last executing test programs: 35.003727871s ago: executing program 3 (id=6682): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4008af14, 0x0) 34.86496794s ago: executing program 3 (id=6684): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(0xffffffffffffffff, 0x80106720, &(0x7f0000000340)={0x1, &(0x7f0000000440)=[{0x7ff, 0x0, 0x0, 0x1, 0x1}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0x12) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000002, 0x0, 0x20, 0x0, 0x0, 0x2004cc, 0x8000002, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x8, 0x4000000000000004, 0x767], 0xeeef0000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 34.547863654s ago: executing program 3 (id=6688): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@host}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000100)={{@host}, 0x0, 0x1}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000200)={{@local}, 0x0, 0x1}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000000240)={&(0x7f0000001100), 0x6, 0x400}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = dup(r1) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000200)={0x9, 0x0, 0x0, 0x82f6, 0x0, "0800000000000002"}) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100)=0xff) 34.395947507s ago: executing program 3 (id=6690): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)='-\x00\x00', 0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) 34.27961976s ago: executing program 3 (id=6693): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0) write$char_usb(0xffffffffffffffff, &(0x7f0000001440)="ab9038f82f2a020000007a88365c94e37136531dc09bb8d825f0748ebf2b0816e5cb64f485846a2fb4ae77c65330a400bb24cf23863f56554c7dea1c0a60e78a6eca72a0e4f5c74c5da63d79992d1077ef76da89e0a9fc535b8272e093a17b85ef25a92866a611a84bbb7b2ed1daff4cf5bcd75f089cc2ce5a3bec17", 0x7c) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000400)={0x8, {"940de312c9be105c33394390ce360adcb8443d1ca2464ad29fe46c8717a823e29b12011e867516a9c1b63394e6b4922549ac2f98b0bafc013757371b5762e5b03b4c8cfcc5d34368b21917740955f80e80fa98a68cb052b102c03e72a4c6702778dfcc5bb74ce23d914f8b143bd94d7382a385be93f61eef509d6cbffa81afee0e3524b8b768a0ef0ae00ad2a23728722436d1c150b512b6c642cb2eeaecb085719014332015474a4ddf7098bb5ac398c0ce256e4dcfd4613dbe9a34b96439546a28db9ce97b344b6c97289b3854e127b4f533f56439a74fcffc41dfeffc5d7a99c01a0fedfd937af595c05a942216581f8efd1ffa1c23c6f08d6987be16bb52420c80bda5da46987fbf7209487defe0374226a526d3588660192d921bfe407f1d1833f390dd8b41b30c53b4deba5a086c516d9bc8ca572d8f0f875303c85bd16570e89f74d7c4ef547a07dd62f334fee76e2e0ca31cca1ad0528d7448ceecd4c9785c302a40bc114335dea8775958a3beff8eeb31afcb9a2c7561980f8554220769e5e90fdfb2f5a905518ef1667a91e2dd474383e4312ea219fe65d421006734fe04661f75e69ae825120b33fb74293e3b83e7f7f563b475cd6e08fd6878ee424fa141d3aee86d952c212c2e7730796510a463a8da486852b23a1d62b714a11301499029d9efb715a11b64f24cd2660c9a47573ce4dd042e333e433ee28b2bce545cf067040193057de290965c1d547fed137e5eb22f5c0a06ad4de6b78204bf053f37c5d96b8053ea445b640360da8fce3391514dc3d1f4e4b35047138cd8c2717bcba278a4f8c27bac01b469ee3fd04004f58287a18307b0ad4120f2c26b08c3267249bfbe1064a3f171e0cfe595f7ab146f3148c73228edf694dc0c400c36e3493b1aca5f85972dadb8d02bddb607b7a431750ca4863812b8020000000000000042db2971e280541cbfa446c6c6d85b77e3327a2d327c25b7619647374e76b1be266cb68959d2651d0c7438cb1b53982191858c66500d8536013701194a9f02dd77216f932e07a4c4b4558b2a38d7e5c39a453c8fb5fae0d00550a2d143f721cd676d842f2ae39ecbf99e027b4cf9f3c2a9bf3b663e51a0b29cf4cfb0877d5b89fdfa93fd9bf33392e6a2c8df36f9f2faa3716d293b7d94c93458c17df99aaadd218fe4c7b967b43f48725e6bac67bf9176e8c63f94862b036b1870bc314b51fea9d0c92020427abaf5be10d3faad2f684d46a2461f2a92350d6f204f03ad2a9fa54cbd8a7a3e7ba2d54f3615ac5ea47f120572f8ef941e81b0812bfc4227ef5719093afbf90040ef1a5eda64563eb7fd015ea54342340ec8648d911a8f3f358ca124ef8c70685bce2fbaeeebf54d059cefd53751b5cf33fe2d92c9df6a63821b6db5188210565e132768b192fb27e745605c529e3648060a98d656f35e36dc4be3102bd678db0ceb0301c5cb0f7f7a08c55cd038a5f751a7c96116f0bd9c9a349558a7a8fc6a73cce1132549169822bf32d742fc4f4e2e50f59eb669f2384282247c60253edc98f9bc802a288a94e1011a066ce9f6eca5f87d2afd893900c3aff87be959451269bc9ac735c43c1e5ecf5d5bff262a27f0c8a1ad401492ffec662e27b12399096fee9910d0fadfd1e1bcf1f20f8f7e5ff1cce9e8db0fd71dda6f228aa96bba6b4120361a6f6acc832be5daa1aabd03a9ae810f0d21466c1a652a47c11db6a8e52580a8347326113b54a4beeaeb21b45e5ef0aa3cfbfb22d99640b7b935bce8e37cebce586f7fe72208b491795a9fbb220ec9b98dd7811ced86292189ce351e8a64c6afde9c1dccbaaebf7e5e3d5e529e926e814b381342c13ea0757ce52a0b0a155d1c85c4108deffa719a22bef7b681a17504e22d6fe9197699e0a16a7104f412e3a681c8ee41d8fbddc8610c161f1fad9e4a5e526e20ac61496e9f3596cc94b79e9680a64a832dc26d6e33e127abe5c405b16978bc4297a85ccaf1599b195db9d66b698c770d84fa90d89b51eca02ed3a3465b8eca9589af034bd6b9c8f6329e393e4753887696ae5158e8ca3ef2e66fac38a6d6a1b61e81d5b6a3c1cb007d64a33f1fe01cf39b82b270e9083ce13b1a32f0c98376d43cdbf9f17b74655f3000343fe051a75ac658a84629b1245107652d6dfa54b1a7d77922becb74539ffb11292794f12ebfd3ea8888c7cd10692d52c85340f92c5d01464fe36deaaec6ad6cc22870372d61485e2d76accd9bf93e0842efe5652e73100a6627b3a4ce4d1594c8ddb5742897d05fd6f6333fa1b90afeaab9fc7426251d24deeef43784f12c0bb09f102962ee9ab427a53fd8da8e1e3c8000ac7164e61d6258c515dcdd911fb1a519d7b38e556457da330ceda8e948aeaf7421d37faf50071f0d38c08fc938278f247084195e778ac90ab7bfafb59c2a1c643cd18d883a46a6cc41410f505ba209746d6b12c015eddf31b6c9ebf2f04605518033721cdf02b1da210ca1465129b443c0c46247b5f8cceb000af2c551fcea1c1bef29c5859e95bcf0956b9092279b47dc652134d2bc54c3688978fd4d7c203749da5e4824fe314aa57e76f58fadfafcc7660b68b1a6043acf8f9f0c259d16fe236b5906f88816e7ab69b67f762ad79a5f654c507cc49be181525ff05cde4d56b53790151efa8060c4685e2b1dd0ad89551a41e0d3dda33c2b528922849a8dfcd7246c242c3b2aa38a69e3e5a37c5806c4bcff53e08ffc7a830d925e3394b688ffffffffcbfe387c9e7df19cfb2b54303c101557aa2ed080194fe0af76d672ed77dfa4c5c0c0f9693f4e8c446d3bc19c0a8654bb4ba8b4daae69edf414615473ec2aadaa6871b7d08a51e349acc7b16fddf741f71670da4c2b0eadcf19f46f0fd18b59ecf7b943a2a5c90125638a3b3270a366c074868e62fe2e8751ff3e60411d7e1b3fb6a873f7843489f661f1bc401765cdfacbd76e1b52e15fb10fc19dc4803d3a4743ab977fae35eed00d59ddf64fcbc61f5fa0cf4098d0babde4a397d2ef100c23ca9f836656d5f25b018606e148e3f66400a682472ed5d28b7de624ed838277432623c11027da18378e46c3fd340585b4835ab1d771266322eee56c3e6bf3300f5d48b6b01f515ba7f3fb726cfc6fdf6c07a2f46bbc3f36fc9ba6e551a46335337c881cc4a73e79e76638411adcaa81ee3b6d0e6e6c721da36dcab68bfb0ca6ba7b2c267b80120143a5c4be333b2cf85b3bd2425ca691ff367d130dbbd8e5f6a833e093eae9d176c1c3fb61557f9e5080ee7703fe2ca1061b52d0a40d7ee2f408b3ceac303e302d96d929c17026793c66423d748a81adfd7cb29027f327b0dac4055e88e385f0400f97988aa1fa40cdf776f9f07991fb55d9d4bf62ebefced240d821bd4fbba62c1b62320228c6a4ca613878e3eb538eea28e92b5d909fc7e63ed5a544e7698d0b7d3d99415d4028a5da4cc67fcba3b744acd4f92938027f42b785405228a38d85fd678703b9d41a6a54cd48303a6be64408101fc5471641c1c5a747244da684fef97aa48bf1a225007f26d9f4002a0dc14d01191ef1d749ea2ea05c42c173c3244c1039c04341b0cf37574d8b78e357b451bfcfb79762ed6a4fbc689690bf37afaa92702a0349ed9aecd9111df9fd57b97749bbf5003991029344497c9ff85adaa7a2e566647ba5bad341eed62034b581981dd7c9de9fd4c241a54ad4d6e9e1cf7ca984b13c628cc65eca0829e69d4d390581e43cd2ed5c56608b45c109f35350fb875316e71f79c433319462d4b589a1f7f2d14d43092655da23d63c63298ed62dd481ab0bc58e97f397b39c94b32fad6a1e0cd9da2dfbe6897ee4986fdbafdb0e4b575f800df5da43cf318ea7a5e83a0136b3bde3296b2bd230ed212f79500c6a4458522c3881532b7bfd170647ee65931760f35a1c1f95b8c93e4233f0de2a13c83f31522f2bee05a57c8378ac6bdd3c9e30dc188b30dadb936f35a3fa247732ebae6a8d762992f8a96c1d26981bda157f2b676ac9d61bb786ac8c349da94dbf75a21b786cdceb47a92597b6d2b22f7dc1187cdb4681ce9bebd69977bab9eabf2a68c1d3b3463d6c7f1392e12a17deb97f2ce5c9ef4021d3b4e0df6b3f4b693e136e3931837e91617cd85846f3019a74d2d65f36369e73a461753631d72f9e2834c446ae7e173d6b1935adc0ce65eb0eac830d442a0344f2cbaedf8d48cb0a6959d07f208fbb2dae434f4fdf35b265fbdbde4138b455b7941096d55808de601ddd8a41a70b12968862d0b4086d4ff55152aee65eaa761a9588bb25bce193b4e55ebb183807f118bff0ccbd85ea761e7c3b6cccb64f97b3f1bf7a96eecc7ab40e770a1620209b50ba23aab0f769a16c9b8092326987f0cd1de94b911ea6bef5cf15a93829b7cbf03aa85ef577633e058f81e9653fc47d15ab8bead567ed2affbbf5a470302c065086324dc304c777228050ea9f717e45b6676fc9002ccd0428fcb27d839e4139fb17d4ee72e2fe8394e5de0cc814d92663f8c5f87e131a34ef7094078be0cf54763c82004af9727c7972ff1ea6162b279beea87bc2741e996d14f549d0474aabe780c5b80a35eed311cb734c23d01c160e439662c813126747c7d09068e32fa72605d71abc2a332cb59d81071818d5e0944194285f4cfc050392e505dd93c8c882f46fb6b70b4660784d543a6bf34653487840fdc298c8280241174805bf3cf38083224d213cd6076beac135ed3f010000800000000047750cb0f4d2be6beada1c481a0152d80c0b520d2f090455494c83ba78eb91e6558d52ceceb23c956bb382bb280e6382d2cb679eecd2bcfb6107e2e4f568f1be293eaa0d2ebb77169b103d5fe74d745cf082c36022108b4c430a87fa8535f1c56d0c1d5dae50c549b1b08911e2d2619eef61131c7804b35c3ca4dac1f2595c68941b013b5ded8bfd52ed41da13c0886b7f9c61a5244a815711253aad7ea74eae788b1beea9bc15addb199d2fc79e81a34b887a0e4b935ad154e961c8b6972f124cae7742e82db1e714af15f34908960dbb4ea24e44ffd750c9d11dd45bfaae73028bc88fddf74b2d24de205980ba14f4889119f8a6291b3724497503ddf95222d5d050414e487a3dc65e5eda3169e10570a50440be346cc1f1b0c848410b46610c738636707c5d740a8e3a9b688c2c1ea54135bffd2ffd87d9dfa902f3dd97b2a6078fa65f5a5f95da2b9f6124fe07682e27ab65ab96573e762f5060439e18649798e0b9d7864f91dbc4f4ed3a4ab30671f8f7f3c49c7ac504a755f9420fd9b22421afd7203f7cd6dd8c8e7a33709e12d004e402672af2b3f9046bc57854f98482538ad48723cd153cf03103c157cdb1a63e839a02c3f0041d7020280f96f3f7e0ce89c408be10d344540808dee1bfcb01f5293ab606c71ffc09f9e63b93b37e8d8007ad8432d2e81c3d1d40a57711bdb798ee91a3f05f93f4f46f883db0613bf95fabd523d955d0d4a5518e1bb3dae7646af8af8d4a4d7dcfac633c6efa3164f9e05bbb4b05947ac0e6c4edd99a768eda4c7149cf38a460b522d6405aa47fada1c78f56fbd33669719b1496427f290532334b69d0a7cf6c46cefe5ecd0fd923b14929fd3db8a1a94ba63954b58ceb9b1e0f8471a02c13a160aa763083a5fd36c199075a769768e164f17911f5a416bb96198aa0954a7d27e30c480691ce80dc71a49100", 0x1000}}, 0x1006) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab780ef39fa3910d96072000001ea800000000fdffffff0000faffffffffffffff00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac000000000000000000000000001700", "90be8bf4bd00000000000000000000000000001000", [0x4]}}) 34.010850371s ago: executing program 3 (id=6695): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x3c5a40, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) dup2(r0, 0xffffffffffffffff) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x32, 0x0, 0x0) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r2, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000002d80), 0x301000, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000017c0)='/proc/diskstats\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r4, 0xc0045540, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000800), 0x2, 0x0) ioctl$RTC_UIE_OFF(r3, 0x7004) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x40040, 0x0) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000017c0)='/proc/diskstats\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r6, 0xc0045540, 0x0) pwritev2(r5, &(0x7f0000000240), 0xa7, 0x8, 0x144, 0x4) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/crash_elfcorehdr_size', 0x8000, 0x5) ioctl$RTC_PLL_GET(0xffffffffffffffff, 0x80207011, &(0x7f0000000000)) 18.923577757s ago: executing program 32 (id=6695): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x3c5a40, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) dup2(r0, 0xffffffffffffffff) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x32, 0x0, 0x0) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r2, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000002d80), 0x301000, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000017c0)='/proc/diskstats\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r4, 0xc0045540, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000800), 0x2, 0x0) ioctl$RTC_UIE_OFF(r3, 0x7004) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x40040, 0x0) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000017c0)='/proc/diskstats\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r6, 0xc0045540, 0x0) pwritev2(r5, &(0x7f0000000240), 0xa7, 0x8, 0x144, 0x4) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/crash_elfcorehdr_size', 0x8000, 0x5) ioctl$RTC_PLL_GET(0xffffffffffffffff, 0x80207011, &(0x7f0000000000)) 17.691577609s ago: executing program 0 (id=6836): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000340)={0x18, r1}) (fail_nth: 1) 17.67403667s ago: executing program 1 (id=6837): ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000000)={0x43cb, 0xad5, &(0x7f00000002c0), 0x0}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17.384245106s ago: executing program 0 (id=6840): r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7}) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r1, 0xc00464b4, &(0x7f0000000400)) 17.183503718s ago: executing program 0 (id=6842): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000680)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16.743431219s ago: executing program 0 (id=6844): ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x80900, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f00000001c0)={0x1ff, 0x1c0, 0x100, &(0x7f0000000d00)=[0xe0b, 0x8e0, 0xffffffffffff7b3b, 0x3ff, 0xfffffffffffffffd, 0x7, 0x0, 0x8, 0x0, 0xd, 0x2, 0x7, 0x9, 0x8000000000000000, 0xfffffffffffeffff, 0x0, 0x7ff, 0x3, 0x4, 0x4, 0x9, 0x5, 0x113b041f800000, 0x5, 0x8, 0x3, 0x77fbebcd, 0x6, 0x81, 0xffffffff80000001, 0x3, 0x3, 0x1, 0x6, 0x5809, 0x8, 0x7fffffffffffffff, 0xb2, 0x1, 0x8, 0x0, 0x1000, 0x9a, 0x2, 0xfffffffffffffffa, 0x1, 0xff, 0x1, 0xd, 0x2, 0xd6, 0x7, 0x8, 0x6, 0xc, 0x8, 0x5, 0x7, 0x80000001, 0xc0, 0x800, 0x4, 0x7, 0x1464, 0x2, 0x9, 0x1, 0x511, 0x90, 0x9, 0x8, 0x9, 0xb, 0x604, 0x9, 0xfff, 0x3, 0x4, 0x3b, 0x4, 0x5, 0x3a31, 0xffffffffffffff67, 0x67, 0x1a, 0x6, 0x1, 0x3, 0xfe6, 0xa, 0x3, 0x3, 0x1ff, 0xa79, 0x8, 0x8, 0x3, 0x0, 0xffffffffffffff7f, 0x7bf, 0x5, 0xfffffffffffffff7, 0x7, 0x100000000, 0x7, 0x5, 0x8, 0x101, 0x2, 0x1b2, 0x4, 0x6, 0xcea8, 0x3ff, 0xd, 0x9be9, 0x8, 0x8, 0x3, 0x2ac2, 0xdc92, 0x0, 0xffffffffffff2522, 0xfffffffffffffffa, 0xea, 0x5, 0xf, 0x3]}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc003, 0x3, 0x5, 0x0, 0x4, 0x7, 0xd, 0xb9, 0x0, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x4, 0x45, 0x7, 0xff, 0x2, 0xff, 0x0, 0x4, 0x4, 0x7b, 0x20c}, {0x1, 0x6, 0x18, 0x5, 0x80, 0xfd, 0x3, 0x2, 0x0, 0x70, 0x4, 0x7}], 0xfbffffff}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x5ffffffffff, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0x1, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16.59690367s ago: executing program 1 (id=6847): r0 = syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2) openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000001080), 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000001880)={0x1d, 0x3, {0x8ec, @struct={0x8}, 0x0, 0x1, 0x5, 0x8000000000000001, 0x5, 0x6, 0x81, @usage=0x74068d4c, 0x6, 0x7, [0x2, 0xfffffffffffffffb, 0x9, 0x4c58, 0x9, 0xfffffffffffffff7]}, {0x5, @usage=0x400000000000, 0x0, 0x800, 0x3, 0x7b7, 0x4, 0x5, 0xa8, @struct={0x48c4, 0x5}, 0x9, 0xd, [0xb, 0x4, 0x3, 0x1, 0x6, 0xfffffffffffffffb]}, {0x80000000, @usage=0x110c, 0x0, 0x4, 0x7f, 0xb83, 0x8, 0x2, 0x21, @struct={0xffff3c28, 0x4}, 0x5, 0x3, [0x80f4, 0x9, 0x9de, 0xffffffffffff8000, 0x6, 0xffffffffffffff81]}, {0x6, 0x728}}) 16.491208133s ago: executing program 1 (id=6849): r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7}) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r1, 0xc00464b4, &(0x7f0000000400)) 16.4910007s ago: executing program 2 (id=6850): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(0xffffffffffffffff, 0x80106720, &(0x7f0000000340)={0x1, &(0x7f0000000440)=[{0x7ff, 0x1f, &(0x7f0000000000)="09d7f4ed508bdc0572157b431b920aa2b2958b5f7580cfaba98a0fcec0c6b8", 0x1, 0x1}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0x12) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000002, 0x0, 0x20, 0x0, 0x0, 0x2004cc, 0x8000002, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x8, 0x4000000000000004, 0x767], 0xeeef0000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16.449067859s ago: executing program 1 (id=6851): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000680)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16.327812747s ago: executing program 2 (id=6852): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)=ANY=[]) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16.167756348s ago: executing program 0 (id=6853): r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f00000000c0)={0x5, 0x3, 0x8, 0xfffffff8}) ioctl$IOMMU_IOAS_IOVA_RANGES(r2, 0x3b84, &(0x7f0000000580)={0x20, 0x0, 0x0, 0x3000000, 0x0}) (async) ioctl$IOMMU_IOAS_IOVA_RANGES(r2, 0x3b84, &(0x7f0000000580)={0x20, 0x0, 0x0, 0x3000000, 0x0}) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)=0x3) (async) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)=0x3) r3 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r3, 0xc0945662, &(0x7f0000000100)={0x70, 0x0, '\x00', {0x0, @reserved}}) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f0000000100)=[{0x48, 0xff, 0x0, 0xffeffffd}, {0x6, 0x60, 0x0, 0x8}]}) write$ppp(r1, &(0x7f0000000300)="5af9", 0x2) (async) write$ppp(r1, &(0x7f0000000300)="5af9", 0x2) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000040)={0x2, 0x1, 0x9, 0x601, 'syz0\x00', 0x2}) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f) 16.149760731s ago: executing program 1 (id=6854): ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000000)={0x43cb, 0xad5, &(0x7f00000002c0), 0x0}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16.093959613s ago: executing program 2 (id=6855): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) 16.046988545s ago: executing program 2 (id=6856): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0) dup2(0xffffffffffffffff, r0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000080)={0x0, 