last executing test programs: 1m0.403045248s ago: executing program 2 (id=236): socketpair$tipc(0x1e, 0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000192c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) add_key(0x0, 0x0, 0x0, 0x0, 0x0) r5 = add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x0, 0x34]}, &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r6, 0x5761, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001"]) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r6, 0x0) add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r4, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1}) close_range(r2, 0xffffffffffffffff, 0x0) r7 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x800, 0x2, 0x800001b7}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x40, 0x0, @fd, 0x7, 0x0, 0x2, 0x0, 0x1, {0x0, r10}}) io_uring_enter(r7, 0x47ba, 0x3000000, 0x0, 0x0, 0x0) 59.040517391s ago: executing program 0 (id=239): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x6}, 0x18) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080), 0xc) 58.706549588s ago: executing program 0 (id=241): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7e}, 0x94) socket$inet_tcp(0x2, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x400c0c4) r2 = openat$rtc(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$RTC_AIE_OFF(r2, 0x7002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6c) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d000203000000fdffffffff0200"/24], 0x18}, 0x1, 0x7}, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f00000000c0)={0x0, 'veth0\x00', {}, 0xda}) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = syz_open_dev$video(&(0x7f00000005c0), 0x5, 0x80942) write$nci(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x4) write$proc_mixer(0xffffffffffffffff, &(0x7f0000000200)=[{'MONITOR', @val={' \'', 'Master Playback'}}, {'LINE2', @void}], 0x35) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x0) ioctl$VIDIOC_ENUMINPUT(r5, 0xc050561a, &(0x7f0000000000)={0x3, "f9008800290215cbab2f111658df5edc0100000000000000000000000400", 0x1, 0x4, 0x4, 0x8, 0x3a5, 0x2}) r6 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840) ioctl$SG_IO(r6, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffb, 0x0, 0x1, @buffer={0x300, 0x56, &(0x7f0000000440)=""/86}, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='dyn']) 57.387180745s ago: executing program 0 (id=243): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x10, 0x7fff0000}]}) rt_tgsigqueueinfo(0x0, 0x0, 0x24, 0x0) sched_getparam(0x0, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x4c, 0xffffffffffffffff, &(0x7f00000003c0)) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = getpgrp(0x0) get_robust_list(r2, &(0x7f0000000300)=&(0x7f0000000280)={&(0x7f0000000240)={&(0x7f0000000100)}}, &(0x7f0000000340)=0x18) 57.230199595s ago: executing program 1 (id=244): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xd, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x7a}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="05000000040000000800000001"], 0x50) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000003240)={&(0x7f0000001140), 0x0, 0x0, 0x0, 0x83, r2}, 0x38) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000b40)={'ip6tnl0\x00', &(0x7f0000000ac0)={'syztnl0\x00', 0x0, 0x4, 0x7, 0x9, 0x7fff, 0x3, @local, @private0={0xfc, 0x0, '\x00', 0x1}, 0x20, 0x20, 0x3ff, 0xb}}) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) setsockopt(0xffffffffffffffff, 0x1, 0x20, &(0x7f0000000040), 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) r6 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r6, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect) ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f00000001c0)={0xa1, 0x0, 0x8, 0xa4, 0x0, 0x2, 0x0}) close_range(r4, 0xffffffffffffffff, 0x0) r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000b80), 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000cc0)=@bpf_tracing={0x1a, 0x18, &(0x7f0000000680)=ANY=[@ANYBLOB="b7080000000000007b8af8ff00000000b7080000050000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="000000a0f0ff0100000000000000000085000000a5000000185200000d000000000000000000000500000000000000ff1855d6fc0000dc0000000000bc9d2dc4b95c290f", @ANYRES32=r0, @ANYBLOB="000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000086000000"], &(0x7f0000000a80)='GPL\x00', 0x80000000, 0x0, 0x0, 0x41000, 0x1, '\x00', r3, 0x18, r7, 0x8, &(0x7f0000000bc0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000c00)={0x5, 0x8, 0x8, 0x7fff}, 0x10, 0xf71e, r1, 0x1, &(0x7f0000000c40)=[r0], &(0x7f0000000c80)=[{0x5, 0x5, 0x6, 0x8}], 0x10, 0x8}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl2\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x7840, 0x8, 0x1, 0x1000, {{0x1b, 0x4, 0x1, 0x29, 0x6c, 0x68, 0x0, 0xf4, 0x4, 0x0, @local, @multicast1, {[@timestamp_prespec={0x44, 0x4c, 0x4a, 0x3, 0xc, [{@empty, 0xa}, {@loopback, 0x3}, {@broadcast, 0x5}, {@dev={0xac, 0x14, 0x14, 0xa}, 0x3}, {@loopback, 0xb}, {@local, 0xfffffff6}, {@remote, 0x7}, {@broadcast, 0x5}, {@loopback, 0x50000000}]}, @rr={0x7, 0xb, 0xd8, [@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}}) r8 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth1_to_hsr\x00', &(0x7f0000000080)=@ethtool_dump={0x3f, 0x2, 0x6}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'dummy0\x00'}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000002c0)={'sit0\x00', &(0x7f0000000240)={'tunl0\x00', 0x0, 0x8000, 0x40, 0x9, 0x9, {{0xf, 0x4, 0x3, 0x6, 0x3c, 0x66, 0x0, 0x2, 0x6, 0x0, @private=0xa010100, @multicast1, {[@timestamp_prespec={0x44, 0x24, 0xc4, 0x3, 0x2, [{@broadcast, 0xc4}, {@loopback, 0x64}, {@rand_addr=0x64010100, 0x5}, {@rand_addr=0x64010101, 0x6cb43ab6}]}, @noop]}}}}}) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000300)={@remote}, &(0x7f0000000340)=0xc) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000380)={@mcast2}, &(0x7f00000003c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'gre0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x700, 0xe7, 0xf50, 0x1, {{0x8, 0x4, 0x0, 0x1a, 0x20, 0x64, 0x0, 0x8, 0x29, 0x0, @multicast2, @private=0xa010100, {[@ssrr={0x89, 0xb, 0x63, [@local, @dev={0xac, 0x14, 0x14, 0x27}]}]}}}}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r9, 0x8983, &(0x7f0000000980)={0x0, 'ip6tnl0\x00', {0x3}, 0x99}) r10 = socket(0x1f, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) 56.953428312s ago: executing program 1 (id=245): socketpair$tipc(0x1e, 0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000192c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) add_key(0x0, 0x0, 0x0, 0x0, 0x0) r5 = add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x0, 0x34]}, &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r6, 0x5761, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001"]) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r6, 0x0) add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r4, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1}) close_range(r2, 0xffffffffffffffff, 0x0) r7 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x800, 0x2, 0x800001b7}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x40, 0x0, @fd, 0x7, 0x0, 0x2, 0x0, 0x1, {0x0, r10}}) io_uring_enter(r7, 0x47ba, 0x3000000, 0x0, 0x0, 0x0) 56.816049326s ago: executing program 2 (id=246): syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000400304306000000000000109022d00010000800009040000010300010009210000000122031e58bc680310007f0000090502030800080924"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x141800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x2, 0x40000083, 0x0, 0x0, 0x1}) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) epoll_create1(0x80000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x18) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) ptrace$pokeuser(0x6, r7, 0x388, 0x41d9fda7) 56.515485735s ago: executing program 3 (id=247): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xf, 0x14, &(0x7f00000000c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="a57db9ddd7c593007129fdf25d2db915bac73eabc4294d909ad667e26760646894e180b1d715e6b30bc66a249d1e780a385dd83691e6c2792bd157696593918980b1258b782baad281a32f500713f4708e5175b0a4a6f8abe4f68040482850aaf8404d95f5", @ANYRES16=r0, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94) fsopen(&(0x7f00000001c0)='smb3\x00', 0x0) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffff8000, 0x0) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0) ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0x7000000) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4044004) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={0x0, @qipcrtr={0x2a, 0x2, 0x3fff}, @vsock={0x28, 0x0, 0xffffffff, @my=0x1}, @generic={0x26, "7a719292e3321400e79691bcc726"}, 0x5, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6, 0x6, 0x1000}) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000003c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r7, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) 55.816896006s ago: executing program 1 (id=248): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x7, 0x2261, 0x2}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r0, &(0x7f0000000100), &(0x7f0000000100)=""/13, 0x2}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r3 = fcntl$dupfd(r1, 0x0, r0) write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d) write$binfmt_script(r3, &(0x7f0000001b00), 0xfffffd9d) write$FUSE_INTERRUPT(r3, &(0x7f0000000080)={0x10, 0xffffffffffffffda}, 0x10) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x419, 0x600, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x7, {0x7, 0x0, "392cdaab4a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0}, 0x18) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000040)={'bridge0\x00', 0x400}) close(r5) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) 55.514017651s ago: executing program 3 (id=249): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x70, 0x70, 0x7, [@func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{}, {0x4}, {0x6, 0x4}, {0x7, 0x5}, {0x2, 0x5}]}, @decl_tag={0x3, 0x0, 0x0, 0x11, 0x2, 0x3}, @decl_tag={0xa, 0x0, 0x0, 0x11, 0x1, 0x2}, @var={0x6, 0x0, 0x0, 0xe, 0x3, 0x2}, @fwd={0xe}]}, {0x0, [0x30, 0x61, 0x2e, 0x2e, 0x30]}}, &(0x7f0000000000), 0x8f, 0x0, 0x0, 0x5, 0x10000}, 0x28) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, r2}, 0x50) poll(&(0x7f00000000c0)=[{r3, 0x12}], 0x1, 0x7) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r5, 0x29, 0x24, &(0x7f00000000c0), 0x4) r6 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f0000000380)="48000000150081fb0259ae08040204000aff0f110000000401d174a4ffa4d8643aec0caa94bd9a5f5901546fabca1b4e7d06a6bd7c493872f750375ed08a562af5740700b8c11941", 0x48}], 0x1}, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4, 0xffffffff}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0) syz_open_dev$sndctrl(0x0, 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) close(r4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001140)) syz_io_uring_setup(0x1458, &(0x7f00000004c0)={0x0, 0x4, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r9, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_MSG_RING={0x28, 0x20, 0x0, r9, 0x1, 0x0, 0x0, 0x0, 0x1}) setsockopt$IP_VS_SO_SET_TIMEOUT(r9, 0x0, 0x48a, &(0x7f0000000000)={0xeb04, 0x7c, 0x3}, 0xc) ioctl$SIOCSIFHWADDR(r4, 0x8943, &(0x7f0000000200)={'syzkaller0\x00'}) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"}) 53.731718571s ago: executing program 0 (id=251): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x6}, 0x18) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080), 0xc) 53.14151716s ago: executing program 0 (id=252): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000002900)={0x2020}, 0x2020) pread64(r0, &(0x7f00000002c0)=""/164, 0xa4, 0x7fffffff) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close(0xffffffffffffffff) socket$inet6_sctp(0xa, 0x5, 0x84) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}, {&(0x7f0000000080)='-6', 0x3f}], 0x2) 52.876896518s ago: executing program 2 (id=253): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000002900)={0x2020}, 0x2020) pread64(r0, &(0x7f00000002c0)=""/164, 0xa4, 0x7fffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close(0xffffffffffffffff) socket$inet6_sctp(0xa, 0x5, 0x84) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}, {&(0x7f0000000080)='-6', 0x3f}], 0x2) 52.823426699s ago: executing program 4 (id=254): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000000c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000080)={0xd, 0x8, 0x2, 0x0, 0x0, 0x1000}) (fail_nth: 1) 52.758468319s ago: executing program 3 (id=255): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000000c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x4) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, 0x0) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000080)={0xd, 0x8, 0x2, 0x0, 0x0, 0x1000}) 52.343567498s ago: executing program 4 (id=256): sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7654}]}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='htcp\x00', 