last executing test programs: 5m23.261103978s ago: executing program 2 (id=1039): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000400000000000000000000850000005000000085000000d000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) close(r0) socket$netlink(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) 5m23.028843521s ago: executing program 2 (id=1040): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0) 5m22.998398687s ago: executing program 2 (id=1041): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x9, 0x5, 0x9fd, 0x84, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, 0x0, &(0x7f0000000540), 0x6c, r0, 0x500}, 0x38) 5m22.824833621s ago: executing program 2 (id=1043): socket$nl_xfrm(0x10, 0x3, 0x6) socket$unix(0x1, 0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x82, 0xcc) write$cgroup_pid(r0, &(0x7f0000000000), 0x12) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) 5m22.675193488s ago: executing program 2 (id=1044): unshare(0x2040400) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2240, 0x0) r1 = dup(r0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40603d07, &(0x7f0000000040)) 5m21.856816516s ago: executing program 2 (id=1049): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x4, &(0x7f0000000700)=@framed={{}, [@generic={0x91, 0x1, 0x1, 0x14}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) 3m57.713838748s ago: executing program 1 (id=1288): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@loopback={0xfec0ffff00000000}, 0x8000000, 0x0, 0x2, 0x1}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0x2, 0x8, 0x0, 0x2}, 0x20) 3m56.19263076s ago: executing program 1 (id=1294): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x20000080) 3m55.979927752s ago: executing program 1 (id=1297): r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) write(r0, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) 3m48.44735256s ago: executing program 1 (id=1315): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 3m45.69282417s ago: executing program 1 (id=1323): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x800400, 0x0) r0 = fanotify_init(0x2, 0x8000) fanotify_mark(r0, 0x1, 0x1018, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') 3m45.256201463s ago: executing program 1 (id=1325): r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0) write(r0, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) 3m29.483763115s ago: executing program 32 (id=1325): r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0) write(r0, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) 2m31.348616705s ago: executing program 0 (id=1424): syz_open_dev$loop(0x0, 0x7, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000001dc0)={0x0, 0x0, 0x180000}, 0x20) landlock_restrict_self(r1, 0x0) linkat(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x0) symlinkat(&(0x7f0000000b00)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000b40)='./file7\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x4, &(0x7f0000000040)=[{0xa6, 0x8, 0x8, 0x7}, {0x80, 0x0, 0xc, 0xe}, {0x6, 0x1, 0xe, 0xc97}, {0x1, 0x5, 0x4, 0x3}]}) syz_open_dev$sndctrl(&(0x7f0000000180), 0x4, 0x240c02) getrusage(0x0, &(0x7f0000000440)) 2m28.900612962s ago: executing program 0 (id=1428): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000002640), 0x80800, 0x0) read$FUSE(r2, &(0x7f0000000d00)={0x2020}, 0x2020) 2m27.664258484s ago: executing program 0 (id=1431): memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x3, &(0x7f0000000500)=0x22003) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x336) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r0 = socket(0x10, 0x80002, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) r1 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="20000000000000001c0012800b00010072706574617000000c00028006000f00feff0000"], 0x3c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071118400000000008510000002000000850000000500000095000000000000009586a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70) 2m23.093771901s ago: executing program 0 (id=1436): syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r0, 0xc0045b0f, &(0x7f0000000040)) 2m22.344475644s ago: executing program 0 (id=1439): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x20000080) 2m22.275394653s ago: executing program 0 (id=1441): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0xffb) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(0xffffffffffffffff, 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x800400, 0x0) r5 = fanotify_init(0x2, 0x8000) fanotify_mark(r5, 0x1, 0x1018, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000003800)={{0x9, 0x4, 0x9, 0xffff7bb7, 'syz0\x00', 0x1}, 0x0, [0x7a, 0x3ff, 0x3, 0x8, 0x1, 0x5, 0x8, 0x0, 0x4, 0x9, 0x7fffffffffffffff, 0x8000000000000000, 0x9, 0x4, 0x400, 0x50b, 0x1ff, 0x0, 0xfff, 0x8c51, 0x6, 0x1, 0xff, 0xe64, 0x4, 0x9, 0x0, 0x100000001, 0x9, 0x0, 0x6, 0x662, 0x9, 0x200, 0xffffffffffff8000, 0x34fc, 0x7fffffff, 0x0, 0x1bae, 0x5, 0x3, 0x7fffffffffffffff, 0x1, 0x464, 0x9, 0x6, 0x0, 0x0, 0x8, 0xa8, 0x80000000, 0x1ff, 0x8, 0x2, 0x2, 0x4, 0x4, 0x7, 0x4, 0x9, 0x7, 0x5, 0xaa, 0x2, 0x7, 0x9, 0x1, 0x9, 0x1, 0x2, 0x100000000, 0x1, 0x10001, 0x2, 0x8, 0x0, 0xffff, 0x7fff, 0x8, 0x6, 0x4, 0x5692, 0xc, 0x7, 0x3, 0x8, 0x9, 0x4, 0x7, 0x7, 0x3, 0xc, 0x7, 0x4, 0x9, 0x1, 0x5, 0x9, 0xc, 0x1, 0x2, 0xa63, 0x4, 0x5, 0x39c000000000, 0x6, 0xd8, 0x5ab7, 0xfffffffffffffffd, 0xfffffffffffffffb, 0x7, 0x2, 0x9, 0x6, 0x101, 0x7, 0x1, 0x6, 0xc75, 0x9, 0x8, 0xffffffffffffff01, 0x7, 0x2, 0xffffffff80000001, 0x0, 0xfffffffffffffffb, 0xd]}) read(r0, &(0x7f0000000200)=""/193, 0xc1) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f0000000140)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r6) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_OCB(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x24, r7, 0x1, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x24}}, 0x90) 2m6.411753773s ago: executing program 33 (id=1441): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0xffb) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(0xffffffffffffffff, 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x800400, 0x0) r5 = fanotify_init(0x2, 0x8000) fanotify_mark(r5, 0x1, 0x1018, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000003800)={{0x9, 0x4, 0x9, 0xffff7bb7, 'syz0\x00', 0x1}, 0x0, [0x7a, 0x3ff, 0x3, 0x8, 0x1, 0x5, 0x8, 0x0, 0x4, 0x9, 0x7fffffffffffffff, 0x8000000000000000, 0x9, 0x4, 0x400, 0x50b, 0x1ff, 0x0, 0xfff, 0x8c51, 0x6, 0x1, 0xff, 0xe64, 0x4, 0x9, 0x0, 0x100000001, 0x9, 0x0, 0x6, 0x662, 0x9, 0x200, 0xffffffffffff8000, 0x34fc, 0x7fffffff, 0x0, 0x1bae, 0x5, 0x3, 0x7fffffffffffffff, 0x1, 0x464, 0x9, 0x6, 0x0, 0x0, 0x8, 0xa8, 0x80000000, 0x1ff, 0x8, 0x2, 0x2, 0x4, 0x4, 0x7, 0x4, 0x9, 0x7, 0x5, 0xaa, 0x2, 0x7, 0x9, 0x1, 0x9, 0x1, 0x2, 0x100000000, 0x1, 0x10001, 0x2, 0x8, 0x0, 0xffff, 0x7fff, 0x8, 0x6, 0x4, 0x5692, 0xc, 0x7, 0x3, 0x8, 0x9, 0x4, 0x7, 0x7, 0x3, 0xc, 0x7, 0x4, 0x9, 0x1, 0x5, 0x9, 0xc, 0x1, 0x2, 0xa63, 0x4, 0x5, 0x39c000000000, 0x6, 0xd8, 0x5ab7, 0xfffffffffffffffd, 0xfffffffffffffffb, 0x7, 0x2, 0x9, 0x6, 0x101, 0x7, 0x1, 0x6, 0xc75, 0x9, 0x8, 0xffffffffffffff01, 0x7, 0x2, 0xffffffff80000001, 0x0, 0xfffffffffffffffb, 0xd]}) read(r0, &(0x7f0000000200)=""/193, 0xc1) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f0000000140)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r6) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_OCB(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x24, r7, 0x1, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x24}}, 0x90) 9.699818594s ago: executing program 3 (id=1614): prlimit64(0x0, 0x2, &(0x7f0000000140)={0x1000b, 0x86}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x80000) sendmmsg$alg(r4, 0x0, 0x0, 0x40800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x1000000}}, 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) io_getevents(0x0, 0x40, 0x1, &(0x7f0000000000)=[{}], 0x0) r5 = socket$unix(0x1, 0x2, 0x0) bind$unix(r5, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r6 = socket$unix(0x1, 0x2, 0x0) r7 = socket$unix(0x1, 0x2, 0x0) connect$unix(r7, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r7, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) connect$unix(r6, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ppoll(&(0x7f0000000100)=[{r7, 0x3328}, {r6, 0x4236}], 0x1f, 0x0, 0x0, 0x0) close(r5) 8.762389277s ago: executing program 3 (id=1617): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r1, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x400000000000247, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0) 8.670817722s ago: executing program 4 (id=1618): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsmount(0xffffffffffffffff, 0x0, 0x0) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r4) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3, [], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000280)={&(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) r6 = socket(0x11, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r6, &(0x7f0000000180)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r6, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141414e0000003808a8972bd0b72e41082b1a3d2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0aba61f6304a80500ffffca88faca"], 0xdd12}], 0x1}, 0x0) dup(0xffffffffffffffff) 6.118563529s ago: executing program 3 (id=1619): syz_open_dev$loop(0x0, 0x7, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) linkat(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x4, &(0x7f0000000040)=[{0xa6, 0x8, 0x8, 0x7}, {0x80, 0x0, 0xc, 0xe}, {0x6, 0x1, 0xe, 0xc97}, {0x1, 0x5, 0x4, 0x3}]}) syz_open_dev$sndctrl(&(0x7f0000000180), 0x4, 0x240c02) getrusage(0x0, &(0x7f0000000440)) 5.900083511s ago: executing program 4 (id=1620): sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000002640), 0x80800, 0x0) read$FUSE(r2, &(0x7f0000000d00)={0x2020}, 0x2020) 4.973357681s ago: executing program 3 (id=1621): syz_open_dev$loop(0x0, 0x7, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) landlock_restrict_self(0xffffffffffffffff, 0x0) getrusage(0x0, &(0x7f0000000440)) getrusage(0x0, &(0x7f0000000080)) 3.911768296s ago: executing program 3 (id=1622): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r3, 0xc1004110, &(0x7f0000000000)={0x8, [0x6, 0x7fffffff, 0x3], [{0x0, 0xffffffff, 0x0, 0x1}, {0x35, 0x35}, {0x0, 0x100000c}, {0xffffffff}, {0x0, 0x4}, {0x3, 0x200}, {0x0, 0xfffffffd}, {0xfffffff8, 0x10000}, {0x0, 0x82}, {0x1000000, 0x6}, {0x1, 0xffffffff}, {0x3, 0x8}], 0xc}) 3.039911598s ago: executing program 4 (id=1623): sched_setscheduler(0x0, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r4, 0x80184132, 0x0) 1.971773914s ago: executing program 4 (id=1624): r0 = syz_open_dev$media(&(0x7f0000000000), 0x1000000000001, 0x0) ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000001d40), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x1, 0x700, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x67, 0x0, 0x0, 0x4, 0x0, @local, @empty}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000940)={'syztnl2\x00', 0x0}) accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000080)=0x14) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0x0, 0x0, 0x0, 0x4, 0xc, 0x0, 0x5, 0xff, 0x1f, 0x0, 0x10000}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x9}, {0x0, 0x0, 0x3c, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.060862404s ago: executing program 4 (id=1625): prlimit64(0x0, 0x2, &(0x7f0000000140)={0x1000b, 0x86}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x80000) sendmmsg$alg(r4, 0x0, 0x0, 0x40800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x1000000}}, 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) io_getevents(0x0, 0x40, 0x1, &(0x7f0000000000)=[{}], 0x0) r5 = socket$unix(0x1, 0x2, 0x0) bind$unix(r5, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r6 = socket$unix(0x1, 0x2, 0x0) r7 = socket$unix(0x1, 0x2, 0x0) connect$unix(r7, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r7, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) connect$unix(r6, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ppoll(&(0x7f0000000100)=[{r7, 0x3328}, {r6, 0x4236}], 0x1f, 0x0, 0x0, 0x0) close(r5) 54.627966ms ago: executing program 4 (id=1626): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="060000"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003280)=ANY=[@ANYBLOB="140000001000010000000000000000030000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000020900010073797a30000000000900030073797a3200000000240b0000060a010400000000000000000100000008000b4000000000fc0a048028000180080001006c6f67001c0002800e00024073797a6b616c6c65720000000800054000000008d00a01800e000100696d6d656469617465000000bc0a0280640002804c0002800900020073797a32000000000900020073797a310000000008000180fffffffc0900020073797a31000000000800034000009c920900020073797a300000000008000180ffffffff14000280080003400000000808000180fffffffb0800014000000002080001400000000b500002804b000100fa62d7ba9ceeacf9aa4f832b78f35731f355d63e192a72aef5e68a05d1b806151b6bd1e2d74abafd383790ad363fdc1b7766748630b48f9beefdb33c86d5835a470b5ffd20d7e9006c0102805c00028008000180fffffffe0900020073797a30000000000900020073797a320000000008000180ffffffff0900020073797a320000000008000180fffffffd0900020073797a310000000008000180fffffffc0800034000000e5628000280080003400000000608000340000000070900020073797a320000000008000180fffffffe540002800900020073797a320000000008000180fffffffe0800034000000000080003400000000008000340000000090900020073797a310000000008000180fffffffe080003400000800108000180fffffffd8e000100818ce881ff18470752e86442e8b77ddcfc7a4c87f05cd36147be26c85cc854cc117db1906007a5a8c298f4724c8c743d46ec7f3ba478d9dfb10bbe9e4fdfc2188d62db9bb1364fed383fe0b0c3fbbab83959470cb0ffb14765c32f10b54d99531d04caaf264214997543a1c63637d9a3a20b7ce9312e545626eb375c88462c198f35cf8a11616de4fa0c000098020280eb00010099c8e680eb4d0e7f78e1fb62226ae541d997c8cb51c5ebd0bb7e2730b61310dcd7525807288a7ad8c00f6aa230a1d1b876ddb0e188384e7c79cd8af94a02451a04d8f116bde38077da45650d82bdd1767b03e3f35bc4a5769e659d8cdb6d9d9d717c78b50f6b3ac899b07a9eaf2c989654de7d6609299bad01ca1f3fa8b6229a6c69627a07f627880e902231b20368f3ae64fd12fc37afeb95f14a4dc3d0bc5f6e2afd0fc8ef6982054cffa703ee1376654019ad6d2add9052c5d2f2e0ba3318f931b2c5f2dcce5cbca6093c64d23b64e2f2061da3dd5983644280de22d592b63b5d7f6b571beb005400010041bbc64da6bacaad1bebec23352accccbca40d6ba87943f82df945bf4ccc5250a0c2b2cb13793380f424b280bfb960885af6df4afa26efa8fcd7a1243389ef3fcf1d709f775a9cd1dfb2b84fd03e5d70f800010001950b7c0ec30534e476b721ba6e82d03078fe63b683918ecbbb9c339c8cdd63689339ac43acd5973f4aac8720a98d18e13b98e11e291f3f3621ed29c717639f84bdd28810da6ae30538775f15e00133741e9de3f96f69ab363752fa962b3c71041ba1e463a91d782a968d9febb648b66e71a6827c53b3be014b785f61c4fd46fef00658f64cdd465edb61ba4c5f00849b2935c485da99a38489ecc29837433ac5446c3922d73153fd8fb2368a5ce4201760ca6778f570b7fcb38be633a02d57c5884b6bcbaf3bc28ca7686edb5d59e1b823a8f0f5ff788625995d51c16413783c"], 0xb98}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x270b922, 0x25dfdbfa, {0x5}}, 0x14}}, 0x0) 0s ago: executing program 3 (id=1627): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r1, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x400000000000247, 0x0) ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0) kernel console output (not intermixed with test programs): 86814][ T31] usb 4-1: Using ep0 maxpacket: 16 [ 499.490339][ T31] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 499.490392][ T31] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 499.526522][ T7721] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 499.656646][ T7721] usb 2-1: device descriptor read/64, error -71 [ 499.676553][ T31] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 499.676586][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 499.676606][ T31] usb 4-1: Product: syz [ 499.676620][ T31] usb 4-1: Manufacturer: syz [ 499.676634][ T31] usb 4-1: SerialNumber: syz [ 499.906554][ T7721] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 499.968008][ T8850] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 499.992801][ T31] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 500.035748][ T31] usb 4-1: USB disconnect, device number 14 [ 500.036514][ T7721] usb 2-1: device descriptor read/64, error -71 [ 500.147072][ T7721] usb usb2-port1: attempt power cycle [ 500.381225][ T7718] usb 5-1: USB disconnect, device number 18 [ 500.486518][ T7721] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 500.515822][ T7721] usb 2-1: device descriptor read/8, error -71 [ 500.746647][ T7721] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 500.772329][ T7721] usb 2-1: device descriptor