0x8, 0x2, {0x2, @sliced={0x0, [0x3, 0x0, 0x0, 0x5, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5]}}}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 15.975797294s ago: executing program 0 (id=6857): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$nci(r0, 0x0, 0x0) 15.938995673s ago: executing program 2 (id=6858): r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7}) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r1, 0xc00464b4, &(0x7f0000000400)) 15.8391803s ago: executing program 2 (id=6859): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(0xffffffffffffffff, 0x80106720, &(0x7f0000000340)={0x1, &(0x7f0000000440)=[{0x7ff, 0x1f, &(0x7f0000000000)="09d7f4ed508bdc0572157b431b920aa2b2958b5f7580cfaba98a0fcec0c6b8", 0x1, 0x1}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0x12) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000002, 0x0, 0x20, 0x0, 0x0, 0x2004cc, 0x8000002, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x8, 0x4000000000000004, 0x767], 0xeeef0000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15.196544858s ago: executing program 1 (id=6860): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x17) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0x0, 0x0, 0x5, 0x0, 0x4002004c4, 0x1000], 0xeeee8000, 0x1144}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 147.543588ms ago: executing program 33 (id=6857): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$nci(r0, 0x0, 0x0) 72.341614ms ago: executing program 34 (id=6860): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x17) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0x0, 0x0, 0x5, 0x0, 0x4002004c4, 0x1000], 0xeeee8000, 0x1144}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 35 (id=6859): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(0xffffffffffffffff, 0x80106720, &(0x7f0000000340)={0x1, &(0x7f0000000440)=[{0x7ff, 0x1f, &(0x7f0000000000)="09d7f4ed508bdc0572157b431b920aa2b2958b5f7580cfaba98a0fcec0c6b8", 0x1, 0x1}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0x12) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000002, 0x0, 0x20, 0x0, 0x0, 0x2004cc, 0x8000002, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x8, 0x4000000000000004, 0x767], 0xeeef0000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): cc 0x0c23 length: 249 > 4 [ 220.716991][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 220.892450][ T1107] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.925617][T10963] input: syz0 as /devices/virtual/input/input57 [ 221.106895][ T1107] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.270557][ T1107] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.417015][ T1107] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.098800][ T1107] bridge_slave_1: left allmulticast mode [ 222.119731][ T1107] bridge_slave_1: left promiscuous mode [ 222.139106][ T1107] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.252680][ T1107] bridge_slave_0: left allmulticast mode [ 222.258406][ T1107] bridge_slave_0: left promiscuous mode [ 222.279605][ T1107] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.769418][ T5849] Bluetooth: hci0: command tx timeout [ 223.598167][ T1107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 223.622932][ T1107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 223.637794][ T1107] bond0 (unregistering): Released all slaves [ 223.655627][T10948] chnl_net:caif_netlink_parms(): no params data found [ 224.451465][T10948] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.476423][T10948] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.488377][T10948] bridge_slave_0: entered allmulticast mode [ 224.530351][T10948] bridge_slave_0: entered promiscuous mode [ 224.560351][T10948] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.567574][T10948] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.605235][T10948] bridge_slave_1: entered allmulticast mode [ 224.651281][T10948] bridge_slave_1: entered promiscuous mode [ 224.840243][ T5849] Bluetooth: hci0: command tx timeout [ 224.848892][T10948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 224.885332][T10948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.975370][ T1107] hsr_slave_0: left promiscuous mode [ 225.026769][ T1107] hsr_slave_1: left promiscuous mode [ 225.040098][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 225.047616][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 225.076892][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.101754][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 225.147315][ T1107] veth1_macvtap: left promiscuous mode [ 225.177990][ T1107] veth0_macvtap: left promiscuous mode [ 225.191303][ T1107] veth1_vlan: left promiscuous mode [ 225.197655][ T1107] veth0_vlan: left promiscuous mode [ 225.660909][ T1107] team0 (unregistering): Port device team_slave_1 removed [ 225.702188][ T1107] team0 (unregistering): Port device team_slave_0 removed [ 226.191496][T10948] team0: Port device team_slave_0 added [ 226.223196][T10948] team0: Port device team_slave_1 added [ 226.501502][T10948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 226.508518][T10948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.575172][T10948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 226.643164][T10948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 226.662960][T10948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.749430][T10948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.919279][ T5849] Bluetooth: hci0: command tx timeout [ 227.023548][T10948] hsr_slave_0: entered promiscuous mode [ 227.040494][T10948] hsr_slave_1: entered promiscuous mode [ 227.060910][T10948] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.080288][T10948] Cannot create hsr debugfs directory [ 227.244542][T11176] binder: 11174:11176 ioctl c0046209 0 returned -22 [ 228.976817][T10948] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 229.001672][ T5849] Bluetooth: hci0: command tx timeout [ 229.104654][T10948] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 229.144272][T10948] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 229.197788][T10948] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 229.458206][T10948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.560541][T10948] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.585543][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.592799][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.657470][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.664795][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.846763][T10948] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 230.580523][T10948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.756566][T10948] veth0_vlan: entered promiscuous mode [ 230.812726][T10948] veth1_vlan: entered promiscuous mode [ 230.948198][T10948] veth0_macvtap: entered promiscuous mode [ 230.967700][T10948] veth1_macvtap: entered promiscuous mode [ 231.026665][T10948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 231.047700][T10948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 231.090307][T10948] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.107203][T10948] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.141322][T10948] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.162688][T10948] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.595160][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.615875][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.723489][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.751509][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.997067][T11358] sp0: Synchronizing with TNC [ 232.026712][T11357] [U] è [ 233.057129][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 233.070385][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 233.080363][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 233.091690][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 233.101490][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 233.298925][ T1107] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.434601][ T1107] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.594451][ T1107] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.755513][ T1107] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.205450][T11391] chnl_net:caif_netlink_parms(): no params data found [ 234.391123][ T1107] bridge_slave_1: left allmulticast mode [ 234.396845][ T1107] bridge_slave_1: left promiscuous mode [ 234.429417][ T1107] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.480328][ T1107] bridge_slave_0: left allmulticast mode [ 234.486038][ T1107] bridge_slave_0: left promiscuous mode [ 234.510484][ T1107] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.155404][ T1107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 235.166551][ T5849] Bluetooth: hci2: command tx timeout [ 235.176675][ T1107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 235.188205][ T1107] bond0 (unregistering): Released all slaves [ 235.806851][T11391] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.824250][T11391] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.839505][T11391] bridge_slave_0: entered allmulticast mode [ 235.847566][T11391] bridge_slave_0: entered promiscuous mode [ 235.981892][T11391] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.003743][T11391] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.031587][T11391] bridge_slave_1: entered allmulticast mode [ 236.041028][T11391] bridge_slave_1: entered promiscuous mode [ 236.263049][ T1107] hsr_slave_0: left promiscuous mode [ 236.289317][ T1107] hsr_slave_1: left promiscuous mode [ 236.295454][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 236.339456][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 236.358455][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 236.393996][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 236.429924][T11517] QAT: failed to copy from user cfg_data. [ 236.470760][ T1107] veth1_macvtap: left promiscuous mode [ 236.486648][ T1107] veth0_macvtap: left promiscuous mode [ 236.496908][ T1107] veth1_vlan: left promiscuous mode [ 236.514700][ T1107] veth0_vlan: left promiscuous mode [ 237.240072][ T5849] Bluetooth: hci2: command tx timeout [ 237.971940][ T1107] team0 (unregistering): Port device team_slave_1 removed [ 238.088528][ T1107] team0 (unregistering): Port device team_slave_0 removed [ 238.947741][T11391] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.025081][T11391] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 239.153434][T11391] team0: Port device team_slave_0 added [ 239.189112][T11391] team0: Port device team_slave_1 added [ 239.311489][T11391] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.319976][ T5849] Bluetooth: hci2: command tx timeout [ 239.324557][T11391] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.351381][ C0] vkms_vblank_simulate: vblank timer overrun [ 239.387432][T11391] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.407083][T11391] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.415666][T11391] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.448276][T11391] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 239.661698][T11391] hsr_slave_0: entered promiscuous mode [ 239.676301][T11391] hsr_slave_1: entered promiscuous mode [ 239.690517][T11391] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 239.732830][T11391] Cannot create hsr debugfs directory [ 241.075039][T11391] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 241.129659][T11391] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 241.170930][T11391] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 241.213703][T11391] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 241.399853][ T5849] Bluetooth: hci2: command tx timeout [ 241.514936][T11391] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.574550][T11391] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.647370][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.655274][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.693247][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.700519][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.315045][T11391] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.417374][T11391] veth0_vlan: entered promiscuous mode [ 242.448818][T11391] veth1_vlan: entered promiscuous mode [ 242.506806][T11391] veth0_macvtap: entered promiscuous mode [ 242.526035][T11391] veth1_macvtap: entered promiscuous mode [ 242.573732][T11391] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.594503][T11391] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.626060][T11391] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.636323][T11391] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.645722][T11391] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.656983][T11391] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.849687][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.857576][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.935990][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.972085][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.025669][ T30] audit: type=1400 audit(1750257226.218:5): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=":/" pid=11788 comm="syz.2.2614" [ 243.529457][ T30] audit: type=1400 audit(1750257226.728:6): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=":/" pid=11809 comm="syz.1.2623" [ 244.078599][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 244.099453][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 244.113964][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 244.148764][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 244.164792][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 244.182390][ T30] audit: type=1400 audit(1750257227.388:7): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=":/" pid=11831 comm="syz.1.2634" [ 244.427632][ T60] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.652139][ T60] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.875661][ T60] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.143679][ T60] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.365812][T11825] chnl_net:caif_netlink_parms(): no params data found [ 245.602368][ T60] bridge_slave_1: left allmulticast mode [ 245.608543][ T60] bridge_slave_1: left promiscuous mode [ 245.625738][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.666087][ T60] bridge_slave_0: left allmulticast mode [ 245.674350][ T60] bridge_slave_0: left promiscuous mode [ 245.680250][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.883871][T11905] input: syz1 as /devices/virtual/input/input60 [ 246.199484][ T5849] Bluetooth: hci1: command tx timeout [ 246.660116][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 246.715091][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 246.740362][ T60] bond0 (unregistering): Released all slaves [ 246.933616][T11825] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.952221][T11825] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.970671][T11825] bridge_slave_0: entered allmulticast mode [ 246.993862][T11825] bridge_slave_0: entered promiscuous mode [ 247.088181][T11825] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.102921][T11825] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.117703][T11825] bridge_slave_1: entered allmulticast mode [ 247.128748][T11825] bridge_slave_1: entered promiscuous mode [ 247.506105][T11825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.601941][T11825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.652966][ T60] hsr_slave_0: left promiscuous mode [ 247.683105][ T60] hsr_slave_1: left promiscuous mode [ 247.694200][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 247.730888][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 247.751046][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 247.758501][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.835208][ T60] veth1_macvtap: left promiscuous mode [ 247.869613][ T60] veth0_macvtap: left promiscuous mode [ 247.875360][ T60] veth1_vlan: left promiscuous mode [ 247.909818][ T60] veth0_vlan: left promiscuous mode [ 248.279583][ T5849] Bluetooth: hci1: command tx timeout [ 248.877386][ T60] team0 (unregistering): Port device team_slave_1 removed [ 248.922499][ T60] team0 (unregistering): Port device team_slave_0 removed [ 249.634292][T11825] team0: Port device team_slave_0 added [ 249.675707][T11825] team0: Port device team_slave_1 added [ 249.888888][T11825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 249.908282][T11825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.979563][T11825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 250.011980][T11825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 250.018986][T11825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.071250][T11825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 250.339748][T11825] hsr_slave_0: entered promiscuous mode [ 250.346481][T11825] hsr_slave_1: entered promiscuous mode [ 250.359712][ T5849] Bluetooth: hci1: command tx timeout [ 251.930055][T11825] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 251.970780][T11825] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 252.024325][T11825] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 252.065773][T11825] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 252.344722][T11825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 252.414068][T11825] 8021q: adding VLAN 0 to HW filter on device team0 [ 252.445529][ T5849] Bluetooth: hci1: command tx timeout [ 252.456079][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.463321][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 252.505996][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.513239][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.305048][T11825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 253.472442][T11825] veth0_vlan: entered promiscuous mode [ 253.529844][T11825] veth1_vlan: entered promiscuous mode [ 253.652070][T11825] veth0_macvtap: entered promiscuous mode [ 253.686003][T11825] veth1_macvtap: entered promiscuous mode [ 253.793996][T11825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 253.838014][T11825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 253.919088][T11825] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.968879][T11825] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.988420][T11825] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.004843][T12227] input: syz1 as /devices/virtual/input/input61 [ 254.009211][T11825] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.260931][ T766] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 254.283475][ T766] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 254.362901][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 254.381280][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.503573][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 255.513974][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 255.522877][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 255.531147][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 255.538970][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 255.812602][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.995609][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.114492][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.258092][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.617964][T12279] chnl_net:caif_netlink_parms(): no params data found [ 256.653574][ T13] bridge_slave_1: left allmulticast mode [ 256.661870][ T13] bridge_slave_1: left promiscuous mode [ 256.671367][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.685549][ T13] bridge_slave_0: left allmulticast mode [ 256.699791][ T13] bridge_slave_0: left promiscuous mode [ 256.705682][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.640194][ T5849] Bluetooth: hci3: command tx timeout [ 257.835894][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 257.869048][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 257.892661][ T13] bond0 (unregistering): Released all slaves [ 258.371525][T12279] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.378761][T12279] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.414267][T12279] bridge_slave_0: entered allmulticast mode [ 258.427603][T12279] bridge_slave_0: entered promiscuous mode [ 258.455645][T12279] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.464232][T12279] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.475390][T12279] bridge_slave_1: entered allmulticast mode [ 258.484441][T12279] bridge_slave_1: entered promiscuous mode [ 258.620421][ T13] hsr_slave_0: left promiscuous mode [ 258.654239][ T13] hsr_slave_1: left promiscuous mode [ 258.674019][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 258.699081][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 258.743043][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 258.766949][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 258.855406][ T13] veth1_macvtap: left promiscuous mode [ 258.866353][ T13] veth0_macvtap: left promiscuous mode [ 258.875168][ T13] veth1_vlan: left promiscuous mode [ 258.911253][ T13] veth0_vlan: left promiscuous mode [ 259.722190][ T5849] Bluetooth: hci3: command tx timeout [ 260.046144][ T13] team0 (unregistering): Port device team_slave_1 removed [ 260.104805][ T13] team0 (unregistering): Port device team_slave_0 removed [ 260.602913][T12484] usb usb9: usbfs: process 12484 (syz.0.2897) did not claim interface 0 before use [ 260.929955][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.936355][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.954952][T12279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 261.018902][T12279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 261.187380][T12279] team0: Port device team_slave_0 added [ 261.223835][T12279] team0: Port device team_slave_1 added [ 261.423445][T12279] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 261.445222][T12279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.519582][T12279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 261.541772][T12279] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 261.548770][T12279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.635586][T12279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 261.802958][ T5849] Bluetooth: hci3: command tx timeout [ 261.828768][T12279] hsr_slave_0: entered promiscuous mode [ 261.837939][T12279] hsr_slave_1: entered promiscuous mode [ 261.846192][T12279] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 261.856566][T12279] Cannot create hsr debugfs directory [ 261.872592][T12534] usb usb9: usbfs: process 12534 (syz.1.2915) did not claim interface 0 before use [ 263.077703][T12279] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 263.115194][T12279] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 263.174413][T12279] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 263.225125][T12279] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 263.577746][T12279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.641889][T12279] 8021q: adding VLAN 0 to HW filter on device team0 [ 263.686602][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.693840][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 263.774695][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.781917][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 263.879248][ T5849] Bluetooth: hci3: command tx timeout [ 264.561851][T12279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 264.687336][T12279] veth0_vlan: entered promiscuous mode [ 264.746301][T12279] veth1_vlan: entered promiscuous mode [ 264.849155][T12279] veth0_macvtap: entered promiscuous mode [ 264.888172][T12279] veth1_macvtap: entered promiscuous mode [ 264.951041][T12279] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 264.983990][T12279] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 265.035340][T12279] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.060558][T12279] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.081456][T12279] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.119305][T12279] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.440434][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 265.448315][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.544502][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 265.589284][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.002924][T12709] [U] é [ 270.072601][T12922] mkiss: ax0: crc mode is auto. [ 271.365562][T12990] mkiss: ax0: crc mode is auto. [ 277.384212][T13304] input: syz1 as /devices/virtual/input/input68 [ 277.838176][T13326] input: syz1 as /devices/virtual/input/input69 [ 279.982985][T13437] CUSE: DEVNAME unspecified [ 280.396587][T13459] CUSE: DEVNAME unspecified [ 289.702873][T13950] ALSA: seq fatal error: cannot create timer (-22) [ 292.862848][T14124] program syz.2.3646 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 298.564870][T14422] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 300.167958][T14510] misc userio: Invalid payload size [ 302.632630][T14647] usb usb9: usbfs: process 14647 (syz.3.3905) did not claim interface 0 before use [ 304.393291][ T30] audit: type=1400 audit(1750257287.598:8): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F0413 [ 309.224697][T14993] input: syz0 as /devices/virtual/input/input70 [ 312.317859][T15162] input: syz0 as /devices/virtual/input/input71 [ 312.780495][T15188] input: syz0 as /devices/virtual/input/input72 [ 313.291198][T15217] input: syz0 as /devices/virtual/input/input73 [ 322.363631][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.370701][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.597364][T15815] sg_write: data in/out 26278/6 bytes for SCSI command 0x0-- guessing data in; [ 324.597364][T15815] program syz.3.4475 not setting count and/or reply_len properly [ 324.618640][T15816] sg_write: data in/out 26278/6 bytes for SCSI command 0x0-- guessing data in; [ 324.618640][T15816] program syz.0.4474 not setting count and/or reply_len properly [ 333.982753][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 333.991698][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 334.005405][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 334.018778][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 334.027600][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 334.115700][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.218732][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.343056][T16321] input: syz1 as /devices/virtual/input/input78 [ 334.354391][T16321] input: failed to attach handler leds to device input78, error: -6 [ 334.446158][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.584950][ T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.835737][T16304] chnl_net:caif_netlink_parms(): no params data found [ 334.901823][ T36] bridge_slave_1: left allmulticast mode [ 334.907539][ T36] bridge_slave_1: left promiscuous mode [ 334.919436][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.940417][ T36] bridge_slave_0: left allmulticast mode [ 334.946123][ T36] bridge_slave_0: left promiscuous mode [ 334.981133][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.157419][T16353] input: syz1 as /devices/virtual/input/input79 [ 335.182206][T16353] input: failed to attach handler leds to device input79, error: -6 [ 335.759031][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 335.775393][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 335.787498][ T36] bond0 (unregistering): Released all slaves [ 335.985834][T16304] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.993402][T16304] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.005939][T16304] bridge_slave_0: entered allmulticast mode [ 336.021739][T16304] bridge_slave_0: entered promiscuous mode [ 336.036962][T16304] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.044492][T16304] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.052857][T16304] bridge_slave_1: entered allmulticast mode [ 336.061654][T16304] bridge_slave_1: entered promiscuous mode [ 336.119500][ T51] Bluetooth: hci0: command tx timeout [ 336.182693][T16382] ALSA: mixer_oss: invalid OSS volume '' [ 336.195429][T16304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 336.244224][T16304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 336.383012][ T36] hsr_slave_0: left promiscuous mode [ 336.407903][ T36] hsr_slave_1: left promiscuous mode [ 336.440670][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 336.448154][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 336.496524][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 336.508904][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 336.556937][ T36] veth1_macvtap: left promiscuous mode [ 336.579879][ T36] veth0_macvtap: left promiscuous mode [ 336.585623][ T36] veth1_vlan: left promiscuous mode [ 336.591532][ T36] veth0_vlan: left promiscuous mode [ 336.755888][T16406] ALSA: mixer_oss: invalid OSS volume '' [ 337.768891][ T36] team0 (unregistering): Port device team_slave_1 removed [ 337.833334][ T36] team0 (unregistering): Port device team_slave_0 removed [ 338.206058][ T51] Bluetooth: hci0: command tx timeout [ 338.878631][T16304] team0: Port device team_slave_0 added [ 338.912885][T16304] team0: Port device team_slave_1 added [ 339.002859][T16304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 339.010643][T16304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.036663][ C0] vkms_vblank_simulate: vblank timer overrun [ 339.044289][T16304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 339.073197][T16304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 339.088149][T16304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.135072][T16304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 339.296257][T16304] hsr_slave_0: entered promiscuous mode [ 339.314298][T16304] hsr_slave_1: entered promiscuous mode [ 339.335547][T16304] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 339.354874][T16304] Cannot create hsr debugfs directory [ 339.438731][T16502] input: syz1 as /devices/virtual/input/input80 [ 339.998684][T16524] input: syz1 as /devices/virtual/input/input81 [ 340.281177][ T51] Bluetooth: hci0: command tx timeout [ 340.641139][T16550] input: syz1 as /devices/virtual/input/input82 [ 340.821413][T16304] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 340.853980][T16304] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 340.874168][T16304] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 340.926557][T16304] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 341.183107][T16304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 341.247314][T16304] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.295196][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.302476][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.342803][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.350041][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.674947][T16596] input: syz1 as /devices/virtual/input/input83 [ 341.982631][T16304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.109326][T16304] veth0_vlan: entered promiscuous mode [ 342.168160][T16304] veth1_vlan: entered promiscuous mode [ 342.257069][T16304] veth0_macvtap: entered promiscuous mode [ 342.307665][T16304] veth1_macvtap: entered promiscuous mode [ 342.357610][T16304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 342.373787][ T51] Bluetooth: hci0: command tx timeout [ 342.397168][T16304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 342.459047][T16304] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.488249][T16304] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.505163][T16304] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.515869][T16304] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.800677][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 342.825920][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 342.898759][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 342.923217][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.441607][T16663] input: syz0 as /devices/virtual/input/input85 [ 343.619445][T16669] input: syz0 as /devices/virtual/input/input86 [ 344.757971][T16728] input: syz0 as /devices/virtual/input/input88 [ 345.479311][ T5931] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 345.485589][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 345.491875][ T5931] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 345.688545][T16772] input: syz1 as /devices/virtual/input/input90 [ 347.800917][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 347.807201][ T5931] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 347.817281][ T5931] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 349.969474][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 349.975637][ T5931] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 349.984508][ T5931] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 352.120594][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 352.124843][ T5931] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 352.134302][ T5931] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 352.595430][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 352.611433][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 352.624168][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 352.632418][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 352.648579][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 352.687858][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 352.696769][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 352.718807][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 352.730314][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 352.740350][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 353.464264][ T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.711861][ T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.973235][ T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.234606][ T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.343365][T16879] chnl_net:caif_netlink_parms(): no params data found [ 354.795257][T16879] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.803982][T16879] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.811865][T16879] bridge_slave_0: entered allmulticast mode [ 354.820809][T16879] bridge_slave_0: entered promiscuous mode [ 354.839407][ T51] Bluetooth: hci4: command tx timeout [ 354.856859][T16879] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.866411][T16879] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.875873][T16879] bridge_slave_1: entered allmulticast mode [ 354.891644][T16879] bridge_slave_1: entered promiscuous mode [ 355.186062][T16879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 355.211603][T16879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 355.227430][ T49] bridge_slave_1: left allmulticast mode [ 355.243058][ T49] bridge_slave_1: left promiscuous mode [ 355.252643][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.334470][ T49] bridge_slave_0: left allmulticast mode [ 355.344256][ T49] bridge_slave_0: left promiscuous mode [ 355.354194][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.564079][T17203] usb usb5: usbfs: process 17203 (syz.0.5077) did not claim interface 0 before use [ 356.922208][ T51] Bluetooth: hci4: command tx timeout [ 357.430305][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 357.541981][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 357.571821][ T49] bond0 (unregistering): Released all slaves [ 357.933016][T17303] usb usb5: usbfs: process 17303 (syz.1.5122) did not claim interface 0 before use [ 358.108883][T17311] kvm: user requested