6059] should_fail+0x2a/0x40 [ 255.001000][ T6059] should_fail_usercopy+0x2e/0x40 [ 255.001173][ T6059] _copy_from_iter+0x1d8/0x2b00 [ 255.001336][ T6059] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 255.001503][ T6059] ? kmsan_get_metadata+0x13e/0x1c0 [ 255.001668][ T6059] ? skb_put+0x189/0x230 [ 255.001831][ T6059] netlink_sendmsg+0xc1d/0x11e0 [ 255.001988][ T6059] ? __pfx_netlink_sendmsg+0x10/0x10 [ 255.002125][ T6059] ? __pfx_netlink_sendmsg+0x10/0x10 [ 255.002262][ T6059] __sock_sendmsg+0x30f/0x380 [ 255.002408][ T6059] ____sys_sendmsg+0x877/0xb60 [ 255.002595][ T6059] ___sys_sendmsg+0x28d/0x3c0 [ 255.002772][ T6059] ? __rcu_read_unlock+0x7b/0xe0 [ 255.002908][ T6059] ? __fget_files+0x42b/0x500 [ 255.003076][ T6059] ? kmsan_get_metadata+0x13e/0x1c0 [ 255.003233][ T6059] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 255.003411][ T6059] __x64_sys_sendmsg+0x212/0x3c0 [ 255.003590][ T6059] ? kmsan_get_metadata+0x13e/0x1c0 [ 255.003756][ T6059] x64_sys_call+0x2ed6/0x3c30 [ 255.003892][ T6059] do_syscall_64+0xcd/0x1e0 [ 255.004041][ T6059] ? clear_bhb_loop+0x25/0x80 [ 255.004197][ T6059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.004359][ T6059] RIP: 0033:0x7f070598cd29 [ 255.004451][ T6059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.004557][ T6059] RSP: 002b:00007f070677d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 255.004674][ T6059] RAX: ffffffffffffffda RBX: 00007f0705ba5fa0 RCX: 00007f070598cd29 [ 255.004764][ T6059] RDX: 0000000000000080 RSI: 00000000200002c0 RDI: 0000000000000003 [ 255.004838][ T6059] RBP: 00007f070677d090 R08: 0000000000000000 R09: 0000000000000000 [ 255.004914][ T6059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.004986][ T6059] R13: 0000000000000000 R14: 00007f0705ba5fa0 R15: 00007ffe388b0228 [ 255.005085][ T6059] [ 255.416587][ T6052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.493849][ T6052] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.724001][ T6062] loop1: detected capacity change from 0 to 2048 [ 255.773706][ T6062] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 255.883956][ T6062] netlink: 80 bytes leftover after parsing attributes in process `syz.1.23'. [ 255.993913][ T29] audit: type=1800 audit(1737855660.763:2): pid=6062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.23" name="file1" dev="loop1" ino=1346 res=0 errno=0 [ 256.020403][ T6064] loop2: detected capacity change from 0 to 4096 [ 256.045754][ T6064] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 256.143804][ T6068] netlink: 12 bytes leftover after parsing attributes in process `syz.0.27'. [ 256.162761][ T6069] netlink: 'syz.4.28': attribute type 3 has an invalid length. [ 256.175158][ T6069] netlink: 11 bytes leftover after parsing attributes in process `syz.4.28'. [ 256.439122][ T6064] ntfs3(loop2): Failed to initialize $Extend/$Reparse. [ 256.588367][ T1857] usbhid 4-1:0.0: can't add hid device: -71 [ 256.596432][ T1857] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 256.706762][ T1857] usb 4-1: USB disconnect, device number 3 [ 256.747301][ T6064] netlink: 'syz.2.26': attribute type 3 has an invalid length. [ 257.050195][ T6074] loop0: detected capacity change from 0 to 1024 [ 257.109143][ T6069] loop4: detected capacity change from 0 to 4096 [ 257.202967][ T6069] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 257.594333][ T6069] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 257.689576][ T29] audit: type=1800 audit(1737855662.453:3): pid=6069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.28" name="file2" dev="loop4" ino=31 res=0 errno=0 [ 257.893586][ T6074] EXT4-fs: Ignoring removed orlov option [ 257.904402][ T6080] loop3: detected capacity change from 0 to 1024 [ 257.960950][ T6074] EXT4-fs (loop0): Test dummy encryption mode enabled [ 257.983929][ T6080] EXT4-fs: Ignoring removed nomblk_io_submit option [ 258.043575][ T6084] FAULT_INJECTION: forcing a failure. [ 258.043575][ T6084] name failslab, interval 1, probability 0, space 0, times 1 [ 258.056629][ T6084] CPU: 0 UID: 0 PID: 6084 Comm: syz.1.34 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 258.056751][ T6084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 258.056821][ T6084] Call Trace: [ 258.056865][ T6084] [ 258.056907][ T6084] dump_stack_lvl+0x216/0x2d0 [ 258.057042][ T6084] dump_stack+0x1e/0x24 [ 258.057156][ T6084] should_fail_ex+0x748/0x7f0 [ 258.057334][ T6084] should_failslab+0x17f/0x210 [ 258.057497][ T6084] kmem_cache_alloc_noprof+0xee/0xe10 [ 258.057636][ T6084] ? dst_alloc+0x19f/0x240 [ 258.057779][ T6084] ? kmsan_get_metadata+0x13e/0x1c0 [ 258.057947][ T6084] dst_alloc+0x19f/0x240 [ 258.058088][ T6084] ? __pfx_ip6_dst_gc+0x10/0x10 [ 258.058212][ T6084] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 258.058382][ T6084] ip6_pol_route+0x14ac/0x1fc0 [ 258.058533][ T6084] ? ip6_pol_route+0xb40/0x1fc0 [ 258.058684][ T6084] ip6_pol_route_input+0x6b/0x90 [ 258.058834][ T6084] fib6_rule_lookup+0x77a/0xaa0 [ 258.059002][ T6084] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 258.059173][ T6084] ? kmsan_get_metadata+0x13e/0x1c0 [ 258.059327][ T6084] ? __pfx_ip6_pol_route_input+0x10/0x10 [ 258.059486][ T6084] ip6_route_input+0xbc4/0xde0 [ 258.059631][ T6084] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 258.059824][ T6084] ip6_rcv_finish+0x58d/0x970 [ 258.059957][ T6084] ipv6_rcv+0xde/0x390 [ 258.060078][ T6084] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 258.060211][ T6084] __netif_receive_skb+0x1da/0xa00 [ 258.060380][ T6084] ? kmsan_get_metadata+0x13e/0x1c0 [ 258.060536][ T6084] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 258.060704][ T6084] netif_receive_skb+0x58/0x660 [ 258.060875][ T6084] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 258.061036][ T6084] ? tun_rx_batched+0x37c/0x980 [ 258.061175][ T6084] ? tun_rx_batched+0x37c/0x980 [ 258.061301][ T6084] tun_rx_batched+0x3ee/0x980 [ 258.061427][ T6084] ? kmsan_get_metadata+0x13e/0x1c0 [ 258.061583][ T6084] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 258.061752][ T6084] tun_get_user+0x52b3/0x6e50 [ 258.061882][ T6084] ? stack_depot_save_flags+0x2c/0x750 [ 258.062044][ T6084] ? kmsan_get_metadata+0x13e/0x1c0 [ 258.062209][ T6084] ? kmsan_get_metadata+0x13e/0x1c0 [ 258.062366][ T6084] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 258.062564][ T6084] tun_chr_write_iter+0x3ac/0x5d0 [ 258.062705][ T6084] vfs_write+0xb34/0x1540 [ 258.062851][ T6084] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 258.062987][ T6084] ksys_write+0x240/0x4b0 [ 258.063123][ T6084] ? kmsan_get_metadata+0x13e/0x1c0 [ 258.063291][ T6084] __x64_sys_write+0x93/0xe0 [ 258.063431][ T6084] x64_sys_call+0x3161/0x3c30 [ 258.063565][ T6084] do_syscall_64+0xcd/0x1e0 [ 258.063712][ T6084] ? clear_bhb_loop+0x25/0x80 [ 258.063864][ T6084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.064021][ T6084] RIP: 0033:0x7f18af58b7df [ 258.064122][ T6084] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 258.064227][ T6084] RSP: 002b:00007f18b0366000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 258.064338][ T6084] RAX: ffffffffffffffda RBX: 00007f18af7a5fa0 RCX: 00007f18af58b7df [ 258.064427][ T6084] RDX: 000000000000004e RSI: 00000000200000c0 RDI: 00000000000000c8 [ 258.064502][ T6084] RBP: 00007f18b0366090 R08: 0000000000000000 R09: 0000000000000000 [ 258.064578][ T6084] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001 [ 258.064649][ T6084] R13: 0000000000000000 R14: 00007f18af7a5fa0 R15: 00007ffda0df1968 [ 258.064748][ T6084] [ 258.470422][ T6086] loop2: detected capacity change from 0 to 1024 [ 258.479784][ T6086] EXT4-fs: Ignoring removed nomblk_io_submit option [ 258.553247][ T6074] EXT4-fs error (device loop0): ext4_ext_check_inode:524: inode #3: comm syz.0.30: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 258.612548][ T6080] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.652395][ T6086] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.683346][ T6074] EXT4-fs error (device loop0): ext4_quota_enable:7104: comm syz.0.30: Bad quota inode: 3, type: 0 [ 258.767767][ T6074] EXT4-fs warning (device loop0): ext4_enable_quotas:7145: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 258.783705][ T6074] EXT4-fs (loop0): mount failed [ 258.842307][ T6093] FAULT_INJECTION: forcing a failure. [ 258.842307][ T6093] name failslab, interval 1, probability 0, space 0, times 0 [ 258.855803][ T6093] CPU: 0 UID: 0 PID: 6093 Comm: syz.3.32 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 258.855923][ T6093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 258.856001][ T6093] Call Trace: [ 258.856045][ T6093] [ 258.856087][ T6093] dump_stack_lvl+0x216/0x2d0 [ 258.856221][ T6093] dump_stack+0x1e/0x24 [ 258.856334][ T6093] should_fail_ex+0x748/0x7f0 [ 258.856508][ T6093] should_failslab+0x17f/0x210 [ 258.856668][ T6093] __kmalloc_noprof+0x176/0x1230 [ 258.856802][ T6093] ? kmsan_get_metadata+0x13e/0x1c0 [ 258.856952][ T6093] ? tomoyo_encode+0x5f8/0xa40 [ 258.857090][ T6093] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 258.857257][ T6093] ? kmsan_get_metadata+0x13e/0x1c0 [ 258.857411][ T6093] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 258.857579][ T6093] tomoyo_encode+0x5f8/0xa40 [ 258.857734][ T6093] tomoyo_realpath_from_path+0x9dd/0xaa0 [ 258.857904][ T6093] tomoyo_path_perm+0x246/0xa50 [ 258.858113][ T6093] ? kmsan_get_shadow_origin_ptr+0x10/0xb0 [ 258.858286][ T6093] tomoyo_path_rmdir+0x99/0xf0 [ 258.858440][ T6093] security_path_rmdir+0x1ed/0x5d0 [ 258.858594][ T6093] do_rmdir+0x46f/0x8b0 [ 258.858741][ T6093] __x64_sys_rmdir+0x76/0xa0 [ 258.858883][ T6093] x64_sys_call+0x2ffc/0x3c30 [ 258.859013][ T6093] do_syscall_64+0xcd/0x1e0 [ 258.859159][ T6093] ? clear_bhb_loop+0x25/0x80 [ 258.859316][ T6093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.859471][ T6093] RIP: 0033:0x7fddbf58cd29 [ 258.859561][ T6093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.859667][ T6093] RSP: 002b:00007fddc041f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 258.859783][ T6093] RAX: ffffffffffffffda RBX: 00007fddbf7a6080 RCX: 00007fddbf58cd29 [ 258.859872][ T6093] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020001c00 [ 258.859945][ T6093] RBP: 00007fddc041f090 R08: 0000000000000000 R09: 0000000000000000 [ 258.860020][ T6093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.860089][ T6093] R13: 0000000000000001 R14: 00007fddbf7a6080 R15: 00007ffeecbd56d8 [ 258.860185][ T6093] [ 258.860284][ T6093] ERROR: Out of memory at tomoyo_realpath_from_path. [ 258.898446][ T6092] loop4: detected capacity change from 0 to 256 [ 259.280165][ T6094] vivid-007: ================= START STATUS ================= [ 259.288397][ T6094] vivid-007: Enable Output Cropping: true [ 259.294800][ T6094] vivid-007: Enable Output Composing: true [ 259.300917][ T6094] vivid-007: Enable Output Scaler: true [ 259.307054][ T6094] vivid-007: Tx RGB Quantization Range: Automatic [ 259.314006][ T6094] vivid-007: Transmit Mode: HDMI [ 259.319349][ T6094] vivid-007: Hotplug Present: 0x00000000 [ 259.325483][ T6094] vivid-007: RxSense Present: 0x00000000 [ 259.331634][ T6094] vivid-007: EDID Present: 0x00000000 [ 259.337329][ T6094] vivid-007: ================== END STATUS ================== [ 259.368579][ T6098] FAULT_INJECTION: forcing a failure. [ 259.368579][ T6098] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 259.382489][ T6098] CPU: 0 UID: 0 PID: 6098 Comm: syz.1.36 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 259.382609][ T6098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 259.382679][ T6098] Call Trace: [ 259.382723][ T6098] [ 259.382764][ T6098] dump_stack_lvl+0x216/0x2d0 [ 259.382898][ T6098] dump_stack+0x1e/0x24 [ 259.383011][ T6098] should_fail_ex+0x748/0x7f0 [ 259.383188][ T6098] should_fail_alloc_page+0x235/0x2b0 [ 259.383364][ T6098] __alloc_pages_noprof+0x343/0xe00 [ 259.383558][ T6098] alloc_pages_mpol_noprof+0x2a9/0x9c0 [ 259.383743][ T6098] alloc_pages_noprof+0x1bf/0x1e0 [ 259.383910][ T6098] get_free_pages_noprof+0x34/0xc0 [ 259.384095][ T6098] __pollwait+0x20c/0x6b0 [ 259.384246][ T6098] ? __pfx___pollwait+0x10/0x10 [ 259.384388][ T6098] pipe_poll+0x215/0x700 [ 259.384537][ T6098] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 259.384700][ T6098] ? kmsan_get_metadata+0x13e/0x1c0 [ 259.384856][ T6098] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 259.385020][ T6098] ? __pfx_pipe_poll+0x10/0x10 [ 259.385168][ T6098] do_sys_poll+0xece/0x2090 [ 259.385370][ T6098] ? __pfx___pollwait+0x10/0x10 [ 259.385519][ T6098] ? __pfx_pollwake+0x10/0x10 [ 259.385675][ T6098] ? __pfx_pollwake+0x10/0x10 [ 259.385830][ T6098] ? __pfx_pollwake+0x10/0x10 [ 259.385996][ T6098] ? __pfx_pollwake+0x10/0x10 [ 259.386154][ T6098] ? __pfx_pollwake+0x10/0x10 [ 259.386311][ T6098] ? __pfx_pollwake+0x10/0x10 [ 259.386469][ T6098] ? __pfx_pollwake+0x10/0x10 [ 259.386627][ T6098] ? __pfx_pollwake+0x10/0x10 [ 259.386717][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.386784][ T6098] ? __pfx_pollwake+0x10/0x10 [ 259.386979][ T6098] __se_sys_poll+0x1d9/0x450 [ 259.387137][ T6098] __x64_sys_poll+0x96/0xe0 [ 259.387288][ T6098] x64_sys_call+0x3566/0x3c30 [ 259.387420][ T6098] do_syscall_64+0xcd/0x1e0 [ 259.387566][ T6098] ? clear_bhb_loop+0x25/0x80 [ 259.387720][ T6098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.387876][ T6098] RIP: 0033:0x7f18af58cd29 [ 259.387972][ T6098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.388076][ T6098] RSP: 002b:00007f18b0366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 259.388190][ T6098] RAX: ffffffffffffffda RBX: 00007f18af7a5fa0 RCX: 00007f18af58cd29 [ 259.388278][ T6098] RDX: 0000000000000009 RSI: 20000000000000b5 RDI: 0000000020000000 [ 259.388358][ T6098] RBP: 00007f18b0366090 R08: 0000000000000000 R09: 0000000000000000 [ 259.388434][ T6098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 259.388505][ T6098] R13: 0000000000000000 R14: 00007f18af7a5fa0 R15: 00007ffda0df1968 [ 259.388602][ T6098] [ 259.424991][ T5836] hid-generic 0000:0003:0000.0004: item fetching failed at offset 0/2 [ 259.735185][ T29] audit: type=1804 audit(1737855664.463:4): pid=6101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.35" name="/newroot/7/file0/file0" dev="loop4" ino=1048602 res=1 errno=0 [ 260.177966][ T5836] hid-generic 0000:0003:0000.0004: probe with driver hid-generic failed with error -22 [ 260.461507][ T6112] loop0: detected capacity change from 0 to 256 [ 260.597957][ T6105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.38'. [ 260.709975][ T6105] xt_connbytes: Forcing CT accounting to be enabled [ 260.717153][ T6105] Cannot find set identified by id 0 to match [ 260.756520][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.351810][ T6121] netlink: 'syz.0.42': attribute type 1 has an invalid length. [ 261.359649][ T6121] netlink: 'syz.0.42': attribute type 2 has an invalid length. [ 262.492793][ T6126] loop1: detected capacity change from 0 to 32768 [ 262.506146][ T6126] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.44 (6126) [ 262.549544][ T6126] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 262.557421][ T6131] Cannot find add_set index 0 as target [ 262.566433][ T6126] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm [ 262.577775][ T6126] BTRFS info (device loop1): using free-space-tree [ 262.584649][ T6126] workqueue: max_active 4095 requested for btrfs-worker is out of range, clamping between 1 and 2048 [ 262.602124][ T6126] workqueue: max_active 4095 requested for btrfs-delalloc is out of range, clamping between 1 and 2048 [ 262.629939][ T6126] workqueue: max_active 4095 requested for btrfs-endio is out of range, clamping between 1 and 2048 [ 262.642974][ T6126] workqueue: max_active 4095 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048 [ 262.669042][ T6126] workqueue: max_active 4095 requested for btrfs-rmw is out of range, clamping between 1 and 2048 [ 262.696954][ T6126] workqueue: max_active 4095 requested for btrfs-endio-write is out of range, clamping between 1 and 2048 [ 262.741158][ T6126] workqueue: max_active 4095 requested for btrfs-compressed-write is out of range, clamping between 1 and 2048 [ 262.812683][ T6149] netlink: 452 bytes leftover after parsing attributes in process `syz.2.46'. [ 263.019358][ T6126] BTRFS info (device loop1): rebuilding free space tree [ 263.154026][ T6131] syz.2.46: attempt to access beyond end of device [ 263.154026][ T6131] loop5: rw=0, sector=0, nr_sectors = 1 limit=0 [ 263.167218][ T6131] FAT-fs (loop5): unable to read boot sector [ 263.176267][ T6126] Zero length message leads to an empty skb [ 263.411785][ T1857] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 263.486616][ T6157] loop4: detected capacity change from 0 to 1024 [ 263.650398][ T1857] usb 4-1: Using ep0 maxpacket: 8 [ 263.678536][ T1857] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 263.689245][ T1857] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 263.761078][ T1857] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.57 [ 263.771507][ T1857] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 263.779804][ T1857] usb 4-1: SerialNumber: syz [ 263.822527][ T5777] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 263.915429][ T1857] cdc_ether 4-1:1.0: skipping garbage [ 263.921069][ T1857] usb 4-1: bad CDC descriptors [ 264.144617][ T6158] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 264.370612][ T6167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 264.380367][ T6167] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 264.463894][ T6169] FAULT_INJECTION: forcing a failure. [ 264.463894][ T6169] name failslab, interval 1, probability 0, space 0, times 0 [ 264.483650][ T6169] CPU: 0 UID: 0 PID: 6169 Comm: syz.2.54 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 264.483771][ T6169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 264.483841][ T6169] Call Trace: [ 264.483888][ T6169] [ 264.483929][ T6169] dump_stack_lvl+0x216/0x2d0 [ 264.484061][ T6169] dump_stack+0x1e/0x24 [ 264.484169][ T6169] should_fail_ex+0x748/0x7f0 [ 264.484346][ T6169] should_failslab+0x17f/0x210 [ 264.484510][ T6169] __kmalloc_cache_noprof+0xc5/0xdf0 [ 264.484650][ T6169] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 264.484810][ T6169] ? bcm_rx_setup+0x663/0x2dc0 [ 264.484935][ T6169] ? kmsan_get_metadata+0x13e/0x1c0 [ 264.485092][ T6169] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 264.485262][ T6169] bcm_rx_setup+0x663/0x2dc0 [ 264.485384][ T6169] ? kmsan_get_metadata+0x13e/0x1c0 [ 264.485549][ T6169] bcm_sendmsg+0x392/0xcb0 [ 264.485719][ T6169] ? kmsan_get_metadata+0x13e/0x1c0 [ 264.485882][ T6169] ? __pfx_bcm_sendmsg+0x10/0x10 [ 264.486044][ T6169] ? __pfx_bcm_sendmsg+0x10/0x10 [ 264.486202][ T6169] __sock_sendmsg+0x30f/0x380 [ 264.486339][ T6169] ____sys_sendmsg+0x903/0xb60 [ 264.486527][ T6169] ___sys_sendmsg+0x28d/0x3c0 [ 264.486705][ T6169] ? __rcu_read_unlock+0x7b/0xe0 [ 264.486840][ T6169] ? __fget_files+0x42b/0x500 [ 264.487008][ T6169] ? kmsan_get_metadata+0x13e/0x1c0 [ 264.487161][ T6169] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 264.487329][ T6169] __sys_sendmmsg+0x2ff/0x880 [ 264.487493][ T6169] ? kmsan_get_metadata+0x13e/0x1c0 [ 264.487649][ T6169] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 264.487805][ T6169] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 264.487983][ T6169] __x64_sys_sendmmsg+0xbc/0x120 [ 264.488149][ T6169] x64_sys_call+0x33c2/0x3c30 [ 264.488276][ T6169] do_syscall_64+0xcd/0x1e0 [ 264.488422][ T6169] ? clear_bhb_loop+0x25/0x80 [ 264.488575][ T6169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.488728][ T6169] RIP: 0033:0x7f1245d8cd29 [ 264.488819][ T6169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.488929][ T6169] RSP: 002b:00007f1246c54038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 264.489044][ T6169] RAX: ffffffffffffffda RBX: 00007f1245fa5fa0 RCX: 00007f1245d8cd29 [ 264.489134][ T6169] RDX: 040000000000003a RSI: 0000000020001b00 RDI: 0000000000000003 [ 264.489215][ T6169] RBP: 00007f1246c54090 R08: 0000000000000000 R09: 0000000000000000 [ 264.489291][ T6169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.489361][ T6169] R13: 0000000000000000 R14: 00007f1245fa5fa0 R15: 00007ffc6c2a85a8 [ 264.489460][ T6169] [ 264.525520][ T6171] FAULT_INJECTION: forcing a failure. [ 264.525520][ T6171] name failslab, interval 