read/8, error -71 [ 500.912243][ T7721] usb usb2-port1: unable to enumerate USB device [ 501.869690][ C0] vkms_vblank_simulate: vblank timer overrun [ 501.895487][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.895541][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.926572][ T7721] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 502.215961][ C0] vkms_vblank_simulate: vblank timer overrun [ 502.346859][ C0] vkms_vblank_simulate: vblank timer overrun [ 502.896844][ T7721] usb 3-1: Using ep0 maxpacket: 32 [ 502.899873][ T7721] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 502.900023][ T7721] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 502.912218][ T7721] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 502.912248][ T7721] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.912265][ T7721] usb 3-1: Product: syz [ 502.912283][ T7721] usb 3-1: Manufacturer: syz [ 502.912401][ T7721] usb 3-1: SerialNumber: syz [ 502.983365][ T7721] usb 3-1: config 0 descriptor?? [ 502.994434][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 502.994452][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 502.994460][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 502.994468][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 502.994476][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 502.994484][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 502.995189][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 502.995209][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 502.995225][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 502.995240][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 503.357214][ T8886] tmpfs: Unknown parameter 'rooIJ]oɴ袐(Sҳ_̻Z' [ 503.357979][ T8885] ip6tnl1: entered promiscuous mode [ 503.606470][ T31] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 503.761411][ T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 503.761465][ T31] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 503.761489][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.849124][ T31] usb 1-1: config 0 descriptor?? [ 504.274380][ T31] logitech-djreceiver 0003:046D:C71F.0008: unbalanced collection at end of report description [ 504.274881][ T31] logitech-djreceiver 0003:046D:C71F.0008: logi_dj_probe: parse failed [ 504.274923][ T31] logitech-djreceiver 0003:046D:C71F.0008: probe with driver logitech-djreceiver failed with error -22 [ 504.651682][ T8885] tap0: tun_chr_ioctl cmd 1074025677 [ 504.651867][ T8885] tap0: linktype set to 0 [ 504.652083][ T8888] tap0: tun_chr_ioctl cmd 1074025677 [ 504.652168][ T8888] tap0: linktype set to 0 [ 507.013986][ T7721] usb 1-1: USB disconnect, device number 12 [ 507.860473][ T7721] usb 3-1: USB disconnect, device number 16 [ 507.880230][ T8914] Bluetooth: MGMT ver 1.23 [ 509.701932][ T31] usb 2-1: new low-speed USB device number 30 using dummy_hcd [ 510.016467][ T31] usb 2-1: device descriptor read/64, error -71 [ 510.287221][ T31] usb 2-1: new low-speed USB device number 31 using dummy_hcd [ 510.426507][ T31] usb 2-1: device descriptor read/64, error -71 [ 510.607369][ T31] usb usb2-port1: attempt power cycle [ 511.857337][ T31] usb 2-1: new low-speed USB device number 32 using dummy_hcd [ 511.887250][ T31] usb 2-1: device descriptor read/8, error -71 [ 512.256484][ T31] usb 2-1: new low-speed USB device number 33 using dummy_hcd [ 513.397713][ T31] usb 2-1: device descriptor read/8, error -71 [ 513.507120][ T31] usb usb2-port1: unable to enumerate USB device [ 517.046650][ T9002] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 521.409759][ T9005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 521.410611][ T9005] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 523.127284][ T9004] syz.2.852 (9004) used greatest stack depth: 14832 bytes left [ 523.269612][ T9012] netlink: 'syz.0.855': attribute type 11 has an invalid length. [ 523.306451][ T5847] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 535.402951][ T9096] comedi comedi0: aio_aio12_8: I/O port conflict (0x2,32) [ 535.757351][ T7719] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 535.898212][ T7719] usb 4-1: device descriptor read/64, error -71 [ 536.608022][ T7719] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 536.746637][ T7719] usb 4-1: device descriptor read/64, error -71 [ 536.857201][ T7719] usb usb4-port1: attempt power cycle [ 537.196833][ T7719] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 537.226498][ T7719] usb 4-1: device descriptor read/8, error -71 [ 538.971675][ T9118] __nla_validate_parse: 44 callbacks suppressed [ 538.971726][ T9118] netlink: 32 bytes leftover after parsing attributes in process `syz.3.884'. [ 539.048411][ T9118] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 544.105401][ T9166] netlink: 12 bytes leftover after parsing attributes in process `syz.0.897'. [ 544.975318][ T9167] netlink: 'syz.0.897': attribute type 1 has an invalid length. [ 544.975344][ T9167] netlink: 224 bytes leftover after parsing attributes in process `syz.0.897'. [ 545.485764][ T9174] snd_virmidi snd_virmidi.0: control 0:9:32769:syz0:3106 is already present [ 551.136008][ T7720] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 551.317409][ T7720] usb 5-1: Using ep0 maxpacket: 8 [ 551.480348][ T7720] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 551.480410][ T7720] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 551.480465][ T7720] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 551.480540][ T7720] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 551.480774][ T7720] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 551.480827][ T7720] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.843573][ T7720] usb 5-1: GET_CAPABILITIES returned 0 [ 551.843631][ T7720] usbtmc 5-1:16.0: can't read capabilities [ 552.146150][ T7720] usb 5-1: USB disconnect, device number 19 [ 556.788455][ T9230] overlayfs: missing 'lowerdir' [ 557.253734][ T9236] netlink: 8 bytes leftover after parsing attributes in process `syz.2.914'. [ 559.414340][ T1143] Bluetooth: hci5: Frame reassembly failed (-84) [ 561.250146][ T5844] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 562.458354][ T9278] overlayfs: missing 'lowerdir' [ 563.817444][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.476925][ T9295] netlink: 'syz.0.933': attribute type 1 has an invalid length. [ 564.478811][ T9295] netlink: 144 bytes leftover after parsing attributes in process `syz.0.933'. [ 564.478833][ T9295] netlink: 'syz.0.933': attribute type 1 has an invalid length. [ 564.478847][ T9295] netlink: 'syz.0.933': attribute type 2 has an invalid length. [ 564.478860][ T9295] netlink: 64 bytes leftover after parsing attributes in process `syz.0.933'. [ 565.457380][ C0] vkms_vblank_simulate: vblank timer overrun [ 565.757174][ T9295] netlink: 'syz.0.933': attribute type 1 has an invalid length. [ 565.757193][ T9295] netlink: 140 bytes leftover after parsing attributes in process `syz.0.933'. [ 565.757203][ T9295] netlink: 96 bytes leftover after parsing attributes in process `syz.0.933'. [ 566.178175][ T9305] FAULT_INJECTION: forcing a failure. [ 566.178175][ T9305] name failslab, interval 1, probability 0, space 0, times 0 [ 566.178213][ T9305] CPU: 0 UID: 0 PID: 9305 Comm: syz.0.937 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 566.178237][ T9305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 566.178250][ T9305] Call Trace: [ 566.178258][ T9305] [ 566.178267][ T9305] dump_stack_lvl+0x189/0x250 [ 566.178304][ T9305] ? __pfx____ratelimit+0x10/0x10 [ 566.178332][ T9305] ? __pfx_dump_stack_lvl+0x10/0x10 [ 566.178360][ T9305] ? __pfx__printk+0x10/0x10 [ 566.178390][ T9305] ? __pfx___might_resched+0x10/0x10 [ 566.178411][ T9305] ? fs_reclaim_acquire+0x7d/0x100 [ 566.178436][ T9305] should_fail_ex+0x46c/0x600 [ 566.178468][ T9305] ? __alloc_skb+0x112/0x2d0 [ 566.178493][ T9305] should_failslab+0xa8/0x100 [ 566.178523][ T9305] ? __alloc_skb+0x112/0x2d0 [ 566.178547][ T9305] kmem_cache_alloc_node_noprof+0x77/0x330 [ 566.178592][ T9305] __alloc_skb+0x112/0x2d0 [ 566.178623][ T9305] netlink_sendmsg+0x5c6/0xb30 [ 566.178662][ T9305] ? __pfx_netlink_sendmsg+0x10/0x10 [ 566.178698][ T9305] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 566.178719][ T9305] ? __pfx_netlink_sendmsg+0x10/0x10 [ 566.178747][ T9305] __sock_sendmsg+0x219/0x270 [ 566.178774][ T9305] ____sys_sendmsg+0x508/0x820 [ 566.178811][ T9305] ? __pfx_____sys_sendmsg+0x10/0x10 [ 566.178853][ T9305] ? import_iovec+0x74/0xa0 [ 566.178881][ T9305] ___sys_sendmsg+0x21f/0x2a0 [ 566.178914][ T9305] ? __pfx____sys_sendmsg+0x10/0x10 [ 566.178988][ T9305] ? __fget_files+0x2a/0x420 [ 566.179017][ T9305] ? __fget_files+0x3a6/0x420 [ 566.179058][ T9305] __x64_sys_sendmsg+0x1a1/0x260 [ 566.179092][ T9305] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 566.179145][ T9305] ? __pfx_ksys_write+0x10/0x10 [ 566.179168][ T9305] ? rcu_is_watching+0x15/0xb0 [ 566.179205][ T9305] ? do_syscall_64+0xbe/0x3b0 [ 566.179238][ T9305] do_syscall_64+0xfa/0x3b0 [ 566.179265][ T9305] ? lockdep_hardirqs_on+0x9c/0x150 [ 566.179291][ T9305] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.179312][ T9305] ? clear_bhb_loop+0x60/0xb0 [ 566.179338][ T9305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.179357][ T9305] RIP: 0033:0x7f304c45ebe9 [ 566.179376][ T9305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.179394][ T9305] RSP: 002b:00007f304a6c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 566.179418][ T9305] RAX: ffffffffffffffda RBX: 00007f304c695fa0 RCX: 00007f304c45ebe9 [ 566.179434][ T9305] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004 [ 566.179447][ T9305] RBP: 00007f304a6c6090 R08: 0000000000000000 R09: 0000000000000000 [ 566.179460][ T9305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 566.179473][ T9305] R13: 00007f304c696038 R14: 00007f304c695fa0 R15: 00007fff52c6ca78 [ 566.179508][ T9305] [ 566.262346][ C0] vkms_vblank_simulate: vblank timer overrun [ 566.448866][ T9308] netlink: 'syz.4.935': attribute type 3 has an invalid length. [ 567.346012][ C0] vkms_vblank_simulate: vblank timer overrun [ 567.694691][ C0] vkms_vblank_simulate: vblank timer overrun [ 567.746847][ T9316] overlayfs: missing 'lowerdir' [ 568.284563][ C0] vkms_vblank_simulate: vblank timer overrun [ 569.272276][ C0] vkms_vblank_simulate: vblank timer overrun [ 569.809397][ C0] vkms_vblank_simulate: vblank timer overrun [ 569.981910][ C0] vkms_vblank_simulate: vblank timer overrun [ 571.196381][ T9327] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (18446744073709551615) [ 571.196402][ T9327] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535 [ 571.480556][ T9341] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11) [ 571.480636][ T9341] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 571.487253][ T9341] vhci_hcd vhci_hcd.0: Device attached [ 572.653533][ T31] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 572.907469][ T9342] vhci_hcd: connection reset by peer [ 572.986555][ T817] vhci_hcd: stop threads [ 572.988366][ T817] vhci_hcd: release socket [ 572.988460][ T817] vhci_hcd: disconnect device [ 575.366022][ T9368] overlayfs: missing 'lowerdir' [ 577.936521][ T5905] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 577.956492][ T31] vhci_hcd: vhci_device speed not set [ 578.055869][ T9394] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 578.099035][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 95, changing to 10 [ 578.099076][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 49826, setting to 1024 [ 578.099105][ T5905] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 578.099151][ T5905] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 578.099175][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.164079][ T5905] usb 4-1: config 0 descriptor?? [ 578.194094][ T9395] netlink: 28 bytes leftover after parsing attributes in process `syz.1.960'. [ 578.582179][ T5905] plantronics 0003:047F:FFFF.0009: ignoring exceeding usage max [ 578.583624][ T5905] plantronics 0003:047F:FFFF.0009: unbalanced collection at end of report description [ 578.584623][ T5905] plantronics 0003:047F:FFFF.0009: parse failed [ 578.584741][ T5905] plantronics 0003:047F:FFFF.0009: probe with driver plantronics failed with error -22 [ 578.790199][ T5847] usb 4-1: USB disconnect, device number 19 [ 579.877362][ T9418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.968'. [ 579.937253][ T9417] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 580.735651][ T9438] bridge_slave_1: left allmulticast mode [ 580.735690][ T9438] bridge_slave_1: left promiscuous mode [ 580.741367][ T9438] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.838524][ T9438] bridge_slave_0: left allmulticast mode [ 580.838565][ T9438] bridge_slave_0: left promiscuous mode [ 580.838925][ T9438] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.536453][ T6896] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 590.698924][ T6896] usb 3-1: Using ep0 maxpacket: 8 [ 590.816968][ T6896] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 590.817064][ T6896] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 590.817302][ T6896] usb 3-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 590.817355][ T6896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.249280][ T6896] usb 3-1: config 0 descriptor?? [ 591.476448][ T7720] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 591.666442][ T7720] usb 2-1: Using ep0 maxpacket: 16 [ 591.669494][ T7720] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 591.669526][ T7720] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 591.669549][ T7720] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 591.669595][ T7720] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 591.669620][ T7720] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.683577][ T7720] usb 2-1: config 0 descriptor?? [ 591.745593][ T6896] logitech 0003:046D:C20E.000A: rdesc size test failed for formula gp [ 591.759095][ T6896] logitech 0003:046D:C20E.000A: unbalanced collection at end of report description [ 591.760146][ T6896] logitech 0003:046D:C20E.000A: parse failed [ 591.760262][ T6896] logitech 0003:046D:C20E.000A: probe with driver logitech failed with error -22 [ 591.930268][ T6896] usb 3-1: USB disconnect, device number 17 [ 593.940682][ T7720] microsoft 0003:045E:07DA.000B: ignoring exceeding usage max [ 593.949075][ T7720] microsoft 0003:045E:07DA.000B: ignoring exceeding usage max [ 593.949109][ T7720] microsoft 0003:045E:07DA.000B: usage index exceeded [ 593.949123][ T7720] microsoft 0003:045E:07DA.000B: item 0 2 2 2 parsing failed [ 593.951277][ T7720] microsoft 0003:045E:07DA.000B: parse failed [ 593.951382][ T7720] microsoft 0003:045E:07DA.000B: probe with driver microsoft failed with error -22 [ 595.926571][ T7720] usb 2-1: USB disconnect, device number 35 [ 599.850911][ T9564] netlink: 'syz.1.1023': attribute type 4 has an invalid length. [ 599.850998][ T9564] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1023'. [ 600.858757][ T9572] tmpfs: Unknown parameter '' [ 602.109227][ T9587] tmpfs: Cannot disable swap on remount [ 602.316636][ T991] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 602.505217][ T991] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 602.505255][ T991] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 602.505279][ T991] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 602.505325][ T991] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 602.505350][ T991] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.518965][ T991] usb 2-1: config 0 descriptor?? [ 605.598022][ T37] kauditd_printk_skb: 10 callbacks suppressed [ 605.598045][ T37] audit: type=1326 audit(1756798671.590:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9600 comm="syz.3.1022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59b8debe9 code=0x7ffc0000 [ 605.598101][ T37] audit: type=1326 audit(1756798671.590:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9600 comm="syz.3.1022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59b8debe9 code=0x7ffc0000 [ 606.448177][ T37] audit: type=1326 audit(1756798672.630:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9600 comm="syz.3.1022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fa59b8debe9 code=0x7ffc0000 [ 606.531206][ T991] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 606.589016][ T991] usb 2-1: USB disconnect, device number 36 [ 606.898683][ T7719] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 607.046840][ T7719] usb 1-1: Using ep0 maxpacket: 16 [ 607.049435][ T7719] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 607.049495][ T7719] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 