0x5) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x100120}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700) 52.310852544s ago: executing program 3 (id=257): socketpair$tipc(0x1e, 0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000192c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) add_key(0x0, 0x0, 0x0, 0x0, 0x0) r6 = add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x0, 0x34]}, &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r7, 0x5761, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001"]) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r7, 0x0) add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r5, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1}) close_range(r3, 0xffffffffffffffff, 0x0) r8 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x800, 0x2, 0x800001b7}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x40, 0x0, @fd, 0x7, 0x0, 0x2, 0x0, 0x1, {0x0, r11}}) io_uring_enter(r8, 0x47ba, 0x3000000, 0x0, 0x0, 0x0) 52.11418726s ago: executing program 1 (id=258): sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x2}) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280), 0x8}) ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000280)={0x0, 0xa}) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7654}]}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='htcp\x00', 0x5) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x100120}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700) 51.375010697s ago: executing program 4 (id=259): openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) (async) r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) poll(&(0x7f0000000180)=[{r0, 0x8000}], 0x1, 0x2) 51.143610981s ago: executing program 3 (id=260): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xf, 0x14, &(0x7f00000000c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="a57db9ddd7c593007129fdf25d2db915bac73eabc4294d909ad667e26760646894e180b1d715e6b30bc66a249d1e780a385dd83691e6c2792bd157696593918980b1258b782baad281a32f500713f4708e5175b0a4a6f8abe4f68040482850aaf8404d95f5", @ANYRES16=r0, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94) fsopen(&(0x7f00000001c0)='smb3\x00', 0x0) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffff8000, 0x0) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0) ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0x7000000) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4044004) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={0x0, @qipcrtr={0x2a, 0x2, 0x3fff}, @vsock={0x28, 0x0, 0xffffffff, @my=0x1}, @generic={0x26, "7a719292e3321400e79691bcc726"}, 0x5, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6, 0x6, 0x1000}) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000003c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r7, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) 50.979098928s ago: executing program 4 (id=261): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xf, 0x14, &(0x7f00000000c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="a57db9ddd7c593007129fdf25d2db915bac73eabc4294d909ad667e26760646894e180b1d715e6b30bc66a249d1e780a385dd83691e6c2792bd157696593918980b1258b782baad281a32f500713f4708e5175b0a4a6f8abe4f68040482850aaf8404d95f5", @ANYRES16=r0, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94) fsopen(&(0x7f00000001c0)='smb3\x00', 0x0) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffff8000, 0x0) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0) ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0x7000000) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4044004) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={0x0, @qipcrtr={0x2a, 0x2, 0x3fff}, @vsock={0x28, 0x0, 0xffffffff, @my=0x1}, @generic={0x26, "7a719292e3321400e79691bcc726"}, 0x5, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6, 0x6, 0x1000}) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'}) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000003c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r7, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) 50.597982745s ago: executing program 1 (id=262): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x6}, 0x18) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080), 0xc) 50.208235268s ago: executing program 1 (id=263): r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000003c0)) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$dri(0x0, 0x0, 0x0) r2 = fsopen(&(0x7f0000000000)='udf\x00', 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xe, 0x79530f0568fe62db, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1e00000003000000000000000e000000000a0600", @ANYRES32, @ANYBLOB="f8ffffff00"/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="040000000500000004000000070000ee0093e1000000080000000000"], 0x50) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) 43.011407168s ago: executing program 3 (id=264): syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000400304306000000000000109022d00010000800009040000010300010009210000000122031e58bc680310007f0000090502030800080924"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x141800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x2, 0x40000083, 0x0, 0x0, 0x1}) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) epoll_create1(0x80000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x18) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) ptrace$pokeuser(0x6, r7, 0x388, 0x41d9fda7) 42.911154327s ago: executing program 4 (id=265): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000080)}) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)="b8190a9a35d993a61a496a15c321b2905dcb3ef6af6d39620e0e70383996626784231849f3ee7d7a23b15a2402b3ac50e5e3c2bf3606ae8c464333537de0f60d56dba39a4a44d90f8b9e2fb6a7951f239d7b8a98259a193ecb6a65d2c8279eab9ebb2621ef164a0437ce2ecd2ed4eb8eda765269b43abf", 0x77}, 0x1, 0x0, 0x0, 0x4080}, 0x80) syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB, @ANYRES16=0x0, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4040840}, 0x40004) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0xa) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) connect$unix(r2, 0x0, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) chdir(&(0x7f0000000080)='./file0\x00') setpgid(0x0, 0x0) getpgid(0x0) socket$packet(0x11, 0x3, 0x300) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'syztnl2\x00', &(0x7f0000000280)={'syztnl2\x00', 0x0, 0x2f, 0xc0, 0xa1, 0x7, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, 0x7800, 0x40, 0xa}}) sendto$packet(r4, &(0x7f0000000080)="18", 0x1, 0x0, &(0x7f00000000c0)={0x11, 0xe, r5, 0x1, 0x0, 0x6, @multicast}, 0x14) r6 = socket(0x40000000002, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0x18, 0xffffffffffffffff, 0x0) 41.451698239s ago: executing program 0 (id=266): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r0) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ipv6_route\x00') preadv(r2, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, 0x96, 0x0) sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x14, r1, 0x20a228c28c4e77c1, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4885}, 0x40000) syz_genetlink_get_family_id$nfc(&(0x7f0000000200), r0) syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x34, 0x0, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa5}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}}, 0x20) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4000044}, 0x0) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x5, 0x1, 0x9, 0xae}, 0x48) bpf$MAP_CREATE(0xc00000000000000, &(0x7f00000008c0)=ANY=[@ANYBLOB="0d00000002000000040000000240000000000000", @ANYRES32=r8, @ANYBLOB="1e00009ccf00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000011000000000000000000"], 0x48) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f7f"], 0x0) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r9, 0x800, 0x70bd2b, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x5, 0x9, @udp='udp:syz0\x00'}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) 32.794185205s ago: executing program 2 (id=267): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000400)={0x5, r0, 0x2}) write$binfmt_aout(r1, &(0x7f0000000440)={{0x107, 0x5, 0x0, 0x18c, 0x2e4, 0xffffffff, 0x117, 0x8f}, "b3f01ae2472205c47b7655349a555eddcdce4932b3f24dbd48"}, 0x39) (async) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b600000030"], 0x0) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58) (async) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000003d40), 0x4) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="03c90000cf47d16331aef6ee13ff7f266e13da7be839b35e9ae1a333f2d8fd8e1983903166f4d8f3d5e043b8eb3a4dd0a04b39df97c82009b793cd734558a268aac6cea0ca6aa40899810bc164d8ad6b2ce23bf4b88d9b72991218c6c68e9a992582d217f639c8ad76405b511163edb9ca95e8123830003ab82fc86a517ac2aff77866914ebb9aca4a6e530d80f19ee31eeb1e5b8139b72264f8fceb54ee9980e771c5f11155b69e12e65e6a3699d1b80648dd949081f1a612b7b5950f41554c9b832f7cf9efa4987bd88887917199318d28808204e7638ca5932c066d2a662e600ac0a8f27b86c066f2bceabd1b3af66c12fefa311c5afe0821a14432925187a05476e0a972e85f26a24832c357d70d354ade966e6963234e4956658ac9ece3780485fcb3decb69a029ffbeda1c7b27bb020f4137624286d8a2d22221028b3efd3433e7fd3ba291446947a274a748f45bb347fa49e295cfa305f5dd46b662afde61cfee33ea823d23f46a662146886c6e3c30e660d765f46dcc14914b3e342e44436410fedeb6594f37ac94cd336dea463e0541daadbe70b5b925741db16240afc85f391539569ac14e5dccb9ca5790c33f8a6cdd7abc1cb762972634968ecb9f1dff8b6b6cd6f5f56db31c24ac5b2b1bed2efea1f4e67f"], 0x1004) (async) r4 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_misc(r5, &(0x7f0000000040), 0xe09) (async) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}}) (async) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0) (async) fcntl$getownex(r5, 0x10, &(0x7f0000000240)={0x0, 0x0}) ptrace$setregs(0xf, r6, 0x101, &(0x7f0000000280)="4a32d019622eda17d2882501b1e029095b8e006bb3a1") (async) syz_emit_ethernet(0xff44, &(0x7f0000000500)={@multicast, @link_local, @void, {@ipv4={0x800, @generic={{0xf, 0x4, 0x1, 0x5, 0x11e, 0x67, 0x0, 0x10, 0x5e, 0x0, @multicast2, @private=0xa010101, {[@timestamp={0x44, 0x28, 0x23, 0x0, 0x4, [0x2, 0x3, 0x1, 0x3, 0x4, 0x5, 0x1, 0x7, 0x337]}]}}, "7c9ac36eb49843594a4f15236787919508d112b585e84e2cd48a402d95a18fea2102697e4a48b1342f29df8710e61e038df3e22ae6639ecc53691f151474f98cef1cf38879755622ca3a24c1f086a9909e9560bd54dd941bb7bf6f12c3e689b620f556fb8758d07adaed8f3cd220f8623579da2b422b5a98052a343bc91d0511a7ef04ebb0a3d7bb1779ea855df5f39cf4ebfc66d9fcc9aa7268e48276905651a064fa0f0a0bff7609bf293fe126dbbb47b4a66480736ce5b451a8ac70787643d19014ab7de6766ec8b9c19b4c5f18b3ed7281222692f7fed776fdeb974c76ebea03"}}}}, 0x0) (async) r7 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r7, 0x0, 0xd4, &(0x7f0000000040)=0x9, 0x4) 32.794031797s ago: executing program 2 (id=268): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000001c0)={&(0x7f00000000c0)=[{0xfffd, 0x8000, 0x0, 0x0}], 0x1}) 32.773021456s ago: executing program 32 (id=263): r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000003c0)) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$dri(0x0, 0x0, 0x0) r2 = fsopen(&(0x7f0000000000)='udf\x00', 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xe, 0x79530f0568fe62db, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1e00000003000000000000000e000000000a0600", @ANYRES32, @ANYBLOB="f8ffffff00"/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="040000000500000004000000070000ee0093e1000000080000000000"], 0x50) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) 26.430178445s ago: executing program 2 (id=270): socketpair$tipc(0x1e, 0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000192c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) add_key(0x0, 0x0, 0x0, 0x0, 0x0) r6 = add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x0, 0x34]}, &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r7, 0x5761, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001"]) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r7, 0x0) add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r5, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1}) close_range(r3, 0xffffffffffffffff, 0x0) r8 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x800, 0x2, 0x800001b7}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x40, 0x0, @fd, 0x7, 0x0, 0x2, 0x0, 0x1, {0x0, r11}}) io_uring_enter(r8, 0x47ba, 0x3000000, 0x0, 0x0, 0x0) 15.630010485s ago: executing program 4 (id=271): r0 = creat(&(0x7f0000000240)='./file0\x00', 0x40) close(r0) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x930, 0x6000002, 0x4018831, r0, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x0, 0x48) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000280)="b7bb28010677f20293eae24fa9cbc2a8e476c0d318075cc7c7cf494e4bd8734ef2ba7edd73c599aee7ded91db16a6e870841f1e7f4f151816eb9533b65f9610b24581d22f3ecb416", 0x0, 0x48) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) 1.615239686s ago: executing program 33 (id=266): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r0) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ipv6_route\x00') preadv(r2, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, 