TSC rate below hardware speed [ 358.197371][T16879] team0: Port device team_slave_0 added [ 358.203916][T17314] kvm: user requested TSC rate below hardware speed [ 358.243870][T16879] team0: Port device team_slave_1 added [ 358.707119][T17339] input: syz1 as /devices/virtual/input/input100 [ 358.771636][T16879] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 358.799193][T16879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 358.893054][T16879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 358.918460][T16879] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 358.958383][T16879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 358.984489][ C0] vkms_vblank_simulate: vblank timer overrun [ 358.999442][ T51] Bluetooth: hci4: command tx timeout [ 359.032115][T16879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 359.239479][ T49] hsr_slave_0: left promiscuous mode [ 359.281394][ T49] hsr_slave_1: left promiscuous mode [ 359.288327][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 359.296347][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 359.363126][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 359.375891][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 359.467499][ T49] veth1_macvtap: left promiscuous mode [ 359.473404][ T49] veth0_macvtap: left promiscuous mode [ 359.479606][ T49] veth1_vlan: left promiscuous mode [ 359.485093][ T49] veth0_vlan: left promiscuous mode [ 361.082390][ T51] Bluetooth: hci4: command tx timeout [ 361.134825][T17432] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 362.071586][ T49] team0 (unregistering): Port device team_slave_1 removed [ 362.300283][ T49] team0 (unregistering): Port device team_slave_0 removed [ 362.841517][T17499] usb usb1: usbfs: process 17499 (syz.2.5206) did not claim interface 0 before use [ 362.851344][T17499] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 365.041775][T16879] hsr_slave_0: entered promiscuous mode [ 365.048658][T16879] hsr_slave_1: entered promiscuous mode [ 365.056248][T16879] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 365.069020][T16879] Cannot create hsr debugfs directory [ 366.847339][T16879] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 366.926610][T16879] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 367.019875][T16879] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 367.105979][T16879] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 367.324323][T16879] 8021q: adding VLAN 0 to HW filter on device bond0 [ 367.377386][T16879] 8021q: adding VLAN 0 to HW filter on device team0 [ 367.403572][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 367.410890][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 367.439574][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 367.446834][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 368.032693][T16879] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 368.132463][T16879] veth0_vlan: entered promiscuous mode [ 368.187799][T16879] veth1_vlan: entered promiscuous mode [ 368.275694][T16879] veth0_macvtap: entered promiscuous mode [ 368.315870][T16879] veth1_macvtap: entered promiscuous mode [ 368.394288][T16879] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 368.451028][T16879] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 368.483825][T16879] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.533296][T16879] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.556389][T16879] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.565503][T16879] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.835211][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.854733][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.956762][ T766] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.974520][ T766] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 369.410384][T17747] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 370.352766][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 370.387059][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 370.395452][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 370.407422][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 370.416767][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 371.193798][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.563674][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.842473][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.155511][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.295862][T17779] chnl_net:caif_netlink_parms(): no params data found [ 372.519502][ T51] Bluetooth: hci1: command tx timeout [ 372.685593][T17779] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.695504][T17779] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.704372][T17779] bridge_slave_0: entered allmulticast mode [ 372.712636][T17779] bridge_slave_0: entered promiscuous mode [ 372.733098][T17779] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.740609][T17779] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.748176][T17779] bridge_slave_1: entered allmulticast mode [ 372.755956][T17779] bridge_slave_1: entered promiscuous mode [ 372.803678][T17840] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 372.810461][T17840] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 372.862150][ T12] bridge_slave_1: left allmulticast mode [ 372.867873][ T12] bridge_slave_1: left promiscuous mode [ 372.874291][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.903872][T17840] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 372.960769][ T12] bridge_slave_0: left allmulticast mode [ 372.966590][ T12] bridge_slave_0: left promiscuous mode [ 372.972922][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.992581][T17840] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 373.001891][T17840] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 373.061876][T17840] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 374.119495][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 374.193331][T17892] [U]  [ 374.196360][T17892] [U] K{‘ [ 374.200630][T17892] [U] ät Ž1ÊàŠªFìÇÄfËŠî`GÊJç˜Ügö毹¬¡—þÈoÕñ/ümCç [ 374.207722][T17892] [U] tžØ–/,~ˆÄœ­‹jõÿÊ}8îÊþ'o1Ü"™7-î‚JQœK—¤Wºïqé5c%"¬H12–¦Y“„‰ž€ÊXÍ`ˆ‚íè¼`+³û(·â¿!(éûéz'àtXln»I®gÅj– °üÝ­·på~÷7í!‘Õò"ø¨Î ¾ª(È5ˆObü¤‡ÍƒJÖ [ 374.224192][T17892] [U] ±k\&—}6£6œXîHX ¥ôµ„Ìþ.`¸a“$Û40|϶¿9°øÞ¨„¯À ÏU‚ò4ôä®VbzÃð}ÌwÔM”TºŽíQŸýΦr’ 4”ÿ [ 374.235257][T17892] [U] ".h6øÞ"Ökã‡[›‰¤ŒJá4çØIn¨™[Z(•„C|Të]z{â3Ÿc=»¨xîôžë…î4ßw‰)\T‘XJøSH{q;ì¹¢…ötÔÇ+‹¦÷gíèÿ®d„.Ë‚³>yž÷éwUh„fN—ŽÇhl]SÔ2ŠÇÙ\g%ŠO¼&z)µðš'¨pul‚_<㠢ذ‰ò®Ôå`Ò±TÔÁþœÐËþ;_ô"(‘u{7jœ¿2X ‘/€'ÝÙcÑÌõIº©ÀÏH¿cÕ³žV¦=‘AiÇ%w¼Esž RšŸjŠîœƒÚ”gÂ÷rÁ¹í¡hI˜¢œaïì6-úDúV¨á i"øånæ¨ þÚAsc~4Áª¹8cø*­OO5/ÿœJš~º§¡w—vK+¬®‰Œ3èÇY)Ž¹M°¸æv¶Ìyqæ½€DTr¯Otpem%f×ÊejÍA5æÔT_-X~ ^aaÛ‚ò˜½qÖå [ 374.279656][T17892] [U] +w‰G?]£Ó'a: »Ú)Õïó™“' B>t¢ ¡f/™÷<'èUÓ'–¼h§ié.+]eŸ.½-É¿ÿ¿Ò%÷è>2`¶^Uÿ8F.Š6¤Å3ÓØ+ËA¾Â««„°g3ÓpÂó6:^0Àtéèv÷'Eõt¼€ûâYC‰n¾þrÏ©ÞnèPj× ;æZ†êôñû‘8!¯È\ù…¸AØÊ–2Á£$ðµ™Â­wi.Íç#ŠÈ/Bai¼Ä`ðá4j’ôdîy@Óz„ügW÷5Ë¿BÄ µÙœ Nóy"vI2ûÌ [ 374.304503][T17892] [U] ôT¦_K5¸t¬YJÐþÎ9ðÕcÊ$brŸLúNul ¶ü9wÈýÍ|žGå"ʃÆ%Çú¶êCªØ°¶ºqîÙ ŸÇ3‹Æq¯ôN^HP*½Ü$ µ.Î7yÓ±œ2³ [ 374.355598][T17892] [U] ½?©ÿ hüä*ÙÁ”Î3í7Üé¾^#Q"0~‡ ‚ð(éoïX LŒb£,'vîÓ=‹ÝëCÌS«…’G‚S¶Þ0•Ö‚‹Ù`˜›žÙ‡Ÿ†=1(÷î¾™÷p#ò2DO*Ƀ [ 374.368081][T17892] [U] ©s¹“gžµ²¶“˜GuÐÔd-{¸™â|&“®ŸŸñ2µ›LÞc_©œ!`¨ÍozÖ¥¢B¶³%>êrñ¶öwï‡ýŽSsÂH"£yA4£O.šYÙÛä„RTÔ¶ŒBÚ[+/<>—¡{q¢Ú×_²ÕLX8ÊU„ÇØî{ðZ³íø)ÿÒ7?ËrR;ÿcßr hײڣỨè1Å>)©Măâ‰Ït§²Ú(ìÇaÏ„}9·Ú¥ãJ*MÑœ¥Ä¡«'L¹£q ìDWŸòø¸=ؽ|q¬ ÏÆ™W;5æÙŽª!ñdB¸x`é§ö/÷ÂE`ƦM¢Xîâ"ä\ [ 374.488084][T17892] [U] {;Ž õ¥ÂÙ˜_ˆo2«Ñ)îo®›.2ÐW2겨ðyùÃãx_ HPϱœSªD­¦ø:]‚{Ë©ÔÝæè½ [ 374.497454][T17892] [U] I,Ç>Çó¤ îÙ51ñ÷^1òN4¯oǶþ'0ý?Ö’iÙ9w.ï_.¶WŠa¼ŠVˆ±`)ÑZ¬ïæc6GiÓ¹²a»¬XL[¢›½¡Fü*ÀñO‰W)+‡Ç'\nÆ[K@ÑëÄü2çǬ–®¡p"^`Á‰í øß [ 374.512580][T17892] [U] 22½“Æ©Ðû©x?0;3u± [ 374.517213][T17892] [U] ÞœÕæósObx 8”Wˆ4á‘(ð~/§¿íKÇUžãÔ–oQËe+·G®-yµgY_•>v¢ÜÈë—3.hÁÓ™]Í„²2‘”)™DË, ‘Ä þD~×d©£¡+Ãw; A\˜FPÉþȘ|$ºø)KØI³éÐÉ¿kñYT^RÍüù癵“ËA=±#–Üœ ÝíßËae©tå1·Îݯ4K¯.e"RÚS|ðŸÀsÖ’Á:•ù>p ™…rÐ"z‰ú­ûúé#P!˜KY"›}ÃÆF¿N84ü³ƒÅhÞ±£o•Èsߙ̫%DlwÙmæ²Ç [ 374.545334][T17892] [U] [ª['xn€'²÷ á¿Ü,mr¦«/žšœâ1D=!DŽx91Bùwç»R—lf…ƒÆKì¤Zõê# `ì‘ lØ›§Ëœ»×b~åmÒÔÖ [ 374.554829][T17892] [U] ™LÖ>ñd+ˆd¯§—®Ì"5Žêh3<ª¨ÅiR=F^”fnõóÜÀ‰¿û­vÛ÷œDÁOIOÚ:Uö>ÖYâ [ 374.563817][T17892] [U] 'B—6vý20³ä·çž¥·×Œï"t8Ñ{9ÆFW]ôÊäì© [ 374.570966][T17892] [U] ù72þ‰ïÂÃuþC6™îüÔÏ„I]8cª£tÛ¨QSkYÞîIÒÀâ¹ ¿|V'ÛTV/ùÅg•$[â 9kh`ú"ü‘úõ}€ñ[^=ˆú0á]½ã%ÆÌ‚T“Šž¹ØFì_vö4C¸òÅ [ 374.590397][T17892] [U] ¹ ec [ 374.593585][T17892] [U] —”|‚Êì<äî:^ü3$7nK~Ø-™@÷¦?Ÿ–/mtl·Û¾©Iˆwè¬@g~tØ{êÜPß+Æ$ªjp|µ ŽçIÛRiópmð õ·YÓ ú”8ìtÉÐÞVžÙÿÆë,îlâ,Õ [ 374.637037][T17891] [U] ˆKÌúÛõ‰)0ÄÄÝ~ü³ÊªÁiP'ífóòœzÚÞr¬™ÿ @BÓ]Â5ÝÊ{­©Ê¼ô'à8åÆ¥F‡¹UTqUdÇ©¤K;7íª0c[„ãy–¼ÈYC¦¶»Ø°mª™Lò8’T…ÍšÎ5³ýýrx™¶ðWí x¤²óoQhVi'8œ¥Î…Lµ [ 374.999271][ T51] Bluetooth: hci1: command 0x040f tx timeout [ 375.300355][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 375.384733][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 375.451183][ T12] bond0 (unregistering): Released all slaves [ 375.629620][T17779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 375.680820][T17779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 376.136270][T17779] team0: Port device team_slave_0 added [ 376.147350][T17779] team0: Port device team_slave_1 added [ 376.342519][T17932] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 376.349024][T17932] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 376.762230][ T12] hsr_slave_0: left promiscuous mode [ 376.819272][ T12] hsr_slave_1: left promiscuous mode [ 376.826756][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 376.834870][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 376.900110][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 376.907617][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 377.019021][ T12] veth1_macvtap: left promiscuous mode [ 377.025431][ T12] veth0_macvtap: left promiscuous mode [ 377.036807][ T12] veth1_vlan: left promiscuous mode [ 377.043594][ T12] veth0_vlan: left promiscuous mode [ 377.721782][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout [ 378.359682][ T5849] Bluetooth: hci1: command 0x040f tx timeout [ 379.681492][ T12] team0 (unregistering): Port device team_slave_1 removed [ 379.799322][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout [ 379.958942][ T12] team0 (unregistering): Port device team_slave_0 removed [ 380.439226][ T5849] Bluetooth: hci1: command 0x040f tx timeout [ 381.603322][T18146] binder: 18145:18146 ioctl c0306201 0 returned -14 [ 382.015376][T18165] binder: 18164:18165 ioctl c0306201 0 returned -14 [ 382.427025][T17779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 382.434301][T17779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.460220][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.470300][T17779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 382.530361][ T5849] Bluetooth: hci1: command 0x040f tx timeout [ 382.564689][T18182] binder: 18181:18182 ioctl c0306201 0 returned -14 [ 382.574253][T17779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 382.581602][T17779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.613461][T17779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.958468][T17779] hsr_slave_0: entered promiscuous mode [ 382.984004][T17779] hsr_slave_1: entered promiscuous mode [ 383.804467][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.812559][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.182481][T18245] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 384.599481][ T5849] Bluetooth: hci1: command 0x040f tx timeout [ 385.566587][T18298] loop6: detected capacity change from 0 to 524287999 [ 385.602517][T17779] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 385.687858][T17779] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 385.798757][T17779] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 385.880370][T17779] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 386.226158][T17779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 386.305289][T17779] 8021q: adding VLAN 0 to HW filter on device team0 [ 386.323373][T17566] bridge0: port 1(bridge_slave_0) entered blocking state [ 386.330612][T17566] bridge0: port 1(bridge_slave_0) entered forwarding state [ 386.377061][T17566] bridge0: port 2(bridge_slave_1) entered blocking state [ 386.384320][T17566] bridge0: port 2(bridge_slave_1) entered forwarding state [ 386.492242][T17779] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 386.987014][T17779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 387.135145][T17779] veth0_vlan: entered promiscuous mode [ 387.197834][T17779] veth1_vlan: entered promiscuous mode [ 387.285479][T17779] veth0_macvtap: entered promiscuous mode [ 387.316930][T17779] veth1_macvtap: entered promiscuous mode [ 387.392761][T17779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 387.428848][T17779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 387.465346][T17779] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.488268][T18380] random: crng reseeded on system resumption [ 387.505218][T17779] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.531423][T17779] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.555751][T17779] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.850661][T18388] loop6: detected capacity change from 0 to 524287999 [ 387.870744][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 387.878870][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 387.974408][T17566] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 388.000228][T17566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.352999][T18409] binder: 18407:18409 ioctl c0306201 0 returned -14 [ 389.413486][T18419] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 389.419833][T18419] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 389.464301][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 389.473548][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 389.482145][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 389.506604][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 389.519493][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 389.654955][T18433] binder: 18432:18433 ioctl c0306201 0 returned -14 [ 390.243862][ T1107] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.571648][ T1107] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.679741][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 390.794343][ T1107] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.974059][ T1107] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.246373][T18424] chnl_net:caif_netlink_parms(): no params data found [ 391.480122][ T51] Bluetooth: hci1: command 0x040f tx timeout [ 391.562650][ T51] Bluetooth: hci2: command tx timeout [ 391.823645][T18424] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.836489][T18424] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.843906][T18424] bridge_slave_0: entered allmulticast mode [ 391.854329][T18424] bridge_slave_0: entered promiscuous mode [ 391.864324][T18424] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.873031][T18424] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.885137][T18424] bridge_slave_1: entered allmulticast mode [ 391.893350][T18424] bridge_slave_1: entered promiscuous mode [ 392.092263][ T1107] bridge_slave_1: left allmulticast mode [ 392.109219][ T1107] bridge_slave_1: left promiscuous mode [ 392.121582][ T1107] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.204047][ T1107] bridge_slave_0: left allmulticast mode [ 392.224620][ T1107] bridge_slave_0: left promiscuous mode [ 392.247481][ T1107] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.639667][ T51] Bluetooth: hci2: command tx timeout [ 394.216779][ T1107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 394.351527][ T1107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 394.427061][ T1107] bond0 (unregistering): Released all slaves [ 394.497810][T18424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 394.540410][T18424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.035854][T18424] team0: Port device team_slave_0 added [ 395.149841][T18424] team0: Port device team_slave_1 added [ 395.692002][T18424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 395.713368][T18424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.722663][ T51] Bluetooth: hci2: command tx timeout [ 395.739305][ C1] vkms_vblank_simulate: vblank timer overrun [ 395.801400][T18424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 396.191312][ T1107] hsr_slave_0: left promiscuous mode [ 396.259489][ T1107] hsr_slave_1: left promiscuous mode [ 396.269961][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 396.290128][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 396.313808][T18694] loop6: detected capacity change from 0 to 524287999 [ 396.352849][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 396.369760][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 396.496885][ T1107] veth1_macvtap: left promiscuous mode [ 396.512626][ T1107] veth0_macvtap: left promiscuous mode [ 396.518489][ T1107] veth1_vlan: left promiscuous mode [ 396.553002][ T1107] veth0_vlan: left promiscuous mode [ 396.692731][T18707] Context (ID=0x1) not attached to queue pair (handle=0x0:0x2) [ 397.728230][T18733] Context (ID=0x1) not attached to queue pair (handle=0x0:0x2) [ 397.799227][ T5849] Bluetooth: hci2: command tx timeout [ 397.919920][T18739] loop6: detected capacity change from 0 to 524287999 [ 398.797117][T18760] loop6: detected capacity change from 0 to 524287999 [ 398.999430][ T51] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 399.222345][ T1107] team0 (unregistering): Port device team_slave_1 removed [ 399.450039][ T1107] team0 (unregistering): Port device team_slave_0 removed [ 401.942245][T18424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 401.955900][T18424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 401.990934][T18424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 402.231836][T18875] loop2: detected capacity change from 0 to 7 [ 402.277548][T18875] Dev loop2: unable to read RDB