607.051091][ T7719] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 607.051118][ T7719] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 607.051139][ T7719] usb 1-1: SerialNumber: syz [ 607.121613][ T991] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 607.139332][ T7719] hub 1-1:1.0: bad descriptor, ignoring hub [ 607.139379][ T7719] hub 1-1:1.0: probe with driver hub failed with error -5 [ 607.140806][ T7719] cdc_ether 1-1:1.0: skipping garbage [ 607.140824][ T7719] usb 1-1: bad CDC descriptors [ 607.287685][ T991] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 607.287722][ T991] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 607.287747][ T991] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 607.287795][ T991] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 607.287819][ T991] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.301101][ T991] usb 2-1: config 0 descriptor?? [ 607.466877][ T7719] usb 1-1: USB disconnect, device number 13 [ 607.652108][ T9623] cgroup: fork rejected by pids controller in /syz2 [ 607.774012][ T991] plantronics 0003:047F:FFFF.000D: unbalanced delimiter at end of report description [ 607.774947][ T991] plantronics 0003:047F:FFFF.000D: parse failed [ 607.775058][ T991] plantronics 0003:047F:FFFF.000D: probe with driver plantronics failed with error -22 [ 607.958726][ T7719] usb 2-1: USB disconnect, device number 37 [ 611.213363][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.228743][ T7723] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 611.379137][ T7723] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 1088, setting to 64 [ 611.379173][ T7723] usb 1-1: config 0 interface 0 has no altsetting 0 [ 611.379207][ T7723] usb 1-1: New USB device found, idVendor=054c, idProduct=042f, bcdDevice= 0.00 [ 611.379230][ T7723] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.423442][ T7723] usb 1-1: config 0 descriptor?? [ 611.424763][ T9650] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 611.538912][ T9659] binder: 9658:9659 ioctl 400c620e 0 returned -14 [ 612.121003][ T7723] sony 0003:054C:042F.000E: unknown main item tag 0x0 [ 612.121040][ T7723] sony 0003:054C:042F.000E: unknown main item tag 0x0 [ 612.137037][ T9252] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 612.163190][ T9252] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 613.122395][ T9252] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 613.130853][ T9252] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 613.131790][ T9252] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 613.132794][ T7723] sony 0003:054C:042F.000E: hidraw0: USB HID v0.02 Device [HID 054c:042f] on usb-dummy_hcd.0-1/input0 [ 613.132834][ T7723] sony 0003:054C:042F.000E: failed to claim input [ 613.317713][ T9675] binder: 9674:9675 ioctl c0306201 200000000080 returned -14 [ 613.856972][ T7723] usb 1-1: USB disconnect, device number 14 [ 614.046593][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.829437][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.473225][ T9252] Bluetooth: hci1: command tx timeout [ 618.286627][ T9252] Bluetooth: hci1: command tx timeout [ 620.294359][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.367032][ T9252] Bluetooth: hci1: command tx timeout [ 620.810269][ T9662] chnl_net:caif_netlink_parms(): no params data found [ 622.776395][ T9252] Bluetooth: hci1: command tx timeout [ 623.853773][ T12] bridge_slave_1: left allmulticast mode [ 623.853909][ T12] bridge_slave_1: left promiscuous mode [ 623.859044][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.038271][ T12] bridge_slave_0: left allmulticast mode [ 624.038313][ T12] bridge_slave_0: left promiscuous mode [ 624.038644][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.093555][ T37] audit: type=1326 audit(1756798690.840:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9749 comm="syz.3.1088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59b8debe9 code=0x7fc00000 [ 624.467555][ T7721] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 624.610289][ T37] audit: type=1326 audit(1756798691.360:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9749 comm="syz.3.1088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa59b8debe9 code=0x7fc00000 [ 624.616580][ T7721] usb 2-1: Using ep0 maxpacket: 16 [ 624.619665][ T7721] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 624.619694][ T7721] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 624.619731][ T7721] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 624.678039][ T7721] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 624.678071][ T7721] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.678092][ T7721] usb 2-1: Product: syz [ 624.678106][ T7721] usb 2-1: Manufacturer: syz [ 624.678120][ T7721] usb 2-1: SerialNumber: syz [ 624.787490][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.960273][ T7721] usb 2-1: 2:1 : format type 0 is detected, processed as PCM [ 624.960302][ T7721] usb 2-1: 2:1 : sample bitwidth 62 in over sample bytes 3 [ 624.960325][ T7721] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 625.008816][ T7721] usb 2-1: USB disconnect, device number 38 [ 625.715463][ T9778] syz.0.1097 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 629.381128][ T9812] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 629.381277][ T9812] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 630.304607][ T9818] netlink: 'syz.3.1114': attribute type 2 has an invalid length. [ 630.304633][ T9818] netlink: 'syz.3.1114': attribute type 1 has an invalid length. [ 632.902467][ T9252] Bluetooth: hci2: unexpected event for opcode 0x0c1b [ 632.920476][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 633.008893][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 633.072902][ T12] bond0 (unregistering): Released all slaves [ 634.987188][ T12] bond1 (unregistering): (slave bond2): Releasing backup interface [ 634.987220][ T12] bond2 (unregistering): left promiscuous mode [ 635.019304][ T12] bond1 (unregistering): Released all slaves [ 635.774038][ T12] bond2 (unregistering): Released all slaves [ 635.832768][ T9662] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.832946][ T9662] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.833225][ T9662] bridge_slave_0: entered allmulticast mode [ 635.843622][ T9662] bridge_slave_0: entered promiscuous mode [ 636.108236][ T9786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1101'. [ 636.158545][ T9662] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.158732][ T9662] bridge0: port 2(bridge_slave_1) entered disabled state [ 636.159005][ T9662] bridge_slave_1: entered allmulticast mode [ 636.187716][ T9662] bridge_slave_1: entered promiscuous mode [ 636.214174][ T12] tipc: Disabling bearer [ 636.214670][ T12] tipc: Left network mode [ 639.289482][ T9888] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1142'. [ 639.390685][ T9662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 639.671794][ T9892] hub 8-0:1.0: USB hub found [ 639.686539][ T9892] hub 8-0:1.0: 1 port detected [ 639.821079][ T9662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 640.507251][ T6007] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 641.558396][ T6007] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 641.558436][ T6007] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 641.558488][ T6007] usb 5-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d [ 641.558512][ T6007] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.718427][ T9904] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 641.738799][ T6007] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 643.532537][ T9662] team0: Port device team_slave_0 added [ 643.785415][ T12] hsr_slave_0: left promiscuous mode [ 643.819718][ T12] hsr_slave_1: left promiscuous mode [ 643.821181][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 643.821281][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 643.893788][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 643.893825][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 644.074701][ T9941] netlink: 'syz.0.1157': attribute type 2 has an invalid length. [ 644.074727][ T9941] netlink: 'syz.0.1157': attribute type 1 has an invalid length. [ 644.197039][ T9933] kvm: kvm [9932]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 644.197243][ T9933] kvm: kvm [9932]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 644.203712][ T9933] kvm: kvm [9932]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111 [ 644.248962][ T9933] kvm: kvm [9932]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000 [ 644.249138][ T9933] kvm: kvm [9932]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000 [ 644.276013][ T12] veth1_macvtap: left promiscuous mode [ 644.286856][ T12] veth0_macvtap: left promiscuous mode [ 644.287486][ T12] veth1_vlan: left promiscuous mode [ 644.291999][ T12] veth0_vlan: left promiscuous mode [ 644.912467][ T7721] usb 5-1: USB disconnect, device number 20 [ 646.308009][ T37] audit: type=1326 audit(1756798713.060:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.1166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaedc3ebe9 code=0x7ffc0000 [ 646.308071][ T37] audit: type=1326 audit(1756798713.060:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.1166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaedc3ebe9 code=0x7ffc0000 [ 646.311906][ T37] audit: type=1326 audit(1756798713.060:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.1166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7fdaedc3ebe9 code=0x7ffc0000 [ 646.312853][ T37] audit: type=1326 audit(1756798713.060:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.1166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaedc3ebe9 code=0x7ffc0000 [ 646.315145][ T37] audit: type=1326 audit(1756798713.060:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.1166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaedc3ebe9 code=0x7ffc0000 [ 649.261393][ T12] team0 (unregistering): Port device team_slave_1 removed [ 649.637222][ T12] team0 (unregistering): Port device team_slave_0 removed [ 651.196470][ T9987] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1175'. [ 651.212696][ T9987] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1175'. [ 653.848393][T10014] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1186'. [ 655.410995][ T9662] team0: Port device team_slave_1 added [ 657.133020][ T9662] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 657.133040][ T9662] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.133070][ T9662] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 657.188033][ T9662] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 657.188046][ T9662] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.188062][ T9662] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 657.745817][ T9662] hsr_slave_0: entered promiscuous mode [ 657.764136][ T9662] hsr_slave_1: entered promiscuous mode [ 659.729596][ T9252] Bluetooth: hci4: unexpected event for opcode 0x0411 [ 661.100786][ T7723] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 661.284501][ T7723] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 661.284534][ T7723] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 661.319489][ T7723] usb 5-1: config 0 descriptor?? [ 661.600465][T10072] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 661.978036][ T7723] usb 5-1: Cannot set autoneg [ 661.978375][ T7723] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 662.012827][ T7723] usb 5-1: USB disconnect, device number 21 [ 663.539630][ T9252] Bluetooth: hci2: unexpected event for opcode 0x1004 [ 663.945635][ T9252] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 663.945762][ T9252] Bluetooth: hci4: Injecting HCI hardware error event [ 663.949571][ T9252] Bluetooth: hci4: hardware error 0x00 [ 665.008696][ T37] audit: type=1326 audit(1756798731.760:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10086 comm="syz.3.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59b8debe9 code=0x7ffc0000 [ 665.008757][ T37] audit: type=1326 audit(1756798731.760:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10086 comm="syz.3.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59b8debe9 code=0x7ffc0000 [ 665.305814][ T9662] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 665.707896][ T9662] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 665.776814][ T9662] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 666.099177][ T9662] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 666.600039][ T9662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 666.700616][ T9662] 8021q: adding VLAN 0 to HW filter on device team0 [ 666.768419][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.768599][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 666.820728][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 666.820898][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 667.246599][ T9252] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 668.107508][T10130] 9pnet_fd: Insufficient options for proto=fd [ 668.465999][ T9252] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 668.473419][ T9252] Bluetooth: hci2: Injecting HCI hardware error event [ 668.477227][ T5844] Bluetooth: hci2: hardware error 0x00 [ 670.796659][ T6896] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 670.977719][ T6896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 670.977776][ T6896] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 670.977800][ T6896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.002738][ T6896] usb 4-1: config 0 descriptor?? [ 671.006776][T10138] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 671.486531][ T5844] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 671.517948][ T6896] elan 0003:04F3:0755.000F: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 671.661195][ T7721] usb 4-1: USB disconnect, device number 20 [ 671.680045][T10157] Bluetooth: MGMT ver 1.23 [ 671.908986][T10159] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1238'. [ 674.858682][ T7721] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 675.850071][ T9252] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 675.858578][T10190] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1248'. [ 675.864847][ T9252] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 675.866507][ T9252] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 675.871021][ T9252] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 675.872328][ T9252] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 676.038880][ T7721] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 676.038936][ T7721] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c0a, bcdDevice= 0.00 [ 676.038960][ T7721] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.062226][ T7721] usb 5-1: config 0 descriptor?? [ 676.212992][T10196] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1250'. [ 677.205978][T10201] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 677.242956][ T7721] corsair-psu 0003:1B1C:1C0A.0010: hidraw0: USB HID vff.fa Device [HID 1b1c:1c0a] on usb-dummy_hcd.4-1/input0 [ 677.296434][ T7721] corsair-psu 0003:1B1C:1C0A.0010: unable to initialize device (-38) [ 677.417874][ T7721] corsair-psu 0003:1B1C:1C0A.0010: probe with driver corsair-psu failed with error -38 [ 677.448276][ T7721] usb 5-1: USB disconnect, device number 22 [ 679.236113][ T9252] Bluetooth: hci1: command tx timeout [ 681.346192][ T5844] Bluetooth: hci1: command tx timeout [ 683.409071][ T5844] Bluetooth: hci1: command tx timeout [ 683.746467][ T7721] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 684.051318][ T7721] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 684.051353][ T7721] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.088859][ T7721] usb 5-1: config 0 descriptor?? [ 684.312951][ T7721] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 684.499933][ T7721] [drm:udl_init] *ERROR* Selecting channel failed [ 684.578290][ T7721] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 684.578318][ T7721] [drm] Initialized udl on minor 2 [ 684.630728][ T7721] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 684.652076][ T7721] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 684.678054][ T7720] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 684.728062][ T7721] usb 5-1: USB disconnect, device number 23 [ 684.746370][ T7720] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 684.767886][ T7720] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 685.493929][ T5844] Bluetooth: hci1: command tx timeout [ 686.216477][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.907045][ T991] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 688.636392][ T991] usb 5-1: Using ep0 maxpacket: 16 [ 688.639419][ T991] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 688.639452][ T991] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 688.639475][ T991] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 688.639520][ T991] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 688.639544][ T991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.707477][ T991] usb 5-1: config 0 descriptor?? [ 689.139840][T10181] chnl_net:caif_netlink_parms(): no params data found [ 689.165515][ T991] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 689.165552][ T991] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 689.165578][ T991] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 689.165603][ T991] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 689.165629][ T991] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 689.165654][ T991] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 689.165680][ T991] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 689.165705][ T991] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 689.165730][ T991] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 689.165756][ T991] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 689.266449][ T991] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0011/input/input25 [ 689.272932][ T991] microsoft 0003:045E:07DA.0011: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 689.338994][ T7722] usb 5-1: USB disconnect, device number 24 [ 692.907541][ T37] audit: type=1326 audit(1756798759.660:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10315 comm="syz.1.1288" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2ba309ebe9 code=0x0 [ 694.266550][ T13] bridge_slave_1: left allmulticast mode [ 694.266592][ T13] bridge_slave_1: left promiscuous mode [ 694.266931][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.368323][ T13] bridge_slave_0: left allmulticast mode [ 694.368359][ T13] bridge_slave_0: left promiscuous mode [ 694.368736][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.489464][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 701.607338][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 701.674876][ T13] bond0 (unregistering): Released all slaves [ 701.764329][T10181] bridge0: port 1(bridge_slave_0) entered blocking state [ 701.764438][T10181] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.764606][T10181] bridge_slave_0: entered allmulticast mode [ 701.808801][T10181] bridge_slave_0: entered promiscuous mode [ 701.836673][T10181] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.836864][T10181] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.837123][T10181] bridge_slave_1: entered allmulticast mode [ 701.840405][T10181] bridge_slave_1: entered promiscuous mode [ 702.761041][T10181] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 704.804100][ T13] hsr_slave_0: left promiscuous mode [ 704.865290][ T13] hsr_slave_1: left promiscuous mode [ 704.866009][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 705.028996][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 705.896477][ T6896] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 706.051013][ T6896] usb 5-1: Using ep0 maxpacket: 8 [ 706.054264][ T6896] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 706.054294][ T6896] usb 5-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 706.054315][ T6896] usb 5-1: config 179 has no interface number 0 [ 706.054389][ T6896] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 706.054417][ T6896] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 706.054446][ T6896] usb 5-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 706.054475][ T6896] usb 5-1: config 179 interface 65 has no altsetting 0 [ 706.054512][ T6896] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 706.054534][ T6896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.459755][ T6896] usb 5-1: USB disconnect, device number 25 [ 712.348224][ T13] team0 (unregistering): Port device team_slave_1 removed [ 712.562840][T10455] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 712.562912][T10455] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 713.453123][T10466] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1342'. [ 714.616965][ T13] team0 (unregistering): Port device team_slave_0 removed [ 714.779147][ C1] vkms_vblank_simulate: vblank timer overrun [ 714.842926][ C1] vkms_vblank_simulate: vblank timer overrun [ 714.843112][ T991] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 714.996459][ T991] usb 4-1: Using ep0 maxpacket: 16 [ 715.004560][ T991] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 715.004614][ T991] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 715.064821][ T991] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 715.064857][ T991] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 715.064879][ T991] usb 4-1: Product: syz [ 715.064894][ T991] usb 4-1: Manufacturer: syz [ 715.064909][ T991] usb 4-1: SerialNumber: syz [ 715.272794][ C1] vkms_vblank_simulate: vblank timer overrun [ 717.050367][ C1] vkms_vblank_simulate: vblank timer overrun [ 717.058518][ T991] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 717.061928][ T6896] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 717.184037][ T991] usb 4-1: USB disconnect, device number 21 [ 717.238493][ T6896] usb 1-1: Using ep0 maxpacket: 8 [ 717.241650][ T6896] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 717.241681][ T6896] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 717.241706][ T6896] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 717.241731][ T6896] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 717.241776][ T6896] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 717.241798][ T6896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 717.512130][ C1] vkms_vblank_simulate: vblank timer overrun [ 717.639481][ T6896] usb 1-1: GET_CAPABILITIES returned 0 [ 717.639540][ T6896] usbtmc 1-1:16.0: can't read capabilities [ 717.722455][ C1] vkms_vblank_simulate: vblank timer overrun [ 717.851445][ T7720] usb 1-1: USB disconnect, device number 15 [ 718.061685][ C1] vkms_vblank_simulate: vblank timer overrun [ 718.603020][ C1] vkms_vblank_simulate: vblank timer overrun [ 719.793339][ C1] vkms_vblank_simulate: vblank timer overrun [ 719.867900][T10490] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 719.867925][T10490] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 722.868855][ T9252] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 722.903664][ T9252] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 722.905655][ T9252] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 722.921129][ T9252] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 722.923667][ T9252] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 723.210526][T10181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 725.112040][ T9252] Bluetooth: hci5: command tx timeout [ 726.494587][ C1] vkms_vblank_simulate: vblank timer overrun [ 726.533179][T10181] team0: Port device team_slave_0 added [ 726.577125][T10181] team0: Port device team_slave_1 added [ 726.700922][ C1] vkms_vblank_simulate: vblank timer overrun [ 727.577147][ C1] vkms_vblank_simulate: vblank timer overrun [ 727.606404][ T9252] Bluetooth: hci5: command tx timeout [ 727.660153][ C1] vkms_vblank_simulate: vblank timer overrun [ 727.928502][ C1] vkms_vblank_simulate: vblank timer overrun [ 728.517490][T10529] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1360'. [ 728.562572][ C1] vkms_vblank_simulate: vblank timer overrun [ 729.579083][ C1] vkms_vblank_simulate: vblank timer overrun [ 729.659855][ C1] vkms_vblank_simulate: vblank timer overrun [ 729.715475][ T9252] Bluetooth: hci5: command tx timeout [ 730.379950][ C1] vkms_vblank_simulate: vblank timer overrun [ 730.638258][ C1] vkms_vblank_simulate: vblank timer overrun [ 731.120375][ C1] vkms_vblank_simulate: vblank timer overrun [ 731.645277][T10181] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 731.645298][T10181] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.645328][T10181] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 732.258191][ T9252] Bluetooth: hci5: command tx timeout [ 732.334652][T10535] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 732.334668][T10535] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 732.478755][T10181] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 732.478773][T10181] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 732.478800][T10181] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 732.531054][ T7721] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 732.686556][ T7721] usb 4-1: Using ep0 maxpacket: 16 [ 732.944971][ T7721] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 732.945025][ T7721] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 732.972592][ T7721] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 732.972625][ T7721] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 732.972645][ T7721] usb 4-1: Product: syz [ 732.972659][ T7721] usb 4-1: Manufacturer: syz [ 732.972672][ T7721] usb 4-1: SerialNumber: syz [ 734.986633][ T7721] usb 4-1: can't set config #1, error -71 [ 735.019911][ T7721] usb 4-1: USB disconnect, device number 22 [ 737.256040][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 737.285103][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 737.303974][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 737.366171][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 737.474385][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 739.793740][ T5844] Bluetooth: hci0: command tx timeout [ 743.449665][ T5844] Bluetooth: hci0: command tx timeout [ 745.490759][ T5844] Bluetooth: hci0: command tx timeout [ 745.536166][T10507] chnl_net:caif_netlink_parms(): no params data found [ 746.001233][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.740904][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.915766][ T5844] Bluetooth: hci0: command tx timeout [ 751.577015][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.634822][T10634] FAULT_INJECTION: forcing a failure. [ 751.634822][T10634] name failslab, interval 1, probability 0, space 0, times 0 [ 751.634858][T10634] CPU: 1 UID: 0 PID: 10634 Comm: syz.0.1389 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 751.634882][T10634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 751.634895][T10634] Call Trace: [ 751.634903][T10634] [ 751.634912][T10634] dump_stack_lvl+0x189/0x250 [ 751.634946][T10634] ? __pfx____ratelimit+0x10/0x10 [ 751.634975][T10634] ? __pfx_dump_stack_lvl+0x10/0x10 [ 751.635013][T10634] ? __pfx__printk+0x10/0x10 [ 751.635044][T10634] ? __pfx___might_resched+0x10/0x10 [ 751.635072][T10634] should_fail_ex+0x46c/0x600 [ 751.635104][T10634] ? security_file_alloc+0x34/0x330 [ 751.635127][T10634] should_failslab+0xa8/0x100 [ 751.635157][T10634] ? security_file_alloc+0x34/0x330 [ 751.635178][T10634] kmem_cache_alloc_noprof+0x6e/0x310 [ 751.635212][T10634] security_file_alloc+0x34/0x330 [ 751.635238][T10634] init_file+0x99/0x320 [ 751.635261][T10634] alloc_empty_file+0x6e/0x1d0 [ 751.635282][T10634] alloc_file_pseudo+0x13d/0x210 [ 751.635300][T10634] ? kmem_cache_alloc_noprof+0x192/0x310 [ 751.635330][T10634] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 751.635347][T10634] ? evm_inode_alloc_security+0x40/0xb0 [ 751.635375][T10634] ? security_inode_alloc+0xd5/0x330 [ 751.635419][T10634] sock_alloc_file+0xb8/0x2f0 [ 751.635446][T10634] do_accept+0x351/0x680 [ 751.635477][T10634] ? __pfx_do_accept+0x10/0x10 [ 751.635530][T10634] __sys_accept4+0x11c/0x1c0 [ 751.635559][T10634] ? __pfx___sys_accept4+0x10/0x10 [ 751.635585][T10634] ? __pfx_ksys_write+0x10/0x10 [ 751.635607][T10634] ? rcu_is_watching+0x15/0xb0 [ 751.635647][T10634] __x64_sys_accept+0x7d/0x90 [ 751.635675][T10634] do_syscall_64+0xfa/0x3b0 [ 751.635701][T10634] ? lockdep_hardirqs_on+0x9c/0x150 [ 751.635727][T10634] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.635748][T10634] ? clear_bhb_loop+0x60/0xb0 [ 751.635774][T10634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.635794][T10634] RIP: 0033:0x7f304c45ebe9 [ 751.635813][T10634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 751.635831][T10634] RSP: 002b:00007f304a6c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 751.635854][T10634] RAX: ffffffffffffffda RBX: 00007f304c695fa0 RCX: 00007f304c45ebe9 [ 751.635869][T10634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 751.635881][T10634] RBP: 00007f304a6c6090 R08: 0000000000000000 R09: 0000000000000000 [ 751.635894][T10634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 751.635906][T10634] R13: 00007f304c696038 R14: 00007f304c695fa0 R15: 00007fff52c6ca78 [ 751.635942][T10634] [ 752.389665][T10647] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 752.389681][T10647] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 752.782677][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 753.020517][T10507] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.021060][T10507] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.466324][T10507] bridge_slave_0: entered allmulticast mode [ 753.505381][T10507] bridge_slave_0: entered promiscuous mode [ 753.809330][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 754.187528][T10507] bridge0: port 2(bridge_slave_1) entered blocking state [ 754.187694][T10507] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.187928][T10507] bridge_slave_1: entered allmulticast mode [ 754.191388][T10507] bridge_slave_1: entered promiscuous mode [ 758.751168][T10507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 758.918151][T10507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 759.453066][T10507] team0: Port device team_slave_0 added [ 759.520417][T10507] team0: Port device team_slave_1 added [ 759.648514][T10673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 759.649013][T10673] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 759.876516][ T7722] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 760.286626][T10677] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1401'. [ 760.287118][T10677] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1401'. [ 761.150552][ T7722] usb 5-1: config 0 has an invalid interface number: 87 but max is 0 [ 761.150584][ T7722] usb 5-1: config 0 has no interface number 0 [ 761.150619][ T7722] usb 5-1: too many endpoints for config 0 interface 87 altsetting 28: 204, using maximum allowed: 30 [ 761.150708][ T7722] usb 5-1: config 0 interface 87 altsetting 28 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 761.150737][ T7722] usb 5-1: config 0 interface 87 altsetting 28 has 1 endpoint descriptor, different from the interface descriptor's value: 204 [ 761.150766][ T7722] usb 5-1: config 0 interface 87 has no altsetting 0 [ 761.155960][ T7722] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=8c.f4 [ 761.155992][ T7722] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.156013][ T7722] usb 5-1: Product: syz [ 761.156027][ T7722] usb 5-1: Manufacturer: syz [ 761.156042][ T7722] usb 5-1: SerialNumber: syz [ 761.261676][ T7722] usb 5-1: config 0 descriptor?? [ 761.322087][ T7722] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 761.464749][ T43] usb 5-1: Failed to submit usb control message: -71 [ 761.464792][ T43] usb 5-1: unable to send the bmi data to the device: -71 [ 761.464812][ T43] usb 5-1: unable to get target info from device [ 761.464827][ T43] usb 5-1: could not get target info (-71) [ 761.465137][ T43] usb 5-1: could not probe fw (-71) [ 761.488654][ T6007] usb 5-1: USB disconnect, device number 26 [ 761.641834][T10507] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 761.641853][T10507] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 761.641877][T10507] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 761.644445][T10507] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 761.644463][T10507] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 761.644488][T10507] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 763.025312][T10507] hsr_slave_0: entered promiscuous mode [ 763.243352][T10507] hsr_slave_1: entered promiscuous mode [ 763.245470][T10575] chnl_net:caif_netlink_parms(): no params data found [ 764.528048][ T13] bridge_slave_1: left allmulticast mode [ 764.528073][ T13] bridge_slave_1: left promiscuous mode [ 764.528260][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.529951][T10706] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 764.529988][T10706] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 