0x96, 0x0) sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x14, r1, 0x20a228c28c4e77c1, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4885}, 0x40000) syz_genetlink_get_family_id$nfc(&(0x7f0000000200), r0) syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x34, 0x0, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa5}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}}, 0x20) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4000044}, 0x0) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x5, 0x1, 0x9, 0xae}, 0x48) bpf$MAP_CREATE(0xc00000000000000, &(0x7f00000008c0)=ANY=[@ANYBLOB="0d00000002000000040000000240000000000000", @ANYRES32=r8, @ANYBLOB="1e00009ccf00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000011000000000000000000"], 0x48) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f7f"], 0x0) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r9, 0x800, 0x70bd2b, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x5, 0x9, @udp='udp:syz0\x00'}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) 406.332438ms ago: executing program 34 (id=264): syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000400304306000000000000109022d00010000800009040000010300010009210000000122031e58bc680310007f0000090502030800080924"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x141800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x2, 0x40000083, 0x0, 0x0, 0x1}) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) epoll_create1(0x80000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x18) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) ptrace$pokeuser(0x6, r7, 0x388, 0x41d9fda7) 236.346214ms ago: executing program 35 (id=270): socketpair$tipc(0x1e, 0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000192c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) add_key(0x0, 0x0, 0x0, 0x0, 0x0) r6 = add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x0, 0x34]}, &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r7, 0x5761, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001"]) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r7, 0x0) add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r5, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1}) close_range(r3, 0xffffffffffffffff, 0x0) r8 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x800, 0x2, 0x800001b7}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x40, 0x0, @fd, 0x7, 0x0, 0x2, 0x0, 0x1, {0x0, r11}}) io_uring_enter(r8, 0x47ba, 0x3000000, 0x0, 0x0, 0x0) 0s ago: executing program 36 (id=271): r0 = creat(&(0x7f0000000240)='./file0\x00', 0x40) close(r0) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x930, 0x6000002, 0x4018831, r0, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x0, 0x48) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000280)="b7bb28010677f20293eae24fa9cbc2a8e476c0d318075cc7c7cf494e4bd8734ef2ba7edd73c599aee7ded91db16a6e870841f1e7f4f151816eb9533b65f9610b24581d22f3ecb416", 0x0, 0x48) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.237' (ED25519) to the list of known hosts. [ 74.391257][ T5826] cgroup: Unknown subsys name 'net' [ 74.620000][ T5826] cgroup: Unknown subsys name 'cpuset' [ 74.675941][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.352224][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.642427][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.657102][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.658099][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.680316][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.684543][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.685350][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.686969][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.689269][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.689895][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.705774][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.749363][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.751618][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.756352][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.771090][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.772800][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.803254][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.804532][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.815795][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.816935][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.817619][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.872580][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.875026][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.876435][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.891128][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.892015][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.588975][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 81.592837][ T990] cfg80211: failed to load regulatory.db [ 81.716407][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 81.966318][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 82.147831][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 82.326857][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 82.577584][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.579062][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.579634][ T5836] bridge_slave_0: entered allmulticast mode [ 82.582499][ T5836] bridge_slave_0: entered promiscuous mode [ 82.695567][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.695714][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.695892][ T5836] bridge_slave_1: entered allmulticast mode [ 82.698560][ T5836] bridge_slave_1: entered promiscuous mode [ 82.776286][ T5844] Bluetooth: hci1: command tx timeout [ 82.776292][ T5839] Bluetooth: hci0: command tx timeout [ 82.845982][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.846100][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.846204][ T5837] bridge_slave_0: entered allmulticast mode [ 82.847672][ T5837] bridge_slave_0: entered promiscuous mode [ 82.855861][ T5844] Bluetooth: hci2: command tx timeout [ 82.935335][ T5844] Bluetooth: hci4: command tx timeout [ 82.935531][ T5844] Bluetooth: hci3: command tx timeout [ 83.013656][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.013767][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.013872][ T5837] bridge_slave_1: entered allmulticast mode [ 83.016213][ T5837] bridge_slave_1: entered promiscuous mode [ 83.157543][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.157705][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.157878][ T5845] bridge_slave_0: entered allmulticast mode [ 83.160418][ T5845] bridge_slave_0: entered promiscuous mode [ 83.339599][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.339904][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.340029][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.340188][ T5845] bridge_slave_1: entered allmulticast mode [ 83.341897][ T5845] bridge_slave_1: entered promiscuous mode [ 83.560957][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.722715][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.722948][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.723204][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.723370][ T5846] bridge_slave_0: entered allmulticast mode [ 83.725071][ T5846] bridge_slave_0: entered promiscuous mode [ 84.031567][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.031803][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.031895][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.032169][ T5846] bridge_slave_1: entered allmulticast mode [ 84.033604][ T5846] bridge_slave_1: entered promiscuous mode [ 84.159170][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.160066][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.160204][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.160310][ T5851] bridge_slave_0: entered allmulticast mode [ 84.161802][ T5851] bridge_slave_0: entered promiscuous mode [ 84.328781][ T5836] team0: Port device team_slave_0 added [ 84.334175][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.334459][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.334623][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.334789][ T5851] bridge_slave_1: entered allmulticast mode [ 84.337541][ T5851] bridge_slave_1: entered promiscuous mode [ 84.507770][ T5836] team0: Port device team_slave_1 added [ 84.647397][ T5837] team0: Port device team_slave_0 added [ 84.652345][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.855382][ T5839] Bluetooth: hci0: command tx timeout [ 84.855412][ T5839] Bluetooth: hci1: command tx timeout [ 84.919704][ T5837] team0: Port device team_slave_1 added [ 84.923427][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.937446][ T5839] Bluetooth: hci2: command tx timeout [ 85.009045][ T5845] team0: Port device team_slave_0 added [ 85.012207][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.015393][ T5844] Bluetooth: hci4: command tx timeout [ 85.015484][ T5839] Bluetooth: hci3: command tx timeout [ 85.324418][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.324428][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.324442][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.331511][ T5845] team0: Port device team_slave_1 added [ 85.334942][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.478606][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.478621][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.478645][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.626459][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.626470][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.626483][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.628505][ T5846] team0: Port device team_slave_0 added [ 85.793331][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.793346][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.793369][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.797445][ T5846] team0: Port device team_slave_1 added [ 85.802315][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.802326][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.802348][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.817173][ T5851] team0: Port device team_slave_0 added [ 85.838933][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.838946][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.838968][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.929358][ T5851] team0: Port device team_slave_1 added [ 86.318086][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.318098][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.318111][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.324169][ T5836] hsr_slave_0: entered promiscuous mode [ 86.325093][ T5836] hsr_slave_1: entered promiscuous mode [ 86.578522][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.578536][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.578558][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.581189][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.581201][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.581224][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.601154][ T5837] hsr_slave_0: entered promiscuous mode [ 86.602435][ T5837] hsr_slave_1: entered promiscuous mode [ 86.605803][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 86.605912][ T5837] Cannot create hsr debugfs directory [ 86.743240][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.743254][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.743268][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.935564][ T5844] Bluetooth: hci1: command tx timeout [ 86.935652][ T5839] Bluetooth: hci0: command tx timeout [ 86.976670][ T5845] hsr_slave_0: entered promiscuous mode [ 86.978053][ T5845] hsr_slave_1: entered promiscuous mode [ 86.978917][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 86.978939][ T5845] Cannot create hsr debugfs directory [ 87.015465][ T5839] Bluetooth: hci2: command tx timeout [ 87.105555][ T5844] Bluetooth: hci4: command tx timeout [ 87.105642][ T5839] Bluetooth: hci3: command tx timeout [ 87.616339][ T5846] hsr_slave_0: entered promiscuous mode [ 87.617652][ T5846] hsr_slave_1: entered promiscuous mode [ 87.618407][ T5846] debugfs: 'hsr0' already exists in 'hsr' [ 87.618425][ T5846] Cannot create hsr debugfs directory [ 87.723500][ T5851] hsr_slave_0: entered promiscuous mode [ 87.724265][ T5851] hsr_slave_1: entered promiscuous mode [ 87.724751][ T5851] debugfs: 'hsr0' already exists in 'hsr' [ 87.724770][ T5851] Cannot create hsr debugfs directory [ 88.946859][ T5836] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 88.977316][ T5836] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.012180][ T5836] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.015364][ T5844] Bluetooth: hci1: command tx timeout [ 89.015403][ T5839] Bluetooth: hci0: command tx timeout [ 89.053306][ T5836] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.096817][ T5839] Bluetooth: hci2: command tx timeout [ 89.185368][ T5844] Bluetooth: hci4: command tx timeout [ 89.185412][ T5839] Bluetooth: hci3: command tx timeout [ 89.190483][ T5837] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.226137][ T5837] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.271073][ T5837] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.320585][ T5837] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.452576][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.505209][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.542682][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.581425][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.730840][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.781993][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.818592][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.878164][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.034084][ T5851] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.081479][ T5851] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.120618][ T5851] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.161344][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.163194][ T5851] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.294307][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.334238][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.363691][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.364283][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.430226][ T1008] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.430381][ T1008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.494405][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.521415][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.558616][ T1429] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.559889][ T1429] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.608363][ T4971] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.608576][ T4971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.669643][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.710209][ T4991] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.710416][ T4991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.731605][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.773037][ T4971] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.773213][ T4971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.901776][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.921003][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.964299][ T1008] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.964428][ T1008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.030721][ T1008] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.032479][ T1008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.144129][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.229873][ T4971] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.230019][ T4971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.293270][ T4971] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.293956][ T4971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.534474][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.579688][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.743603][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.980268][ T5837] veth0_vlan: entered promiscuous mode [ 92.037304][ T5837] veth1_vlan: entered promiscuous mode [ 92.140473][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.191321][ T5845] veth0_vlan: entered promiscuous mode [ 92.243071][ T5845] veth1_vlan: entered promiscuous mode [ 92.290202][ T5837] veth0_macvtap: entered promiscuous mode [ 92.330080][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.333404][ T5837] veth1_macvtap: entered promiscuous mode [ 92.396845][ T5836] veth0_vlan: entered promiscuous mode [ 92.436073][ T5846] veth0_vlan: entered promiscuous mode [ 92.444720][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.474925][ T5836] veth1_vlan: entered promiscuous mode [ 92.483813][ T5845] veth0_macvtap: entered promiscuous mode [ 92.504578][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.525058][ T5845] veth1_macvtap: entered promiscuous mode [ 92.538882][ T5846] veth1_vlan: entered promiscuous mode [ 92.560721][ T1008] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.571787][ T1008] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.583652][ T1008] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.599172][ T1008] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.694249][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.706214][ T5851] veth0_vlan: entered promiscuous mode [ 92.787972][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.847532][ T5836] veth0_macvtap: entered promiscuous mode [ 92.875532][ T5851] veth1_vlan: entered promiscuous mode [ 92.883967][ T68] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.902323][ T68] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.906427][ T5836] veth1_macvtap: entered promiscuous mode [ 92.935843][ T68] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.962434][ T5846] veth0_macvtap: entered promiscuous mode [ 92.973414][ T68] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.006093][ T5846] veth1_macvtap: entered promiscuous mode [ 93.007877][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.007897][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.154656][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.242974][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.242993][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.257860][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.280048][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.352499][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.352584][ T64] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.355030][ T5851] veth0_macvtap: entered promiscuous mode [ 93.375823][ T64] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.384689][ T64] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.394943][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.394959][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.405803][ T64] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.440650][ T5851] veth1_macvtap: entered promiscuous mode [ 93.451219][ T68] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.464706][ T68] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.481607][ T68] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.500903][ T68] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.585761][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.585781][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.716674][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.735097][ T5956] process 'syz.2.3' launched './file2' with NULL argv: empty string added [ 93.870983][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.979453][ T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.033423][ T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.050003][ T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.103945][ T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.200609][ T4971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.200622][ T4971] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.430376][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.430395][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.491139][ T5956] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 94.542019][ T1008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.542038][ T1008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.755437][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.766504][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 94.795225][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 94.892395][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.892413][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.230590][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.230609][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.531186][ T5968] Zero length message leads to an empty skb [ 95.665198][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 95.698865][ C0] vkms_vblank_simulate: vblank timer overrun [ 95.751182][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.751196][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.785470][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 95.815426][ T5839] Bluetooth: hci0: command 0x080f tx timeout [ 95.830341][ T5971] 9pnet_fd: Insufficient options for proto=fd [ 95.924895][ T5974] FAULT_INJECTION: forcing a failure. [ 95.924895][ T5974] name failslab, interval 1, probability 0, space 0, times 1 [ 95.924942][ T5974] CPU: 0 UID: 0 PID: 5974 Comm: syz.4.8 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 95.924963][ T5974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 95.924980][ T5974] Call Trace: [ 95.924987][ T5974] [ 95.924995][ T5974] dump_stack_lvl+0x189/0x250 [ 95.925029][ T5974] ? __pfx____ratelimit+0x10/0x10 [ 95.925055][ T5974] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.925078][ T5974] ? __pfx__printk+0x10/0x10 [ 95.925104][ T5974] ? __pfx___might_resched+0x10/0x10 [ 95.925130][ T5974] should_fail_ex+0x46c/0x600 [ 95.925177][ T5974] should_failslab+0xa8/0x100 [ 95.925202][ T5974] __kvmalloc_node_noprof+0x15a/0x550 [ 95.925223][ T5974] ? traverse+0xd9/0x570 [ 95.925248][ T5974] traverse+0xd9/0x570 [ 95.925273][ T5974] ? seq_lseek+0x55/0x260 [ 95.925295][ T5974] seq_lseek+0x137/0x260 [ 95.925318][ T5974] proc_reg_llseek+0x1c5/0x2a0 [ 95.925342][ T5974] __x64_sys_lseek+0x155/0x1f0 [ 95.925366][ T5974] do_syscall_64+0xfa/0x3b0 [ 95.925382][ T5974] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.925405][ T5974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.925422][ T5974] ? clear_bhb_loop+0x60/0xb0 [ 95.925443][ T5974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.925460][ T5974] RIP: 0033:0x7fac7159ec29 [ 95.925481][ T5974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.925495][ T5974] RSP: 002b:00007fac6f7fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000008 [ 95.925514][ T5974] RAX: ffffffffffffffda RBX: 00007fac717e5fa0 RCX: 00007fac7159ec29 [ 95.925527][ T5974] RDX: 0000000000000000 RSI: 0000018000000000 RDI: 0000000000000003 [ 95.925538][ T5974] RBP: 00007fac6f7fe090 R08: 0000000000000000 R09: 0000000000000000 [ 95.925549][ T5974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.925559][ T5974] R13: 00007fac717e6038 R14: 00007fac717e5fa0 R15: 00007fff40977c78 [ 95.925590][ T5974] [ 96.142841][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 96.175320][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.175361][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 96.207647][ T9] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d [ 96.207674][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.207693][ T9] usb 3-1: Product: syz [ 96.207707][ T9] usb 3-1: Manufacturer: syz [ 96.207720][ T9] usb 3-1: SerialNumber: syz [ 96.336506][ T9] usb 3-1: config 0 descriptor?? [ 96.518607][ T9] hub 3-1:0.0: bad descriptor, ignoring hub [ 96.518646][ T9] hub 3-1:0.0: probe with driver hub failed with error -5 [ 96.590784][ T9] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 96.591773][ T5966] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 96.665333][ T5966] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 96.731725][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 96.737338][ T1008] usb 3-1: Failed to submit usb control message: -71 [ 96.737373][ T1008] usb 3-1: unable to send the bmi data to the device: -71 [ 96.737389][ T1008] usb 3-1: unable to get target info from device [ 96.737411][ T1008] usb 3-1: could not get target info (-71) [ 96.737430][ T1008] usb 3-1: could not probe fw (-71) [ 96.773670][ T9] usb 3-1: USB disconnect, device number 2 [ 96.961124][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 97.170363][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.690779][ C0] vkms_vblank_simulate: vblank timer overrun [ 97.795190][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 97.805250][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 97.811427][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.064777][ C0] vkms_vblank_simulate: vblank timer overrun [ 98.401315][ T56] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 99.353815][ T56] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 99.353847][ T56] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50628, setting to 1024 [ 99.353888][ T56] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 99.353910][ T56] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.408212][ T56] usb 3-1: config 0 descriptor?? [ 99.823988][ C0] vkms_vblank_simulate: vblank timer overrun [ 100.566957][ C0] vkms_vblank_simulate: vblank timer overrun [ 101.009498][ C0] vkms_vblank_simulate: vblank timer overrun [ 102.302911][ T56] ath6kl: Failed to submit usb control message: -110 [ 102.303075][ T56] ath6kl: unable to send the bmi data to the device: -110 [ 102.303133][ T56] ath6kl: Unable to send