1, probability 0, space 0, times 0 [ 264.792763][ T6171] CPU: 1 UID: 0 PID: 6171 Comm: syz.1.51 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 264.792884][ T6171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 264.792955][ T6171] Call Trace: [ 264.792998][ T6171] [ 264.793040][ T6171] dump_stack_lvl+0x216/0x2d0 [ 264.793173][ T6171] dump_stack+0x1e/0x24 [ 264.793280][ T6171] should_fail_ex+0x748/0x7f0 [ 264.793458][ T6171] should_failslab+0x17f/0x210 [ 264.793627][ T6171] __kmalloc_noprof+0x176/0x1230 [ 264.793762][ T6171] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 264.793924][ T6171] ? __se_sys_memfd_create+0x604/0x1260 [ 264.794066][ T6171] __se_sys_memfd_create+0x604/0x1260 [ 264.794192][ T6171] ? kmsan_get_metadata+0x13e/0x1c0 [ 264.794358][ T6171] __x64_sys_memfd_create+0x6c/0xa0 [ 264.794486][ T6171] x64_sys_call+0x3b63/0x3c30 [ 264.794625][ T6171] do_syscall_64+0xcd/0x1e0 [ 264.794775][ T6171] ? clear_bhb_loop+0x25/0x80 [ 264.794931][ T6171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.795090][ T6171] RIP: 0033:0x7f18af58cd29 [ 264.795180][ T6171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.795286][ T6171] RSP: 002b:00007f18b0365e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 264.795402][ T6171] RAX: ffffffffffffffda RBX: 00000000000055ae RCX: 00007f18af58cd29 [ 264.795487][ T6171] RDX: 00007f18b0365ef0 RSI: 0000000000000000 RDI: 00007f18af60ec01 [ 264.795568][ T6171] RBP: 000000002000ac40 R08: 00007f18b0365bb7 R09: 00007f18b0365e40 [ 264.795670][ T6171] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000380 [ 264.795745][ T6171] R13: 00007f18b0365ef0 R14: 00007f18b0365eb0 R15: 0000000020000180 [ 264.795847][ T6171] [ 265.342549][ T1857] usb 4-1: USB disconnect, device number 4 [ 265.720335][ T6173] loop4: detected capacity change from 0 to 32771 [ 265.731577][ T29] audit: type=1800 audit(1737855670.503:5): pid=6175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.56" name="file1" dev="tmpfs" ino=72 res=0 errno=0 [ 265.752502][ T6173] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.53 (6173) [ 265.783644][ T6173] BTRFS info (device loop4 state S): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 265.795034][ T6173] BTRFS info (device loop4 state S): using sha256 (sha256-generic) checksum algorithm [ 265.813125][ T6173] BTRFS info (device loop4 state S): using free-space-tree [ 265.855836][ T6177] FAULT_INJECTION: forcing a failure. [ 265.855836][ T6177] name failslab, interval 1, probability 0, space 0, times 0 [ 265.855953][ T6177] CPU: 1 UID: 0 PID: 6177 Comm: syz.1.57 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 265.856072][ T6177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 265.856142][ T6177] Call Trace: [ 265.856185][ T6177] [ 265.856227][ T6177] dump_stack_lvl+0x216/0x2d0 [ 265.856360][ T6177] dump_stack+0x1e/0x24 [ 265.856465][ T6177] should_fail_ex+0x748/0x7f0 [ 265.856643][ T6177] should_failslab+0x17f/0x210 [ 265.856804][ T6177] kmem_cache_alloc_noprof+0xee/0xe10 [ 265.856934][ T6177] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 265.857081][ T6177] ? sk_prot_alloc+0x9c/0x440 [ 265.857240][ T6177] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.857406][ T6177] sk_prot_alloc+0x9c/0x440 [ 265.857560][ T6177] ? evm_inode_alloc_security+0xf7/0x170 [ 265.857692][ T6177] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.857848][ T6177] sk_alloc+0x55/0x850 [ 265.858006][ T6177] inet_create+0xa5e/0x1830 [ 265.858129][ T6177] ? __pfx_inet_create+0x10/0x10 [ 265.858243][ T6177] __sock_create+0x75c/0xf10 [ 265.858399][ T6177] sock_create_kern+0x55/0x70 [ 265.858545][ T6177] mptcp_subflow_create_socket+0xd3/0x12f0 [ 265.858723][ T6177] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 265.858882][ T6177] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 265.859052][ T6177] __mptcp_nmpc_sk+0x15e/0xb30 [ 265.859169][ T6177] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.859326][ T6177] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 265.859496][ T6177] mptcp_connect+0xb1/0x1720 [ 265.859644][ T6177] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.859800][ T6177] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 265.859966][ T6177] ? __pfx_mptcp_connect+0x10/0x10 [ 265.860113][ T6177] __inet_stream_connect+0x2ef/0x1730 [ 265.860279][ T6177] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 265.860430][ T6177] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.860592][ T6177] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 265.860757][ T6177] ? __local_bh_enable_ip+0x74/0xb0 [ 265.860900][ T6177] ? _raw_spin_unlock_bh+0x2d/0x40 [ 265.861026][ T6177] ? lock_sock_nested+0x1de/0x200 [ 265.861170][ T6177] inet_stream_connect+0x6a/0xd0 [ 265.861335][ T6177] ? __pfx_inet_stream_connect+0x10/0x10 [ 265.861497][ T6177] __sys_connect+0x581/0x690 [ 265.861662][ T6177] ? ksys_write+0x408/0x4b0 [ 265.861793][ T6177] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.861954][ T6177] __x64_sys_connect+0x91/0xe0 [ 265.862111][ T6177] x64_sys_call+0x28a9/0x3c30 [ 265.862246][ T6177] do_syscall_64+0xcd/0x1e0 [ 265.862392][ T6177] ? clear_bhb_loop+0x25/0x80 [ 265.862554][ T6177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.862711][ T6177] RIP: 0033:0x7f18af58cd29 [ 265.862803][ T6177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.862909][ T6177] RSP: 002b:00007f18b0366038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 265.863027][ T6177] RAX: ffffffffffffffda RBX: 00007f18af7a5fa0 RCX: 00007f18af58cd29 [ 265.863116][ T6177] RDX: 0000000000000010 RSI: 0000000020000280 RDI: 0000000000000004 [ 265.863190][ T6177] RBP: 00007f18b0366090 R08: 0000000000000000 R09: 0000000000000000 [ 265.863263][ T6177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.863329][ T6177] R13: 0000000000000000 R14: 00007f18af7a5fa0 R15: 00007ffda0df1968 [ 265.863425][ T6177] [ 266.037757][ T4139] BTRFS warning (device loop4 state S): checksum verify failed on logical 5332992 mirror 1 wanted 0x1335c47d3f94e85552e31a8ecc9dd4db4dece1445f3fbef1d5b0b5e8324c15d5 found 0x1d926c3d4d367b75291658166b4f05a1cf402fdc76ca9e2ad0e005d8c885e581 level 0, ignored [ 266.038068][ T4139] page: refcount:4 mapcount:0 mapping:ffff888013594f10 index:0x516 pfn:0x52e7d [ 266.038168][ T4139] memcg:ffff888141c9b000 [ 266.038243][ T4139] aops:btree_aops ino:1 [ 266.038357][ T4139] flags: 0xfff00000004000(private|node=0|zone=1|lastcpupid=0x7ff) [ 266.038516][ T4139] raw: 00fff00000004000 0000000000000000 dead000000000122 ffff888013594f10 [ 266.038638][ T4139] raw: 0000000000000516 ffff88811a6242d0 00000004ffffffff ffff888141c9b000 [ 266.038736][ T4139] raw: ffffea00019c0710 ffffea00019d4710 [ 266.038799][ T4139] page dumped because: eb page dump [ 266.038858][ T4139] BTRFS critical (device loop4 state S): corrupt leaf: root=1 block=5332992 slot=3, invalid root last_snapshot, have 9151314442816847872 expect (0, 9] [ 266.039031][ T4139] BTRFS error (device loop4 state S): read time tree block corruption detected on logical 5332992 mirror 1 [ 266.039326][ T6173] BTRFS warning (device loop4 state S): couldn't read tree root [ 266.039423][ T6173] BTRFS warning (device loop4 state S): try to load backup roots slot 1 [ 266.068477][ T4139] BTRFS warning (device loop4 state S): checksum verify failed on logical 5324800 mirror 1 wanted 0xb53a00f31c45f7321a9313703acec781446109140709e23ccf9d3c8a07c32708 found 0x1ffca670e6ed8402df6289c25f574a60bcb3ff9a629d3e9f7dae4382539b0881 level 0, ignored [ 266.126173][ T4222] BTRFS error (device loop4 state S): bad fsid on logical 5312512 mirror 1 [ 266.126531][ T6173] BTRFS error (device loop4 state CS): failed to load root csum [ 266.126693][ T6173] BTRFS warning (device loop4 state CS): try to load backup roots slot 2 [ 266.129744][ T4222] BTRFS error (device loop4 state CS): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 266.130051][ T6173] BTRFS warning (device loop4 state CS): couldn't read tree root [ 266.130149][ T6173] BTRFS warning (device loop4 state CS): try to load backup roots slot 3 [ 266.139243][ T4222] BTRFS warning (device loop4 state CS): checksum verify failed on logical 5242880 mirror 1 wanted 0x8d90b910ec13d95ec17ddbe87d1d5dca5d3dff1259e90cf51f7cd4ff39170caa found 0x2c6f33dc4a1b8241cbc053946ef24b7ff492958e8750b32b0a34987f52d1e2e7 level 0, ignored [ 266.154404][ T6173] BTRFS warning (device loop4 state CS): global root 2 0 already exists [ 266.154596][ T6173] BTRFS error (device loop4 state CS): failed to load root extent [ 266.182126][ T6173] BTRFS error (device loop4 state CS): open_ctree failed: -17 [ 266.935436][ T6202] x_tables: duplicate underflow at hook 2 [ 267.262850][ T6204] loop0: detected capacity change from 0 to 128 [ 267.304483][ T6204] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 267.357275][ T6204] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 268.826980][ T6218] netlink: 100 bytes leftover after parsing attributes in process `syz.3.68'. [ 268.905497][ T6220] loop2: detected capacity change from 0 to 256 [ 269.077076][ T29] audit: type=1804 audit(1737855673.833:6): pid=6220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.70" name="/newroot/12/file1/file0" dev="loop2" ino=1048605 res=1 errno=0 [ 269.099514][ T29] audit: type=1800 audit(1737855673.833:7): pid=6220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.70" name="file0" dev="loop2" ino=1048605 res=0 errno=0 [ 269.511676][ T5783] UDF-fs: warning (device loop0): udf_evict_inode: Inode 104 (mode 100755) has inode size 21511 different from extent length 22016. Filesystem need not be standards compliant. [ 269.624494][ T6224] loop4: detected capacity change from 0 to 512 [ 269.677625][ T6224] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 269.798733][ T6224] EXT4-fs (loop4): 1 truncate cleaned up [ 269.816963][ T6224] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 269.919115][ T6228] loop3: detected capacity change from 0 to 128 [ 269.999762][ T6228] EXT4-fs: Ignoring removed i_version option [ 270.006173][ T6228] EXT4-fs: Ignoring removed nomblk_io_submit option [ 270.130324][ T6228] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 270.157356][ T6224] netlink: 16 bytes