block 7 [ 402.284442][T18875] loop2: unable to read partition table [ 402.295427][T18875] loop2: partition table beyond EOD, truncated [ 402.301790][T18875] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 402.376100][T18424] hsr_slave_0: entered promiscuous mode [ 402.425188][T18424] hsr_slave_1: entered promiscuous mode [ 402.439351][T18424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 402.449843][T18424] Cannot create hsr debugfs directory [ 402.532224][T18881] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 404.653355][T18424] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 404.760899][T18424] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 404.847916][T18424] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 404.896038][T18424] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 405.176924][T18424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 405.248212][T18424] 8021q: adding VLAN 0 to HW filter on device team0 [ 405.282703][T17566] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.289937][T17566] bridge0: port 1(bridge_slave_0) entered forwarding state [ 405.344500][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.351717][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 405.955887][T18424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 406.096653][T18424] veth0_vlan: entered promiscuous mode [ 406.144231][T18424] veth1_vlan: entered promiscuous mode [ 406.188174][T18424] veth0_macvtap: entered promiscuous mode [ 406.228105][T18424] veth1_macvtap: entered promiscuous mode [ 406.306518][T18424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 406.347355][T18424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 406.395751][T18424] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.420287][T18424] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.435118][T18424] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.448206][T18424] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.699850][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 406.727239][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 406.805535][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 406.818667][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 407.130277][T19071] binder: 19068:19071 ioctl c0306201 0 returned -14 [ 407.518434][T19086] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 407.825417][T19102] binder: 19101:19102 ioctl c0306201 0 returned -14 [ 408.331419][T19123] binder: 19122:19123 ioctl c0306201 0 returned -14 [ 410.299490][T19189] misc userio: Invalid payload size [ 411.605428][T19232] misc userio: Invalid payload size [ 412.075298][T19248] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 412.755535][T19267] binder: 19266:19267 ioctl c0306201 0 returned -14 [ 413.527845][T19296] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 414.397318][T19312] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 414.633644][T19322] usb usb1: usbfs: process 19322 (syz.1.5930) did not claim interface 0 before use [ 414.707176][ T5944] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 414.733405][ T5944] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 414.893204][T19329] fido_id[19329]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 415.643381][ T5843] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 415.689785][ T5843] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 416.246171][T19357] hid-generic 0000:0000:0000.0006: pid 19357 passed too short report [ 417.972468][T19416] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 418.158027][T19426] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 418.563155][T19448] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 418.733629][T19459] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 419.179287][T19479] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 419.217920][T19476] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 419.895355][T19511] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 421.306017][T19585] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 421.566954][T19596] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 421.869595][T19612] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 422.429856][T19643] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 422.527501][T19646] binder: 19645:19646 unknown command 0 [ 422.542697][T19646] binder: 19645:19646 ioctl c0306201 200000000480 returned -22 [ 422.972970][T19668] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 422.984323][T19667] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 423.002870][T19668] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 423.115827][T19673] loop9: detected capacity change from 0 to 7 [ 423.142679][T19673] Dev loop9: unable to read RDB block 7 [ 423.150560][T19673] loop9: unable to read partition table [ 423.157635][T19673] loop9: partition table beyond EOD, truncated [ 423.172561][T19673] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 423.490218][T19689] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 423.865828][T19698] loop9: detected capacity change from 0 to 8 [ 423.890826][T19698] Dev loop9: unable to read RDB block 8 [ 423.896650][T19698] loop9: unable to read partition table [ 423.917931][T19698] loop9: partition table beyond EOD, truncated [ 423.932638][T19698] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 425.211672][T19746] binder: 19745:19746 ioctl c0306201 200000000640 returned -22 [ 426.734968][T19822] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 426.983680][T19836] loop9: detected capacity change from 0 to 7 [ 427.006874][T19836] Dev loop9: unable to read RDB block 7 [ 427.013137][T19836] loop9: unable to read partition table [ 427.020935][T19836] loop9: partition table beyond EOD, truncated [ 427.027718][T19836] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 428.025204][T19887] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 429.218995][T19940] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 429.941539][T19967] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 430.395461][T19989] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 430.902677][T20009] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 432.122917][T20064] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 432.675984][T20083] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 433.220888][T20109] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 433.820888][T20133] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 434.514839][T20155] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 434.913164][T20176] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 435.568677][T20210] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 436.092769][T20240] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 441.824106][T20485] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 442.092551][T20503] cgroup: fork rejected by pids controller in /syz3 [ 442.394066][T20512] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 443.124524][ T766] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.391445][ T766] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.480614][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 443.490879][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 443.504379][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 443.514538][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 443.522860][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 443.631537][ T766] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.851428][ T766] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.407907][T20536] chnl_net:caif_netlink_parms(): no params data found [ 444.439341][ T766] bridge_slave_1: left allmulticast mode [ 444.457257][ T766] bridge_slave_1: left promiscuous mode [ 444.464321][ T766] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.540897][ T766] bridge_slave_0: left allmulticast mode [ 444.560289][ T766] bridge_slave_0: left promiscuous mode [ 444.566194][ T766] bridge0: port 1(bridge_slave_0) entered disabled state [ 445.242958][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.250771][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.559655][ T51] Bluetooth: hci3: command tx timeout [ 446.911008][ T766] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 447.030378][ T766] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 447.104133][ T766] bond0 (unregistering): Released all slaves [ 447.639376][ T51] Bluetooth: hci3: command tx timeout [ 448.561263][T20536] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.575961][T20536] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.670130][T20536] bridge_slave_0: entered allmulticast mode [ 448.678773][T20536] bridge_slave_0: entered promiscuous mode [ 449.309488][ T766] hsr_slave_0: left promiscuous mode [ 449.355294][ T766] hsr_slave_1: left promiscuous mode [ 449.370220][ T766] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 449.398961][ T766] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 449.446251][ T766] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 449.454018][ T766] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 449.568286][ T766] veth1_macvtap: left promiscuous mode [ 449.588420][ T766] veth0_macvtap: left promiscuous mode [ 449.595373][ T766] veth1_vlan: left promiscuous mode [ 449.604030][ T766] veth0_vlan: left promiscuous mode [ 449.719986][ T51] Bluetooth: hci3: command tx timeout [ 451.799681][ T51] Bluetooth: hci3: command tx timeout [ 452.486905][ T766] team0 (unregistering): Port device team_slave_1 removed [ 452.820368][ T766] team0 (unregistering): Port device team_slave_0 removed [ 455.454604][T20536] bridge0: port 2(bridge_slave_1) entered blocking state [ 455.469268][T20536] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.496910][T20536] bridge_slave_1: entered allmulticast mode [ 455.516895][T20536] bridge_slave_1: entered promiscuous mode [ 455.522455][T20846] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 455.923795][T20536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 455.962366][T20536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 456.256600][T20536] team0: Port device team_slave_0 added [ 456.283827][T20536] team0: Port device team_slave_1 added [ 456.497970][T20536] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 456.523956][T20536] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 456.550387][ C0] vkms_vblank_simulate: vblank timer overrun [ 456.612280][T20536] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 456.628825][T20536] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 456.637458][T20536] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 456.663605][ C0] vkms_vblank_simulate: vblank timer overrun [ 456.673679][T20536] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 456.677810][T20884] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 457.121579][T20536] hsr_slave_0: entered promiscuous mode [ 457.128346][T20536] hsr_slave_1: entered promiscuous mode [ 457.168401][T20536] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 457.189210][T20536] Cannot create hsr debugfs directory [ 458.251783][T20935] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 459.891830][T20536] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 459.978181][T20536] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 460.047300][T20536] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 460.146611][T20536] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 460.460404][T20536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 460.494169][T20536] 8021q: adding VLAN 0 to HW filter on device team0 [ 460.507233][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.514949][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 460.545012][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.552456][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.247162][T20536] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 461.421012][T20536] veth0_vlan: entered promiscuous mode [ 461.463259][T20536] veth1_vlan: entered promiscuous mode [ 461.568559][T20536] veth0_macvtap: entered promiscuous mode [ 461.603192][T20536] veth1_macvtap: entered promiscuous mode [ 461.667156][T20536] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 461.734236][T20536] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 461.785773][T20536] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.816818][T20536] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.840890][T20536] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.859334][T20536] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.150628][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.158518][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.284315][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.299946][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.935778][T21115] ubi31: attaching mtd0 [ 463.943689][T21115] ubi31: scanning is finished [ 463.948455][T21115] ubi31: empty MTD device detected [ 464.303519][T21115] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 464.315485][T21115] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 464.323623][T21115] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 464.342287][T21115] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 464.361412][T21115] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 464.381141][T21115] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 464.411983][T21115] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3546402764 [ 464.479790][T21115] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 464.533707][T21124] ubi31: background thread "ubi_bgt31d" started, PID 21124 [ 464.852429][T21135] loop9: detected capacity change from 0 to 8 [ 464.874615][ T6939] Dev loop9: unable to read RDB block 8 [ 464.889612][ T6939] loop9: unable to read partition table [ 464.927872][ T6939] loop9: partition table beyond EOD, truncated [ 464.950841][T21135] Dev loop9: unable to read RDB block 8 [ 464.964791][T21135] loop9: unable to read partition table [ 464.977257][T21135] loop9: partition table beyond EOD, truncated [ 464.999584][T21135] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 466.757484][T21195] binder: 21194:21195 ioctl c0306201 0 returned -14 [ 466.928801][T21205] loop9: detected capacity change from 0 to 8 [ 466.938355][ T6931] Dev loop9: unable to read RDB block 8 [ 466.956147][ T6931] loop9: unable to read partition table [ 466.966660][ T6931] loop9: partition table beyond EOD, truncated [ 466.984031][T21205] Dev loop9: unable to read RDB block 8 [ 467.004350][T21205] loop9: unable to read partition table [ 467.012781][T21205] loop9: partition table beyond EOD, truncated [ 467.029282][T21205] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 467.707231][T21234] binder: 21233:21234 ioctl c0306201 0 returned -14 [ 468.378128][T21267] binder: 21266:21267 ioctl c0306201 0 returned -14 [ 468.514727][T21271] Bluetooth: hci4: Frame reassembly failed (-84) [ 468.748837][T21279] FAULT_INJECTION: forcing a failure. [ 468.748837][T21279] name failslab, interval 1, probability 0, space 0, times 1 [ 468.762891][T21279] CPU: 0 UID: 0 PID: 21279 Comm: syz.3.6642 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 468.762924][T21279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 468.762945][T21279] Call Trace: [ 468.762957][T21279] [ 468.762966][T21279] dump_stack_lvl+0x189/0x250 [ 468.763007][T21279] ? __pfx____ratelimit+0x10/0x10 [ 468.763042][T21279] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.763067][T21279] ? __pfx__printk+0x10/0x10 [ 468.763100][T21279] ? __pfx___might_resched+0x10/0x10 [ 468.763131][T21279] ? fs_reclaim_acquire+0x7d/0x100 [ 468.763170][T21279] should_fail_ex+0x414/0x560 [ 468.763205][T21279] should_failslab+0xa8/0x100 [ 468.763238][T21279] __kmalloc_noprof+0xcb/0x4f0 [ 468.763262][T21279] ? kfree+0x4d/0x440 [ 468.763282][T21279] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 468.763313][T21279] tomoyo_realpath_from_path+0xe3/0x5d0 [ 468.763353][T21279] ? tomoyo_domain+0xd9/0x130 [ 468.763388][T21279] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 468.763426][T21279] tomoyo_path_number_perm+0x1e8/0x5a0 [ 468.763468][T21279] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 468.763527][T21279] ? __lock_acquire+0xab9/0xd20 [ 468.763570][T21279] ? __fget_files+0x2a/0x420 [ 468.763605][T21279] ? __fget_files+0x2a/0x420 [ 468.763634][T21279] ? __fget_files+0x3a0/0x420 [ 468.763665][T21279] ? __fget_files+0x2a/0x420 [ 468.763701][T21279] security_file_ioctl+0xcb/0x2d0 [ 468.763735][T21279] __se_sys_ioctl+0x47/0x170 [ 468.763764][T21279] do_syscall_64+0xfa/0x3b0 [ 468.763785][T21279] ? lockdep_hardirqs_on+0x9c/0x150 [ 468.763818][T21279] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.763840][T21279] ? clear_bhb_loop+0x60/0xb0 [ 468.763866][T21279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.763894][T21279] RIP: 0033:0x7f1d6858e929 [ 468.763918][T21279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.763936][T21279] RSP: 002b:00007f1d693f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 468.763957][T21279] RAX: ffffffffffffffda RBX: 00007f1d687b5fa0 RCX: 00007f1d6858e929 [ 468.763974][T21279] RDX: 0000200000000140 RSI: 0000000000003b88 RDI: 0000000000000003 [ 468.763987][T21279] RBP: 00007f1d693f6090 R08: 0000000000000000 R09: 0000000000000000 [ 468.763999][T21279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 468.764010][T21279] R13: 0000000000000000 R14: 00007f1d687b5fa0 R15: 00007ffe198e5c68 [ 468.764041][T21279] [ 468.764055][T21279] ERROR: Out of memory at tomoyo_realpath_from_path. [ 469.545228][T21301] kvm: kvm [21300]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0x1 [ 470.376278][T21327] loop9: detected capacity change from 0 to 7 [ 470.387455][T21327] Dev loop9: unable to read RDB block 7 [ 470.394444][T21327] loop9: unable to read partition table [ 470.403689][T21327] loop9: partition table beyond