get target info: -110 [ 102.350831][ T56] ath6kl: Failed to init ath6kl core: -110 [ 102.400270][ T56] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 102.621430][ T5848] usb 3-1: USB disconnect, device number 3 [ 103.114507][ C0] vkms_vblank_simulate: vblank timer overrun [ 103.625972][ C0] vkms_vblank_simulate: vblank timer overrun [ 103.759147][ C0] vkms_vblank_simulate: vblank timer overrun [ 103.800350][ C0] vkms_vblank_simulate: vblank timer overrun [ 104.431318][ C0] vkms_vblank_simulate: vblank timer overrun [ 104.684113][ C0] vkms_vblank_simulate: vblank timer overrun [ 105.501437][ C0] vkms_vblank_simulate: vblank timer overrun [ 105.773086][ C0] vkms_vblank_simulate: vblank timer overrun [ 107.050281][ T6053] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 109.279116][ T6071] FAULT_INJECTION: forcing a failure. [ 109.279116][ T6071] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 109.279138][ T6071] CPU: 0 UID: 0 PID: 6071 Comm: syz.3.29 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 109.279150][ T6071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 109.279156][ T6071] Call Trace: [ 109.279160][ T6071] [ 109.279165][ T6071] dump_stack_lvl+0x189/0x250 [ 109.279184][ T6071] ? __pfx____ratelimit+0x10/0x10 [ 109.279199][ T6071] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.279212][ T6071] ? __pfx__printk+0x10/0x10 [ 109.279222][ T6071] ? __might_fault+0xb0/0x130 [ 109.279241][ T6071] should_fail_ex+0x46c/0x600 [ 109.279258][ T6071] _copy_from_user+0x2d/0xb0 [ 109.279271][ T6071] ___sys_sendmsg+0x158/0x2a0 [ 109.279283][ T6071] ? __pfx____sys_sendmsg+0x10/0x10 [ 109.279317][ T6071] ? __fget_files+0x2a/0x420 [ 109.279330][ T6071] ? __fget_files+0x3a6/0x420 [ 109.279348][ T6071] __x64_sys_sendmsg+0x1a1/0x260 [ 109.279359][ T6071] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 109.279373][ T6071] ? __pfx_ksys_write+0x10/0x10 [ 109.279384][ T6071] ? rcu_is_watching+0x15/0xb0 [ 109.279401][ T6071] ? do_syscall_64+0xbe/0x3b0 [ 109.279412][ T6071] do_syscall_64+0xfa/0x3b0 [ 109.279421][ T6071] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.279430][ T6071] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 109.279439][ T6071] ? clear_bhb_loop+0x60/0xb0 [ 109.279450][ T6071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.279459][ T6071] RIP: 0033:0x7fbd5f88ec29 [ 109.279468][ T6071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.279475][ T6071] RSP: 002b:00007fbd5daee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.279487][ T6071] RAX: ffffffffffffffda RBX: 00007fbd5fad5fa0 RCX: 00007fbd5f88ec29 [ 109.279494][ T6071] RDX: 0000000000000000 RSI: 0000200000000e00 RDI: 0000000000000003 [ 109.279500][ T6071] RBP: 00007fbd5daee090 R08: 0000000000000000 R09: 0000000000000000 [ 109.279506][ T6071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.279511][ T6071] R13: 00007fbd5fad6038 R14: 00007fbd5fad5fa0 R15: 00007ffd32dfb288 [ 109.279526][ T6071] [ 109.619532][ T6069] ubi31: attaching mtd0 [ 109.621848][ T6069] ubi31: scanning is finished [ 109.621861][ T6069] ubi31: empty MTD device detected [ 109.969432][ T6069] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 109.969457][ T6069] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 109.969473][ T6069] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 109.969489][ T6069] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 109.969504][ T6069] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 109.969518][ T6069] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 109.969533][ T6069] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3464448544 [ 109.969552][ T6069] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 109.970507][ T6078] ubi31: background thread "ubi_bgt31d" started, PID 6078 [ 110.125269][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 110.283386][ T9] usb 4-1: config 0 has an invalid descriptor of length 88, skipping remainder of the config [ 110.283440][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 110.283481][ T9] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 110.283505][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.504574][ C1] vkms_vblank_simulate: vblank timer overrun [ 110.528952][ T9] usb 4-1: config 0 descriptor?? [ 110.535155][ C1] vkms_vblank_simulate: vblank timer overrun [ 110.671246][ C1] vkms_vblank_simulate: vblank timer overrun [ 111.128730][ C1] vkms_vblank_simulate: vblank timer overrun [ 111.219640][ T9] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 111.587314][ C1] vkms_vblank_simulate: vblank timer overrun [ 111.614170][ C1] vkms_vblank_simulate: vblank timer overrun [ 112.506025][ C1] vkms_vblank_simulate: vblank timer overrun [ 113.740638][ C1] vkms_vblank_simulate: vblank timer overrun [ 114.375569][ T5848] usb 4-1: USB disconnect, device number 2 [ 115.605617][ T5848] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 115.778367][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 115.778399][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50628, setting to 1024 [ 115.778446][ T5848] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 115.778468][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.788800][ T5848] usb 4-1: config 0 descriptor?? [ 116.174885][ C1] vkms_vblank_simulate: vblank timer overrun [ 116.318031][ T6131] netlink: 'syz.3.42': attribute type 6 has an invalid length. [ 117.134016][ C1] vkms_vblank_simulate: vblank timer overrun [ 117.179026][ T5848] ath6kl: Failed to submit usb control message: -110 [ 117.179071][ T5848] ath6kl: unable to send the bmi data to the device: -110 [ 117.179084][ T5848] ath6kl: Unable to send get target info: -110 [ 117.180006][ T5848] ath6kl: Failed to init ath6kl core: -110 [ 117.182881][ T5848] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 118.446347][ T5975] usb 4-1: USB disconnect, device number 3 [ 120.508501][ C0] vkms_vblank_simulate: vblank timer overrun [ 120.557515][ C0] vkms_vblank_simulate: vblank timer overrun [ 120.716608][ C0] vkms_vblank_simulate: vblank timer overrun [ 120.873351][ C0] vkms_vblank_simulate: vblank timer overrun [ 121.348035][ C0] vkms_vblank_simulate: vblank timer overrun [ 121.353533][ T37] audit: type=1326 audit(1758393307.471:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6155 comm="syz.3.47" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbd5f88ec29 code=0x0 [ 121.475430][ C0] vkms_vblank_simulate: vblank timer overrun [ 121.645633][ T6165] syz.3.51 uses obsolete (PF_INET,SOCK_PACKET) [ 121.869782][ C0] vkms_vblank_simulate: vblank timer overrun [ 122.064112][ C0] vkms_vblank_simulate: vblank timer overrun [ 122.081813][ T6170] netlink: 12 bytes leftover after parsing attributes in process `syz.4.50'. [ 122.186193][ C0] vkms_vblank_simulate: vblank timer overrun [ 122.613327][ C0] vkms_vblank_simulate: vblank timer overrun [ 122.851364][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.218338][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.443694][ T6184] 9pnet_fd: Insufficient options for proto=fd [ 123.508270][ C0] vkms_vblank_simulate: vblank timer overrun [ 124.858994][ T31] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 125.319501][ T31] usb 3-1: Using ep0 maxpacket: 16 [ 125.329824][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.329853][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.329888][ T31] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 125.329910][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.351987][ T31] usb 3-1: config 0 descriptor?? [ 126.150684][ T31] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 126.150723][ T31] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 126.150755][ T31] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 126.150781][ T31] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 126.150806][ T31] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 126.164369][ T31] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 126.537584][ T31] usb 3-1: USB disconnect, device number 4 [ 127.397850][ T6209] capability: warning: `syz.1.62' uses 32-bit capabilities (legacy support in use) [ 127.635967][ C1] vkms_vblank_simulate: vblank timer overrun [ 128.208651][ C1] vkms_vblank_simulate: vblank timer overrun [ 128.463676][ C1] vkms_vblank_simulate: vblank timer overrun [ 128.861369][ C1] vkms_vblank_simulate: vblank timer overrun [ 129.436261][ T6226] FAULT_INJECTION: forcing a failure. [ 129.436261][ T6226] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.436305][ T6226] CPU: 0 UID: 0 PID: 6226 Comm: syz.1.64 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 129.436326][ T6226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 129.436336][ T6226] Call Trace: [ 129.436343][ T6226] [ 129.436350][ T6226] dump_stack_lvl+0x189/0x250 [ 129.436378][ T6226] ? __pfx____ratelimit+0x10/0x10 [ 129.436402][ T6226] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.436424][ T6226] ? __pfx__printk+0x10/0x10 [ 129.436442][ T6226] ? __might_fault+0xb0/0x130 [ 129.436476][ T6226] should_fail_ex+0x46c/0x600 [ 129.436510][ T6226] _copy_from_user+0x2d/0xb0 [ 129.436531][ T6226] ___sys_sendmsg+0x158/0x2a0 [ 129.436552][ T6226] ? __pfx____sys_sendmsg+0x10/0x10 [ 129.436604][ T6226] ? __fget_files+0x2a/0x420 [ 129.436625][ T6226] ? __fget_files+0x3a6/0x420 [ 129.436656][ T6226] __sys_sendmmsg+0x22d/0x430 [ 129.436679][ T6226] ? __pfx___sys_sendmmsg+0x10/0x10 [ 129.436706][ T6226] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 129.436740][ T6226] ? ksys_write+0x230/0x260 [ 129.436762][ T6226] ? __pfx_ksys_write+0x10/0x10 [ 129.436779][ T6226] ? rcu_is_watching+0x15/0xb0 [ 129.436808][ T6226] __x64_sys_sendmmsg+0xa0/0xc0 [ 129.436828][ T6226] do_syscall_64+0xfa/0x3b0 [ 129.436843][ T6226] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.436865][ T6226] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.436882][ T6226] ? clear_bhb_loop+0x60/0xb0 [ 129.436902][ T6226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.436918][ T6226] RIP: 0033:0x7f408fe8ec29 [ 129.436934][ T6226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.436947][ T6226] RSP: 002b:00007f408e0ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 129.436972][ T6226] RAX: ffffffffffffffda RBX: 00007f40900d6180 RCX: 00007f408fe8ec29 [ 129.436985][ T6226] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000008 [ 129.436996][ T6226] RBP: 00007f408e0ac090 R08: 0000000000000000 R09: 0000000000000000 [ 129.437007][ T6226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.437017][ T6226] R13: 00007f40900d6218 R14: 00007f40900d6180 R15: 00007ffd18bbcbd8 [ 129.437045][ T6226] [ 129.639067][ C1] vkms_vblank_simulate: vblank timer overrun [ 130.244803][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.520994][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.523819][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.193111][ C0] vkms_vblank_simulate: vblank timer overrun [ 134.350989][ T6259] 9pnet_fd: Insufficient options for proto=fd [ 134.366546][ T37] audit: type=1326 audit(1758393321.141:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac7159ec29 code=0x7ffc0000 [ 134.366592][ T37] audit: type=1326 audit(1758393321.141:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac7159ec29 code=0x7ffc0000 [ 134.465963][ T37] audit: type=1326 audit(1758393321.221:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fac7159ec29 code=0x7ffc0000 [ 134.513531][ T37] audit: type=1326 audit(1758393321.241:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac7159ec29 code=0x7ffc0000 [ 134.513562][ T37] audit: type=1326 audit(1758393321.281:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fac7159ec29 code=0x7ffc0000 [ 134.518894][ T37] audit: type=1326 audit(1758393321.281:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac7159ec29 code=0x7ffc0000 [ 134.519356][ T37] audit: type=1326 audit(1758393321.291:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fac71595be7 code=0x7ffc0000 [ 134.521102][ T37] audit: type=1326 audit(1758393321.291:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fac7153ae09 code=0x7ffc0000 [ 134.521146][ T37] audit: type=1326 audit(1758393321.291:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fac7159ec29 code=0x7ffc0000 [ 134.521183][ T37] audit: type=1326 audit(1758393321.291:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac7159ec29 code=0x7ffc0000 [ 136.775009][ T6281] netlink: 'syz.2.79': attribute type 1 has an invalid length. [ 136.775030][ T6281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.79'. [ 136.856740][ C0] vkms_vblank_simulate: vblank timer overrun [ 138.100819][ C0] vkms_vblank_simulate: vblank timer overrun [ 138.515470][ C0] vkms_vblank_simulate: vblank timer overrun [ 139.807585][ T31] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 140.419419][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 140.419451][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50628, setting to 1024 [ 140.419494][ T31] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 140.419522][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.499252][ C0] vkms_vblank_simulate: vblank timer overrun [ 140.555711][ T31] usb 4-1: config 0 