765.878970][ T7720] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 765.971920][ T13] bridge_slave_0: left allmulticast mode [ 765.971958][ T13] bridge_slave_0: left promiscuous mode [ 765.972287][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 766.026366][ T7720] usb 4-1: Using ep0 maxpacket: 32 [ 766.042645][ T7720] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 766.042715][ T7720] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 766.075385][ T7720] usb 4-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 766.075428][ T7720] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 766.075440][ T7720] usb 4-1: Product: syz [ 766.075449][ T7720] usb 4-1: Manufacturer: syz [ 766.075456][ T7720] usb 4-1: SerialNumber: syz [ 766.153588][ T7720] usb 4-1: config 0 descriptor?? [ 766.175737][ T13] bridge_slave_1: left allmulticast mode [ 766.175774][ T13] bridge_slave_1: left promiscuous mode [ 766.176033][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 766.201253][ T7720] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 766.267709][ T7720] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 766.317724][ T13] bridge_slave_0: left allmulticast mode [ 766.317763][ T13] bridge_slave_0: left promiscuous mode [ 766.318065][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 767.877216][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 767.966975][ T7723] usb 4-1: USB disconnect, device number 23 [ 769.920287][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 769.936715][T10722] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 769.936738][T10722] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 770.069568][ T13] bond0 (unregistering): Released all slaves [ 778.080450][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 778.166627][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 778.216113][ T13] bond0 (unregistering): Released all slaves [ 779.843614][ T13] tipc: Disabling bearer [ 779.843862][ T13] tipc: Left network mode [ 783.686985][T10575] bridge0: port 1(bridge_slave_0) entered blocking state [ 783.687153][T10575] bridge0: port 1(bridge_slave_0) entered disabled state [ 783.687417][T10575] bridge_slave_0: entered allmulticast mode [ 783.740237][T10575] bridge_slave_0: entered promiscuous mode [ 783.860102][T10575] bridge0: port 2(bridge_slave_1) entered blocking state [ 783.860275][T10575] bridge0: port 2(bridge_slave_1) entered disabled state [ 783.860546][T10575] bridge_slave_1: entered allmulticast mode [ 783.863823][T10575] bridge_slave_1: entered promiscuous mode [ 784.316271][T10795] comedi comedi0: aio_aio12_8: I/O port conflict (0x2,32) [ 785.217812][ T9252] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 785.246889][ T9252] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 785.249660][ T9252] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 785.275475][ T9252] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 785.287231][ T9252] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 787.302628][ C1] vkms_vblank_simulate: vblank timer overrun [ 787.374992][ C1] vkms_vblank_simulate: vblank timer overrun [ 787.409691][ T9252] Bluetooth: hci1: command tx timeout [ 787.632522][ C1] vkms_vblank_simulate: vblank timer overrun [ 787.795876][T10575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 787.832797][ C1] vkms_vblank_simulate: vblank timer overrun [ 787.834410][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 787.861149][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 788.106370][ T13] hsr_slave_0: left promiscuous mode [ 788.178393][ T13] hsr_slave_1: left promiscuous mode [ 788.179548][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 788.179581][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 788.227677][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 788.227713][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 788.773283][ C1] vkms_vblank_simulate: vblank timer overrun [ 789.782038][ T6896] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 789.939093][ C1] vkms_vblank_simulate: vblank timer overrun [ 789.945930][ T9252] Bluetooth: hci1: command tx timeout [ 790.112951][ T13] veth1_macvtap: left promiscuous mode [ 790.113095][ T13] veth0_macvtap: left promiscuous mode [ 790.113456][ T13] veth1_vlan: left promiscuous mode [ 790.113593][ T13] veth0_vlan: left promiscuous mode [ 790.236402][ T6896] usb 4-1: device descriptor read/64, error -71 [ 790.476563][ T6896] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 790.616700][ T6896] usb 4-1: device descriptor read/64, error -71 [ 790.658819][ T13] team0 (unregistering): Port device team_slave_1 removed [ 790.737260][ T6896] usb usb4-port1: attempt power cycle [ 790.799074][ T13] team0 (unregistering): Port device team_slave_0 removed [ 790.839573][ C1] vkms_vblank_simulate: vblank timer overrun [ 790.884373][ C1] vkms_vblank_simulate: vblank timer overrun [ 791.106492][ T6896] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 791.184201][ T6896] usb 4-1: device descriptor read/8, error -71 [ 791.415790][T10833] comedi comedi0: aio_aio12_8: I/O port conflict (0x2,32) [ 791.966381][ T5844] Bluetooth: hci1: command tx timeout [ 793.858407][T10844] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 793.858434][T10844] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 794.053901][ T5844] Bluetooth: hci1: command tx timeout [ 795.110984][T10848] netlink: 'syz.4.1447': attribute type 2 has an invalid length. [ 795.625402][T10851] netlink: 716 bytes leftover after parsing attributes in process `syz.3.1448'. [ 795.827412][ T9252] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 795.850658][ T9252] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 795.895416][ T9252] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 795.940227][ T9252] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 795.948255][ T9252] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 798.338579][ T5844] Bluetooth: hci5: command tx timeout [ 800.564894][ T5844] Bluetooth: hci5: command tx timeout [ 800.847249][ T13] team0 (unregistering): Port device team_slave_1 removed [ 801.136342][ T13] team0 (unregistering): Port device team_slave_0 removed [ 801.836784][T10873] comedi comedi0: aio_aio12_8: I/O port conflict (0x2,32) [ 802.606571][ T5844] Bluetooth: hci5: command tx timeout [ 804.641386][ T9252] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 804.645069][ T9252] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 804.657366][ T9252] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 804.661400][ T9252] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 804.665949][ T9252] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 804.692523][ T5844] Bluetooth: hci5: command tx timeout [ 805.897491][T10575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 806.955854][ T5844] Bluetooth: hci6: command tx timeout [ 809.128645][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.546825][ T5844] Bluetooth: hci6: command tx timeout [ 812.616439][ T5844] Bluetooth: hci6: command tx timeout [ 812.925966][ C1] vkms_vblank_simulate: vblank timer overrun [ 812.959979][ C1] vkms_vblank_simulate: vblank timer overrun [ 814.698551][ T5844] Bluetooth: hci6: command tx timeout [ 815.346361][ T5905] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 815.498983][ T5905] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 815.499038][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 815.499066][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 815.499089][ T5905] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 815.500699][ T5905] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 815.500726][ T5905] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 815.500747][ T5905] usb 5-1: Manufacturer: syz [ 815.536879][ T5905] usb 5-1: config 0 descriptor?? [ 815.611581][ C1] vkms_vblank_simulate: vblank timer overrun [ 815.986467][ T7723] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 816.006694][ T5905] appleir 0003:05AC:8243.0012: item fetching failed at offset 0/1 [ 816.011179][ T5905] appleir 0003:05AC:8243.0012: parse failed [ 816.011311][ T5905] appleir 0003:05AC:8243.0012: probe with driver appleir failed with error -22 [ 816.167357][ T7723] usb 4-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55 [ 816.167390][ T7723] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 816.167409][ T7723] usb 4-1: Product: syz [ 816.167424][ T7723] usb 4-1: Manufacturer: syz [ 816.167439][ T7723] usb 4-1: SerialNumber: syz [ 816.185731][ T7723] usb 4-1: config 0 descriptor?? [ 816.221261][ T7723] gspca_main: sonixb-2.14.0 probing 0c45:60a8 [ 816.356660][T10796] chnl_net:caif_netlink_parms(): no params data found [ 816.434093][ T7723] input: sonixb as /devices/platform/dummy_hcd.3/usb4/4-1/input/input28 [ 816.670591][ T6007] usb 4-1: USB disconnect, device number 28 [ 816.774938][T10880] chnl_net:caif_netlink_parms(): no params data found [ 816.802709][T10853] chnl_net:caif_netlink_parms(): no params data found [ 816.865693][ T13] IPVS: stop unused estimator thread 0... [ 817.490190][ C1] vkms_vblank_simulate: vblank timer overrun [ 817.650676][ C1] vkms_vblank_simulate: vblank timer overrun [ 818.605087][T10796] bridge0: port 1(bridge_slave_0) entered blocking state [ 818.605340][T10796] bridge0: port 1(bridge_slave_0) entered disabled state [ 818.605599][T10796] bridge_slave_0: entered allmulticast mode [ 818.747357][T10796] bridge_slave_0: entered promiscuous mode [ 818.806701][T10796] bridge0: port 2(bridge_slave_1) entered blocking state [ 818.808594][T10796] bridge0: port 2(bridge_slave_1) entered disabled state [ 818.809301][T10796] bridge_slave_1: entered allmulticast mode [ 818.814517][T10796] bridge_slave_1: entered promiscuous mode [ 818.908546][ T6896] usb 5-1: USB disconnect, device number 27 [ 822.117272][T10963] comedi comedi0: aio_aio12_8: I/O port conflict (0x2,32) [ 824.220231][ C0] vkms_vblank_simulate: vblank timer overrun [ 826.002570][ C0] vkms_vblank_simulate: vblank timer overrun [ 826.243865][T10796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 826.266564][T10880] bridge0: port 1(bridge_slave_0) entered blocking state [ 826.266819][T10880] bridge0: port 1(bridge_slave_0) entered disabled state [ 826.267093][T10880] bridge_slave_0: entered allmulticast mode [ 826.270505][T10880] bridge_slave_0: entered promiscuous mode [ 826.316715][T10853] bridge0: port 1(bridge_slave_0) entered blocking state [ 826.316903][T10853] bridge0: port 1(bridge_slave_0) entered disabled state [ 826.317173][T10853] bridge_slave_0: entered allmulticast mode [ 826.322105][T10853] bridge_slave_0: entered promiscuous mode [ 826.469159][T10796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 826.470188][T10880] bridge0: port 2(bridge_slave_1) entered blocking state [ 826.470374][T10880] bridge0: port 2(bridge_slave_1) entered disabled state [ 826.470598][T10880] bridge_slave_1: entered allmulticast mode [ 826.473837][T10880] bridge_slave_1: entered promiscuous mode [ 826.512116][T10853] bridge0: port 2(bridge_slave_1) entered blocking state [ 826.512247][T10853] bridge0: port 2(bridge_slave_1) entered disabled state [ 826.512425][T10853] bridge_slave_1: entered allmulticast mode [ 826.514191][T10853] bridge_slave_1: entered promiscuous mode [ 826.686359][ T6896] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 826.839121][ T6896] usb 4-1: config 48 interface 0 altsetting 98 bulk endpoint 0x4 has invalid maxpacket 1024 [ 826.839170][ T6896] usb 4-1: config 48 interface 0 altsetting 98 bulk endpoint 0x9 has invalid maxpacket 1024 [ 826.839197][ T6896] usb 4-1: config 48 interface 0 has no altsetting 0 [ 826.842450][ T6896] usb 4-1: New USB device found, idVendor=1784, idProduct=0006, bcdDevice=bb.2f [ 826.842478][ T6896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 826.842561][ T6896] usb 4-1: Product: syz [ 826.842577][ T6896] usb 4-1: Manufacturer: syz [ 826.842591][ T6896] usb 4-1: SerialNumber: syz [ 826.866252][T10982] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 826.866623][T10982] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 827.272518][ T6896] usb 4-1: USB disconnect, device number 29 [ 827.739031][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 827.902155][T10989] netlink: 'syz.3.1482': attribute type 1 has an invalid length. [ 828.133680][ C0] vkms_vblank_simulate: vblank timer overrun [ 828.270864][T10796] team0: Port device team_slave_0 added [ 828.284009][T10880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 828.295836][T10853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 828.847158][T10996] comedi comedi0: aio_aio12_8: I/O port conflict (0x2,32) [ 829.672655][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.800251][T10796] team0: Port device team_slave_1 added [ 829.823862][T10880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 829.851363][T10853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 832.235738][ T6056] Bluetooth: hci0: Frame reassembly failed (-84) [ 832.549062][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 833.519296][T10796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 833.519316][T10796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 833.519346][T10796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 833.536873][T10880] team0: Port device team_slave_0 added [ 833.540093][T10853] team0: Port device team_slave_0 added [ 833.598850][T10796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 833.598870][T10796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 833.598899][T10796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 833.602465][T10880] team0: Port device team_slave_1 added [ 833.605474][T10853] team0: Port device team_slave_1 added [ 834.290041][ T9252] Bluetooth: hci0: command 0x1003 tx timeout [ 834.290696][ T5844] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 834.548939][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 834.803223][T10853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 834.803242][T10853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 834.803271][T10853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 836.041457][ C1] vkms_vblank_simulate: vblank timer overrun [ 836.217773][T10880] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 836.217792][T10880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 836.217823][T10880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 836.320593][T10853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 836.320613][T10853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 836.320643][T10853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 836.354477][T10880] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 836.354495][T10880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 836.354521][T10880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 836.828670][T10796] hsr_slave_0: entered promiscuous mode [ 836.830410][T10796] hsr_slave_1: entered promiscuous mode [ 836.831527][T10796] debugfs: 'hsr0' already exists in 'hsr' [ 836.831555][T10796] Cannot create hsr debugfs directory [ 836.864293][ C1] vkms_vblank_simulate: vblank timer overrun [ 838.571496][ C1] vkms_vblank_simulate: vblank timer overrun [ 839.053836][T10853] hsr_slave_0: entered promiscuous mode [ 839.055263][T10853] hsr_slave_1: entered promiscuous mode [ 839.056149][T10853] debugfs: 'hsr0' already exists in 'hsr' [ 839.075173][T10853] Cannot create hsr debugfs directory [ 839.134486][T10880] hsr_slave_0: entered promiscuous mode [ 839.139267][T10880] hsr_slave_1: entered promiscuous mode [ 839.142442][T10880] debugfs: 'hsr0' already exists in 'hsr' [ 839.142467][T10880] Cannot create hsr debugfs directory [ 840.436550][T11057] FAULT_INJECTION: forcing a failure. [ 840.436550][T11057] name failslab, interval 1, probability 0, space 0, times 0 [ 840.436590][T11057] CPU: 1 UID: 0 PID: 11057 Comm: syz.4.1499 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 840.436614][T11057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 840.436626][T11057] Call Trace: [ 840.436635][T11057] [ 840.436644][T11057] dump_stack_lvl+0x189/0x250 [ 840.436680][T11057] ? __pfx____ratelimit+0x10/0x10 [ 840.436708][T11057] ? __pfx_dump_stack_lvl+0x10/0x10 [ 840.436736][T11057] ? __pfx__printk+0x10/0x10 [ 840.436765][T11057] ? __pfx___might_resched+0x10/0x10 [ 840.436785][T11057] ? fs_reclaim_acquire+0x7d/0x100 [ 840.436810][T11057] should_fail_ex+0x46c/0x600 [ 840.436842][T11057] ? __alloc_skb+0x112/0x2d0 [ 840.436867][T11057] should_failslab+0xa8/0x100 [ 840.436896][T11057] ? __alloc_skb+0x112/0x2d0 [ 840.436919][T11057] kmem_cache_alloc_node_noprof+0x77/0x330 [ 840.436956][T11057] __alloc_skb+0x112/0x2d0 [ 840.436987][T11057] netlink_sendmsg+0x5c6/0xb30 [ 840.437034][T11057] ? __pfx_netlink_sendmsg+0x10/0x10 [ 840.437070][T11057] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 840.437091][T11057] ? __pfx_netlink_sendmsg+0x10/0x10 [ 840.437118][T11057] __sock_sendmsg+0x219/0x270 [ 840.437146][T11057] ____sys_sendmsg+0x508/0x820 [ 840.437184][T11057] ? __pfx_____sys_sendmsg+0x10/0x10 [ 840.437224][T11057] ? import_iovec+0x74/0xa0 [ 840.437252][T11057] ___sys_sendmsg+0x21f/0x2a0 [ 840.437283][T11057] ? __pfx____sys_sendmsg+0x10/0x10 [ 840.437355][T11057] ? __fget_files+0x2a/0x420 [ 840.437382][T11057] ? __fget_files+0x3a6/0x420 [ 840.437423][T11057] __x64_sys_sendmsg+0x1a1/0x260 [ 840.437457][T11057] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 840.437498][T11057] ? __pfx_ksys_write+0x10/0x10 [ 840.437532][T11057] ? do_syscall_64+0xbe/0x3b0 [ 840.437565][T11057] do_syscall_64+0xfa/0x3b0 [ 840.437591][T11057] ? lockdep_hardirqs_on+0x9c/0x150 [ 840.437617][T11057] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.437638][T11057] ? clear_bhb_loop+0x60/0xb0 [ 840.437663][T11057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.437683][T11057] RIP: 0033:0x7fdaedc3ebe9 [ 840.437702][T11057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 840.437720][T11057] RSP: 002b:00007fdaebea6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 840.437744][T11057] RAX: ffffffffffffffda RBX: 00007fdaede75fa0 RCX: 00007fdaedc3ebe9 [ 840.437760][T11057] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 840.437773][T11057] RBP: 00007fdaebea6090 R08: 0000000000000000 R09: 0000000000000000 [ 840.437786][T11057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 840.437799][T11057] R13: 00007fdaede76038 R14: 00007fdaede75fa0 R15: 00007ffcceb8d708 [ 840.437833][T11057] [ 840.885097][ T13] bridge_slave_1: left allmulticast mode [ 840.885136][ T13] bridge_slave_1: left promiscuous mode [ 840.885426][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 840.948359][ T13] bridge_slave_0: left allmulticast mode [ 840.948396][ T13] bridge_slave_0: left promiscuous mode [ 840.948725][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 841.023287][ T13] bridge_slave_1: left allmulticast mode [ 841.023326][ T13] bridge_slave_1: left promiscuous mode [ 841.023644][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 841.078410][ T13] bridge_slave_0: left allmulticast mode [ 841.078448][ T13] bridge_slave_0: left promiscuous mode [ 841.078850][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 841.172281][ T13] bridge_slave_1: left allmulticast mode [ 841.172320][ T13] bridge_slave_1: left promiscuous mode [ 841.172621][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 841.238523][ T13] bridge_slave_0: left allmulticast mode [ 841.238562][ T13] bridge_slave_0: left promiscuous mode [ 841.242440][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 843.486659][ C1] vkms_vblank_simulate: vblank timer overrun [ 843.636321][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 843.823982][ C1] vkms_vblank_simulate: vblank timer overrun [ 843.897355][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 843.970160][ T13] bond0 (unregistering): Released all slaves [ 844.092134][ T9252] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 844.111013][ T9252] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 844.119063][ T9252] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 844.134945][ T9252] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 844.149341][ T9252] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 844.618871][T11088] FAULT_INJECTION: forcing a failure. [ 844.618871][T11088] name failslab, interval 1, probability 0, space 0, times 0 [ 844.618909][T11088] CPU: 0 UID: 0 PID: 11088 Comm: syz.4.1507 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 844.618933][T11088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 844.618945][T11088] Call Trace: [ 844.618954][T11088] [ 844.618962][T11088] dump_stack_lvl+0x189/0x250 [ 844.618995][T11088] ? __pfx____ratelimit+0x10/0x10 [ 844.619022][T11088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 844.619050][T11088] ? __pfx__printk+0x10/0x10 [ 844.619079][T11088] ? __pfx___might_resched+0x10/0x10 [ 844.619098][T11088] ? fs_reclaim_acquire+0x7d/0x100 [ 844.619123][T11088] should_fail_ex+0x46c/0x600 [ 844.619155][T11088] should_failslab+0xa8/0x100 [ 844.619185][T11088] __kmalloc_cache_node_noprof+0x78/0x340 [ 844.619212][T11088] ? __get_vm_area_node+0x172/0x350 [ 844.619253][T11088] __get_vm_area_node+0x172/0x350 [ 844.619284][T11088] __vmalloc_node_range_noprof+0x301/0x12f0 [ 844.619313][T11088] ? bpf_prog_alloc_no_stats+0x4a/0x510 [ 844.619341][T11088] ? is_bpf_text_address+0x26/0x2b0 [ 844.619396][T11088] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 844.619423][T11088] ? __might_fault+0xb0/0x130 [ 844.619454][T11088] ? _parse_integer_limit+0x1ae/0x1f0 [ 844.619489][T11088] ? bpf_prog_alloc_no_stats+0x4a/0x510 [ 844.619511][T11088] __vmalloc_noprof+0xb1/0xf0 [ 844.619537][T11088] ? bpf_prog_alloc_no_stats+0x4a/0x510 [ 844.619566][T11088] bpf_prog_alloc_no_stats+0x4a/0x510 [ 844.619597][T11088] bpf_prog_alloc+0x3c/0x1a0 [ 844.619625][T11088] bpf_prog_load+0x735/0x1930 [ 844.619664][T11088] ? __pfx_bpf_prog_load+0x10/0x10 [ 844.619716][T11088] ? bpf_lsm_bpf+0x9/0x20 [ 844.619737][T11088] ? security_bpf+0x7e/0x300 [ 844.619765][T11088] __sys_bpf+0x528/0x870 [ 844.619791][T11088] ? __pfx___sys_bpf+0x10/0x10 [ 844.619831][T11088] ? ksys_write+0x230/0x260 [ 844.619859][T11088] ? __pfx_ksys_write+0x10/0x10 [ 844.619880][T11088] ? rcu_is_watching+0x15/0xb0 [ 844.619918][T11088] __x64_sys_bpf+0x7c/0x90 [ 844.619941][T11088] do_syscall_64+0xfa/0x3b0 [ 844.619967][T11088] ? lockdep_hardirqs_on+0x9c/0x150 [ 844.619991][T11088] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.620011][T11088] ? clear_bhb_loop+0x60/0xb0 [ 844.620036][T11088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.620054][T11088] RIP: 0033:0x7fdaedc3ebe9 [ 844.620073][T11088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 844.620090][T11088] RSP: 002b:00007fdaebea6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 844.620113][T11088] RAX: ffffffffffffffda RBX: 00007fdaede75fa0 RCX: 00007fdaedc3ebe9 [ 844.620127][T11088] RDX: 0000000000000094 RSI: 0000200000000ac0 RDI: 0000000000000005 [ 844.620140][T11088] RBP: 00007fdaebea6090 R08: 0000000000000000 R09: 0000000000000000 [ 844.620153][T11088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 844.620166][T11088] R13: 00007fdaede76038 R14: 00007fdaede75fa0 R15: 00007ffcceb8d708 [ 844.620200][T11088] [ 844.624035][ C1] vkms_vblank_simulate: vblank timer overrun [ 844.636510][T11088] syz.4.1507: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 844.636634][T11088] CPU: 1 UID: 0 PID: 11088 Comm: syz.4.1507 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 844.636654][T11088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 844.636665][T11088] Call Trace: [ 844.636672][T11088] [ 844.636680][T11088] dump_stack_lvl+0x189/0x250 [ 844.636713][T11088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 844.636738][T11088] ? __pfx__printk+0x10/0x10 [ 844.636759][T11088] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 844.636778][T11088] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 844.636800][T11088] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 844.636821][T11088] warn_alloc+0x22e/0x3b0 [ 844.636848][T11088] ? should_fail_ex+0x344/0x600 [ 844.636877][T11088] ? __pfx_warn_alloc+0x10/0x10 [ 844.636904][T11088] ? __get_vm_area_node+0x172/0x350 [ 844.636932][T11088] ? __get_vm_area_node+0x2e2/0x350 [ 844.636963][T11088] __vmalloc_node_range_noprof+0x326/0x12f0 [ 844.637000][T11088] ? is_bpf_text_address+0x26/0x2b0 [ 844.637048][T11088] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 844.637071][T11088] ? __might_fault+0xb0/0x130 [ 844.637098][T11088] ? _parse_integer_limit+0x1ae/0x1f0 [ 844.637128][T11088] ? bpf_prog_alloc_no_stats+0x4a/0x510 [ 844.637151][T11088] __vmalloc_noprof+0xb1/0xf0 [ 844.637179][T11088] ? bpf_prog_alloc_no_stats+0x4a/0x510 [ 844.637207][T11088] bpf_prog_alloc_no_stats+0x4a/0x510 [ 844.637236][T11088] bpf_prog_alloc+0x3c/0x1a0 [ 844.637262][T11088] bpf_prog_load+0x735/0x1930 [ 844.637297][T11088] ? __pfx_bpf_prog_load+0x10/0x10 [ 844.637342][T11088] ? bpf_lsm_bpf+0x9/0x20 [ 844.637362][T11088] ? security_bpf+0x7e/0x300 [ 844.637388][T11088] __sys_bpf+0x528/0x870 [ 844.637412][T11088] ? __pfx___sys_bpf+0x10/0x10 [ 844.637446][T11088] ? ksys_write+0x230/0x260 [ 844.637471][T11088] ? __pfx_ksys_write+0x10/0x10 [ 844.637489][T11088] ? rcu_is_watching+0x15/0xb0 [ 844.637523][T11088] __x64_sys_bpf+0x7c/0x90 [ 844.637543][T11088] do_syscall_64+0xfa/0x3b0 [ 844.637566][T11088] ? lockdep_hardirqs_on+0x9c/0x150 [ 844.637588][T11088] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.637606][T11088] ? clear_bhb_loop+0x60/0xb0 [ 844.637627][T11088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.637644][T11088] RIP: 0033:0x7fdaedc3ebe9 [ 844.637661][T11088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 844.637676][T11088] RSP: 002b:00007fdaebea6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 844.637696][T11088] RAX: ffffffffffffffda RBX: 00007fdaede75fa0 RCX: 00007fdaedc3ebe9 [ 844.637710][T11088] RDX: 0000000000000094 RSI: 0000200000000ac0 RDI: 0000000000000005 [ 844.637722][T11088] RBP: 00007fdaebea6090 R08: 0000000000000000 R09: 0000000000000000 [ 844.637734][T11088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 844.637745][T11088] R13: 00007fdaede76038 R14: 00007fdaede75fa0 R15: 00007ffcceb8d708 [ 844.637775][T11088] [ 844.637782][T11088] Mem-Info: [ 844.637790][T11088] active_anon:264 inactive_anon:4493 isolated_anon:0 [ 844.637790][T11088] active_file:23673 inactive_file:36176 isolated_file:0 [ 844.637790][T11088] unevictable:768 dirty:61 writeback:0 [ 844.637790][T11088] slab_reclaimable:12634 slab_unreclaimable:103011 [ 844.637790][T11088] mapped:34836 shmem:1357 pagetables:1060 [ 844.637790][T11088] sec_pagetables:0 bounce:0 [ 844.637790][T11088] kernel_misc_reclaimable:0 [ 844.637790][T11088] free:1304539 free_pcp:4193 free_cma:0 [ 844.637839][T11088] Node 0 active_anon:1056kB inactive_anon:17972kB active_file:94496kB inactive_file:144700kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139344kB dirty:240kB writeback:0kB shmem:3892kB kernel_stack:12588kB pagetables:4064kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 844.637881][T11088] Node 1 active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:176kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 844.637920][T11088] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 844.637978][T11088] lowmem_reserve[]: 0 2512 2513 2513 2513 [ 844.638010][T11088] Node 0 DMA32 free:1300480kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1052kB inactive_anon:17928kB active_file:93480kB inactive_file:144632kB unevictable:1536kB writepending:236kB present:3129332kB managed:2572324kB mlocked:0kB bounce:0kB free_pcp:16772kB local_pcp:6264kB free_cma:0kB [ 844.638063][T11088] lowmem_reserve[]: 0 0 1 1 1 [ 844.638092][T11088] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1016kB inactive_file:68kB unevictable:0kB writepending:4kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 844.638141][T11088] lowmem_reserve[]: 0 0 0 0 0 [ 844.638169][T11088] Node 1 Normal free:3902316kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:4kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 844.638220][T11088] lowmem_reserve[]: 0 0 0 0 0 [ 844.638249][T11088] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 844.638354][T11088] Node 0 DMA32: 1234*4kB (M) 510*8kB (UME) 121*16kB (M) 380*32kB (UME) 251*64kB (ME) 226*128kB (UM) 150*256kB (UME) 80*512kB (UME) 38*1024kB (UME) 18*2048kB (UME) 263*4096kB (M) = 1300488kB [ 844.638504][T11088] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 844.638592][T11088] Node 1 Normal: 209*4kB (UME) 51*8kB (UME) 29*16kB (UME) 196*32kB (UME) 81*64kB (UME) 22*128kB (UME) 15*256kB (UME) 7*512kB (UM) 2*1024kB (UM) 3*2048kB (ME) 945*4096kB (M) = 3902316kB [ 844.638734][T11088] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 844.638750][T11088] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 844.638764][T11088] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 844.638779][T11088] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 844.638793][T11088] 61202 total pagecache pages [ 844.638800][T11088] 0 pages in swap cache [ 844.638806][T11088] Free swap = 124996kB [ 844.638813][T11088] Total swap = 124996kB [ 844.638820][T11088] 2097051 pages RAM [ 844.638826][T11088] 0 pages HighMem/MovableOnly [ 844.638832][T11088] 422072 pages reserved [ 844.638839][T11088] 0 pages cma reserved [ 844.806706][ C1] vkms_vblank_simulate: vblank timer overrun [ 845.460058][ C1] vkms_vblank_simulate: vblank timer overrun [ 846.256703][ C1] vkms_vblank_simulate: vblank timer overrun [ 846.286442][ T5844] Bluetooth: hci0: command tx timeout [ 846.327988][ C1] vkms_vblank_simulate: vblank timer overrun [ 846.407567][ C1] vkms_vblank_simulate: vblank timer overrun [ 846.503611][ C1] vkms_vblank_simulate: vblank timer overrun [ 846.611149][ C1] vkms_vblank_simulate: vblank timer overrun [ 846.719619][ C1] vkms_vblank_simulate: vblank timer overrun [ 847.837349][ C1] vkms_vblank_simulate: vblank timer overrun [ 848.389612][ T5844] Bluetooth: hci0: command tx timeout [ 848.447669][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 848.509616][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 848.532807][ T13] bond0 (unregistering): Released all slaves [ 848.807412][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 848.917082][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 848.987175][ T13] bond0 (unregistering): Released all slaves [ 850.430097][ C0] vkms_vblank_simulate: vblank timer overrun [ 850.456347][ T5844] Bluetooth: hci0: command tx timeout [ 850.564210][T11107] FAULT_INJECTION: forcing a failure. [ 850.564210][T11107] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 850.564247][T11107] CPU: 0 UID: 0 PID: 11107 Comm: syz.4.1513 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 850.564271][T11107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 850.564283][T11107] Call Trace: [ 850.564291][T11107] [ 850.564300][T11107] dump_stack_lvl+0x189/0x250 [ 850.564336][T11107] ? __pfx____ratelimit+0x10/0x10 [ 850.564364][T11107] ? __pfx_dump_stack_lvl+0x10/0x10 [ 850.564394][T11107] ? __pfx__printk+0x10/0x10 [ 850.564433][T11107] should_fail_ex+0x46c/0x600 [ 850.564466][T11107] _copy_from_user+0x2d/0xb0 [ 850.564490][T11107] __copy_msghdr+0x3c5/0x5b0 [ 850.564525][T11107] ___sys_sendmsg+0x1a5/0x2a0 [ 850.564557][T11107] ? __pfx____sys_sendmsg+0x10/0x10 [ 850.564627][T11107] ? __fget_files+0x2a/0x420 [ 850.564655][T11107] ? __fget_files+0x3a6/0x420 [ 850.564695][T11107] __sys_sendmmsg+0x22d/0x430 [ 850.564732][T11107] ? __pfx___sys_sendmmsg+0x10/0x10 [ 850.564772][T11107] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 850.564811][T11107] ? ksys_write+0x230/0x260 [ 850.564839][T11107] ? __pfx_ksys_write+0x10/0x10 [ 850.564861][T11107] ? rcu_is_watching+0x15/0xb0 [ 850.564899][T11107] __x64_sys_sendmmsg+0xa0/0xc0 [ 850.564939][T11107] do_syscall_64+0xfa/0x3b0 [ 850.564966][T11107] ? lockdep_hardirqs_on+0x9c/0x150 [ 850.564992][T11107] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.565013][T11107] ? clear_bhb_loop+0x60/0xb0 [ 850.565038][T11107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.565058][T11107] RIP: 0033:0x7fdaedc3ebe9 [ 850.565076][T11107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 850.565094][T11107] RSP: 002b:00007fdaebea6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 850.565117][T11107] RAX: ffffffffffffffda RBX: 00007fdaede75fa0 RCX: 00007fdaedc3ebe9 [ 850.565132][T11107] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003 [ 850.565146][T11107] RBP: 00007fdaebea6090 R08: 0000000000000000 R09: 0000000000000000 [ 850.565159][T11107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 850.565170][T11107] R13: 00007fdaede76038 R14: 00007fdaede75fa0 R15: 00007ffcceb8d708 [ 850.565204][T11107] [ 851.086205][ C0] vkms_vblank_simulate: vblank timer overrun [ 852.232324][ C0] vkms_vblank_simulate: vblank timer overrun [ 852.536395][ T5844] Bluetooth: hci0: command tx timeout [ 852.802206][ C0] vkms_vblank_simulate: vblank timer overrun [ 854.522038][ C0] vkms_vblank_simulate: vblank timer overrun [ 854.680965][ C0] vkms_vblank_simulate: vblank timer overrun [ 855.130565][ T6056] Bluetooth: hci1: Frame reassembly failed (-84) [ 856.661934][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 