leftover after parsing attributes in process `syz.4.72'. [ 270.173980][ T6228] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.297664][ T6233] loop0: detected capacity change from 0 to 1024 [ 270.323928][ T6228] netlink: 100 bytes leftover after parsing attributes in process `syz.3.73'. [ 270.695173][ T5786] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.731643][ T1857] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 270.808134][ T5781] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 270.925940][ T1857] usb 1-1: Using ep0 maxpacket: 32 [ 270.998623][ T1857] usb 1-1: unable to get BOS descriptor or descriptor too short [ 271.006796][ T1857] usb 1-1: no configurations [ 271.012489][ T1857] usb 1-1: can't read configurations, error -22 [ 271.314503][ T1857] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 271.562127][ T1857] usb 1-1: Using ep0 maxpacket: 32 [ 271.607421][ T1857] usb 1-1: unable to get BOS descriptor or descriptor too short [ 271.615709][ T1857] usb 1-1: no configurations [ 271.620610][ T1857] usb 1-1: can't read configurations, error -22 [ 271.731743][ T1857] usb usb1-port1: attempt power cycle [ 271.772432][ T51] Bluetooth: hci4: command 0x0405 tx timeout [ 272.139386][ T6251] loop2: detected capacity change from 0 to 32768 [ 272.187694][ T1857] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 272.223983][ T6251] JBD2: Ignoring recovery information on journal [ 272.244233][ T1857] usb 1-1: Using ep0 maxpacket: 32 [ 272.264610][ T1857] usb 1-1: unable to get BOS descriptor or descriptor too short [ 272.272869][ T1857] usb 1-1: no configurations [ 272.277664][ T1857] usb 1-1: can't read configurations, error -22 [ 272.383392][ T6251] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 272.457125][ T1857] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 272.505110][ T1857] usb 1-1: Using ep0 maxpacket: 32 [ 272.535655][ T1857] usb 1-1: unable to get BOS descriptor or descriptor too short [ 272.543837][ T1857] usb 1-1: no configurations [ 272.548636][ T1857] usb 1-1: can't read configurations, error -22 [ 272.607334][ T1857] usb usb1-port1: unable to enumerate USB device [ 272.721878][ T6259] loop4: detected capacity change from 0 to 512 [ 272.774577][ T5787] ocfs2: Unmounting device (7,2) on (node local) [ 272.804899][ T6259] EXT4-fs: Ignoring removed nomblk_io_submit option [ 272.883052][ T6261] program syz.3.84 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 272.927454][ T6259] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 272.935930][ T6259] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=1842c01c, mo2=0002] [ 273.045562][ T6259] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80) [ 273.055652][ T6259] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features [ 273.072898][ T6259] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 273.113497][ T6264] FAULT_INJECTION: forcing a failure. [ 273.113497][ T6264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 273.127137][ T6264] CPU: 1 UID: 0 PID: 6264 Comm: syz.1.86 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 273.127256][ T6264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 273.127325][ T6264] Call Trace: [ 273.127366][ T6264] [ 273.127408][ T6264] dump_stack_lvl+0x216/0x2d0 [ 273.127541][ T6264] dump_stack+0x1e/0x24 [ 273.127649][ T6264] should_fail_ex+0x748/0x7f0 [ 273.127824][ T6264] should_fail+0x2a/0x40 [ 273.127977][ T6264] should_fail_usercopy+0x2e/0x40 [ 273.128156][ T6264] _copy_from_user+0x35/0x110 [ 273.128326][ T6264] ___sys_sendmsg+0x120/0x3c0 [ 273.128501][ T6264] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 273.128676][ T6264] ? __rcu_read_unlock+0x7b/0xe0 [ 273.128810][ T6264] ? __fget_files+0x42b/0x500 [ 273.128977][ T6264] ? kmsan_get_metadata+0x13e/0x1c0 [ 273.129140][ T6264] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 273.129310][ T6264] __x64_sys_sendmsg+0x212/0x3c0 [ 273.129482][ T6264] ? kmsan_get_metadata+0x13e/0x1c0 [ 273.129637][ T6264] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 273.129799][ T6264] ? kmsan_get_metadata+0x13e/0x1c0 [ 273.129965][ T6264] x64_sys_call+0x2ed6/0x3c30 [ 273.130105][ T6264] do_syscall_64+0xcd/0x1e0 [ 273.130252][ T6264] ? clear_bhb_loop+0x25/0x80 [ 273.130408][ T6264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.130566][ T6264] RIP: 0033:0x7f18af58cd29 [ 273.130655][ T6264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.130759][ T6264] RSP: 002b:00007f18b0366038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 273.130872][ T6264] RAX: ffffffffffffffda RBX: 00007f18af7a5fa0 RCX: 00007f18af58cd29 [ 273.130961][ T6264] RDX: 0000000000048040 RSI: 0000000020007580 RDI: 0000000000000003 [ 273.131042][ T6264] RBP: 00007f18b0366090 R08: 0000000000000000 R09: 0000000000000000 [ 273.131118][ T6264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.131189][ T6264] R13: 0000000000000000 R14: 00007f18af7a5fa0 R15: 00007ffda0df1968 [ 273.131291][ T6264] [ 273.335569][ C1] vkms_vblank_simulate: vblank timer overrun [ 273.464331][ T6259] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80) [ 273.801841][ T6268] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 273.809225][ T6268] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 273.844521][ T5786] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.889335][ T6269] hsr_slave_0: left promiscuous mode [ 273.913667][ T6269] hsr_slave_1: left promiscuous mode [ 274.345974][ T6271] loop0: detected capacity change from 0 to 1024 [ 274.367714][ T6275] loop4: detected capacity change from 0 to 512 [ 274.409112][ T6271] EXT4-fs: Ignoring removed oldalloc option [ 274.452829][ T6271] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 274.454610][ T6275] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 274.563262][ T6275] EXT4-fs (loop4): 1 truncate cleaned up [ 274.570744][ T6275] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 274.593565][ T6271] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 274.821914][ T6275] netlink: 16 bytes leftover after parsing attributes in process `syz.4.89'. [ 275.231675][ T5786] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.325904][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.415109][ T6288] netlink: 12 bytes leftover after parsing attributes in process `syz.3.93'. [ 275.429017][ T6288] netlink: 12 bytes leftover after parsing attributes in process `syz.3.93'. [ 275.439655][ T6288] netlink: 12 bytes leftover after parsing attributes in process `syz.3.93'. [ 276.003511][ T6297] FAULT_INJECTION: forcing a failure. [ 276.003511][ T6297] name failslab, interval 1, probability 0, space 0, times 0 [ 276.016692][ T6297] CPU: 0 UID: 0 PID: 6297 Comm: syz.0.95 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 276.016814][ T6297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 276.016885][ T6297] Call Trace: [ 276.016929][ T6297] [ 276.016972][ T6297] dump_stack_lvl+0x216/0x2d0 [ 276.017111][ T6297] dump_stack+0x1e/0x24 [ 276.017220][ T6297] should_fail_ex+0x748/0x7f0 [ 276.017398][ T6297] should_failslab+0x17f/0x210 [ 276.017562][ T6297] __kmalloc_noprof+0x176/0x1230 [ 276.017699][ T6297] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 276.017833][ T6297] ? usb_alloc_urb+0x5b/0x260 [ 276.017959][ T6297] ? stack_depot_save_flags+0x6db/0x750 [ 276.018128][ T6297] ? kmsan_get_metadata+0x13e/0x1c0 [ 276.018285][ T6297] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 276.018445][ T6297] usb_alloc_urb+0x5b/0x260 [ 276.018567][ T6297] ? usb_control_msg+0x172/0x570 [ 276.018705][ T6297] ? usb_reset_configuration+0x267/0x12c0 [ 276.018871][ T6297] usb_control_msg+0x18a/0x570 [ 276.019019][ T6297] usb_reset_configuration+0x267/0x12c0 [ 276.019193][ T6297] ? stack_depot_save_flags+0x2c/0x750 [ 276.019353][ T6297] ? kmsan_get_metadata+0x13e/0x1c0 [ 276.019511][ T6297] ? kmsan_get_metadata+0x13e/0x1c0 [ 276.019684][ T6297] usbdev_ioctl+0x9016/0xbf00 [ 276.019804][ T6297] ? kmsan_get_metadata+0x13e/0x1c0 [ 276.019962][ T6297] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 276.020138][ T6297] ? tomoyo_path_number_perm+0x82d/0x8f0 [ 276.020333][ T6297] ? kmsan_get_metadata+0x13e/0x1c0 [ 276.020490][ T6297] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 276.020661][ T6297] ? do_vfs_ioctl+0x14f8/0x3e60 [ 276.020829][ T6297] ? __pfx_usbdev_ioctl+0x10/0x10 [ 276.020947][ T6297] __se_sys_ioctl+0x246/0x440 [ 276.021088][ T6297] __x64_sys_ioctl+0x96/0xe0 [ 276.021230][ T6297] x64_sys_call+0x19f0/0x3c30 [ 276.021365][ T6297] do_syscall_64+0xcd/0x1e0 [ 276.021515][ T6297] ? clear_bhb_loop+0x25/0x80 [ 276.021671][ T6297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.021830][ T6297] RIP: 0033:0x7f07c078cd29 [ 276.021920][ T6297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.022025][ T6297] RSP: 002b:00007f07c1696038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 276.022148][ T6297] RAX: ffffffffffffffda RBX: 00007f07c09a5fa0 RCX: 00007f07c078cd29 [ 276.022237][ T6297] RDX: 0000000020000000 RSI: 0000000080045505 RDI: 0000000000000004 [ 276.022315][ T6297] RBP: 00007f07c1696090 R08: 0000000000000000 R09: 0000000000000000 [ 276.022391][ T6297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 276.022462][ T6297] R13: 0000000000000000 R14: 00007f07c09a5fa0 R15: 00007fff8a451e58 [ 276.022562][ T6297] [ 276.963409][ T5836] IPVS: starting estimator thread 0... [ 277.082124][ T6301] IPVS: using max 240 ests per chain, 12000 per kthread [ 277.274743][ T6293] loop1: detected capacity change from 0 to 65536 [ 277.336102][ T6293] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 277.449479][ T6311] FAULT_INJECTION: forcing a failure. [ 277.449479][ T6311] name failslab, interval 1, probability 0, space 0, times 0 [ 277.462477][ T6311] CPU: 1 UID: 0 PID: 6311 Comm: syz.4.98 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 277.462596][ T6311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 277.462666][ T6311] Call Trace: [ 277.462709][ T6311] [ 277.462752][ T6311] dump_stack_lvl+0x216/0x2d0 [ 277.462890][ T6311] dump_stack+0x1e/0x24 [ 277.462996][ T6311] should_fail_ex+0x748/0x7f0 [ 277.463171][ T6311] should_failslab+0x17f/0x210 [ 277.463332][ T6311] kmem_cache_alloc_noprof+0xee/0xe10 [ 277.463470][ T6311] ? security_file_alloc+0x75/0x6d0 [ 277.463638][ T6311] ? kmsan_get_metadata+0x13e/0x1c0 [ 277.463808][ T6311] security_file_alloc+0x75/0x6d0 [ 277.463978][ T6311] init_file+0x93/0x310 [ 277.464091][ T6311] alloc_empty_file+0x242/0x530 [ 277.464217][ T6311] path_openat+0x9f/0x6210 [ 277.464350][ T6311] ? kmsan_get_metadata+0x13e/0x1c0 [ 277.464503][ T6311] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 277.464663][ T6311] ? do_filp_open+0x47/0x600 [ 277.464809][ T6311] ? stack_depot_save_flags+0x2c/0x750 [ 277.464969][ T6311] ? kmsan_get_metadata+0x13e/0x1c0 [ 277.465122][ T6311] ? kmsan_get_metadata+0x13e/0x1c0 [ 277.465275][ T6311] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 277.465422][ T6311] ? kmsan_get_metadata+0x13e/0x1c0 [ 277.465575][ T6311] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 277.465742][ T6311] do_filp_open+0x268/0x600 [ 277.465876][ T6311] ? filter_irq_stacks+0x60/0x1a0 [ 277.466050][ T6311] ? kmsan_get_metadata+0x13e/0x1c0 [ 277.466206][ T6311] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 277.466369][ T6311] do_open_execat+0x192/0x720 [ 277.466510][ T6311] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 277.466664][ T6311] alloc_bprm+0x48/0x16e0 [ 277.466805][ T6311] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 277.466969][ T6311] ? kmsan_get_metadata+0x13e/0x1c0 [ 277.467126][ T6311] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 277.467294][ T6311] do_execveat_common+0x275/0xd80 [ 277.467450][ T6311] ? getname_flags+0x5df/0xa30 [ 277.467627][ T6311] __x64_sys_execve+0xf4/0x130 [ 277.467783][ T6311] x64_sys_call+0x161f/0x3c30 [ 277.467918][ T6311] do_syscall_64+0xcd/0x1e0 [ 277.468068][ T6311] ? clear_bhb_loop+0x25/0x80 [ 277.468223][ T6311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.468379][ T6311] RIP: 0033:0x7f070598cd29 [ 277.468470][ T6311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.468575][ T6311] RSP: 002b:00007f070677d038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 277.468690][ T6311] RAX: ffffffffffffffda RBX: 00007f0705ba5fa0 RCX: 00007f070598cd29 [ 277.468786][ T6311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000400 [ 277.468859][ T6311] RBP: 00007f070677d090 R08: 0000000000000000 R09: 0000000000000000 [ 277.468934][ T6311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.469005][ T6311] R13: 0000000000000000 R14: 00007f0705ba5fa0 R15: 00007ffe388b0228 [ 277.469102][ T6311] [ 278.099112][ T6293] XFS (loop1): Ending clean mount [ 278.109412][ T6293] XFS (loop1): Quotacheck needed: Please wait. [ 278.224092][ T6293] XFS (loop1): Quotacheck: Done. [ 278.409535][ T5777] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 278.444449][ T6315] tipc: Started in network mode [ 278.449623][ T6315] tipc: Node identity 065a4c8d695a2cdd, cluster identity 4711 [ 278.457952][ T6315] tipc: Enabling of bearer rejected, failed to enable media [ 278.578801][ T6325] loop4: detected capacity change from 0 to 512 [ 278.642437][ T6325] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 278.895639][ T6325] EXT4-fs (loop4): 1 truncate cleaned up [ 278.908013][ T6325] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 279.154358][ T6333] netlink: 8 bytes leftover after parsing attributes in process `syz.3.108'. [ 279.188748][ T29] audit: type=1326 audit(1737855683.963:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.108" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fddbf58cd29 code=0x0 [ 279.203898][ T5836] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 279.217750][ T6325] netlink: 16 bytes leftover after parsing attributes in process `syz.4.104'. [ 279.477148][ T5836] usb 3-1: config 1 has an invalid descriptor of length 156, skipping remainder of the config [ 279.478761][ T5786] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 279.487709][ T5836] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 279.487829][ T5836] usb 3-1: config 1 has no interface number 0 [ 279.487940][ T5836] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.527711][ T5836] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 279.538347][ T5836] usb 3-1: too many endpoints for config 1 interface 1 altsetting 1: 158, using maximum allowed: 30 [ 279.554787][ T5836] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 158 [ 279.582829][ T5836] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 279.592228][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.600446][ T5836] usb 3-1: Product: syz [ 279.605015][ T5836] usb 3-1: Manufacturer: syz [ 279.609808][ T5836] usb 3-1: SerialNumber: syz [ 280.124995][ T6328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.138727][ T6328] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.365330][ T5836] cdc_ncm 3-1:1.1: bind() failure [ 280.412536][ T5837] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 280.444600][ T5836] usb 3-1: USB disconnect, device number 4 [ 280.626611][ T5837] usb 5-1: Using ep0 maxpacket: 32 [ 280.683766][ T5837] usb 5-1: config 0 has an invalid interface number: 23 but max is 0 [ 280.692605][ T5837] usb 5-1: config 0 has no interface number 0 [ 280.699070][ T5837] usb 5-1: New USB device found, idVendor=052b, idProduct=1803, bcdDevice= c.62 [ 280.708499][ T5837] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.803440][ T5837] usb 5-1: config 0 descriptor?? [ 280.829171][ T5837] gspca_main: sunplus-2.14.0 probing 052b:1803 [ 281.219936][ T5837] gspca_sunplus: reg_r err -71 [ 281.225440][ T5837] sunplus 5-1:0.23: probe with driver sunplus failed with error -71 [ 281.319728][ T5837] usb 5-1: USB disconnect, device number 2 [ 281.424148][ T6346] loop2: detected capacity change from 0 to 128 [ 281.479789][ T6346] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 281.534057][ T6346] UDF-fs: warning (device loop2): udf_fill_super: No partition found (2) [ 282.361738][ T6355] netlink: 128 bytes leftover after parsing attributes in process `syz.1.116'. [ 282.421096][ T6357] loop4: detected capacity change from 0 to 256 [ 282.922930][ T6356] loop2: detected capacity change from 0 to 32768 [ 282.940162][ T6356] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.115 (6356) [ 282.982007][ T6356] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 282.993535][ T6356] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 283.009343][ T6356] BTRFS info (device loop2): using free-space-tree [ 283.367890][ T6356] FAULT_INJECTION: forcing a failure. [ 283.367890][ T6356] name failslab, interval 1, probability 0, space 0, times 0 [ 283.381007][ T6356] CPU: 0 UID: 0 PID: 6356 Comm: syz.2.115 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 283.381129][ T6356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 283.381198][ T6356] Call Trace: [ 283.381241][ T6356] [ 283.381287][ T6356] dump_stack_lvl+0x216/0x2d0 [ 283.381419][ T6356] dump_stack+0x1e/0x24 [ 283.381531][ T6356] should_fail_ex+0x748/0x7f0 [ 283.381708][ T6356] should_failslab+0x17f/0x210 [ 283.381872][ T6356] __kmalloc_noprof+0x176/0x1230 [ 283.382009][ T6356] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 283.382172][ T6356] ? posix_acl_from_xattr+0x164/0x810 [ 283.382324][ T6356] ? kmsan_get_metadata+0x13e/0x1c0 [ 283.382477][ T6356] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 283.382648][ T6356] posix_acl_from_xattr+0x164/0x810 [ 283.382799][ T6356] ? kmsan_get_metadata+0x13e/0x1c0 [ 283.382957][ T6356] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 283.383125][ T6356] do_set_acl+0xbe/0x310 [ 283.383265][ T6356] file_setxattr+0x440/0x560 [ 283.383430][ T6356] path_setxattrat+0x60a/0x760 [ 283.383557][ T6356] ? kmsan_get_metadata+0x13e/0x1c0 [ 283.383716][ T6356] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 283.383872][ T6356] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 283.384045][ T6356] __x64_sys_fsetxattr+0xfa/0x190 [ 283.384215][ T6356] x64_sys_call+0x3416/0x3c30 [ 283.384349][ T6356] do_syscall_64+0xcd/0x1e0 [ 283.384498][ T6356] ? clear_bhb_loop+0x25/0x80 [ 283.384658][ T6356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.384816][ T6356] RIP: 0033:0x7f1245d8cd29 [ 283.384907][ T6356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.385012][ T6356] RSP: 002b:00007f1246c54038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 283.385129][ T6356] RAX: ffffffffffffffda RBX: 00007f1245fa5fa0 RCX: 00007f1245d8cd29 [ 283.385218][ T6356] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 0000000000000005 [ 283.385295][ T6356] RBP: 00007f1246c54090 R08: 0000000000000000 R09: 0000000000000000 [ 283.385371][ T6356] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000001 [ 283.385443][ T6356] R13: 0000000000000000 R14: 00007f1245fa5fa0 R15: 00007ffc6c2a85a8 [ 283.385550][ T6356] [ 283.626892][ T6378] loop1: detected capacity change from 0 to 512 [ 283.659140][ T6380] FAULT_INJECTION: forcing a failure. [ 283.659140][ T6380] name failslab, interval 1, probability 0, space 0, times 0 [ 283.672159][ T6380] CPU: 1 UID: 0 PID: 6380 Comm: syz.4.120 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 283.672289][ T6380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 283.672360][ T6380] Call Trace: [ 283.672403][ T6380] [ 283.672445][ T6380] dump_stack_lvl+0x216/0x2d0 [ 283.672578][ T6380] dump_stack+0x1e/0x24 [ 283.672685][ T6380] should_fail_ex+0x748/0x7f0 [ 283.672862][ T6380] should_failslab+0x17f/0x210 [ 283.673027][ T6380] __kmalloc_noprof+0x176/0x1230 [ 283.673161][ T6380] ? kfree+0x20/0xdb0 [ 283.673278][ T6380] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 283.673439][ T6380] ? tomoyo_realpath_from_path+0x104/0xaa0 [ 283.673595][ T6380] ? kmsan_get_metadata+0x13e/0x1c0 [ 283.673757][ T6380] tomoyo_realpath_from_path+0x104/0xaa0 [ 283.673921][ T6380] ? __srcu_read_lock+0x76/0xd0 [ 283.674075][ T6380] tomoyo_path_number_perm+0x1d9/0x8f0 [ 283.674276][ T6380] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 283.674438][ T6380] ? kmsan_get_metadata+0x13e/0x1c0 [ 283.674594][ T6380] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 283.674786][ T6380] tomoyo_file_ioctl+0x3f/0x50 [ 283.674939][ T6380] security_file_ioctl+0x145/0x590 [ 283.675115][ T6380] __se_sys_ioctl+0xd0/0x440 [ 