EOD, truncated [ 470.423232][T21327] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 470.599195][ T51] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 470.599397][ T5849] Bluetooth: hci4: command 0xfc11 tx timeout [ 472.526386][T21406] FAULT_INJECTION: forcing a failure. [ 472.526386][T21406] name failslab, interval 1, probability 0, space 0, times 0 [ 472.583319][T21406] CPU: 1 UID: 0 PID: 21406 Comm: syz.1.6692 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 472.583354][T21406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 472.583368][T21406] Call Trace: [ 472.583377][T21406] [ 472.583386][T21406] dump_stack_lvl+0x189/0x250 [ 472.583418][T21406] ? __pfx____ratelimit+0x10/0x10 [ 472.583454][T21406] ? __pfx_dump_stack_lvl+0x10/0x10 [ 472.583479][T21406] ? __pfx__printk+0x10/0x10 [ 472.583510][T21406] ? __pfx___might_resched+0x10/0x10 [ 472.583535][T21406] ? fs_reclaim_acquire+0x7d/0x100 [ 472.583572][T21406] should_fail_ex+0x414/0x560 [ 472.583605][T21406] should_failslab+0xa8/0x100 [ 472.583636][T21406] kmem_cache_alloc_noprof+0x73/0x3c0 [ 472.583660][T21406] ? getname_flags+0xb8/0x540 [ 472.583683][T21406] getname_flags+0xb8/0x540 [ 472.583706][T21406] do_sys_openat2+0xbc/0x1c0 [ 472.583733][T21406] ? __pfx_do_sys_openat2+0x10/0x10 [ 472.583758][T21406] ? ksys_write+0x22a/0x250 [ 472.583789][T21406] ? __pfx_ksys_write+0x10/0x10 [ 472.583822][T21406] __x64_sys_openat+0x138/0x170 [ 472.583851][T21406] do_syscall_64+0xfa/0x3b0 [ 472.583871][T21406] ? lockdep_hardirqs_on+0x9c/0x150 [ 472.583904][T21406] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.583926][T21406] ? clear_bhb_loop+0x60/0xb0 [ 472.583951][T21406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.583978][T21406] RIP: 0033:0x7fe77298e929 [ 472.583997][T21406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.584016][T21406] RSP: 002b:00007fe7737c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 472.584040][T21406] RAX: ffffffffffffffda RBX: 00007fe772bb5fa0 RCX: 00007fe77298e929 [ 472.584056][T21406] RDX: 0000000000008000 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 472.584071][T21406] RBP: 00007fe7737c0090 R08: 0000000000000000 R09: 0000000000000000 [ 472.584084][T21406] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 472.584098][T21406] R13: 0000000000000001 R14: 00007fe772bb5fa0 R15: 00007ffcd1e3b9f8 [ 472.584131][T21406] [ 473.346022][T21438] FAULT_INJECTION: forcing a failure. [ 473.346022][T21438] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 473.403653][T21440] input: syz0 as /devices/virtual/input/input105 [ 473.446306][T21438] CPU: 0 UID: 0 PID: 21438 Comm: syz.0.6702 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 473.446339][T21438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 473.446353][T21438] Call Trace: [ 473.446363][T21438] [ 473.446372][T21438] dump_stack_lvl+0x189/0x250 [ 473.446404][T21438] ? __pfx____ratelimit+0x10/0x10 [ 473.446439][T21438] ? __pfx_dump_stack_lvl+0x10/0x10 [ 473.446465][T21438] ? __pfx__printk+0x10/0x10 [ 473.446503][T21438] should_fail_ex+0x414/0x560 [ 473.446536][T21438] _copy_to_user+0x31/0xb0 [ 473.446560][T21438] simple_read_from_buffer+0xe1/0x170 [ 473.446597][T21438] proc_fail_nth_read+0x1df/0x250 [ 473.446621][T21438] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 473.446659][T21438] ? rw_verify_area+0x258/0x650 [ 473.446687][T21438] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 473.446724][T21438] vfs_read+0x200/0x980 [ 473.446758][T21438] ? __pfx___mutex_lock+0x10/0x10 [ 473.446780][T21438] ? __pfx_vfs_read+0x10/0x10 [ 473.446811][T21438] ? __fget_files+0x2a/0x420 [ 473.446847][T21438] ? __fget_files+0x3a0/0x420 [ 473.446878][T21438] ? __fget_files+0x2a/0x420 [ 473.446929][T21438] ksys_read+0x145/0x250 [ 473.446955][T21438] ? __fget_files+0x2a/0x420 [ 473.446987][T21438] ? __pfx_ksys_read+0x10/0x10 [ 473.447021][T21438] ? do_syscall_64+0xbe/0x3b0 [ 473.447047][T21438] do_syscall_64+0xfa/0x3b0 [ 473.447067][T21438] ? lockdep_hardirqs_on+0x9c/0x150 [ 473.447099][T21438] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.447121][T21438] ? clear_bhb_loop+0x60/0xb0 [ 473.447148][T21438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.447170][T21438] RIP: 0033:0x7f619c38d33c [ 473.447189][T21438] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 473.447208][T21438] RSP: 002b:00007f619d2e1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 473.447231][T21438] RAX: ffffffffffffffda RBX: 00007f619c5b5fa0 RCX: 00007f619c38d33c [ 473.447247][T21438] RDX: 000000000000000f RSI: 00007f619d2e10a0 RDI: 0000000000000003 [ 473.447261][T21438] RBP: 00007f619d2e1090 R08: 0000000000000000 R09: 0000000000000000 [ 473.447273][T21438] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 473.447286][T21438] R13: 0000000000000001 R14: 00007f619c5b5fa0 R15: 00007fff80e969a8 [ 473.447319][T21438] [ 473.680710][ C0] vkms_vblank_simulate: vblank timer overrun [ 474.417728][T21466] FAULT_INJECTION: forcing a failure. [ 474.417728][T21466] name failslab, interval 1, probability 0, space 0, times 0 [ 474.432025][T21466] CPU: 1 UID: 0 PID: 21466 Comm: syz.2.6714 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 474.432056][T21466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 474.432070][T21466] Call Trace: [ 474.432078][T21466] [ 474.432087][T21466] dump_stack_lvl+0x189/0x250 [ 474.432117][T21466] ? __pfx____ratelimit+0x10/0x10 [ 474.432152][T21466] ? __pfx_dump_stack_lvl+0x10/0x10 [ 474.432177][T21466] ? __pfx__printk+0x10/0x10 [ 474.432208][T21466] ? __pfx___might_resched+0x10/0x10 [ 474.432231][T21466] ? fs_reclaim_acquire+0x7d/0x100 [ 474.432267][T21466] should_fail_ex+0x414/0x560 [ 474.432300][T21466] should_failslab+0xa8/0x100 [ 474.432329][T21466] kmem_cache_alloc_noprof+0x73/0x3c0 [ 474.432355][T21466] ? getname_flags+0xb8/0x540 [ 474.432379][T21466] getname_flags+0xb8/0x540 [ 474.432403][T21466] do_sys_openat2+0xbc/0x1c0 [ 474.432429][T21466] ? __pfx_do_sys_openat2+0x10/0x10 [ 474.432453][T21466] ? ksys_write+0x22a/0x250 [ 474.432483][T21466] ? __pfx_ksys_write+0x10/0x10 [ 474.432516][T21466] __x64_sys_openat+0x138/0x170 [ 474.432544][T21466] do_syscall_64+0xfa/0x3b0 [ 474.432563][T21466] ? lockdep_hardirqs_on+0x9c/0x150 [ 474.432593][T21466] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.432613][T21466] ? clear_bhb_loop+0x60/0xb0 [ 474.432639][T21466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.432659][T21466] RIP: 0033:0x7fe09258e929 [ 474.432679][T21466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.432696][T21466] RSP: 002b:00007fe0934d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 474.432712][T21466] RAX: ffffffffffffffda RBX: 00007fe0927b5fa0 RCX: 00007fe09258e929 [ 474.432723][T21466] RDX: 0000000000040000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 474.432734][T21466] RBP: 00007fe0934d8090 R08: 0000000000000000 R09: 0000000000000000 [ 474.432744][T21466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 474.432765][T21466] R13: 0000000000000001 R14: 00007fe0927b5fa0 R15: 00007ffc0e57fb98 [ 474.432787][T21466] [ 474.999302][ T51] Bluetooth: hci1: command 0x040f tx timeout [ 475.006113][T21417] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 475.012989][T21417] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 475.876206][T21417] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 475.887102][T21417] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 476.394234][T21417] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 476.410422][T21417] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 477.569019][T21547] FAULT_INJECTION: forcing a failure. [ 477.569019][T21547] name failslab, interval 1, probability 0, space 0, times 0 [ 477.590082][T21547] CPU: 0 UID: 0 PID: 21547 Comm: syz.2.6747 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 477.590115][T21547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 477.590129][T21547] Call Trace: [ 477.590138][T21547] [ 477.590147][T21547] dump_stack_lvl+0x189/0x250 [ 477.590177][T21547] ? __pfx____ratelimit+0x10/0x10 [ 477.590211][T21547] ? __pfx_dump_stack_lvl+0x10/0x10 [ 477.590237][T21547] ? __pfx__printk+0x10/0x10 [ 477.590268][T21547] ? __pfx___might_resched+0x10/0x10 [ 477.590293][T21547] ? fs_reclaim_acquire+0x7d/0x100 [ 477.590330][T21547] should_fail_ex+0x414/0x560 [ 477.590363][T21547] should_failslab+0xa8/0x100 [ 477.590393][T21547] __kmalloc_noprof+0xcb/0x4f0 [ 477.590418][T21547] ? kfree+0x4d/0x440 [ 477.590438][T21547] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 477.590471][T21547] tomoyo_realpath_from_path+0xe3/0x5d0 [ 477.590500][T21547] ? tomoyo_domain+0xd9/0x130 [ 477.590532][T21547] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 477.590567][T21547] tomoyo_path_number_perm+0x1e8/0x5a0 [ 477.590605][T21547] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 477.590658][T21547] ? __lock_acquire+0xab9/0xd20 [ 477.590709][T21547] ? __fget_files+0x2a/0x420 [ 477.590745][T21547] ? __fget_files+0x2a/0x420 [ 477.590775][T21547] ? __fget_files+0x3a0/0x420 [ 477.590806][T21547] ? __fget_files+0x2a/0x420 [ 477.590843][T21547] security_file_ioctl+0xcb/0x2d0 [ 477.590879][T21547] __se_sys_ioctl+0x47/0x170 [ 477.590909][T21547] do_syscall_64+0xfa/0x3b0 [ 477.590929][T21547] ? lockdep_hardirqs_on+0x9c/0x150 [ 477.590962][T21547] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.590983][T21547] ? clear_bhb_loop+0x60/0xb0 [ 477.591010][T21547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.591031][T21547] RIP: 0033:0x7fe09258e929 [ 477.591050][T21547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.591069][T21547] RSP: 002b:00007fe0934d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 477.591093][T21547] RAX: ffffffffffffffda RBX: 00007fe0927b5fa0 RCX: 00007fe09258e929 [ 477.591109][T21547] RDX: 0000000000000000 RSI: 0000000000005416 RDI: 0000000000000003 [ 477.591122][T21547] RBP: 00007fe0934d8090 R08: 0000000000000000 R09: 0000000000000000 [ 477.591136][T21547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 477.591149][T21547] R13: 0000000000000000 R14: 00007fe0927b5fa0 R15: 00007ffc0e57fb98 [ 477.591182][T21547] [ 477.591978][T21547] ERROR: Out of memory at tomoyo_realpath_from_path. [ 478.728183][T21582] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 480.352371][T21618] block device autoloading is deprecated and will be removed. [ 480.361736][T21618] syz.1.6770: attempt to access beyond end of device [ 480.361736][T21618] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 480.420876][T21622] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 480.433112][T21622] FAULT_INJECTION: forcing a failure. [ 480.433112][T21622] name failslab, interval 1, probability 0, space 0, times 0 [ 480.446236][T21622] CPU: 1 UID: 0 PID: 21622 Comm: syz.0.6771 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 480.446268][T21622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 480.446282][T21622] Call Trace: [ 480.446290][T21622] [ 480.446299][T21622] dump_stack_lvl+0x189/0x250 [ 480.446329][T21622] ? __pfx____ratelimit+0x10/0x10 [ 480.446364][T21622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 480.446389][T21622] ? __pfx__printk+0x10/0x10 [ 480.446420][T21622] ? __pfx___might_resched+0x10/0x10 [ 480.446443][T21622] ? fs_reclaim_acquire+0x7d/0x100 [ 480.446481][T21622] should_fail_ex+0x414/0x560 [ 480.446514][T21622] should_failslab+0xa8/0x100 [ 480.446545][T21622] __kmalloc_noprof+0xcb/0x4f0 [ 480.446586][T21622] ? kfree+0x4d/0x440 [ 480.446607][T21622] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 480.446640][T21622] tomoyo_realpath_from_path+0xe3/0x5d0 [ 480.446665][T21622] ? tomoyo_domain+0xd9/0x130 [ 480.446698][T21622] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 480.446733][T21622] tomoyo_path_number_perm+0x1e8/0x5a0 [ 480.446771][T21622] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 480.446824][T21622] ? __lock_acquire+0xab9/0xd20 [ 480.446868][T21622] ? __fget_files+0x2a/0x420 [ 480.446905][T21622] ? __fget_files+0x2a/0x420 [ 480.446937][T21622] ? __fget_files+0x3a0/0x420 [ 480.446968][T21622] ? __fget_files+0x2a/0x420 [ 480.447005][T21622] security_file_ioctl+0xcb/0x2d0 [ 480.447040][T21622] __se_sys_ioctl+0x47/0x170 [ 480.447067][T21622] do_syscall_64+0xfa/0x3b0 [ 480.447085][T21622] ? lockdep_hardirqs_on+0x9c/0x150 [ 480.447116][T21622] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.447136][T21622] ? clear_bhb_loop+0x60/0xb0 [ 480.447161][T21622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.447189][T21622] RIP: 0033:0x7f619c38e929 [ 480.447208][T21622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.447225][T21622] RSP: 002b:00007f619d2e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 480.447245][T21622] RAX: ffffffffffffffda RBX: 00007f619c5b5fa0 RCX: 00007f619c38e929 [ 480.447258][T21622] RDX: 0000200000000340 RSI: 0000000000003b80 RDI: 0000000000000003 [ 480.447271][T21622] RBP: 00007f619d2e1090 R08: 0000000000000000 R09: 0000000000000000 [ 480.447284][T21622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 480.447297][T21622] R13: 0000000000000000 R14: 00007f619c5b5fa0 R15: 00007fff80e969a8 [ 480.447328][T21622] [ 480.447339][T21622] ERROR: Out of memory at tomoyo_realpath_from_path. [ 480.783821][T21625] FAULT_INJECTION: forcing a failure. [ 480.783821][T21625] name failslab, interval 1, probability 0, space 0, times 0 [ 480.800227][T21625] CPU: 0 UID: 0 PID: 21625 Comm: syz.0.6772 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 480.800268][T21625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 480.800282][T21625] Call Trace: [ 480.800291][T21625] [ 480.800301][T21625] dump_stack_lvl+0x189/0x250 [ 480.800332][T21625] ? __pfx____ratelimit+0x10/0x10 [ 480.800367][T21625] ? __pfx_dump_stack_lvl+0x10/0x10 [ 480.800394][T21625] ? __pfx__printk+0x10/0x10 [ 480.800425][T21625] ? __pfx___might_resched+0x10/0x10 [ 480.800451][T21625] ? fs_reclaim_acquire+0x7d/0x100 [ 480.800488][T21625] should_fail_ex+0x414/0x560 [ 480.800522][T21625] should_failslab+0xa8/0x100 [ 480.800553][T21625] __kmalloc_noprof+0xcb/0x4f0 [ 480.800579][T21625] ? kfree+0x4d/0x440 [ 480.800600][T21625] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 480.800633][T21625] tomoyo_realpath_from_path+0xe3/0x5d0 [ 480.800663][T21625] ? tomoyo_domain+0xd9/0x130 [ 480.800695][T21625] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 480.800731][T21625] tomoyo_path_number_perm+0x1e8/0x5a0 [ 480.800770][T21625] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 480.800825][T21625] ? __lock_acquire+0xab9/0xd20 [ 480.800869][T21625] ? __fget_files+0x2a/0x420 [ 480.800904][T21625] ? __fget_files+0x2a/0x420 [ 480.800933][T21625] ? __fget_files+0x3a0/0x420 [ 480.800965][T21625] ? __fget_files+0x2a/0x420 [ 480.801000][T21625] security_file_ioctl+0xcb/0x2d0 [ 480.801035][T21625] __se_sys_ioctl+0x47/0x170 [ 480.801064][T21625] do_syscall_64+0xfa/0x3b0 [ 480.801083][T21625] ? lockdep_hardirqs_on+0x9c/0x150 [ 480.801115][T21625] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.801136][T21625] ? clear_bhb_loop+0x60/0xb0 [ 480.801162][T21625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.801183][T21625] RIP: 0033:0x7f619c38e929 [ 480.801203][T21625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.801222][T21625] RSP: 002b:00007f619d2e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 480.801253][T21625] RAX: ffffffffffffffda RBX: 00007f619c5b5fa0 RCX: 00007f619c38e929 [ 480.801269][T21625] RDX: 0000200000000100 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 480.801283][T21625] RBP: 00007f619d2e1090 R08: 0000000000000000 R09: 0000000000000000 [ 480.801297][T21625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 480.801310][T21625] R13: 0000000000000000 R14: 00007f619c5b5fa0 R15: 00007fff80e969a8 [ 480.801348][T21625] [ 480.801357][T21625] ERROR: Out of memory at tomoyo_realpath_from_path. [ 481.059910][T21625] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 481.182102][T21638] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 482.221544][T21650] FAULT_INJECTION: forcing a failure. [ 482.221544][T21650] name failslab, interval 1, probability 0, space 0, times 0 [ 482.237486][T21650] CPU: 0 UID: 0 PID: 21650 Comm: syz.1.6780 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 482.237518][T21650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 482.237532][T21650] Call Trace: [ 482.237541][T21650] [ 482.237551][T21650] dump_stack_lvl+0x189/0x250 [ 482.237897][T21650] ? __pfx____ratelimit+0x10/0x10 [ 482.237940][T21650] ? __pfx_dump_stack_lvl+0x10/0x10 [ 482.237968][T21650] ? __pfx__printk+0x10/0x10 [ 482.237999][T21650] ? __pfx___might_resched+0x10/0x10 [ 482.238022][T21650] ? fs_reclaim_acquire+0x7d/0x100 [ 482.238054][T21650] should_fail_ex+0x414/0x560 [ 482.238088][T21650] should_failslab+0xa8/0x100 [ 482.238118][T21650] __kmalloc_noprof+0xcb/0x4f0 [ 482.238144][T21650] ? kfree+0x4d/0x440 [ 482.238164][T21650] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 482.238202][T21650] tomoyo_realpath_from_path+0xe3/0x5d0 [ 482.238231][T21650] ? tomoyo_domain+0xd9/0x130 [ 482.238284][T21650] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 482.238319][T21650] tomoyo_path_number_perm+0x1e8/0x5a0 [ 482.238357][T21650] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 482.238411][T21650] ? __lock_acquire+0xab9/0xd20 [ 482.238456][T21650] ? __fget_files+0x2a/0x420 [ 482.238494][T21650] ? __fget_files+0x2a/0x420 [ 482.238525][T21650] ? __fget_files+0x3a0/0x420 [ 482.238557][T21650] ? __fget_files+0x2a/0x420 [ 482.238594][T21650] security_file_ioctl+0xcb/0x2d0 [ 482.238630][T21650] __se_sys_ioctl+0x47/0x170 [ 482.238659][T21650] do_syscall_64+0xfa/0x3b0 [ 482.238680][T21650] ? lockdep_hardirqs_on+0x9c/0x150 [ 482.238713][T21650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.238736][T21650] ? clear_bhb_loop+0x60/0xb0 [ 482.238764][T21650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.238787][T21650] RIP: 0033:0x7fe77298e929 [ 482.238808][T21650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 482.238828][T21650] RSP: 