856.685932][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 856.702540][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 856.703912][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 856.705775][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 857.180923][ T5844] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 858.766586][ T5844] Bluetooth: hci2: command tx timeout [ 860.163977][ C1] vkms_vblank_simulate: vblank timer overrun [ 860.246286][ T13] hsr_slave_0: left promiscuous mode [ 860.303962][ T13] hsr_slave_1: left promiscuous mode [ 860.305031][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 860.305062][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 860.367854][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 860.367890][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 860.496642][ T13] hsr_slave_0: left promiscuous mode [ 860.716416][ T6896] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 860.847148][ T5844] Bluetooth: hci2: command tx timeout [ 860.986725][ T13] hsr_slave_1: left promiscuous mode [ 861.036882][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 861.068538][ T6896] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 861.068569][ T6896] usb 5-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 861.068610][ T6896] usb 5-1: config 220 interface 0 has no altsetting 0 [ 861.071271][ T6896] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 861.071298][ T6896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 861.071319][ T6896] usb 5-1: Product: syz [ 861.071333][ T6896] usb 5-1: Manufacturer: syz [ 861.071348][ T6896] usb 5-1: SerialNumber: syz [ 861.136999][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 861.549456][ T13] veth1_macvtap: left promiscuous mode [ 861.550632][ T13] veth0_macvtap: left promiscuous mode [ 861.556610][ T13] veth1_vlan: left promiscuous mode [ 861.576678][ T13] veth0_vlan: left promiscuous mode [ 862.241517][ T6896] usb 5-1: Found UVC 0.00 device syz (8086:0b07) [ 862.241554][ T6896] usb 5-1: No valid video chain found. [ 862.250548][ T6896] usb 5-1: USB disconnect, device number 28 [ 862.655187][ C1] vkms_vblank_simulate: vblank timer overrun [ 863.685190][ C1] vkms_vblank_simulate: vblank timer overrun [ 863.690622][ T5844] Bluetooth: hci2: command tx timeout [ 863.841556][ C1] vkms_vblank_simulate: vblank timer overrun [ 864.091906][ C1] vkms_vblank_simulate: vblank timer overrun [ 864.104352][T11173] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 864.104368][T11173] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 865.173208][ C1] vkms_vblank_simulate: vblank timer overrun [ 865.726373][ T5844] Bluetooth: hci2: command tx timeout [ 866.368035][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 866.390698][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 866.392317][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 866.406442][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 866.452529][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 866.989444][ C1] vkms_vblank_simulate: vblank timer overrun [ 867.021502][ C1] vkms_vblank_simulate: vblank timer overrun [ 868.178721][ C1] vkms_vblank_simulate: vblank timer overrun [ 868.271072][ C1] vkms_vblank_simulate: vblank timer overrun [ 868.432998][ C1] vkms_vblank_simulate: vblank timer overrun [ 868.516386][ C1] vkms_vblank_simulate: vblank timer overrun [ 868.526339][ T5844] Bluetooth: hci1: command tx timeout [ 868.620663][ C1] vkms_vblank_simulate: vblank timer overrun [ 868.712258][ C1] vkms_vblank_simulate: vblank timer overrun [ 868.765187][ C1] vkms_vblank_simulate: vblank timer overrun [ 868.834463][ C1] vkms_vblank_simulate: vblank timer overrun [ 868.882476][ C1] vkms_vblank_simulate: vblank timer overrun [ 868.947289][ T13] team0 (unregistering): Port device team_slave_1 removed [ 868.983202][ C1] vkms_vblank_simulate: vblank timer overrun [ 869.092545][ C1] vkms_vblank_simulate: vblank timer overrun [ 869.207681][ T13] team0 (unregistering): Port device team_slave_0 removed [ 869.243185][ C1] vkms_vblank_simulate: vblank timer overrun [ 869.282431][ C1] vkms_vblank_simulate: vblank timer overrun [ 869.348012][ C1] vkms_vblank_simulate: vblank timer overrun [ 869.451751][ C1] vkms_vblank_simulate: vblank timer overrun [ 869.654726][ C1] vkms_vblank_simulate: vblank timer overrun [ 870.550207][ C1] vkms_vblank_simulate: vblank timer overrun [ 870.551853][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.608315][ T5844] Bluetooth: hci1: command tx timeout [ 870.612827][ C1] vkms_vblank_simulate: vblank timer overrun [ 870.777472][ C1] vkms_vblank_simulate: vblank timer overrun [ 870.842031][ C1] vkms_vblank_simulate: vblank timer overrun [ 871.867402][ C1] vkms_vblank_simulate: vblank timer overrun [ 872.686444][ T5844] Bluetooth: hci1: command tx timeout [ 873.641608][T11204] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 873.641637][T11204] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 873.676263][T11204] vhci_hcd vhci_hcd.0: Device attached [ 873.685516][T11204] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(5) [ 873.685540][T11204] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 873.685592][T11204] vhci_hcd vhci_hcd.0: Device attached [ 873.698361][T11204] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(7) [ 873.698387][T11204] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 873.698427][T11204] vhci_hcd vhci_hcd.0: Device attached [ 873.708505][T11204] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 873.709639][T11204] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 873.712177][T11204] vhci_hcd vhci_hcd.0: pdev(3) rhport(5) sockfd(13) [ 873.712201][T11204] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 873.712248][T11204] vhci_hcd vhci_hcd.0: Device attached [ 873.803061][T11213] vhci_hcd vhci_hcd.0: pdev(3) rhport(6) sockfd(17) [ 873.803092][T11213] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 873.813202][T11213] vhci_hcd vhci_hcd.0: Device attached [ 873.866111][ T6896] vhci_hcd: vhci_device speed not set [ 873.927636][ T6896] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 874.367127][ T13] team0 (unregistering): Port device team_slave_1 removed [ 874.468542][T11214] vhci_hcd: connection closed [ 874.478156][T11211] vhci_hcd: connection closed [ 874.479589][T11209] vhci_hcd: connection closed [ 874.479638][T11207] vhci_hcd: connection closed [ 874.479970][T11205] vhci_hcd: connection reset by peer [ 874.482971][ T3605] vhci_hcd: stop threads [ 874.482991][ T3605] vhci_hcd: release socket [ 874.484174][ T3605] vhci_hcd: disconnect device [ 874.484602][ T3605] vhci_hcd: stop threads [ 874.484612][ T3605] vhci_hcd: release socket [ 874.494960][ T3605] vhci_hcd: disconnect device [ 874.495316][ T3605] vhci_hcd: stop threads [ 874.495324][ T3605] vhci_hcd: release socket [ 874.495516][ T3605] vhci_hcd: disconnect device [ 874.500584][ T3605] vhci_hcd: stop threads [ 874.500602][ T3605] vhci_hcd: release socket [ 874.500986][ T3605] vhci_hcd: disconnect device [ 874.501124][ T3605] vhci_hcd: stop threads [ 874.501132][ T3605] vhci_hcd: release socket [ 874.501193][ T3605] vhci_hcd: disconnect device [ 874.531072][ T13] team0 (unregistering): Port device team_slave_0 removed [ 874.766501][ T5844] Bluetooth: hci1: command tx timeout [ 875.362957][T11217] FAULT_INJECTION: forcing a failure. [ 875.362957][T11217] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 875.362995][T11217] CPU: 0 UID: 0 PID: 11217 Comm: syz.4.1539 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 875.363018][T11217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 875.363030][T11217] Call Trace: [ 875.363039][T11217] [ 875.363048][T11217] dump_stack_lvl+0x189/0x250 [ 875.363082][T11217] ? __pfx____ratelimit+0x10/0x10 [ 875.363109][T11217] ? __pfx_dump_stack_lvl+0x10/0x10 [ 875.363139][T11217] ? __pfx__printk+0x10/0x10 [ 875.363180][T11217] should_fail_ex+0x46c/0x600 [ 875.363213][T11217] strncpy_from_user+0x36/0x290 [ 875.363243][T11217] getname_flags+0xf3/0x540 [ 875.363279][T11217] __x64_sys_execveat+0xad/0xe0 [ 875.363308][T11217] do_syscall_64+0xfa/0x3b0 [ 875.363335][T11217] ? lockdep_hardirqs_on+0x9c/0x150 [ 875.363361][T11217] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.363381][T11217] ? clear_bhb_loop+0x60/0xb0 [ 875.363406][T11217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.363426][T11217] RIP: 0033:0x7fdaedc3ebe9 [ 875.363444][T11217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 875.363462][T11217] RSP: 002b:00007fdaebea6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 875.363486][T11217] RAX: ffffffffffffffda RBX: 00007fdaede75fa0 RCX: 00007fdaedc3ebe9 [ 875.363501][T11217] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 875.363515][T11217] RBP: 00007fdaebea6090 R08: 0000000000000000 R09: 0000000000000000 [ 875.363529][T11217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 875.363563][T11217] R13: 00007fdaede76038 R14: 00007fdaede75fa0 R15: 00007ffcceb8d708 [ 875.363597][T11217] [ 875.836305][ T7723] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 875.986360][ T7723] usb 4-1: Using ep0 maxpacket: 32 [ 875.989830][ T7723] usb 4-1: unable to get BOS descriptor or descriptor too short [ 876.027839][ T7723] usb 4-1: config 7 has an invalid interface number: 128 but max is 0 [ 876.027879][ T7723] usb 4-1: config 7 contains an unexpected descriptor of type 0x1, skipping [ 876.027897][ T7723] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 876.027914][ T7723] usb 4-1: config 7 has no interface number 0 [ 876.027963][ T7723] usb 4-1: config 7 interface 128 altsetting 2 has an endpoint descriptor with address 0x17, changing to 0x7 [ 876.027988][ T7723] usb 4-1: config 7 interface 128 altsetting 2 bulk endpoint 0x7 has invalid maxpacket 32 [ 876.028011][ T7723] usb 4-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11 [ 876.028039][ T7723] usb 4-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 876.028065][ T7723] usb 4-1: config 7 interface 128 has no altsetting 0 [ 876.036516][ T7723] usb 4-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13 [ 876.036545][ T7723] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 876.036564][ T7723] usb 4-1: Product: syz [ 876.036577][ T7723] usb 4-1: Manufacturer: syz [ 876.036591][ T7723] usb 4-1: SerialNumber: syz [ 876.050784][T11219] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 876.170222][T11079] chnl_net:caif_netlink_parms(): no params data found [ 876.303055][ T7723] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 876.303124][ T7723] usb 4-1: MIDIStreaming interface descriptor not found [ 876.413990][ T7723] usb 4-1: USB disconnect, device number 30 [ 879.155849][ T6896] vhci_hcd: vhci_device speed not set [ 879.233248][T11079] bridge0: port 1(bridge_slave_0) entered blocking state [ 879.267132][T11079] bridge0: port 1(bridge_slave_0) entered disabled state [ 879.267402][T11079] bridge_slave_0: entered allmulticast mode [ 879.275269][T11079] bridge_slave_0: entered promiscuous mode [ 879.292730][T11135] chnl_net:caif_netlink_parms(): no params data found [ 879.339813][T11255] FAULT_INJECTION: forcing a failure. [ 879.339813][T11255] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 879.339859][T11255] CPU: 0 UID: 0 PID: 11255 Comm: syz.3.1548 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 879.339883][T11255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 879.339895][T11255] Call Trace: [ 879.339903][T11255] [ 879.339913][T11255] dump_stack_lvl+0x189/0x250 [ 879.339947][T11255] ? __pfx____ratelimit+0x10/0x10 [ 879.339981][T11255] ? __pfx_dump_stack_lvl+0x10/0x10 [ 879.340008][T11255] ? __pfx__printk+0x10/0x10 [ 879.340032][T11255] ? fs_reclaim_acquire+0x7d/0x100 [ 879.340062][T11255] should_fail_ex+0x46c/0x600 [ 879.340096][T11255] prepare_alloc_pages+0x213/0x670 [ 879.340128][T11255] __alloc_frozen_pages_noprof+0x123/0x370 [ 879.340155][T11255] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 879.340189][T11255] ? policy_nodemask+0x27c/0x720 [ 879.340224][T11255] alloc_pages_mpol+0xd1/0x380 [ 879.340257][T11255] alloc_pages_noprof+0xcf/0x1e0 [ 879.340289][T11255] __pud_alloc+0x3a/0x260 [ 879.340325][T11255] handle_mm_fault+0x2149/0x3400 [ 879.340354][T11255] ? mt_find+0x15c/0x5f0 [ 879.340381][T11255] ? __pfx_mt_find+0x10/0x10 [ 879.340412][T11255] ? handle_mm_fault+0xdb/0x3400 [ 879.340450][T11255] ? __pfx_handle_mm_fault+0x10/0x10 [ 879.340504][T11255] ? lock_mm_and_find_vma+0x9c/0x300 [ 879.340528][T11255] do_user_addr_fault+0x764/0x1390 [ 879.340572][T11255] exc_page_fault+0x76/0xf0 [ 879.340603][T11255] asm_exc_page_fault+0x26/0x30 [ 879.340623][T11255] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 879.340645][T11255] Code: c3 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd d4 04 00 66 2e 0f 1f [ 879.340663][T11255] RSP: 0018:ffffc90005097c78 EFLAGS: 00050202 [ 879.340683][T11255] RAX: ffffffff84b790ff RBX: 0000000000000001 RCX: 0000000000000001 [ 879.340697][T11255] RDX: 0000000000000000 RSI: ffffffff8b5b5940 RDI: 00002000000001c0 [ 879.340712][T11255] RBP: ffffc90005097ee0 R08: 0000000000000000 R09: 0000000000000002 [ 879.340725][T11255] R10: dffffc0000000000 R11: fffffbfff16b6b28 R12: 00002000000001c1 [ 879.340740][T11255] R13: 00007ffffffff000 R14: ffffffff8b5b5940 R15: 00002000000001c0 [ 879.340765][T11255] ? _copy_to_user+0x9f/0xb0 [ 879.340797][T11255] _copy_to_user+0x8a/0xb0 [ 879.340829][T11255] keyctl_capabilities+0x50/0x170 [ 879.340860][T11255] __se_sys_keyctl+0x49f/0x910 [ 879.340890][T11255] ? __pfx___se_sys_keyctl+0x10/0x10 [ 879.340913][T11255] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 879.340939][T11255] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 879.340961][T11255] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 879.340996][T11255] ? fput+0xa0/0xd0 [ 879.341017][T11255] ? ksys_write+0x230/0x260 [ 879.341045][T11255] ? __pfx_ksys_write+0x10/0x10 [ 879.341067][T11255] ? rcu_is_watching+0x15/0xb0 [ 879.341104][T11255] ? do_syscall_64+0xbe/0x3b0 [ 879.341130][T11255] ? __x64_sys_keyctl+0x20/0xc0 [ 879.341158][T11255] do_syscall_64+0xfa/0x3b0 [ 879.341184][T11255] ? lockdep_hardirqs_on+0x9c/0x150 [ 879.341211][T11255] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 879.341231][T11255] ? clear_bhb_loop+0x60/0xb0 [ 879.341257][T11255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 879.341277][T11255] RIP: 0033:0x7fa59b8debe9 [ 879.341294][T11255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 879.341311][T11255] RSP: 002b:00007fa599b3e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 879.341331][T11255] RAX: ffffffffffffffda RBX: 00007fa59bb15fa0 RCX: 00007fa59b8debe9 [ 879.341346][T11255] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 000000000000001f [ 879.341359][T11255] RBP: 00007fa599b3e090 R08: 0000000000000000 R09: 0000000000000000 [ 879.341372][T11255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 879.341384][T11255] R13: 00007fa59bb16038 R14: 00007fa59bb15fa0 R15: 00007fffe8831278 [ 879.341419][T11255] [ 879.426561][T11079] bridge0: port 2(bridge_slave_1) entered blocking state [ 879.426704][T11079] bridge0: port 2(bridge_slave_1) entered disabled state [ 879.426960][T11079] bridge_slave_1: entered allmulticast mode [ 879.429773][T11079] bridge_slave_1: entered promiscuous mode [ 882.520410][T11079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 882.570388][T11079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 882.582427][T11183] chnl_net:caif_netlink_parms(): no params data found [ 883.178804][T11079] team0: Port device team_slave_0 added [ 883.832600][T11289] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1557'. [ 884.791827][T11079] team0: Port device team_slave_1 added [ 884.792684][T11135] bridge0: port 1(bridge_slave_0) entered blocking state [ 884.792847][T11135] bridge0: port 1(bridge_slave_0) entered disabled state [ 884.793074][T11135] bridge_slave_0: entered allmulticast mode [ 884.827211][T11135] bridge_slave_0: entered promiscuous mode [ 886.942374][T11135] bridge0: port 2(bridge_slave_1) entered blocking state [ 886.942552][T11135] bridge0: port 2(bridge_slave_1) entered disabled state [ 886.942833][T11135] bridge_slave_1: entered allmulticast mode [ 886.981824][T11135] bridge_slave_1: entered promiscuous mode [ 887.563878][T11079] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 887.563899][T11079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 887.563929][T11079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 887.834679][T11079] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 887.834698][T11079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 887.834728][T11079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 