283.675261][ T6380] __x64_sys_ioctl+0x96/0xe0 [ 283.675396][ T6380] x64_sys_call+0x19f0/0x3c30 [ 283.675527][ T6380] do_syscall_64+0xcd/0x1e0 [ 283.675676][ T6380] ? clear_bhb_loop+0x25/0x80 [ 283.675832][ T6380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.675990][ T6380] RIP: 0033:0x7f070598cd29 [ 283.676081][ T6380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.676186][ T6380] RSP: 002b:00007f070677d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 283.676310][ T6380] RAX: ffffffffffffffda RBX: 00007f0705ba5fa0 RCX: 00007f070598cd29 [ 283.676399][ T6380] RDX: 0000000020000080 RSI: 00000000000089f6 RDI: 0000000000000003 [ 283.676475][ T6380] RBP: 00007f070677d090 R08: 0000000000000000 R09: 0000000000000000 [ 283.676550][ T6380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 283.676622][ T6380] R13: 0000000000000000 R14: 00007f0705ba5fa0 R15: 00007ffe388b0228 [ 283.676720][ T6380] [ 283.676763][ T6380] ERROR: Out of memory at tomoyo_realpath_from_path. [ 283.836024][ T6378] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 284.083150][ T6378] EXT4-fs (loop1): 1 truncate cleaned up [ 284.090741][ T6378] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 284.257118][ T5787] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 284.423734][ T6378] netlink: 16 bytes leftover after parsing attributes in process `syz.1.119'. [ 284.849460][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.414229][ T6405] FAULT_INJECTION: forcing a failure. [ 285.414229][ T6405] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 285.427909][ T6405] CPU: 1 UID: 0 PID: 6405 Comm: syz.1.125 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 285.428028][ T6405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 285.428099][ T6405] Call Trace: [ 285.428142][ T6405] [ 285.428191][ T6405] dump_stack_lvl+0x216/0x2d0 [ 285.428323][ T6405] dump_stack+0x1e/0x24 [ 285.428428][ T6405] should_fail_ex+0x748/0x7f0 [ 285.428601][ T6405] should_fail+0x2a/0x40 [ 285.428751][ T6405] should_fail_usercopy+0x2e/0x40 [ 285.428920][ T6405] _copy_from_user+0x35/0x110 [ 285.429088][ T6405] ___sys_recvmsg+0x102/0x840 [ 285.429216][ T6405] ? __rcu_read_unlock+0x7b/0xe0 [ 285.429348][ T6405] ? __fget_files+0x42b/0x500 [ 285.429510][ T6405] ? kmsan_get_metadata+0x13e/0x1c0 [ 285.429665][ T6405] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 285.429828][ T6405] do_recvmmsg+0x45a/0xfc0 [ 285.429939][ T6405] ? filter_irq_stacks+0x164/0x1a0 [ 285.430106][ T6405] ? stack_depot_save_flags+0x2c/0x750 [ 285.430283][ T6405] ? x64_sys_call+0x35ba/0x3c30 [ 285.430410][ T6405] __x64_sys_recvmmsg+0x397/0x490 [ 285.430541][ T6405] x64_sys_call+0x35ba/0x3c30 [ 285.430668][ T6405] do_syscall_64+0xcd/0x1e0 [ 285.430810][ T6405] ? clear_bhb_loop+0x25/0x80 [ 285.430959][ T6405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.431110][ T6405] RIP: 0033:0x7f18af58cd29 [ 285.431202][ T6405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.431307][ T6405] RSP: 002b:00007f18b0366038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 285.431421][ T6405] RAX: ffffffffffffffda RBX: 00007f18af7a5fa0 RCX: 00007f18af58cd29 [ 285.431508][ T6405] RDX: 0000000000000001 RSI: 00000000200013c0 RDI: 0000000000000003 [ 285.431580][ T6405] RBP: 00007f18b0366090 R08: 0000000000000000 R09: 0000000000000000 [ 285.431651][ T6405] R10: 0000000040002000 R11: 0000000000000246 R12: 0000000000000001 [ 285.431723][ T6405] R13: 0000000000000000 R14: 00007f18af7a5fa0 R15: 00007ffda0df1968 [ 285.431818][ T6405] [ 285.896265][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 285.903095][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 286.147079][ T6412] loop0: detected capacity change from 0 to 64 [ 286.374250][ T6414] FAULT_INJECTION: forcing a failure. [ 286.374250][ T6414] name failslab, interval 1, probability 0, space 0, times 0 [ 286.391738][ T6414] CPU: 1 UID: 0 PID: 6414 Comm: syz.2.129 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 286.391858][ T6414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 286.391928][ T6414] Call Trace: [ 286.391972][ T6414] [ 286.392013][ T6414] dump_stack_lvl+0x216/0x2d0 [ 286.392154][ T6414] dump_stack+0x1e/0x24 [ 286.392262][ T6414] should_fail_ex+0x748/0x7f0 [ 286.392440][ T6414] should_failslab+0x17f/0x210 [ 286.392602][ T6414] __kmalloc_cache_noprof+0xc5/0xdf0 [ 286.392742][ T6414] ? snd_pcm_oss_change_params_locked+0x124/0x6280 [ 286.392900][ T6414] ? kmsan_get_metadata+0x13e/0x1c0 [ 286.393053][ T6414] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 286.393225][ T6414] snd_pcm_oss_change_params_locked+0x124/0x6280 [ 286.393375][ T6414] ? kfree+0x3ad/0xdb0 [ 286.393487][ T6414] ? tomoyo_path_number_perm+0x778/0x8f0 [ 286.393665][ T6414] ? kmsan_get_metadata+0x13e/0x1c0 [ 286.393821][ T6414] ? kmsan_get_metadata+0x13e/0x1c0 [ 286.393976][ T6414] ? kmsan_get_metadata+0x13e/0x1c0 [ 286.394149][ T6414] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 286.394308][ T6414] ? snd_pcm_oss_set_rate+0x2de/0x790 [ 286.394452][ T6414] ? kmsan_get_metadata+0x13e/0x1c0 [ 286.394617][ T6414] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 286.394786][ T6414] snd_pcm_oss_get_active_substream+0x46e/0x600 [ 286.394962][ T6414] snd_pcm_oss_set_rate+0x2f5/0x790 [ 286.395119][ T6414] snd_pcm_oss_ioctl+0x1428/0x1e00 [ 286.395260][ T6414] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 286.395394][ T6414] __se_sys_ioctl+0x246/0x440 [ 286.395533][ T6414] __x64_sys_ioctl+0x96/0xe0 [ 286.395666][ T6414] x64_sys_call+0x19f0/0x3c30 [ 286.395798][ T6414] do_syscall_64+0xcd/0x1e0 [ 286.395944][ T6414] ? clear_bhb_loop+0x25/0x80 [ 286.396102][ T6414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.396256][ T6414] RIP: 0033:0x7f1245d8cd29 [ 286.396346][ T6414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.396449][ T6414] RSP: 002b:00007f1246c54038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.396563][ T6414] RAX: ffffffffffffffda RBX: 00007f1245fa5fa0 RCX: 00007f1245d8cd29 [ 286.396650][ T6414] RDX: 00000000200006c0 RSI: 00000000c0045002 RDI: 0000000000000003 [ 286.396726][ T6414] RBP: 00007f1246c54090 R08: 0000000000000000 R09: 0000000000000000 [ 286.396800][ T6414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 286.396870][ T6414] R13: 0000000000000000 R14: 00007f1245fa5fa0 R15: 00007ffc6c2a85a8 [ 286.396968][ T6414] [ 286.436744][ T6412] syz.0.131: attempt to access beyond end of device [ 286.436744][ T6412] loop0: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 286.446818][ T6416] loop3: detected capacity change from 0 to 512 [ 286.679609][ T6416] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 286.777889][ T6416] EXT4-fs (loop3): orphan cleanup on readonly fs [ 286.813770][ T6416] EXT4-fs error (device loop3): ext4_orphan_get:1389: inode #15: comm syz.3.132: iget: bad i_size value: -67835469387268086 [ 286.855757][ T6416] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.132: couldn't read orphan inode 15 (err -117) [ 286.920240][ T6416] EXT4-fs (loop3): mounted filesystem f7ff0000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 286.959399][ T6422] netlink: 8 bytes leftover after parsing attributes in process `syz.1.134'. [ 286.969874][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 286.980787][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.990959][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.006478][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.018212][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.018303][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.018363][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.018443][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.020361][ T6422] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.558203][ T6427] loop0: detected capacity change from 0 to 512 [ 287.641603][ T6427] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 287.781569][ T6427] EXT4-fs (loop0): 1 truncate cleaned up [ 287.789027][ T6427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 287.888167][ T5836] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 288.059532][ T6427] netlink: 16 bytes leftover after parsing attributes in process `syz.0.135'. [ 288.097348][ T5836] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 288.106503][ T5836] usb 4-1: config 0 has no interface number 0 [ 288.113043][ T5836] usb 4-1: config 0 interface 1 has no altsetting 0 [ 288.123775][ T5836] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 288.134515][ T5836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.274597][ T5836] usb 4-1: config 0 descriptor?? [ 288.357302][ T5836] cp210x 4-1:0.1: cp210x converter detected [ 288.534159][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.718272][ T5836] cp210x 4-1:0.1: failed to get vendor val 0x000e size 3: -32 [ 288.983379][ T5836] usb 4-1: cp210x converter now attached to ttyUSB0 [ 289.143640][ T6416] Illegal XDP return value 4294967274 on prog (id 15) dev N/A, expect packet loss! [ 289.398113][ T5836] usb 4-1: USB disconnect, device number 5 [ 289.418310][ T5836] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 289.507424][ T5836] cp210x 4-1:0.1: device disconnected [ 289.881810][ T29] audit: type=1326 audit(1737855694.633:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.1.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 289.904410][ T29] audit: type=1326 audit(1737855694.633:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.1.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 289.927095][ T29] audit: type=1326 audit(1737855694.643:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.1.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 289.949678][ T29] audit: type=1326 audit(1737855694.643:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.1.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 289.975799][ T29] audit: type=1326 audit(1737855694.643:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.1.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 290.313527][ T5781] EXT4-fs (loop3): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 290.351781][ T29] audit: type=1326 audit(1737855694.773:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.1.