002b:00007fe7737c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 482.238851][T21650] RAX: ffffffffffffffda RBX: 00007fe772bb5fa0 RCX: 00007fe77298e929 [ 482.238866][T21650] RDX: 0000200000000740 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 482.238879][T21650] RBP: 00007fe7737c0090 R08: 0000000000000000 R09: 0000000000000000 [ 482.238892][T21650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 482.238905][T21650] R13: 0000000000000000 R14: 00007fe772bb5fa0 R15: 00007ffcd1e3b9f8 [ 482.238936][T21650] [ 482.238946][T21650] ERROR: Out of memory at tomoyo_realpath_from_path. [ 482.535739][T21650] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 482.561896][T21657] FAULT_INJECTION: forcing a failure. [ 482.561896][T21657] name failslab, interval 1, probability 0, space 0, times 0 [ 482.576475][T21657] CPU: 0 UID: 0 PID: 21657 Comm: syz.0.6782 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 482.576506][T21657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 482.576519][T21657] Call Trace: [ 482.576527][T21657] [ 482.576535][T21657] dump_stack_lvl+0x189/0x250 [ 482.576566][T21657] ? __pfx____ratelimit+0x10/0x10 [ 482.576598][T21657] ? __pfx_dump_stack_lvl+0x10/0x10 [ 482.576623][T21657] ? __pfx__printk+0x10/0x10 [ 482.576650][T21657] ? __pfx___might_resched+0x10/0x10 [ 482.576674][T21657] ? fs_reclaim_acquire+0x7d/0x100 [ 482.576710][T21657] should_fail_ex+0x414/0x560 [ 482.576743][T21657] should_failslab+0xa8/0x100 [ 482.576770][T21657] __kmalloc_noprof+0xcb/0x4f0 [ 482.576794][T21657] ? kfree+0x4d/0x440 [ 482.576814][T21657] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 482.576846][T21657] tomoyo_realpath_from_path+0xe3/0x5d0 [ 482.576873][T21657] ? tomoyo_domain+0xd9/0x130 [ 482.576902][T21657] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 482.576936][T21657] tomoyo_path_number_perm+0x1e8/0x5a0 [ 482.576971][T21657] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 482.577031][T21657] ? __lock_acquire+0xab9/0xd20 [ 482.577074][T21657] ? __fget_files+0x2a/0x420 [ 482.577109][T21657] ? __fget_files+0x2a/0x420 [ 482.577140][T21657] ? __fget_files+0x3a0/0x420 [ 482.577171][T21657] ? __fget_files+0x2a/0x420 [ 482.577207][T21657] security_file_ioctl+0xcb/0x2d0 [ 482.577239][T21657] __se_sys_ioctl+0x47/0x170 [ 482.577359][T21657] do_syscall_64+0xfa/0x3b0 [ 482.577392][T21657] ? lockdep_hardirqs_on+0x9c/0x150 [ 482.577432][T21657] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.577460][T21657] ? clear_bhb_loop+0x60/0xb0 [ 482.577503][T21657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.577524][T21657] RIP: 0033:0x7f619c38e929 [ 482.577550][T21657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 482.577568][T21657] RSP: 002b:00007f619d2e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 482.577590][T21657] RAX: ffffffffffffffda RBX: 00007f619c5b5fa0 RCX: 00007f619c38e929 [ 482.577667][T21657] RDX: 0000200000000100 RSI: 0000000000003b84 RDI: 0000000000000003 [ 482.577694][T21657] RBP: 00007f619d2e1090 R08: 0000000000000000 R09: 0000000000000000 [ 482.577707][T21657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 482.577720][T21657] R13: 0000000000000000 R14: 00007f619c5b5fa0 R15: 00007fff80e969a8 [ 482.577753][T21657] [ 482.577872][T21657] ERROR: Out of memory at tomoyo_realpath_from_path. [ 482.721101][T21660] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 482.988202][T21664] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 483.102921][T21666] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 483.123383][T21666] FAULT_INJECTION: forcing a failure. [ 483.123383][T21666] name failslab, interval 1, probability 0, space 0, times 0 [ 483.139619][T21666] CPU: 1 UID: 0 PID: 21666 Comm: syz.1.6785 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 483.139652][T21666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 483.139666][T21666] Call Trace: [ 483.139675][T21666] [ 483.139684][T21666] dump_stack_lvl+0x189/0x250 [ 483.139715][T21666] ? __pfx____ratelimit+0x10/0x10 [ 483.139750][T21666] ? __pfx_dump_stack_lvl+0x10/0x10 [ 483.139775][T21666] ? __pfx__printk+0x10/0x10 [ 483.139806][T21666] ? __pfx___might_resched+0x10/0x10 [ 483.139831][T21666] ? fs_reclaim_acquire+0x7d/0x100 [ 483.139868][T21666] should_fail_ex+0x414/0x560 [ 483.139902][T21666] should_failslab+0xa8/0x100 [ 483.139932][T21666] __kmalloc_noprof+0xcb/0x4f0 [ 483.139957][T21666] ? kfree+0x4d/0x440 [ 483.139977][T21666] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 483.140010][T21666] tomoyo_realpath_from_path+0xe3/0x5d0 [ 483.140038][T21666] ? tomoyo_domain+0xd9/0x130 [ 483.140070][T21666] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 483.140103][T21666] tomoyo_path_number_perm+0x1e8/0x5a0 [ 483.140141][T21666] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 483.140195][T21666] ? __lock_acquire+0xab9/0xd20 [ 483.140248][T21666] ? __fget_files+0x2a/0x420 [ 483.140283][T21666] ? __fget_files+0x2a/0x420 [ 483.140315][T21666] ? __fget_files+0x3a0/0x420 [ 483.140346][T21666] ? __fget_files+0x2a/0x420 [ 483.140383][T21666] security_file_ioctl+0xcb/0x2d0 [ 483.140418][T21666] __se_sys_ioctl+0x47/0x170 [ 483.140453][T21666] do_syscall_64+0xfa/0x3b0 [ 483.140473][T21666] ? lockdep_hardirqs_on+0x9c/0x150 [ 483.140506][T21666] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.140527][T21666] ? clear_bhb_loop+0x60/0xb0 [ 483.140553][T21666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.140574][T21666] RIP: 0033:0x7fe77298e929 [ 483.140594][T21666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 483.140613][T21666] RSP: 002b:00007fe7737c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 483.140636][T21666] RAX: ffffffffffffffda RBX: 00007fe772bb5fa0 RCX: 00007fe77298e929 [ 483.140653][T21666] RDX: 0000200000000900 RSI: 0000000000003b86 RDI: 0000000000000003 [ 483.140666][T21666] RBP: 00007fe7737c0090 R08: 0000000000000000 R09: 0000000000000000 [ 483.140679][T21666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 483.140692][T21666] R13: 0000000000000000 R14: 00007fe772bb5fa0 R15: 00007ffcd1e3b9f8 [ 483.140726][T21666] [ 483.140735][T21666] ERROR: Out of memory at tomoyo_realpath_from_path. [ 484.313558][T21689] FAULT_INJECTION: forcing a failure. [ 484.313558][T21689] name failslab, interval 1, probability 0, space 0, times 0 [ 484.349382][T21689] CPU: 1 UID: 0 PID: 21689 Comm: syz.1.6791 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 484.349419][T21689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 484.349433][T21689] Call Trace: [ 484.349443][T21689] [ 484.349453][T21689] dump_stack_lvl+0x189/0x250 [ 484.349485][T21689] ? __pfx____ratelimit+0x10/0x10 [ 484.349521][T21689] ? __pfx_dump_stack_lvl+0x10/0x10 [ 484.349548][T21689] ? __pfx__printk+0x10/0x10 [ 484.349581][T21689] ? __pfx___might_resched+0x10/0x10 [ 484.349606][T21689] ? fs_reclaim_acquire+0x7d/0x100 [ 484.349643][T21689] should_fail_ex+0x414/0x560 [ 484.349682][T21689] should_failslab+0xa8/0x100 [ 484.349713][T21689] __kmalloc_noprof+0xcb/0x4f0 [ 484.349738][T21689] ? kfree+0x4d/0x440 [ 484.349760][T21689] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 484.349792][T21689] tomoyo_realpath_from_path+0xe3/0x5d0 [ 484.349823][T21689] ? tomoyo_domain+0xd9/0x130 [ 484.349856][T21689] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 484.349892][T21689] tomoyo_path_number_perm+0x1e8/0x5a0 [ 484.349930][T21689] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 484.349985][T21689] ? __lock_acquire+0xab9/0xd20 [ 484.350030][T21689] ? __fget_files+0x2a/0x420 [ 484.350068][T21689] ? __fget_files+0x2a/0x420 [ 484.350106][T21689] ? __fget_files+0x3a0/0x420 [ 484.350137][T21689] ? __fget_files+0x2a/0x420 [ 484.350175][T21689] security_file_ioctl+0xcb/0x2d0 [ 484.350211][T21689] __se_sys_ioctl+0x47/0x170 [ 484.350242][T21689] do_syscall_64+0xfa/0x3b0 [ 484.350263][T21689] ? lockdep_hardirqs_on+0x9c/0x150 [ 484.350296][T21689] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.350318][T21689] ? clear_bhb_loop+0x60/0xb0 [ 484.350346][T21689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.350368][T21689] RIP: 0033:0x7fe77298e929 [ 484.350388][T21689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 484.350407][T21689] RSP: 002b:00007fe7737c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 484.350431][T21689] RAX: ffffffffffffffda RBX: 00007fe772bb5fa0 RCX: 00007fe77298e929 [ 484.350447][T21689] RDX: 00002000000006c0 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 484.350462][T21689] RBP: 00007fe7737c0090 R08: 0000000000000000 R09: 0000000000000000 [ 484.350476][T21689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 484.350490][T21689] R13: 0000000000000000 R14: 00007fe772bb5fa0 R15: 00007ffcd1e3b9f8 [ 484.350524][T21689] [ 484.352589][T21689] ERROR: Out of memory at tomoyo_realpath_from_path. [ 484.381127][T21690] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 484.756800][T21692] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 484.796709][T21692] FAULT_INJECTION: forcing a failure. [ 484.796709][T21692] name failslab, interval 1, probability 0, space 0, times 0 [ 484.816780][T21692] CPU: 0 UID: 0 PID: 21692 Comm: syz.0.6792 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 484.816829][T21692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 484.816847][T21692] Call Trace: [ 484.816859][T21692] [ 484.816871][T21692] dump_stack_lvl+0x189/0x250 [ 484.816912][T21692] ? __pfx____ratelimit+0x10/0x10 [ 484.816956][T21692] ? __pfx_dump_stack_lvl+0x10/0x10 [ 484.816989][T21692] ? __pfx__printk+0x10/0x10 [ 484.817029][T21692] ? __pfx___might_resched+0x10/0x10 [ 484.817057][T21692] ? fs_reclaim_acquire+0x7d/0x100 [ 484.817101][T21692] should_fail_ex+0x414/0x560 [ 484.817144][T21692] should_failslab+0xa8/0x100 [ 484.817184][T21692] __kmalloc_noprof+0xcb/0x4f0 [ 484.817218][T21692] ? kfree+0x4d/0x440 [ 484.817243][T21692] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 484.817285][T21692] tomoyo_realpath_from_path+0xe3/0x5d0 [ 484.817322][T21692] ? tomoyo_domain+0xd9/0x130 [ 484.817364][T21692] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 484.817408][T21692] tomoyo_path_number_perm+0x1e8/0x5a0 [ 484.817459][T21692] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 484.817523][T21692] ? __lock_acquire+0xab9/0xd20 [ 484.817585][T21692] ? __fget_files+0x2a/0x420 [ 484.817631][T21692] ? __fget_files+0x2a/0x420 [ 484.817671][T21692] ? __fget_files+0x3a0/0x420 [ 484.817712][T21692] ? __fget_files+0x2a/0x420 [ 484.817764][T21692] security_file_ioctl+0xcb/0x2d0 [ 484.817816][T21692] __se_sys_ioctl+0x47/0x170 [ 484.817856][T21692] do_syscall_64+0xfa/0x3b0 [ 484.817883][T21692] ? lockdep_hardirqs_on+0x9c/0x150 [ 484.817925][T21692] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.817951][T21692] ? clear_bhb_loop+0x60/0xb0 [ 484.817986][T21692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.818015][T21692] RIP: 0033:0x7f619c38e929 [ 484.818041][T21692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 484.818064][T21692] RSP: 002b:00007f619d2e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 484.818093][T21692] RAX: ffffffffffffffda RBX: 00007f619c5b5fa0 RCX: 00007f619c38e929 [ 484.818113][T21692] RDX: 0000200000000a00 RSI: 0000000000003b85 RDI: 0000000000000003 [ 484.818132][T21692] RBP: 00007f619d2e1090 R08: 0000000000000000 R09: 0000000000000000 [ 484.818151][T21692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 484.818166][T21692] R13: 0000000000000000 R14: 00007f619c5b5fa0 R15: 00007fff80e969a8 [ 484.818207][T21692] [ 484.818315][T21692] ERROR: Out of memory at tomoyo_realpath_from_path. [ 485.267596][T21701] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 485.504271][T21710] loop9: detected capacity change from 0 to 7 [ 485.516772][T21710] Dev loop9: unable to read RDB block 7 [ 485.526683][T21710] loop9: unable to read partition table [ 485.537209][T21710] loop9: partition table beyond EOD, truncated [ 485.546525][T21710] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 485.791337][T21719] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 485.805339][T21719] FAULT_INJECTION: forcing a failure. [ 485.805339][T21719] name failslab, interval 1, probability 0, space 0, times 0 [ 485.818182][T21719] CPU: 0 UID: 0 PID: 21719 Comm: syz.0.6801 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 485.818213][T21719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 485.818227][T21719] Call Trace: [ 485.818237][T21719] [ 485.818247][T21719] dump_stack_lvl+0x189/0x250 [ 485.818282][T21719] ? __pfx____ratelimit+0x10/0x10 [ 485.818317][T21719] ? __pfx_dump_stack_lvl+0x10/0x10 [ 485.818342][T21719] ? __pfx__printk+0x10/0x10 [ 485.818373][T21719] ? __pfx___might_resched+0x10/0x10 [ 485.818398][T21719] ? fs_reclaim_acquire+0x7d/0x100 [ 485.818434][T21719] should_fail_ex+0x414/0x560 [ 485.818467][T21719] should_failslab+0xa8/0x100 [ 485.818498][T21719] __kmalloc_noprof+0xcb/0x4f0 [ 485.818522][T21719] ? kfree+0x4d/0x440 [ 485.818543][T21719] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 485.818575][T21719] tomoyo_realpath_from_path+0xe3/0x5d0 [ 485.818603][T21719] ? tomoyo_domain+0xd9/0x130 [ 485.818635][T21719] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 485.818669][T21719] tomoyo_path_number_perm+0x1e8/0x5a0 [ 485.818786][T21719] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 485.818846][T21719] ? __lock_acquire+0xab9/0xd20 [ 485.818892][T21719] ? __fget_files+0x2a/0x420 [ 485.818928][T21719] ? __fget_files+0x2a/0x420 [ 485.818960][T21719] ? __fget_files+0x3a0/0x420 [ 485.818992][T21719] ? __fget_files+0x2a/0x420 [ 485.819033][T21719] security_file_ioctl+0xcb/0x2d0 [ 485.819068][T21719] __se_sys_ioctl+0x47/0x170 [ 485.819096][T21719] do_syscall_64+0xfa/0x3b0 [ 485.819116][T21719] ? lockdep_hardirqs_on+0x9c/0x150 [ 485.819148][T21719] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.819169][T21719] ? clear_bhb_loop+0x60/0xb0 [ 485.819198][T21719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.819220][T21719] RIP: 0033:0x7f619c38e929 [ 485.819241][T21719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.819263][T21719] RSP: 002b:00007f619d2e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 485.819286][T21719] RAX: ffffffffffffffda RBX: 00007f619c5b5fa0 RCX: 00007f619c38e929 [ 485.819302][T21719] RDX: 0000200000000880 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 485.819318][T21719] RBP: 00007f619d2e1090 R08: 0000000000000000 R09: 0000000000000000 [ 485.819332][T21719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 485.819345][T21719] R13: 0000000000000000 R14: 00007f619c5b5fa0 R15: 00007fff80e969a8 [ 485.819379][T21719] [ 486.073444][T21719] ERROR: Out of memory at tomoyo_realpath_from_path. [ 486.091075][T21721] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 486.103086][T21721] FAULT_INJECTION: forcing a failure. [ 486.103086][T21721] name failslab, interval 1, probability 0, space 0, times 0 [ 486.116188][T21721] CPU: 0 UID: 0 PID: 21721 Comm: syz.1.6802 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 486.116219][T21721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 486.116234][T21721] Call Trace: [ 486.116242][T21721] [ 486.116251][T21721] dump_stack_lvl+0x189/0x250 [ 486.116281][T21721] ? __pfx____ratelimit+0x10/0x10 [ 486.116316][T21721] ? __pfx_dump_stack_lvl+0x10/0x10 [ 486.116341][T21721] ? __pfx__printk+0x10/0x10 [ 486.116372][T21721] ? __pfx___might_resched+0x10/0x10 [ 486.116397][T21721] ? fs_reclaim_acquire+0x7d/0x100 [ 486.116434][T21721] should_fail_ex+0x414/0x560 [ 486.116467][T21721] should_failslab+0xa8/0x100 [ 486.116497][T21721] __kmalloc_noprof+0xcb/0x4f0 [ 486.116521][T21721] ? kfree+0x4d/0x440 [ 486.116542][T21721] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 486.116573][T21721] tomoyo_realpath_from_path+0xe3/0x5d0 [ 486.116598][T21721] ? tomoyo_domain+0xd9/0x130 [ 486.116628][T21721] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 486.116662][T21721] tomoyo_path_number_perm+0x1e8/0x5a0 [ 486.116700][T21721] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 486.116764][T21721] ? __lock_acquire+0xab9/0xd20 [ 486.116810][T21721] ? __fget_files+0x2a/0x420 [ 486.116845][T21721] ? __fget_files+0x2a/0x420 [ 486.116875][T21721] ? __fget_files+0x3a0/0x420 [ 486.116907][T21721] ? __fget_files+0x2a/0x420 [ 486.116943][T21721] security_file_ioctl+0xcb/0x2d0 [ 486.116978][T21721] __se_sys_ioctl+0x47/0x170 [ 486.117008][T21721] do_syscall_64+0xfa/0x3b0 [ 486.117028][T21721] ? lockdep_hardirqs_on+0x9c/0x150 [ 486.117061][T21721] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.117083][T21721] ? clear_bhb_loop+0x60/0xb0 [ 486.117109][T21721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.117131][T21721] RIP: 0033:0x7fe77298e929 [ 486.117151][T21721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 486.117170][T21721] RSP: 002b:00007fe7737c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 486.117193][T21721] RAX: ffffffffffffffda RBX: 00007fe772bb5fa0 RCX: 00007fe77298e929 [ 486.117209][T21721] RDX: 0000200000000b80 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 486.117223][T21721] RBP: 00007fe7737c0090 R08: 0000000000000000 R09: 0000000000000000 [ 486.117237][T21721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 486.117250][T21721] R13: 0000000000000000 R14: 00007fe772bb5fa0 R15: 00007ffcd1e3b9f8 [ 486.117283][T21721] [ 486.117292][T21721] ERROR: Out of memory at tomoyo_realpath_from_path. [ 486.275044][T21724] mkiss: ax0: crc mode is auto. [ 486.463113][T21729] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 486.987952][T21749] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 487.147852][T21756] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 487.912418][T21784] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 488.386493][T21801] FAULT_INJECTION: forcing a failure. [ 488.386493][T21801] name failslab, interval 1, probability 0, space 0, times 0 [ 488.399824][T21801] CPU: 0 UID: 0 PID: 21801 Comm: syz.1.6831 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 