887.840380][T11135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 887.995031][T11135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 887.995705][T11183] bridge0: port 1(bridge_slave_0) entered blocking state [ 887.996123][T11183] bridge0: port 1(bridge_slave_0) entered disabled state [ 887.997429][T11183] bridge_slave_0: entered allmulticast mode [ 888.003682][T11183] bridge_slave_0: entered promiscuous mode [ 888.280672][T11183] bridge0: port 2(bridge_slave_1) entered blocking state [ 888.280775][T11183] bridge0: port 2(bridge_slave_1) entered disabled state [ 888.280913][T11183] bridge_slave_1: entered allmulticast mode [ 888.284634][T11183] bridge_slave_1: entered promiscuous mode [ 890.705815][T11135] team0: Port device team_slave_0 added [ 891.871721][T11135] team0: Port device team_slave_1 added [ 892.343152][T11183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 892.541485][T11079] hsr_slave_0: entered promiscuous mode [ 892.809055][T11079] hsr_slave_1: entered promiscuous mode [ 892.816060][T11183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 894.405460][T11135] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 894.405533][T11135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 894.405604][T11135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 895.311086][T11135] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 895.311105][T11135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 895.311134][T11135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 895.327902][T11183] team0: Port device team_slave_0 added [ 895.418585][T11183] team0: Port device team_slave_1 added [ 897.038509][T11183] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 897.038529][T11183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 897.038559][T11183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 897.468902][T11183] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 897.468922][T11183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 897.468952][T11183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 897.637283][T11135] hsr_slave_0: entered promiscuous mode [ 897.653951][T11135] hsr_slave_1: entered promiscuous mode [ 897.659908][T11135] debugfs: 'hsr0' already exists in 'hsr' [ 897.659940][T11135] Cannot create hsr debugfs directory [ 899.006427][T11183] hsr_slave_0: entered promiscuous mode [ 899.008075][T11183] hsr_slave_1: entered promiscuous mode [ 899.009092][T11183] debugfs: 'hsr0' already exists in 'hsr' [ 899.009120][T11183] Cannot create hsr debugfs directory [ 900.762404][T11393] comedi comedi0: aio_aio12_8: I/O port conflict (0x2,32) [ 902.079923][T11079] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 903.087488][ T13] bridge_slave_1: left allmulticast mode [ 903.087529][ T13] bridge_slave_1: left promiscuous mode [ 903.087854][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 903.199840][ T13] bridge_slave_0: left allmulticast mode [ 903.199878][ T13] bridge_slave_0: left promiscuous mode [ 903.204765][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 903.313410][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 903.355140][ T13] bridge_slave_1: left allmulticast mode [ 903.355178][ T13] bridge_slave_1: left promiscuous mode [ 903.355526][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 903.356884][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 903.361219][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 903.391048][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 903.393991][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 903.478439][ T13] bridge_slave_0: left allmulticast mode [ 903.478477][ T13] bridge_slave_0: left promiscuous mode [ 903.478795][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 903.600174][ T13] bridge_slave_1: left allmulticast mode [ 903.600213][ T13] bridge_slave_1: left promiscuous mode [ 903.600493][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 904.509438][ T13] bridge_slave_0: left allmulticast mode [ 904.509542][ T13] bridge_slave_0: left promiscuous mode [ 904.521608][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 905.498505][ T5840] Bluetooth: hci0: command tx timeout [ 906.167684][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 906.247254][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 906.321280][ T13] bond0 (unregistering): Released all slaves [ 906.945451][T11425] comedi comedi0: aio_aio12_8: I/O port conflict (0x2,32) [ 906.958246][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 907.059808][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 907.164099][ T13] bond0 (unregistering): Released all slaves [ 907.568436][ T5840] Bluetooth: hci0: command tx timeout [ 908.172285][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 908.518307][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 908.595355][ T13] bond0 (unregistering): Released all slaves [ 909.658406][ T5840] Bluetooth: hci0: command tx timeout [ 910.436404][ T13] hsr_slave_0: left promiscuous mode [ 910.506624][ T13] hsr_slave_1: left promiscuous mode [ 910.507686][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 910.589250][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 910.956467][ T13] hsr_slave_0: left promiscuous mode [ 911.016487][ T13] hsr_slave_1: left promiscuous mode [ 911.017576][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 911.067452][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 911.541711][ T13] hsr_slave_0: left promiscuous mode [ 911.615451][ T13] hsr_slave_1: left promiscuous mode [ 911.619514][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 911.670366][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 911.726478][ T5840] Bluetooth: hci0: command tx timeout [ 911.846413][ T7723] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 912.006810][ T7723] usb 5-1: Using ep0 maxpacket: 8 [ 912.009865][ T7723] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 912.009932][ T7723] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 912.009979][ T7723] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 912.010003][ T7723] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 912.040819][ T7723] usbtmc 5-1:16.0: bulk endpoints not found [ 912.679264][ T13] team0 (unregistering): Port device team_slave_1 removed [ 912.856779][ T13] team0 (unregistering): Port device team_slave_0 removed [ 914.653352][ T6007] usb 5-1: USB disconnect, device number 29 [ 915.047337][ T13] team0 (unregistering): Port device team_slave_1 removed [ 915.207465][ T13] team0 (unregistering): Port device team_slave_0 removed [ 916.168245][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 916.175559][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 916.200717][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 916.202080][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 916.203540][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 918.286558][ T5840] Bluetooth: hci5: command tx timeout [ 918.618122][ T13] team0 (unregistering): Port device team_slave_1 removed [ 918.880046][ T13] team0 (unregistering): Port device team_slave_0 removed [ 920.368229][ T5840] Bluetooth: hci5: command tx timeout [ 923.690698][ C0] vkms_vblank_simulate: vblank timer overrun [ 923.691488][ T5840] Bluetooth: hci5: command tx timeout [ 924.296444][ C0] vkms_vblank_simulate: vblank timer overrun [ 924.538903][ C0] vkms_vblank_simulate: vblank timer overrun [ 924.813235][T11405] chnl_net:caif_netlink_parms(): no params data found [ 924.935888][ C0] vkms_vblank_simulate: vblank timer overrun [ 925.184070][ C0] vkms_vblank_simulate: vblank timer overrun [ 925.736847][ T5840] Bluetooth: hci5: command tx timeout [ 925.922001][ C0] vkms_vblank_simulate: vblank timer overrun [ 927.414921][ T5844] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 927.437994][ T5844] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 927.442864][ T5844] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 927.444630][ T5844] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 927.469808][ T5844] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 927.522540][ C0] vkms_vblank_simulate: vblank timer overrun [ 927.756503][T11405] bridge0: port 1(bridge_slave_0) entered blocking state [ 927.756706][T11405] bridge0: port 1(bridge_slave_0) entered disabled state [ 927.756983][T11405] bridge_slave_0: entered allmulticast mode [ 927.799228][T11405] bridge_slave_0: entered promiscuous mode [ 927.831367][T11405] bridge0: port 2(bridge_slave_1) entered blocking state [ 927.831561][T11405] bridge0: port 2(bridge_slave_1) entered disabled state [ 927.831831][T11405] bridge_slave_1: entered allmulticast mode [ 927.878004][T11405] bridge_slave_1: entered promiscuous mode [ 927.918440][ C0] vkms_vblank_simulate: vblank timer overrun [ 928.317679][ C0] vkms_vblank_simulate: vblank timer overrun [ 928.419031][T11471] chnl_net:caif_netlink_parms(): no params data found [ 928.853803][T11405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 928.949232][T11405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 929.566722][ T5844] Bluetooth: hci6: command tx timeout [ 929.978518][T11405] team0: Port device team_slave_0 added [ 930.490758][T11405] team0: Port device team_slave_1 added [ 931.891144][T11555] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1626'. [ 931.893265][ T5844] Bluetooth: hci6: command tx timeout [ 931.979110][T11554] ------------[ cut here ]------------ [ 931.979126][T11554] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 931.979803][T11554] WARNING: CPU: 1 PID: 11554 at drivers/gpu/drm/drm_vblank.c:1308 drm_wait_one_vblank+0x571/0x5b0 [ 931.979845][T11554] Modules linked in: [ 931.979867][T11554] CPU: 1 UID: 0 PID: 11554 Comm: syz.3.1627 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 931.979892][T11554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 931.979906][T11554] RIP: 0010:drm_wait_one_vblank+0x571/0x5b0 [ 931.979932][T11554] Code: ff df 80 3c 08 00 74 08 4c 89 e7 e8 79 ae be fc 4d 8b 2c 24 48 c7 c7 a0 9a 74 8b 4c 89 fe 4c 89 ea 44 89 f1 e8 90 47 24 fc 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 a7 fc ff ff 44 89 f9 [ 931.979949][T11554] RSP: 0018:ffffc90005007ae0 EFLAGS: 00010246 [ 931.979968][T11554] RAX: fe5691db90762a00 RBX: 1ffff11028664401 RCX: 0000000000080000 [ 931.979985][T11554] RDX: ffffc90012c7d000 RSI: 0000000000001387 RDI: 0000000000001388 [ 931.980000][T11554] RBP: ffffc90005007be0 R08: 0000000000000000 R09: 0000000000000000 [ 931.980015][T11554] R10: dffffc0000000000 R11: ffffed1017124863 R12: ffff888143311000 [ 931.980031][T11554] R13: ffffffff8b784a60 R14: 0000000000000000 R15: ffffffff8b79e680 [ 931.980047][T11554] FS: 00007fa5996d96c0(0000) GS:ffff8881269c2000(0000) knlGS:0000000000000000 [ 931.980066][T11554] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 931.980082][T11554] CR2: 00007fa5996d8f98 CR3: 000000004cbf6000 CR4: 00000000003526f0 [ 931.980103][T11554] Call Trace: [ 931.980114][T11554] [ 931.980130][T11554] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 931.980158][T11554] ? __pfx_autoremove_wake_function+0x10/0x10 [ 931.980204][T11554] ? __rcu_read_unlock+0x84/0xe0 [ 931.980237][T11554] ? drm_vblank_get+0x148/0x260 [ 931.980260][T11554] ? __pfx_drm_fb_helper_ioctl+0x10/0x10 [ 931.980287][T11554] drm_fb_helper_ioctl+0x116/0x140 [ 931.980316][T11554] do_fb_ioctl+0x45c/0x750 [ 931.980345][T11554] ? __pfx_do_fb_ioctl+0x10/0x10 [ 931.980388][T11554] ? smk_tskacc+0x2fc/0x370 [ 931.980435][T11554] ? __pfx_smack_file_ioctl+0x10/0x10 [ 931.980468][T11554] ? __rcu_read_unlock+0x84/0xe0 [ 931.980498][T11554] ? __fget_files+0x3a6/0x420 [ 931.980527][T11554] ? __fget_files+0x2a/0x420 [ 931.980562][T11554] ? bpf_lsm_file_ioctl+0x9/0x20 [ 931.980588][T11554] ? __pfx_fb_ioctl+0x10/0x10 [ 931.980611][T11554] __se_sys_ioctl+0xfc/0x170 [ 931.980639][T11554] do_syscall_64+0xfa/0x3b0 [ 931.980669][T11554] ? lockdep_hardirqs_on+0x9c/0x150 [ 931.980698][T11554] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.980721][T11554] ? clear_bhb_loop+0x60/0xb0 [ 931.980748][T11554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.980770][T11554] RIP: 0033:0x7fa59b8debe9 [ 931.980790][T11554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 931.980809][T11554] RSP: 002b:00007fa5996d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 931.980830][T11554] RAX: ffffffffffffffda RBX: 00007fa59bb16270 RCX: 00007fa59b8debe9 [ 931.980846][T11554] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000003 [ 931.980860][T11554] RBP: 00007fa59b961e19 R08: 0000000000000000 R09: 0000000000000000 [ 931.980874][T11554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 931.980887][T11554] R13: 00007fa59bb16308 R14: 00007fa59bb16270 R15: 00007fffe8831278 [ 931.980923][T11554] [ 931.980934][T11554] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 931.980948][T11554] CPU: 1 UID: 0 PID: 11554 Comm: syz.3.1627 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 931.980971][T11554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 931.980985][T11554] Call Trace: [ 931.980994][T11554] [ 931.981003][T11554] dump_stack_lvl+0x99/0x250 [ 931.981035][T11554] ? __asan_memcpy+0x40/0x70 [ 931.981060][T11554] ? __pfx_dump_stack_lvl+0x10/0x10 [ 931.981093][T11554] ? __pfx__printk+0x10/0x10 [ 931.981133][T11554] vpanic+0x281/0x750 [ 931.981165][T11554] ? __pfx__printk+0x10/0x10 [ 931.981196][T11554] ? __pfx_vpanic+0x10/0x10 [ 931.981228][T11554] ? is_bpf_text_address+0x26/0x2b0 [ 931.981272][T11554] panic+0xb9/0xc0 [ 931.981303][T11554] ? __pfx_panic+0x10/0x10 [ 931.981353][T11554] __warn+0x31b/0x4b0 [ 931.981382][T11554] ? drm_wait_one_vblank+0x571/0x5b0 [ 931.981410][T11554] ? drm_wait_one_vblank+0x571/0x5b0 [ 931.981435][T11554] report_bug+0x2be/0x4f0 [ 931.981462][T11554] ? drm_wait_one_vblank+0x571/0x5b0 [ 931.981488][T11554] ? drm_wait_one_vblank+0x571/0x5b0 [ 931.981513][T11554] ? drm_wait_one_vblank+0x573/0x5b0 [ 931.981535][T11554] handle_bug+0x84/0x160 [ 931.981568][T11554] exc_invalid_op+0x1a/0x50 [ 931.981600][T11554] asm_exc_invalid_op+0x1a/0x20 [ 931.981620][T11554] RIP: 0010:drm_wait_one_vblank+0x571/0x5b0 [ 931.981645][T11554] Code: ff df 80 3c 08 00 74 08 4c 89 e7 e8 79 ae be fc 4d 8b 2c 24 48 c7 c7 a0 9a 74 8b 4c 89 fe 4c 89 ea 44 89 f1 e8 90 47 24 fc 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 a7 fc ff ff 44 89 f9 [ 931.981663][T11554] RSP: 0018:ffffc90005007ae0 EFLAGS: 00010246 [ 931.981681][T11554] RAX: fe5691db90762a00 RBX: 1ffff11028664401 RCX: 0000000000080000 [ 931.981697][T11554] RDX: ffffc90012c7d000 RSI: 0000000000001387 RDI: 0000000000001388 [ 931.981712][T11554] RBP: ffffc90005007be0 R08: 0000000000000000 R09: 0000000000000000 [ 931.981726][T11554] R10: dffffc0000000000 R11: ffffed1017124863 R12: ffff888143311000 [ 931.981742][T11554] R13: ffffffff8b784a60 R14: 0000000000000000 R15: ffffffff8b79e680 [ 931.981785][T11554] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 931.981812][T11554] ? __pfx_autoremove_wake_function+0x10/0x10 [ 931.981844][T11554] ? __rcu_read_unlock+0x84/0xe0 [ 931.981875][T11554] ? drm_vblank_get+0x148/0x260 [ 931.981898][T11554] ? __pfx_drm_fb_helper_ioctl+0x10/0x10 [ 931.981924][T11554] drm_fb_helper_ioctl+0x116/0x140 [ 931.981951][T11554] do_fb_ioctl+0x45c/0x750 [ 931.981979][T11554] ? __pfx_do_fb_ioctl+0x10/0x10 [ 931.982021][T11554] ? smk_tskacc+0x2fc/0x370 [ 931.982066][T11554] ? __pfx_smack_file_ioctl+0x10/0x10 [ 931.982099][T11554] ? __rcu_read_unlock+0x84/0xe0 [ 931.982127][T11554] ? __fget_files+0x3a6/0x420 [ 931.982157][T11554] ? __fget_files+0x2a/0x420 [ 931.982195][T11554] ? bpf_lsm_file_ioctl+0x9/0x20 [ 931.982221][T11554] ? __pfx_fb_ioctl+0x10/0x10 [ 931.982244][T11554] __se_sys_ioctl+0xfc/0x170 [ 931.982272][T11554] do_syscall_64+0xfa/0x3b0 [ 931.982300][T11554] ? lockdep_hardirqs_on+0x9c/0x150 [ 931.982328][T11554] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.982349][T11554] ? clear_bhb_loop+0x60/0xb0 [ 931.982377][T11554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.982398][T11554] RIP: 0033:0x7fa59b8debe9 [ 931.982416][T11554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 931.982435][T11554] RSP: 002b:00007fa5996d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 931.982455][T11554] RAX: ffffffffffffffda RBX: 00007fa59bb16270 RCX: 00007fa59b8debe9 [ 931.982469][T11554] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000003 [ 931.982482][T11554] RBP: 00007fa59b961e19 R08: 0000000000000000 R09: 0000000000000000 [ 931.982496][T11554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 931.982510][T11554] R13: 00007fa59bb16308 R14: 00007fa59bb16270 R15: 00007fffe8831278 [ 931.982547][T11554] [ 931.982706][T11554] Kernel Offset: disabled