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 290.378179][ T29] audit: type=1326 audit(1737855694.803:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.1.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 290.404610][ T29] audit: type=1326 audit(1737855694.803:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.1.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 290.789807][ T6467] netlink: 4 bytes leftover after parsing attributes in process `syz.2.153'. [ 290.800018][ T6467] netlink: 4 bytes leftover after parsing attributes in process `syz.2.153'. [ 291.509436][ T6477] capability: warning: `syz.2.158' uses 32-bit capabilities (legacy support in use) [ 292.286962][ T6488] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 292.322335][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 293.053411][ T6496] team_slave_0: entered promiscuous mode [ 293.059258][ T6496] team_slave_1: entered promiscuous mode [ 293.065296][ T6496] macsec1: entered promiscuous mode [ 293.070596][ T6496] team0: entered promiscuous mode [ 293.077539][ T6496] macsec1: entered allmulticast mode [ 293.083043][ T6496] team0: entered allmulticast mode [ 293.088274][ T6496] team_slave_0: entered allmulticast mode [ 293.094377][ T6496] team_slave_1: entered allmulticast mode [ 293.302785][ T6496] team0: left allmulticast mode [ 293.307883][ T6496] team_slave_0: left allmulticast mode [ 293.314364][ T6496] team_slave_1: left allmulticast mode [ 293.320079][ T6496] team0: left promiscuous mode [ 293.328147][ T6496] team_slave_0: left promiscuous mode [ 293.333882][ T6496] team_slave_1: left promiscuous mode [ 294.017107][ T6504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.168'. [ 294.394774][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 294.405381][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 295.367113][ T6518] netlink: 28 bytes leftover after parsing attributes in process `syz.1.172'. [ 295.382116][ T6518] netlink: 28 bytes leftover after parsing attributes in process `syz.1.172'. [ 295.413028][ T6518] bond0: entered promiscuous mode [ 295.418286][ T6518] bond_slave_0: entered promiscuous mode [ 295.424723][ T6518] bond_slave_1: entered promiscuous mode [ 295.436121][ T6518] bridge0: entered promiscuous mode [ 295.966220][ T6528] process 'syz.3.176' launched './file2' with NULL argv: empty string added [ 296.111457][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 296.224066][ T6523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 299.079633][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 301.077136][ T6565] syz.0.189 uses obsolete (PF_INET,SOCK_PACKET) [ 301.539078][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 301.744223][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 302.494549][ T6575] netlink: 'syz.4.194': attribute type 8 has an invalid length. [ 305.089960][ T5836] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 305.302330][ T5836] usb 3-1: Using ep0 maxpacket: 16 [ 305.374533][ T5836] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 305.383599][ T5836] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 305.394390][ T5836] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 305.493089][ T5836] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 305.502633][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.510964][ T5836] usb 3-1: Product: syz [ 305.515915][ T5836] usb 3-1: Manufacturer: syz [ 305.520721][ T5836] usb 3-1: SerialNumber: syz [ 305.873356][ T5836] usb 3-1: 0:2 : does not exist [ 306.023035][ T5836] usb 3-1: USB disconnect, device number 5 [ 306.351770][ T5835] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 306.366915][ T5959] udevd[5959]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 306.542747][ T5835] usb 5-1: Using ep0 maxpacket: 8 [ 306.545498][ T6621] netlink: 12 bytes leftover after parsing attributes in process `syz.1.213'. [ 306.564733][ T5835] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 306.575379][ T5835] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 306.584764][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.682161][ T5835] usb 5-1: config 0 descriptor?? [ 306.720086][ T5835] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 307.776063][ T5835] gspca_vc032x: reg_r err -71 [ 307.787118][ T5835] vc032x 5-1:0.0: probe with driver vc032x failed with error -71 [ 307.853353][ T5835] usb 5-1: USB disconnect, device number 3 [ 308.977884][ T6650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.226'. [ 309.363054][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 310.065318][ T6666] : renamed from ipvlan1 [ 310.179980][ T6664] bond1: entered promiscuous mode [ 310.186616][ T6664] 8021q: adding VLAN 0 to HW filter on device bond1 [ 310.489700][ T6664] 8021q: adding VLAN 0 to HW filter on device bond1 [ 310.498632][ T6664] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 310.513926][ T6664] bond1: (slave ip6gre1): Error -95 calling set_mac_address [ 310.763091][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 310.772615][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 311.882324][ T6673] could not allocate digest TFM handle poly1305-simd [ 312.951884][ T5835] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 313.172023][ T5835] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 313.182624][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 313.194129][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 313.204170][ T5835] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 313.402556][ T5835] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 313.416082][ T5835] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 313.425720][ T5835] usb 4-1: Manufacturer: syz [ 313.530588][ T5835] usb 4-1: config 0 descriptor?? [ 315.117909][ T5835] rc_core: IR keymap rc-hauppauge not found [ 315.124366][ T5835] Registered IR keymap rc-empty [ 315.129888][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.249892][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.444591][ T5835] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 315.467678][ T5835] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input5 [ 315.576691][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.639189][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.672466][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.703757][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.735415][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.763023][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.810548][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.865142][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.912095][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 315.949148][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 316.036028][ T5835] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 316.046942][ T5835] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 316.168685][ T5835] usb 4-1: USB disconnect, device number 6 [ 316.524412][ T29] audit: type=1326 audit(1737855721.293:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6722 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07c078cd29 code=0x7ffc0000 [ 316.547075][ T29] audit: type=1326 audit(1737855721.293:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6722 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07c078cd29 code=0x7ffc0000 [ 316.569972][ T29] audit: type=1326 audit(1737855721.303:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6722 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f07c078cd29 code=0x7ffc0000 [ 316.592300][ C0] vkms_vblank_simulate: vblank timer overrun [ 316.609813][ T29] audit: type=1326 audit(1737855721.303:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6722 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07c078cd29 code=0x7ffc0000 [ 316.632644][ T29] audit: type=1326 audit(1737855721.303:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6722 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f07c078cd29 code=0x7ffc0000 [ 316.655257][ T29] audit: type=1326 audit(1737855721.303:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6722 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07c078cd29 code=0x7ffc0000 [ 316.677480][ C0] vkms_vblank_simulate: vblank timer overrun [ 316.684125][ T29] audit: type=1326 audit(1737855721.323:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6722 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f07c078cd29 code=0x7ffc0000 [ 316.706440][ C0] vkms_vblank_simulate: vblank timer overrun [ 316.718183][ T29] audit: type=1326 audit(1737855721.323:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6722 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07c078cd29 code=0x7ffc0000 [ 316.740528][ C0] vkms_vblank_simulate: vblank timer overrun [ 317.183238][ T29] audit: type=1326 audit(1737855721.813:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6724 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1245d8cd29 code=0x7ffc0000 [ 317.209702][ T29] audit: type=1326 audit(1737855721.813:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6724 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1245d8cd29 code=0x7ffc0000 [ 319.085991][ T6763] netlink: 36 bytes leftover after parsing attributes in process `syz.1.271'. [ 319.095625][ T6763] netlink: 16 bytes leftover after parsing attributes in process `syz.1.271'. [ 319.107703][ T6763] netlink: 36 bytes leftover after parsing attributes in process `syz.1.271'. [ 319.117995][ T6763] netlink: 36 bytes leftover after parsing attributes in process `syz.1.271'. [ 321.002529][ T5837] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 321.201491][ T5837] usb 2-1: Using ep0 maxpacket: 16 [ 321.257821][ T5837] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 321.266367][ T5837] usb 2-1: config 0 has no interface number 0 [ 321.273033][ T5837] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 321.283166][ T5837] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 321.293462][ T5837] usb 2-1: config 0 interface 41 has no altsetting 0 [ 321.363394][ T5837] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 