488.399856][T21801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 488.399870][T21801] Call Trace: [ 488.399878][T21801] [ 488.399886][T21801] dump_stack_lvl+0x189/0x250 [ 488.399915][T21801] ? __pfx____ratelimit+0x10/0x10 [ 488.399948][T21801] ? __pfx_dump_stack_lvl+0x10/0x10 [ 488.399974][T21801] ? __pfx__printk+0x10/0x10 [ 488.400004][T21801] ? __pfx___might_resched+0x10/0x10 [ 488.400027][T21801] ? fs_reclaim_acquire+0x7d/0x100 [ 488.400063][T21801] should_fail_ex+0x414/0x560 [ 488.400094][T21801] should_failslab+0xa8/0x100 [ 488.400124][T21801] kmem_cache_alloc_noprof+0x73/0x3c0 [ 488.400148][T21801] ? getname_flags+0xb8/0x540 [ 488.400171][T21801] getname_flags+0xb8/0x540 [ 488.400196][T21801] do_sys_openat2+0xbc/0x1c0 [ 488.400221][T21801] ? __pfx_do_sys_openat2+0x10/0x10 [ 488.400244][T21801] ? ksys_write+0x22a/0x250 [ 488.400274][T21801] ? __pfx_ksys_write+0x10/0x10 [ 488.400306][T21801] __x64_sys_openat+0x138/0x170 [ 488.400335][T21801] do_syscall_64+0xfa/0x3b0 [ 488.400355][T21801] ? lockdep_hardirqs_on+0x9c/0x150 [ 488.400388][T21801] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.400410][T21801] ? clear_bhb_loop+0x60/0xb0 [ 488.400436][T21801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.400458][T21801] RIP: 0033:0x7fe77298e929 [ 488.400477][T21801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.400496][T21801] RSP: 002b:00007fe7737c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 488.400519][T21801] RAX: ffffffffffffffda RBX: 00007fe772bb5fa0 RCX: 00007fe77298e929 [ 488.400535][T21801] RDX: 0000000000020000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 488.400551][T21801] RBP: 00007fe7737c0090 R08: 0000000000000000 R09: 0000000000000000 [ 488.400564][T21801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 488.400577][T21801] R13: 0000000000000001 R14: 00007fe772bb5fa0 R15: 00007ffcd1e3b9f8 [ 488.400609][T21801] [ 488.617241][ C0] vkms_vblank_simulate: vblank timer overrun [ 489.155605][T21820] FAULT_INJECTION: forcing a failure. [ 489.155605][T21820] name failslab, interval 1, probability 0, space 0, times 0 [ 489.176073][T21820] CPU: 1 UID: 0 PID: 21820 Comm: syz.0.6836 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 489.176106][T21820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 489.176119][T21820] Call Trace: [ 489.176128][T21820] [ 489.176137][T21820] dump_stack_lvl+0x189/0x250 [ 489.176167][T21820] ? __pfx____ratelimit+0x10/0x10 [ 489.176201][T21820] ? __pfx_dump_stack_lvl+0x10/0x10 [ 489.176227][T21820] ? __pfx__printk+0x10/0x10 [ 489.176257][T21820] ? __pfx___might_resched+0x10/0x10 [ 489.176282][T21820] ? fs_reclaim_acquire+0x7d/0x100 [ 489.176317][T21820] should_fail_ex+0x414/0x560 [ 489.176349][T21820] should_failslab+0xa8/0x100 [ 489.176389][T21820] __kmalloc_noprof+0xcb/0x4f0 [ 489.176413][T21820] ? kfree+0x4d/0x440 [ 489.176434][T21820] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 489.176465][T21820] tomoyo_realpath_from_path+0xe3/0x5d0 [ 489.176493][T21820] ? tomoyo_domain+0xd9/0x130 [ 489.176525][T21820] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 489.176559][T21820] tomoyo_path_number_perm+0x1e8/0x5a0 [ 489.176597][T21820] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 489.176649][T21820] ? __lock_acquire+0xab9/0xd20 [ 489.176690][T21820] ? __fget_files+0x2a/0x420 [ 489.176726][T21820] ? __fget_files+0x2a/0x420 [ 489.176756][T21820] ? __fget_files+0x3a0/0x420 [ 489.176787][T21820] ? __fget_files+0x2a/0x420 [ 489.176824][T21820] security_file_ioctl+0xcb/0x2d0 [ 489.176859][T21820] __se_sys_ioctl+0x47/0x170 [ 489.176889][T21820] do_syscall_64+0xfa/0x3b0 [ 489.176909][T21820] ? lockdep_hardirqs_on+0x9c/0x150 [ 489.176942][T21820] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.176963][T21820] ? clear_bhb_loop+0x60/0xb0 [ 489.176989][T21820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.177010][T21820] RIP: 0033:0x7f619c38e929 [ 489.177029][T21820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 489.177047][T21820] RSP: 002b:00007f619d2e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 489.177071][T21820] RAX: ffffffffffffffda RBX: 00007f619c5b5fa0 RCX: 00007f619c38e929 [ 489.177086][T21820] RDX: 0000200000000340 RSI: 0000000000003b86 RDI: 0000000000000003 [ 489.177101][T21820] RBP: 00007f619d2e1090 R08: 0000000000000000 R09: 0000000000000000 [ 489.177114][T21820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 489.177127][T21820] R13: 0000000000000000 R14: 00007f619c5b5fa0 R15: 00007fff80e969a8 [ 489.177161][T21820] [ 489.177532][T21820] ERROR: Out of memory at tomoyo_realpath_from_path. [ 490.677332][T21866] ubi: mtd0 is already attached to ubi31 [ 506.685065][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.699174][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.122491][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.131885][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 617.399175][ T31] INFO: task kworker/0:0:9 blocked for more than 143 seconds. [ 617.407424][ T31] Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 [ 617.418638][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 617.428310][ T31] task:kworker/0:0 state:D stack:24296 pid:9 tgid:9 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 617.440995][ T31] Workqueue: events rfkill_global_led_trigger_worker SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 617.447928][ T31] Call Trace: [ 617.451870][ T31] [ 617.454878][ T31] __schedule+0x16f5/0x4d00 [ 617.460173][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 617.465683][ T31] ? schedule+0x165/0x360 [ 617.470552][ T31] ? __pfx___schedule+0x10/0x10 [ 617.475552][ T31] ? schedule+0x91/0x360 [ 617.481510][ T31] schedule+0x165/0x360 [ 617.485931][ T31] schedule_preempt_disabled+0x13/0x30 [ 617.491888][ T31] __mutex_lock+0x724/0xe80 [ 617.539068][ T31] ? look_up_lock_class+0x74/0x170 [ 617.544335][ T31] ? __mutex_lock+0x51b/0xe80 [ 617.566928][ T31] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 617.573493][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 617.578613][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 617.584734][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 617.590683][ T31] rfkill_global_led_trigger_worker+0x27/0xd0 [ 617.597089][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 617.602947][ T31] process_scheduled_works+0xae1/0x17b0 [ 617.608569][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 617.614673][ T31] worker_thread+0x8a0/0xda0 [ 617.619620][ T31] kthread+0x70e/0x8a0 [ 617.623718][ T31] ? __pfx_worker_thread+0x10/0x10 [ 617.628847][ T31] ? __pfx_kthread+0x10/0x10 [ 617.633554][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 617.639306][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 617.645538][ T31] ? __pfx_kthread+0x10/0x10 [ 617.650327][ T31] ret_from_fork+0x3f9/0x770 [ 617.655083][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 617.660539][ T31] ? __switch_to_asm+0x39/0x70 [ 617.665358][ T31] ? __switch_to_asm+0x33/0x70 [ 617.670377][ T31] ? __pfx_kthread+0x10/0x10 [ 617.675060][ T31] ret_from_fork_asm+0x1a/0x30 [ 617.679925][ T31] [ 617.683137][ T31] INFO: task syz.3.6695:21414 blocked for more than 143 seconds. [ 617.691700][ T31] Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 [ 617.699870][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 617.708943][ T31] task:syz.3.6695 state:D stack:25128 pid:21414 tgid:21414 ppid:20536 task_flags:0x400040 flags:0x00004006 [ 617.721984][ T31] Call Trace: [ 617.726015][ T31] [ 617.729142][ T31] __schedule+0x16f5/0x4d00 [ 617.735130][ T31] ? __lock_acquire+0xab9/0xd20 [ 617.740664][ T31] ? schedule+0x165/0x360 [ 617.745180][ T31] ? __pfx___schedule+0x10/0x10 [ 617.750525][ T31] ? schedule+0x91/0x360 [ 617.755115][ T31] schedule+0x165/0x360 [ 617.759541][ T31] schedule_preempt_disabled+0x13/0x30 [ 617.765088][ T31] __mutex_lock+0x724/0xe80 [ 617.769968][ T31] ? kobject_put+0x43f/0x480 [ 617.774732][ T31] ? __mutex_lock+0x51b/0xe80 [ 617.779678][ T31] ? rfkill_unregister+0xc8/0x220 [ 617.784871][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 617.790030][ T31] ? __pfx_device_del+0x10/0x10 [ 617.794940][ T31] rfkill_unregister+0xc8/0x220 [ 617.800159][ T31] nfc_unregister_device+0x96/0x2a0 [ 617.805462][ T31] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 617.811807][ T31] virtual_ncidev_close+0x56/0x90 [ 617.816903][ T31] __fput+0x44c/0xa70 [ 617.821000][ T31] task_work_run+0x1d1/0x260 [ 617.825931][ T31] ? __pfx_task_work_run+0x10/0x10 [ 617.831286][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 617.836822][ T31] exit_to_user_mode_loop+0xec/0x110 [ 617.842292][ T31] do_syscall_64+0x2bd/0x3b0 [ 617.847436][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 617.852820][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.858945][ T31] ? clear_bhb_loop+0x60/0xb0 [ 617.863915][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.871075][ T31] RIP: 0033:0x7f1d6858e929 [ 617.875550][ T31] RSP: 002b:00007ffe198e5dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 617.884849][ T31] RAX: 0000000000000000 RBX: 00007f1d687b7ba0 RCX: 00007f1d6858e929 [ 617.893760][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 617.902295][ T31] RBP: 00007f1d687b7ba0 R08: 000000000000017c R09: 00000015198e60bf [ 617.910539][ T31] R10: 00007f1d687b7ac0 R11: 0000000000000246 R12: 0000000000073a3e [ 617.918661][ T31] R13: 00007f1d687b6080 R14: ffffffffffffffff R15: 00007ffe198e5ee0 [ 617.926818][ T31] [ 617.929997][ T31] [ 617.929997][ T31] Showing all locks held in the system: [ 617.937840][ T31] 3 locks held by kworker/0:0/9: [ 617.944187][ T31] #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 617.955356][ T31] #1: ffffc900000e7bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 617.969253][ T31] #2: ffffffff8f9fd328 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 617.981020][ T31] 4 locks held by kworker/u8:1/13: [ 617.986214][ T31] 1 lock held by khungtaskd/31: [ 617.991345][ T31] #0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 618.001412][ T31] 2 locks held by kworker/u8:2/36: [ 618.006566][ T31] #0: ffff8880b863b918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 618.016645][ T31] #1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0 [ 618.028393][ T31] 2 locks held by getty/5599: [ 618.033172][ T31] #0: ffff8880315b70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 618.043267][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 618.053607][ T31] 2 locks held by syz.3.6695/21414: [ 618.058881][ T31] #0: ffff88807bf14100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 618.068877][ T31] #1: ffffffff8f9fd328 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220 [ 618.079309][ T31] 2 locks held by syz.3.6695/21417: [ 618.084819][ T31] #0: ffffffff8f9fd328 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570 [ 618.095523][ T31] #1: ffff88807bf14100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 618.105519][ T31] 2 locks held by syz-executor/21803: [ 618.111211][ T31] #0: ffff888028ed7118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0 [ 618.121489][ T31] #1: ffffffff8f9fd328 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 618.131649][ T31] 3 locks held by syz.0.6857/21877: [ 618.136997][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.145617][ T31] #1: ffff88807cc59100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320 [ 618.155498][ T31] #2: ffffffff8f9fd328 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 618.165951][ T31] 1 lock held by syz.2.6859/21885: [ 618.171282][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.180005][ T31] 1 lock held by syz.1.6860/21888: [ 618.185259][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.193987][ T31] 1 lock held by syz-executor/21893: [ 618.199556][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.208370][ T31] 1 lock held by syz-executor/21894: [ 618.213947][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.222545][ T31] 1 lock held by syz-executor/21895: [ 618.227850][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.236541][ T31] 1 lock held by syz-executor/21901: [ 618.241998][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.250613][ T31] 1 lock held by syz-executor/21905: [ 618.255954][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.264579][ T31] 1 lock held by syz-executor/21906: [ 618.270119][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.278961][ T31] 1 lock held by syz-executor/21907: [ 618.285876][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.294635][ T31] 1 lock held by syz-executor/21915: [ 618.300000][ T31] #0: ffffffff8ebd4708 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 618.308536][ T31] [ 618.311885][ T31] ============================================= [ 618.311885][ T31] [ 618.323416][ T31] NMI backtrace for cpu 1 [ 618.323437][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 618.323464][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 618.323477][ T31] Call Trace: [ 618.323486][ T31] [ 618.323495][ T31] dump_stack_lvl+0x189/0x250 [ 618.323523][ T31] ? __wake_up_klogd+0xd9/0x110 [ 618.323556][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 618.323581][ T31] ? __pfx__printk+0x10/0x10 [ 618.323619][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 618.323651][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 618.323677][ T31] ? _printk+0xcf/0x120 [ 618.323706][ T31] ? __pfx__printk+0x10/0x10 [ 618.323732][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 618.323770][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 618.323803][ T31] watchdog+0xfee/0x1030 [ 618.323825][ T31] ? watchdog+0x1de/0x1030 [ 618.323855][ T31] kthread+0x70e/0x8a0 [ 618.323888][ T31] ? __pfx_watchdog+0x10/0x10 [ 618.323907][ T31] ? __pfx_kthread+0x10/0x10 [ 618.323938][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 618.323969][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 618.324000][ T31] ? __pfx_kthread+0x10/0x10 [ 618.324031][ T31] ret_from_fork+0x3f9/0x770 [ 618.324056][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 618.324084][ T31] ? __switch_to_asm+0x39/0x70 [ 618.324110][ T31] ? __switch_to_asm+0x33/0x70 [ 618.324136][ T31] ? __pfx_kthread+0x10/0x10 [ 618.324167][ T31] ret_from_fork_asm+0x1a/0x30 [ 618.324210][ T31] [ 618.324218][ T31] Sending NMI from CPU 1 to CPUs 0: [ 618.482963][ C0] NMI backtrace for cpu 0 [ 618.482983][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 618.483006][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 618.483018][ C0] RIP: 0010:native_apic_msr_write+0x39/0x50 [ 618.483050][ C0] Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 cc cc cc cc cc f3 0f 1e fa 89 f6 31 d2 e9 d2 63 8d 03 66 [ 618.483065][ C0] RSP: 0018:ffffffff8e007b98 EFLAGS: 00000046 [ 618.483082][ C0] RAX: 000000000005bc20 RBX: ffff8880b8623900 RCX: 0000000000000838 [ 618.483095][ C0] RDX: 0000000000000000 RSI: 000000000005bc20 RDI: 0000000000000838 [ 618.483107][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff81af003e [ 618.483119][ C0] R10: 0000000000000003 R11: ffffffff817054a0 R12: 0000000010005fa1 [ 618.483132][ C0] R13: dffffc0000000000 R14: 000000000005bc20 R15: 0000000000000020 [ 618.483144][ C0] FS: 0000000000000000(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000 [ 618.483159][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 618.483172][ C0] CR2: 00007ff63ca0973b CR3: 000000000e138000 CR4: 00000000003526f0 [ 618.483187][ C0] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff [ 618.483199][ C0] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 618.483210][ C0] Call Trace: [ 618.483219][ C0] [ 618.483225][ C0] lapic_next_event+0x11/0x20 [ 618.483246][ C0] clockevents_program_event+0x1cf/0x360 [ 618.483279][ C0] hrtimer_start_range_ns+0xda6/0x1080 [ 618.483308][ C0] tick_nohz_idle_stop_tick+0x7f4/0xc60 [ 618.483347][ C0] ? __pfx_tick_nohz_idle_stop_tick+0x10/0x10 [ 618.483372][ C0] ? check_tsc_unstable+0x9/0x20 [ 618.483398][ C0] ? tsc_verify_tsc_adjust+0x234/0x300 [ 618.483414][ C0] ? arch_cpu_idle_enter+0x9/0x20 [ 618.483435][ C0] do_idle+0x1e3/0x510 [ 618.483459][ C0] ? __pfx_do_idle+0x10/0x10 [ 618.483487][ C0] cpu_startup_entry+0x44/0x60 [ 618.483508][ C0] rest_init+0x2de/0x300 [ 618.483530][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 618.483558][ C0] start_kernel+0x47d/0x500 [ 618.483590][ C0] x86_64_start_reservations+0x24/0x30 [ 618.483616][ C0] x86_64_start_kernel+0x143/0x1c0 [ 618.483641][ C0] common_startup_64+0x13e/0x147 [ 618.483675][ C0] [ 618.484384][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 618.484406][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 618.484438][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 618.484454][ T31] Call Trace: [ 618.484466][ T31] [ 618.484476][ T31] dump_stack_lvl+0x99/0x250 [ 618.484509][ T31] ? __asan_memcpy+0x40/0x70 [ 618.484536][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 618.484565][ T31] ? __pfx__printk+0x10/0x10 [ 618.484607][ T31] panic+0x2db/0x790 [ 618.484638][ T31] ? __pfx_panic+0x10/0x10 [ 618.484660][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 618.484696][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 618.484736][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 618.484779][ T31] watchdog+0x102d/0x1030 [ 618.484806][ T31] ? watchdog+0x1de/0x1030 [ 618.484837][ T31] kthread+0x70e/0x8a0 [ 618.484875][ T31] ? __pfx_watchdog+0x10/0x10 [ 618.484899][ T31] ? __pfx_kthread+0x10/0x10 [ 618.484936][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 618.484972][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 618.485008][ T31] ? __pfx_kthread+0x10/0x10 [ 618.485044][ T31] ret_from_fork+0x3f9/0x770 [ 618.485073][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 618.485106][ T31] ? __switch_to_asm+0x39/0x70 [ 618.485138][ T31] ? __switch_to_asm+0x33/0x70 [ 618.485168][ T31] ? __pfx_kthread+0x10/0x10 [ 618.485206][ T31] ret_from_fork_asm+0x1a/0x30 [ 618.485259][ T31] [ 618.867949][ T31] Kernel Offset: disabled [ 618.872414][ T31] Rebooting in 86400 seconds..