321.372907][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.381144][ T5837] usb 2-1: Product: syz [ 321.386239][ T5837] usb 2-1: Manufacturer: syz [ 321.391041][ T5837] usb 2-1: SerialNumber: syz [ 321.484043][ T5837] usb 2-1: config 0 descriptor?? [ 321.491263][ T6787] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 321.533143][ T6787] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 321.901608][ T5835] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 321.948312][ T6807] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 322.048535][ T6807] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 322.153964][ T5835] usb 3-1: config 1 interface 0 altsetting 73 bulk endpoint 0x1 has invalid maxpacket 1023 [ 322.164586][ T5835] usb 3-1: config 1 interface 0 has no altsetting 0 [ 322.259892][ T5835] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 322.269631][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.280547][ T5835] usb 3-1: Product: syz [ 322.285990][ T5835] usb 3-1: Manufacturer: syz [ 322.290803][ T5835] usb 3-1: SerialNumber: syz [ 322.324708][ T6803] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 322.462220][ T5837] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): set LINK LED failed : -71 [ 322.472870][ T5837] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 322.490489][ T5858] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 322.559256][ T5837] usb 2-1: USB disconnect, device number 4 [ 322.749649][ T5858] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 322.761500][ T5858] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 322.771754][ T5858] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 322.781049][ T5858] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.977108][ T6809] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 323.003757][ T5835] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 73 proto 1 vid 0x0525 pid 0xA4A8 [ 323.017864][ T5858] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 323.082971][ T5835] usb 3-1: USB disconnect, device number 6 [ 323.104731][ T5835] usblp0: removed [ 323.710407][ T5837] usb 5-1: USB disconnect, device number 4 [ 323.882845][ T5858] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 324.123171][ T5858] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 324.127188][ T6827] ip6erspan0: entered promiscuous mode [ 324.132699][ T5858] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.155700][ T5858] usb 2-1: config 0 descriptor?? [ 324.497094][ T5858] ath6kl: Failed to submit usb control message: -71 [ 324.504261][ T5858] ath6kl: unable to send the bmi data to the device: -71 [ 324.512166][ T5858] ath6kl: Unable to send get target info: -71 [ 324.586026][ T5858] ath6kl: Failed to init ath6kl core: -71 [ 324.597400][ T5858] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 324.650717][ T5858] usb 2-1: USB disconnect, device number 5 [ 325.399923][ T6841] program syz.0.295 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 325.524582][ T5998] udevd[5998]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 325.807429][ T6848] netlink: 28 bytes leftover after parsing attributes in process `syz.4.299'. [ 325.895035][ T6852] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 326.190369][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 326.190436][ T29] audit: type=1326 audit(1737855730.953:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6855 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 326.223229][ T29] audit: type=1326 audit(1737855731.003:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6855 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 326.246943][ T29] audit: type=1326 audit(1737855731.003:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6855 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 326.269593][ T29] audit: type=1326 audit(1737855731.023:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6855 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18af58cd29 code=0x7ffc0000 [ 328.896273][ T6885] sctp: failed to load transform for md5: -2 [ 329.815485][ T6905] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 329.822006][ T6905] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 329.894752][ T6905] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 329.905871][ T6905] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 329.965608][ T6905] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 330.127612][ T6905] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 330.134217][ T6905] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 330.303399][ T6905] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 330.537846][ T6905] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 330.544400][ T6905] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 330.656820][ T6905] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 330.677829][ T6905] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 330.684556][ T6905] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 330.702390][ T6905] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 331.368233][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 331.972288][ T6927] ===================================================== [ 331.979490][ T6927] BUG: KMSAN: uninit-value in nsim_get_ringparam+0xa8/0xe0 [ 331.987041][ T6927] nsim_get_ringparam+0xa8/0xe0 [ 331.992312][ T6927] ethtool_set_ringparam+0x268/0x570 [ 331.997799][ T6927] dev_ethtool+0x126d/0x2a40 [ 332.002669][ T6927] dev_ioctl+0xb0e/0x1280 [ 332.007186][ T6927] sock_do_ioctl+0x28c/0x540 [ 332.012095][ T6927] sock_ioctl+0x721/0xd70 [ 332.016602][ T6927] __se_sys_ioctl+0x246/0x440 [ 332.022694][ T6927] __x64_sys_ioctl+0x96/0xe0 [ 332.027462][ T6927] x64_sys_call+0x19f0/0x3c30 [ 332.030347][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 332.032344][ T6927] do_syscall_64+0xcd/0x1e0 [ 332.032472][ T6927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.053565][ T6927] [ 332.055989][ T6927] Local variable kernel_ringparam created at: [ 332.063649][ T6927] ethtool_set_ringparam+0x96/0x570 [ 332.069063][ T6927] dev_ethtool+0x126d/0x2a40 [ 332.073953][ T6927] [ 332.076369][ T6927] CPU: 1 UID: 0 PID: 6927 Comm: syz.3.321 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 332.086890][ T6927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 332.097330][ T6927] ===================================================== [ 332.104464][ T6927] Disabling lock debugging due to kernel taint [ 332.110721][ T6927] Kernel panic - not syncing: kmsan.panic set ... [ 332.117281][ T6927] CPU: 1 UID: 0 PID: 6927 Comm: syz.3.321 Tainted: G B 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 332.129215][ T6927] Tainted: [B]=BAD_PAGE [ 332.133472][ T6927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 332.143667][ T6927] Call Trace: [ 332.147048][ T6927] [ 332.150079][ T6927] dump_stack_lvl+0x216/0x2d0 [ 332.154933][ T6927] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 332.160972][ T6927] dump_stack+0x1e/0x24 [ 332.165298][ T6927] panic+0x4e2/0xcf0 [ 332.169401][ T6927] ? kmsan_get_metadata+0x51/0x1c0 [ 332.174737][ T6927] kmsan_report+0x2c7/0x2d0 [ 332.179451][ T6927] ? __msan_warning+0x95/0x120 [ 332.184398][ T6927] ? nsim_get_ringparam+0xa8/0xe0 [ 332.189626][ T6927] ? ethtool_set_ringparam+0x268/0x570 [ 332.195319][ T6927] ? dev_ethtool+0x126d/0x2a40 [ 332.200277][ T6927] ? dev_ioctl+0xb0e/0x1280 [ 332.204970][ T6927] ? sock_do_ioctl+0x28c/0x540 [ 332.209918][ T6927] ? sock_ioctl+0x721/0xd70 [ 332.214594][ T6927] ? __se_sys_ioctl+0x246/0x440 [ 332.219629][ T6927] ? __x64_sys_ioctl+0x96/0xe0 [ 332.224569][ T6927] ? x64_sys_call+0x19f0/0x3c30 [ 332.229597][ T6927] ? do_syscall_64+0xcd/0x1e0 [ 332.234465][ T6927] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.240746][ T6927] ? kmsan_internal_poison_memory+0x7d/0x90 [ 332.246860][ T6927] ? kmsan_internal_poison_memory+0x49/0x90 [ 332.252959][ T6927] ? kmsan_slab_free+0xd0/0x140 [ 332.258019][ T6927] ? kfree+0x240/0xdb0 [ 332.262264][ T6927] ? tomoyo_path_number_perm+0x778/0x8f0 [ 332.268135][ T6927] ? kmsan_get_metadata+0x13e/0x1c0 [ 332.273548][ T6927] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 332.280094][ T6927] ? kmsan_get_metadata+0x13e/0x1c0 [ 332.285507][ T6927] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 332.291538][ T6927] ? kmsan_get_metadata+0x13e/0x1c0 [ 332.296948][ T6927] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 332.303403][ T6927] ? kmsan_get_metadata+0x13e/0x1c0 [ 332.308807][ T6927] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 332.314833][ T6927] __msan_warning+0x95/0x120 [ 332.319611][ T6927] nsim_get_ringparam+0xa8/0xe0 [ 332.324650][ T6927] ? __pfx_nsim_set_ringparam+0x10/0x10 [ 332.330383][ T6927] ? __pfx_nsim_get_ringparam+0x10/0x10 [ 332.336123][ T6927] ethtool_set_ringparam+0x268/0x570 [ 332.341615][ T6927] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 332.347655][ T6927] dev_ethtool+0x126d/0x2a40 [ 332.352457][ T6927] dev_ioctl+0xb0e/0x1280 [ 332.356990][ T6927] sock_do_ioctl+0x28c/0x540 [ 332.361791][ T6927] sock_ioctl+0x721/0xd70 [ 332.366309][ T6927] ? __pfx_sock_ioctl+0x10/0x10 [ 332.371335][ T6927] __se_sys_ioctl+0x246/0x440 [ 332.376203][ T6927] __x64_sys_ioctl+0x96/0xe0 [ 332.380980][ T6927] x64_sys_call+0x19f0/0x3c30 [ 332.385857][ T6927] do_syscall_64+0xcd/0x1e0 [ 332.390560][ T6927] ? clear_bhb_loop+0x25/0x80 [ 332.395442][ T6927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.401565][ T6927] RIP: 0033:0x7fddbf58cd29 [ 332.406146][ T6927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.425957][ T6927] RSP: 002b:00007fddc0440038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 332.434554][ T6927] RAX: ffffffffffffffda RBX: 00007fddbf7a5fa0 RCX: 00007fddbf58cd29 [ 332.442679][ T6927] RDX: 0000000020000040 RSI: 0000000000008946 RDI: 0000000000000003 [ 332.450811][ T6927] RBP: 00007fddbf60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 332.458925][ T6927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 332.467041][ T6927] R13: 0000000000000000 R14: 00007fddbf7a5fa0 R15: 00007ffeecbd56d8 [ 332.475180][ T6927] [ 332.478570][ T6927] Kernel Offset: disabled [ 332.482953][ T6927] Rebooting in 86400 seconds..