descriptor?? [ 141.849848][ T6324] netlink: 'syz.3.90': attribute type 6 has an invalid length. [ 141.860219][ T31] ath6kl: Failed to submit usb control message: -110 [ 141.860268][ T31] ath6kl: unable to send the bmi data to the device: -110 [ 141.860283][ T31] ath6kl: Unable to send get target info: -110 [ 141.866799][ T31] ath6kl: Failed to init ath6kl core: -110 [ 141.877703][ T31] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 142.225311][ T990] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 142.402038][ T990] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.402130][ T990] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.402416][ T990] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 142.402496][ T990] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.857580][ T990] usb 1-1: config 0 descriptor?? [ 143.018652][ T31] usb 4-1: USB disconnect, device number 4 [ 143.196313][ T6338] FAULT_INJECTION: forcing a failure. [ 143.196313][ T6338] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.196345][ T6338] CPU: 0 UID: 0 PID: 6338 Comm: syz.3.97 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 143.196366][ T6338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 143.196376][ T6338] Call Trace: [ 143.196383][ T6338] [ 143.196391][ T6338] dump_stack_lvl+0x189/0x250 [ 143.196418][ T6338] ? __pfx____ratelimit+0x10/0x10 [ 143.196444][ T6338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.196466][ T6338] ? __pfx__printk+0x10/0x10 [ 143.196485][ T6338] ? __might_fault+0xb0/0x130 [ 143.196519][ T6338] should_fail_ex+0x46c/0x600 [ 143.196547][ T6338] _copy_from_user+0x2d/0xb0 [ 143.196569][ T6338] ___sys_sendmsg+0x158/0x2a0 [ 143.196591][ T6338] ? __pfx____sys_sendmsg+0x10/0x10 [ 143.196645][ T6338] ? __fget_files+0x2a/0x420 [ 143.196666][ T6338] ? __fget_files+0x3a6/0x420 [ 143.196697][ T6338] __sys_sendmmsg+0x22d/0x430 [ 143.196721][ T6338] ? __pfx___sys_sendmmsg+0x10/0x10 [ 143.196748][ T6338] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 143.196783][ T6338] ? ksys_write+0x230/0x260 [ 143.196807][ T6338] ? __pfx_ksys_write+0x10/0x10 [ 143.196824][ T6338] ? rcu_is_watching+0x15/0xb0 [ 143.196854][ T6338] __x64_sys_sendmmsg+0xa0/0xc0 [ 143.196874][ T6338] do_syscall_64+0xfa/0x3b0 [ 143.196890][ T6338] ? lockdep_hardirqs_on+0x9c/0x150 [ 143.196912][ T6338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.196930][ T6338] ? clear_bhb_loop+0x60/0xb0 [ 143.196950][ T6338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.196967][ T6338] RIP: 0033:0x7fbd5f88ec29 [ 143.196982][ T6338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.196996][ T6338] RSP: 002b:00007fbd5daee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 143.197015][ T6338] RAX: ffffffffffffffda RBX: 00007fbd5fad5fa0 RCX: 00007fbd5f88ec29 [ 143.197027][ T6338] RDX: 0000000000000001 RSI: 00002000000009c0 RDI: 0000000000000003 [ 143.197039][ T6338] RBP: 00007fbd5daee090 R08: 0000000000000000 R09: 0000000000000000 [ 143.197049][ T6338] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001 [ 143.197059][ T6338] R13: 00007fbd5fad6038 R14: 00007fbd5fad5fa0 R15: 00007ffd32dfb288 [ 143.197087][ T6338] [ 143.478767][ T990] samsung 0003:0419:0600.0002: item fetching failed at offset 5/7 [ 143.479590][ T990] samsung 0003:0419:0600.0002: parse failed [ 143.479659][ T990] samsung 0003:0419:0600.0002: probe with driver samsung failed with error -22 [ 143.877733][ T37] kauditd_printk_skb: 373 callbacks suppressed [ 143.877744][ T37] audit: type=1326 audit(1758393330.651:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6344 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f408fe8ec29 code=0x7ffc0000 [ 143.878197][ T37] audit: type=1326 audit(1758393330.651:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6344 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f408fe8ec29 code=0x7ffc0000 [ 143.887630][ T37] audit: type=1326 audit(1758393330.661:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6344 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f408fe8ec29 code=0x7ffc0000 [ 143.895448][ T37] audit: type=1326 audit(1758393330.661:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6344 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f408fe8ec29 code=0x7ffc0000 [ 143.897167][ T37] audit: type=1326 audit(1758393330.671:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6344 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f408fe8ec29 code=0x7ffc0000 [ 143.920712][ T37] audit: type=1326 audit(1758393330.691:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6344 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f408fe8ec29 code=0x7ffc0000 [ 143.921478][ T37] audit: type=1326 audit(1758393330.691:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6344 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f408fe85be7 code=0x7ffc0000 [ 143.921776][ T37] audit: type=1326 audit(1758393330.691:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6344 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f408fe2ae09 code=0x7ffc0000 [ 143.922061][ T37] audit: type=1326 audit(1758393330.691:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6344 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f408fe8ec29 code=0x7ffc0000 [ 143.925349][ T37] audit: type=1326 audit(1758393330.691:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6344 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f408fe8ec29 code=0x7ffc0000 [ 144.607229][ T56] usb 1-1: USB disconnect, device number 2 [ 145.430930][ T6353] netlink: 4 bytes leftover after parsing attributes in process `syz.3.102'. [ 145.829107][ T6356] 9pnet_fd: Insufficient options for proto=fd [ 150.679025][ T6394] FAULT_INJECTION: forcing a failure. [ 150.679025][ T6394] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 150.679056][ T6394] CPU: 1 UID: 0 PID: 6394 Comm: syz.0.112 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 150.679077][ T6394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 150.679087][ T6394] Call Trace: [ 150.679094][ T6394] [ 150.679102][ T6394] dump_stack_lvl+0x189/0x250 [ 150.679129][ T6394] ? __pfx____ratelimit+0x10/0x10 [ 150.679153][ T6394] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.679176][ T6394] ? __pfx__printk+0x10/0x10 [ 150.679195][ T6394] ? __might_fault+0xb0/0x130 [ 150.679229][ T6394] should_fail_ex+0x46c/0x600 [ 150.679257][ T6394] _copy_from_user+0x2d/0xb0 [ 150.679279][ T6394] ___sys_sendmsg+0x158/0x2a0 [ 150.679301][ T6394] ? __pfx____sys_sendmsg+0x10/0x10 [ 150.679362][ T6394] ? __fget_files+0x2a/0x420 [ 150.679383][ T6394] ? __fget_files+0x3a6/0x420 [ 150.679415][ T6394] __x64_sys_sendmsg+0x1a1/0x260 [ 150.679435][ T6394] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 150.679463][ T6394] ? __pfx_ksys_write+0x10/0x10 [ 150.679481][ T6394] ? rcu_is_watching+0x15/0xb0 [ 150.679510][ T6394] ? do_syscall_64+0xbe/0x3b0 [ 150.679531][ T6394] do_syscall_64+0xfa/0x3b0 [ 150.679546][ T6394] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.679569][ T6394] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.679585][ T6394] ? clear_bhb_loop+0x60/0xb0 [ 150.679606][ T6394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.679623][ T6394] RIP: 0033:0x7f71a6f0ec29 [ 150.679638][ T6394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.679652][ T6394] RSP: 002b:00007f71a516e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 150.679671][ T6394] RAX: ffffffffffffffda RBX: 00007f71a7155fa0 RCX: 00007f71a6f0ec29 [ 150.679684][ T6394] RDX: 0000000000000000 RSI: 00002000000015c0 RDI: 0000000000000003 [ 150.679696][ T6394] RBP: 00007f71a516e090 R08: 0000000000000000 R09: 0000000000000000 [ 150.679707][ T6394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.679717][ T6394] R13: 00007f71a7156038 R14: 00007f71a7155fa0 R15: 00007ffdf3a84fd8 [ 150.679746][ T6394] [ 151.474097][ T6402] FAULT_INJECTION: forcing a failure. [ 151.474097][ T6402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 151.474222][ T6402] CPU: 0 UID: 0 PID: 6402 Comm: syz.1.116 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 151.474250][ T6402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 151.474258][ T6402] Call Trace: [ 151.474263][ T6402] [ 151.474268][ T6402] dump_stack_lvl+0x189/0x250 [ 151.474287][ T6402] ? __pfx____ratelimit+0x10/0x10 [ 151.474302][ T6402] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.474315][ T6402] ? __pfx__printk+0x10/0x10 [ 151.474326][ T6402] ? __might_fault+0xb0/0x130 [ 151.474345][ T6402] should_fail_ex+0x46c/0x600 [ 151.474362][ T6402] _copy_from_user+0x2d/0xb0 [ 151.474375][ T6402] ___sys_sendmsg+0x158/0x2a0 [ 151.474387][ T6402] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.474414][ T6402] ? __fget_files+0x2a/0x420 [ 151.474427][ T6402] ? __fget_files+0x3a6/0x420 [ 151.474444][ T6402] __x64_sys_sendmsg+0x1a1/0x260 [ 151.474455][ T6402] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 151.474474][ T6402] ? do_syscall_64+0xbe/0x3b0 [ 151.474485][ T6402] do_syscall_64+0xfa/0x3b0 [ 151.474495][ T6402] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.474505][ T6402] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 151.474514][ T6402] ? clear_bhb_loop+0x60/0xb0 [ 151.474526][ T6402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.474535][ T6402] RIP: 0033:0x7f408fe8ec29 [ 151.474544][ T6402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.474551][ T6402] RSP: 002b:00007f408e0ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.474562][ T6402] RAX: ffffffffffffffda RBX: 00007f40900d5fa0 RCX: 00007f408fe8ec29 [ 151.474569][ T6402] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000006 [ 151.474575][ T6402] RBP: 00007f408e0ee090 R08: 0000000000000000 R09: 0000000000000000 [ 151.474581][ T6402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.474586][ T6402] R13: 00007f40900d6038 R14: 00007f40900d5fa0 R15: 00007ffd18bbcbd8 [ 151.474601][ T6402] [ 152.717537][ T6421] 9pnet_fd: Insufficient options for proto=fd [ 153.962701][ T6431] FAULT_INJECTION: forcing a failure. [ 153.962701][ T6431] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 153.962733][ T6431] CPU: 0 UID: 0 PID: 6431 Comm: syz.2.125 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 153.962754][ T6431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 153.962764][ T6431] Call Trace: [ 153.962771][ T6431] [ 153.962779][ T6431] dump_stack_lvl+0x189/0x250 [ 153.962807][ T6431] ? __pfx____ratelimit+0x10/0x10 [ 153.962831][ T6431] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.962854][ T6431] ? __pfx__printk+0x10/0x10 [ 153.962888][ T6431] should_fail_ex+0x46c/0x600 [ 153.962916][ T6431] _copy_to_user+0x31/0xb0 [ 153.962938][ T6431] simple_read_from_buffer+0xe1/0x170 [ 153.962966][ T6431] proc_fail_nth_read+0x1b6/0x220 [ 153.962988][ T6431] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 153.963009][ T6431] ? rw_verify_area+0x2ac/0x4e0 [ 153.963028][ T6431] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 153.963048][ T6431] vfs_read+0x206/0xa30 [ 153.963076][ T6431] ? __pfx_vfs_read+0x10/0x10 [ 153.963100][ T6431] ? tipc_setsockopt+0x178/0x970 [ 153.963120][ T6431] ? kmem_cache_free+0x195/0x510 [ 153.963147][ T6431] ? __pfx_tipc_setsockopt+0x10/0x10 [ 153.963176][ T6431] ksys_read+0x14b/0x260 [ 153.963198][ T6431] ? __pfx_ksys_read+0x10/0x10 [ 153.963224][ T6431] ? do_syscall_64+0xbe/0x3b0 [ 153.963244][ T6431] do_syscall_64+0xfa/0x3b0 [ 153.963259][ T6431] ? lockdep_hardirqs_on+0x9c/0x150 [ 153.963288][ T6431] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.963305][ T6431] ? clear_bhb_loop+0x60/0xb0 [ 153.963325][ T6431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.963341][ T6431] RIP: 0033:0x7ffa7959d63c [ 153.963357][ T6431] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 153.963370][ T6431] RSP: 002b:00007ffa77806030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 153.963389][ T6431] RAX: ffffffffffffffda RBX: 00007ffa797e5fa0 RCX: 00007ffa7959d63c [ 153.963401][ T6431] RDX: 000000000000000f RSI: 00007ffa778060a0 RDI: 0000000000000004 [ 153.963412][ T6431] RBP: 00007ffa77806090 R08: 0000000000000000 R09: 0000000000000000 [ 153.963423][ T6431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.963433][ T6431] R13: 00007ffa797e6038 R14: 00007ffa797e5fa0 R15: 00007fffe3aea498 [ 153.963460][ T6431] [ 154.859050][ T6430] tty tty1: ldisc open failed (-12), clearing slot 0 [ 155.113142][ T6440] FAULT_INJECTION: forcing a failure. [ 155.113142][ T6440] name failslab, interval 1, probability 0, space 0, times 0 [ 155.113173][ T6440] CPU: 1 UID: 0 PID: 6440 Comm: syz.3.129 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 155.113193][ T6440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 155.113203][ T6440] Call Trace: [ 155.113211][ T6440] [ 155.113218][ T6440] dump_stack_lvl+0x189/0x250 [ 155.113246][ T6440] ? __pfx____ratelimit+0x10/0x10 [ 155.113278][ T6440] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.113300][ T6440] ? __pfx__printk+0x10/0x10 [ 155.113325][ T6440] ? __pfx___might_resched+0x10/0x10 [ 155.113344][ T6440] ? fs_reclaim_acquire+0x7d/0x100 [ 155.113366][ T6440] should_fail_ex+0x46c/0x600 [ 155.113394][ T6440] should_failslab+0xa8/0x100 [ 155.113418][ T6440] __kmalloc_noprof+0xcb/0x430 [ 155.113439][ T6440] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 155.113467][ T6440] tomoyo_realpath_from_path+0xe3/0x5d0 [ 155.113491][ T6440] ? tomoyo_domain+0xda/0x130 [ 155.113520][ T6440] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 155.113540][ T6440] tomoyo_path_number_perm+0x1e8/0x5a0 [ 155.113563][ T6440] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 155.113587][ T6440] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 155.113611][ T6440] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.113642][ T6440] ? __lock_acquire+0xab9/0xd20 [ 155.113684][ T6440] ? __fget_files+0x2a/0x420 [ 155.113709][ T6440] ? __fget_files+0x2a/0x420 [ 155.113730][ T6440] ? __fget_files+0x3a6/0x420 [ 155.113751][ T6440] ? __fget_files+0x2a/0x420 [ 155.113777][ T6440] security_file_ioctl+0xcb/0x2d0 [ 155.113801][ T6440] __se_sys_ioctl+0x47/0x170 [ 155.113823][ T6440] do_syscall_64+0xfa/0x3b0 [ 155.113839][ T6440] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.113861][ T6440] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.113878][ T6440] ? clear_bhb_loop+0x60/0xb0 [ 155.113899][ T6440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.113915][ T6440] RIP: 0033:0x7fbd5f88ec29 [ 155.113931][ T6440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.113944][ T6440] RSP: 002b:00007fbd5daee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 155.113963][ T6440] RAX: ffffffffffffffda RBX: 00007fbd5fad5fa0 RCX: 00007fbd5f88ec29 [ 155.113976][ T6440] RDX: 0000200000000040 RSI: 0000000080045505 RDI: 0000000000000003 [ 155.113987][ T6440] RBP: 00007fbd5daee090 R08: 0000000000000000 R09: 0000000000000000 [ 155.113998][ T6440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.114008][ T6440] R13: 00007fbd5fad6038 R14: 00007fbd5fad5fa0 R15: 00007ffd32dfb288 [ 155.114037][ T6440] [ 155.114044][ T6440] ERROR: Out of memory at tomoyo_realpath_from_path. [ 155.114073][ T6440] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.129' sets config #-1 [ 161.531451][ T6480] netlink: 12 bytes leftover after parsing attributes in process `syz.2.134'. [ 162.306117][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.919880][ C1] vkms_vblank_simulate: vblank timer overrun [ 163.161508][ C1] vkms_vblank_simulate: vblank timer overrun [ 163.400722][ C1] vkms_vblank_simulate: vblank timer overrun [ 163.545688][ C1] vkms_vblank_simulate: vblank timer overrun [ 163.971608][ C1] vkms_vblank_simulate: vblank timer overrun [ 164.204668][ C1] vkms_vblank_simulate: vblank timer overrun [ 164.595259][ T5848] usb 3-1: new low-speed USB device number 5 using dummy_hcd [ 164.895061][ T5848] usb 3-1: Invalid ep0 maxpacket: 16 [ 166.005332][ T5848] usb 3-1: new low-speed USB device number 6 using dummy_hcd [ 166.089599][ T6519] FAULT_INJECTION: forcing a failure. [ 166.089599][ T6519] name failslab, interval 1, probability 0, space 0, times 0 [ 166.089621][ T6519] CPU: 0 UID: 0 PID: 6519 Comm: syz.1.147 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 166.089642][ T6519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 166.089652][ T6519] Call Trace: [ 166.089659][ T6519] [ 166.089668][ T6519] dump_stack_lvl+0x189/0x250 [ 166.089687][ T6519] ? __pfx____ratelimit+0x10/0x10 [ 166.089702][ T6519] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.089715][ T6519] ? __pfx__printk+0x10/0x10 [ 166.089729][ T6519] ? __pfx___might_resched+0x10/0x10 [ 166.089740][ T6519] ? fs_reclaim_acquire+0x7d/0x100 [ 166.089752][ T6519] should_fail_ex+0x46c/0x600 [ 166.089769][ T6519] should_failslab+0xa8/0x100 [ 166.089783][ T6519] __kmalloc_noprof+0xcb/0x430 [ 166.089795][ T6519] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 166.089811][ T6519] tomoyo_realpath_from_path+0xe3/0x5d0 [ 166.089825][ T6519] ? tomoyo_domain+0xda/0x130 [ 166.089841][ T6519] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 166.089853][ T6519] tomoyo_path_number_perm+0x1e8/0x5a0 [ 166.089865][ T6519] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 166.089878][ T6519] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 166.089893][ T6519] ? lockdep_hardirqs_on+0x9c/0x150 [ 166.089910][ T6519] ? __lock_acquire+0xab9/0xd20 [ 166.089933][ T6519] ? __fget_files+0x2a/0x420 [ 166.089949][ T6519] ? __fget_files+0x2a/0x420 [ 166.089963][ T6519] ? __fget_files+0x3a6/0x420 [ 166.089975][ T6519] ? __fget_files+0x2a/0x420 [ 166.089989][ T6519] security_file_ioctl+0xcb/0x2d0 [ 166.090002][ T6519] __se_sys_ioctl+0x47/0x170 [ 166.090014][ T6519] do_syscall_64+0xfa/0x3b0 [ 166.090022][ T6519] ? lockdep_hardirqs_on+0x9c/0x150 [ 166.090035][ T6519] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.090045][ T6519] ? clear_bhb_loop+0x60/0xb0 [ 166.090056][ T6519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.090065][ T6519] RIP: 0033:0x7f408fe8ec29 [ 166.090074][ T6519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.090081][ T6519] RSP: 002b:00007f408e0ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 166.090092][ T6519] RAX: ffffffffffffffda RBX: 00007f40900d5fa0 RCX: 00007f408fe8ec29 [ 166.090099][ T6519] RDX: 0000200000000940 RSI: 00000000c040565f RDI: 0000000000000006 [ 166.090106][ T6519] RBP: 00007f408e0ee090 R08: 0000000000000000 R09: 0000000000000000 [ 166.090111][ T6519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.090117][ T6519] R13: 00007f40900d6038 R14: 00007f40900d5fa0 R15: 00007ffd18bbcbd8 [ 166.090132][ T6519] [ 166.090136][ T6519] ERROR: Out of memory at tomoyo_realpath_from_path. [ 166.135283][ T994] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 166.165225][ T5848] usb 3-1: Invalid ep0 maxpacket: 16 [ 166.167838][ T5848] usb usb3-port1: attempt power cycle [ 167.365274][ T994] usb 5-1: Using ep0 maxpacket: 16 [ 167.372872][ T994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.372900][ T994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.372920][ T994] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 167.372955][ T994] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 167.372975][ T994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.527276][ T994] usb 5-1: config 0 descriptor?? [ 168.199810][ T6538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.205380][ T6538] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.256955][ T994] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 168.256988][ T994] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 168.257022][ T994] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 168.257048][ T994] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 168.257074][ T994] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 168.257098][ T994] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 168.257123][ T994] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 168.257148][ T994] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 168.257172][ T994] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 168.257197][ T994] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 168.457147][ T5848] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 168.889915][ T5848] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.889963][ T5848] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 168.889988][ T5848] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 168.890009][ T5848] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 168.944531][ T5848] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 168.944560][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.944579][ T5848] usb 3-1: Product: syz [ 168.944593][ T5848] usb 3-1: Manufacturer: syz [ 168.944607][ T5848] usb 3-1: SerialNumber: syz [ 169.013188][ T5848] cdc_mbim 3-1:1.0: skipping garbage [ 169.099341][ T994] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 169.099374][ T994] microsoft 0003:045E:07DA.0003: no inputs found [ 169.099387][ T994] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway [ 169.147544][ T994] usb 5-1: USB disconnect, device number 2 [ 169.215930][ T6537] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 169.621892][ T5848] cdc_mbim 3-1:1.0: failed GET_NTB_PARAMETERS [ 169.622032][ T5848] cdc_mbim 3-1:1.0: bind() failure [ 169.658921][ T5848] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 169.658967][ T5848] cdc_ncm 3-1:1.1: bind() failure [ 169.812952][ T6554] input: syz1 as /devices/virtual/input/input6 [ 169.950078][ T5848] usb 3-1: USB disconnect, device number 7 [ 170.765175][ T37] kauditd_printk_skb: 84 callbacks suppressed [ 170.765192][ T37] audit: type=1326 audit(1758393357.531:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6557 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 170.765234][ T37] audit: type=1326 audit(1758393357.531:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6557 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 170.831669][ T37] audit: type=1326 audit(1758393357.601:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6557 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 170.831716][ T37] audit: type=1326 audit(1758393357.601:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6557 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 170.831754][ T37] audit: type=1326 audit(1758393357.601:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6557 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 170.902411][ T37] audit: type=1326 audit(1758393357.671:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6557 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 171.037929][ T37] audit: type=1326 audit(1758393357.811:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6557 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 171.039363][ T37] audit: type=1326 audit(1758393357.811:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6557 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f71a6f05be7 code=0x7ffc0000 [ 171.039409][ T37] audit: type=1326 audit(1758393357.811:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6557 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f71a6eaae09 code=0x7ffc0000 [ 171.039449][ T37] audit: type=1326 audit(1758393357.811:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6557 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 172.364664][ T6573] warning: `syz.3.165' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 172.445292][ T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 173.498292][ T31] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 173.498361][ T31] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 173.504908][ T31] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 173.504966][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 173.505031][ T31] usb 2-1: SerialNumber: syz [ 176.276934][ C0] vkms_vblank_simulate: vblank timer overrun [ 176.718454][ T31] usb 2-1: 0:2 : does not exist [ 176.864812][ T31] usb 2-1: USB disconnect, device number 2 [ 176.928664][ C0] vkms_vblank_simulate: vblank timer overrun [ 178.656033][ T56] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 178.864306][ T56] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.864359][ T56] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 178.864384][ T56] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 178.864405][ T56] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 178.917390][ T56] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 178.917418][ T56] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.917438][ T56] usb 3-1: Product: syz [ 178.917452][ T56] usb 3-1: Manufacturer: syz [ 178.917466][ T56] usb 3-1: SerialNumber: syz [ 178.989525][ T56] cdc_mbim 3-1:1.0: skipping garbage [ 179.277305][ T6606] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 179.727066][ T56] cdc_mbim 3-1:1.0: failed GET_NTB_PARAMETERS [ 179.727148][ T56] cdc_mbim 3-1:1.0: bind() failure [ 180.078363][ T56] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 180.078409][ T56] cdc_ncm 3-1:1.1: bind() failure [ 180.097629][ T56] usb 3-1: USB disconnect, device number 8 [ 180.526217][ T6624] FAULT_INJECTION: forcing a failure. [ 180.526217][ T6624] name failslab, interval 1, probability 0, space 0, times 0 [ 180.526245][ T6624] CPU: 0 UID: 0 PID: 6624 Comm: syz.1.177 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 180.526261][ T6624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 180.526268][ T6624] Call Trace: [ 180.526274][ T6624] [ 180.526280][ T6624] dump_stack_lvl+0x189/0x250 [ 180.526304][ T6624] ? __pfx____ratelimit+0x10/0x10 [ 180.526323][ T6624] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.526341][ T6624] ? __pfx__printk+0x10/0x10 [ 180.526361][ T6624] ? __pfx___might_resched+0x10/0x10 [ 180.526378][ T6624] ? fs_reclaim_acquire+0x7d/0x100 [ 180.526395][ T6624] should_fail_ex+0x46c/0x600 [ 180.526418][ T6624] should_failslab+0xa8/0x100 [ 180.526436][ T6624] __kmalloc_noprof+0xcb/0x430 [ 180.526452][ T6624] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 180.526474][ T6624] tomoyo_realpath_from_path+0xe3/0x5d0 [ 180.526493][ T6624] ? tomoyo_domain+0xda/0x130 [ 180.526515][ T6624] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 180.526531][ T6624] tomoyo_path_number_perm+0x1e8/0x5a0 [ 180.526549][ T6624] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 180.526569][ T6624] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 180.526589][ T6624] ? lockdep_hardirqs_on+0x9c/0x150 [ 180.526615][ T6624] ? __lock_acquire+0xab9/0xd20 [ 180.526651][ T6624] ? __fget_files+0x2a/0x420 [ 180.526674][ T6624] ? __fget_files+0x2a/0x420 [ 180.526690][ T6624] ? __fget_files+0x3a6/0x420 [ 180.526705][ T6624] ? __fget_files+0x2a/0x420 [ 180.526724][ T6624] security_file_ioctl+0xcb/0x2d0 [ 180.526742][ T6624] __se_sys_ioctl+0x47/0x170 [ 180.526760][ T6624] do_syscall_64+0xfa/0x3b0 [ 180.526773][ T6624] ? lockdep_hardirqs_on+0x9c/0x150 [ 180.526791][ T6624] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.526805][ T6624] ? clear_bhb_loop+0x60/0xb0 [ 180.526822][ T6624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.526835][ T6624] RIP: 0033:0x7f408fe8ec29 [ 180.526848][ T6624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.526859][ T6624] RSP: 002b:00007f408e0ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 180.526875][ T6624] RAX: ffffffffffffffda RBX: 00007f40900d5fa0 RCX: 00007f408fe8ec29 [ 180.526886][ T6624] RDX: 0000200000000180 RSI: 0000000040505331 RDI: 0000000000000003 [ 180.526895][ T6624] RBP: 00007f408e0ee090 R08: 0000000000000000 R09: 0000000000000000 [ 180.526904][ T6624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.526920][ T6624] R13: 00007f40900d6038 R14: 00007f40900d5fa0 R15: 00007ffd18bbcbd8 [ 180.526947][ T6624] [ 180.526953][ T6624] ERROR: Out of memory at tomoyo_realpath_from_path. [ 181.322976][ T6637] 9pnet_fd: Insufficient options for proto=fd [ 182.064835][ T6643] FAULT_INJECTION: forcing a failure. [ 182.064835][ T6643] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 182.064867][ T6643] CPU: 0 UID: 0 PID: 6643 Comm: syz.2.182 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 182.064888][ T6643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 182.064898][ T6643] Call Trace: [ 182.064905][ T6643] [ 182.064912][ T6643] dump_stack_lvl+0x189/0x250 [ 182.064940][ T6643] ? __pfx____ratelimit+0x10/0x10 [ 182.064966][ T6643] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.064988][ T6643] ? __pfx__printk+0x10/0x10 [ 182.065007][ T6643] ? __might_fault+0xb0/0x130 [ 182.065041][ T6643] should_fail_ex+0x46c/0x600 [ 182.065069][ T6643] _copy_from_user+0x2d/0xb0 [ 182.065091][ T6643] ___sys_sendmsg+0x158/0x2a0 [ 182.065113][ T6643] ? __pfx____sys_sendmsg+0x10/0x10 [ 182.065165][ T6643] ? __fget_files+0x2a/0x420 [ 182.065187][ T6643] ? __fget_files+0x3a6/0x420 [ 182.065218][ T6643] __x64_sys_sendmsg+0x1a1/0x260 [ 182.065238][ T6643] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 182.065264][ T6643] ? __pfx_ksys_write+0x10/0x10 [ 182.065282][ T6643] ? rcu_is_watching+0x15/0xb0 [ 182.065310][ T6643] ? do_syscall_64+0xbe/0x3b0 [ 182.065330][ T6643] do_syscall_64+0xfa/0x3b0 [ 182.065345][ T6643] ? lockdep_hardirqs_on+0x9c/0x150 [ 182.065368][ T6643] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.065384][ T6643] ? clear_bhb_loop+0x60/0xb0 [ 182.065405][ T6643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.065422][ T6643] RIP: 0033:0x7ffa7959ec29 [ 182.065437][ T6643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.065450][ T6643] RSP: 002b:00007ffa77806038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 182.065469][ T6643] RAX: ffffffffffffffda RBX: 00007ffa797e5fa0 RCX: 00007ffa7959ec29 [ 182.065482][ T6643] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 182.065493][ T6643] RBP: 00007ffa77806090 R08: 0000000000000000 R09: 0000000000000000 [ 182.065503][ T6643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 182.065514][ T6643] R13: 00007ffa797e6038 R14: 00007ffa797e5fa0 R15: 00007fffe3aea498 [ 182.065543][ T6643] [ 182.305714][ T56] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 183.183306][ T56] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.183517][ T56] usb 2-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00 [ 183.183607][ T56] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.609280][ T56] usb 2-1: config 0 descriptor?? [ 183.805650][ C0] vkms_vblank_simulate: vblank timer overrun [ 184.029794][ T37] kauditd_printk_skb: 39 callbacks suppressed [ 184.029810][ T37] audit: type=1326 audit(1758393370.801:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7959ec29 code=0x7ffc0000 [ 184.031548][ T37] audit: type=1326 audit(1758393370.801:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7959ec29 code=0x7ffc0000 [ 184.041966][ T37] audit: type=1326 audit(1758393370.811:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa7959ec29 code=0x7ffc0000 [ 184.049543][ T37] audit: type=1326 audit(1758393370.821:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7959ec29 code=0x7ffc0000 [ 184.050970][ T37] audit: type=1326 audit(1758393370.821:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7959ec29 code=0x7ffc0000 [ 184.052300][ T37] audit: type=1326 audit(1758393370.821:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa7959ec29 code=0x7ffc0000 [ 184.058017][ T37] audit: type=1326 audit(1758393370.831:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7959ec29 code=0x7ffc0000 [ 184.059398][ T37] audit: type=1326 audit(1758393370.831:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ffa79595be7 code=0x7ffc0000 [ 184.059928][ T37] audit: type=1326 audit(1758393370.831:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffa7953ae09 code=0x7ffc0000 [ 184.060591][ T37] audit: type=1326 audit(1758393370.831:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffa7959ec29 code=0x7ffc0000 [ 184.655979][ T56] usbhid 2-1:0.0: can't add hid device: -71 [ 184.656105][ T56] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 184.687953][ T56] usb 2-1: USB disconnect, device number 3 [ 184.792339][ T6671] FAULT_INJECTION: forcing a failure. [ 184.792339][ T6671] name failslab, interval 1, probability 0, space 0, times 0 [ 184.792370][ T6671] CPU: 0 UID: 0 PID: 6671 Comm: syz.0.189 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 184.792391][ T6671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 184.792400][ T6671] Call Trace: [ 184.792408][ T6671] [ 184.792415][ T6671] dump_stack_lvl+0x189/0x250 [ 184.792443][ T6671] ? __pfx____ratelimit+0x10/0x10 [ 184.792468][ T6671] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.792491][ T6671] ? __pfx__printk+0x10/0x10 [ 184.792515][ T6671] ? __pfx___might_resched+0x10/0x10 [ 184.792534][ T6671] ? fs_reclaim_acquire+0x7d/0x100 [ 184.792556][ T6671] should_fail_ex+0x46c/0x600 [ 184.792591][ T6671] should_failslab+0xa8/0x100 [ 184.792615][ T6671] __kmalloc_noprof+0xcb/0x430 [ 184.792635][ T6671] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 184.792663][ T6671] tomoyo_realpath_from_path+0xe3/0x5d0 [ 184.792688][ T6671] ? tomoyo_domain+0xda/0x130 [ 184.792717][ T6671] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 184.792737][ T6671] tomoyo_path_number_perm+0x1e8/0x5a0 [ 184.792760][ T6671] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 184.792784][ T6671] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 184.792808][ T6671] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.792839][ T6671] ? __lock_acquire+0xab9/0xd20 [ 184.792881][ T6671] ? __fget_files+0x2a/0x420 [ 184.792907][ T6671] ? __fget_files+0x2a/0x420 [ 184.792928][ T6671] ? __fget_files+0x3a6/0x420 [ 184.792948][ T6671] ? __fget_files+0x2a/0x420 [ 184.792975][ T6671] security_file_ioctl+0xcb/0x2d0 [ 184.792998][ T6671] __se_sys_ioctl+0x47/0x170 [ 184.793020][ T6671] do_syscall_64+0xfa/0x3b0 [ 184.793035][ T6671] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.793057][ T6671] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.793074][ T6671] ? clear_bhb_loop+0x60/0xb0 [ 184.793095][ T6671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.793111][ T6671] RIP: 0033:0x7f71a6f0ec29 [ 184.793126][ T6671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.793140][ T6671] RSP: 002b:00007f71a514d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 184.793158][ T6671] RAX: ffffffffffffffda RBX: 00007f71a7156090 RCX: 00007f71a6f0ec29 [ 184.793171][ T6671] RDX: 00002000000000c0 RSI: 00000000c0405668 RDI: 0000000000000003 [ 184.793183][ T6671] RBP: 00007f71a514d090 R08: 0000000000000000 R09: 0000000000000000 [ 184.793194][ T6671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.793204][ T6671] R13: 00007f71a7156128 R14: 00007f71a7156090 R15: 00007ffdf3a84fd8 [ 184.793234][ T6671] [ 184.793241][ T6671] ERROR: Out of memory at tomoyo_realpath_from_path. [ 185.849435][ C0] vkms_vblank_simulate: vblank timer overrun [ 186.059967][ C0] vkms_vblank_simulate: vblank timer overrun [ 186.909929][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.194'. [ 187.908043][ T994] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 188.079033][ T994] usb 3-1: config 0 has an invalid descriptor of length 88, skipping remainder of the config [ 188.079088][ T994] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 188.079130][ T994] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 188.079153][ T994] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.307852][ T994] usb 3-1: config 0 descriptor?? [ 188.324995][ T994] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 188.529852][ T6697] FAULT_INJECTION: forcing a failure. [ 188.529852][ T6697] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 188.529883][ T6697] CPU: 1 UID: 0 PID: 6697 Comm: syz.4.199 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 188.529903][ T6697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 188.529913][ T6697] Call Trace: [ 188.529919][ T6697] [ 188.529927][ T6697] dump_stack_lvl+0x189/0x250 [ 188.529963][ T6697] ? __pfx____ratelimit+0x10/0x10 [ 188.529988][ T6697] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.530011][ T6697] ? __pfx__printk+0x10/0x10 [ 188.530030][ T6697] ? __might_fault+0xb0/0x130 [ 188.530064][ T6697] should_fail_ex+0x46c/0x600 [ 188.530093][ T6697] _copy_from_user+0x2d/0xb0 [ 188.530114][ T6697] ___sys_sendmsg+0x158/0x2a0 [ 188.530135][ T6697] ? __pfx____sys_sendmsg+0x10/0x10 [ 188.530187][ T6697] ? __fget_files+0x2a/0x420 [ 188.530208][ T6697] ? __fget_files+0x3a6/0x420 [ 188.530239][ T6697] __x64_sys_sendmsg+0x1a1/0x260 [ 188.530259][ T6697] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 188.530285][ T6697] ? __pfx_ksys_write+0x10/0x10 [ 188.530302][ T6697] ? rcu_is_watching+0x15/0xb0 [ 188.530330][ T6697] ? do_syscall_64+0xbe/0x3b0 [ 188.530349][ T6697] do_syscall_64+0xfa/0x3b0 [ 188.530364][ T6697] ? lockdep_hardirqs_on+0x9c/0x150 [ 188.530386][ T6697] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.530403][ T6697] ? clear_bhb_loop+0x60/0xb0 [ 188.530424][ T6697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.530439][ T6697] RIP: 0033:0x7fac7159ec29 [ 188.530455][ T6697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.530468][ T6697] RSP: 002b:00007fac6f7dd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.530487][ T6697] RAX: ffffffffffffffda RBX: 00007fac717e6090 RCX: 00007fac7159ec29 [ 188.530500][ T6697] RDX: 0000000000008000 RSI: 00002000000002c0 RDI: 0000000000000007 [ 188.530510][ T6697] RBP: 00007fac6f7dd090 R08: 0000000000000000 R09: 0000000000000000 [ 188.530520][ T6697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.530530][ T6697] R13: 00007fac717e6128 R14: 00007fac717e6090 R15: 00007fff40977c78 [ 188.530557][ T6697] [ 191.951173][ T5928] usb 3-1: USB disconnect, device number 9 [ 192.017691][ T6720] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 192.102282][ T6722] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 192.115465][ T6722] FAULT_INJECTION: forcing a failure. [ 192.115465][ T6722] name failslab, interval 1, probability 0, space 0, times 0 [ 192.115494][ T6722] CPU: 0 UID: 0 PID: 6722 Comm: syz.2.207 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 192.115515][ T6722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 192.115524][ T6722] Call Trace: [ 192.115532][ T6722] [ 192.115539][ T6722] dump_stack_lvl+0x189/0x250 [ 192.115567][ T6722] ? __pfx____ratelimit+0x10/0x10 [ 192.115590][ T6722] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.115613][ T6722] ? __pfx__printk+0x10/0x10 [ 192.115637][ T6722] ? __pfx___might_resched+0x10/0x10 [ 192.115655][ T6722] ? fs_reclaim_acquire+0x7d/0x100 [ 192.115676][ T6722] should_fail_ex+0x46c/0x600 [ 192.115704][ T6722] should_failslab+0xa8/0x100 [ 192.115736][ T6722] __kmalloc_noprof+0xcb/0x430 [ 192.115756][ T6722] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 192.115784][ T6722] tomoyo_realpath_from_path+0xe3/0x5d0 [ 192.115808][ T6722] ? tomoyo_domain+0xda/0x130 [ 192.115836][ T6722] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 192.115856][ T6722] tomoyo_path_number_perm+0x1e8/0x5a0 [ 192.115878][ T6722] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 192.115902][ T6722] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 192.115926][ T6722] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.115956][ T6722] ? __lock_acquire+0xab9/0xd20 [ 192.115997][ T6722] ? __fget_files+0x2a/0x420 [ 192.116022][ T6722] ? __fget_files+0x2a/0x420 [ 192.116042][ T6722] ? __fget_files+0x3a6/0x420 [ 192.116062][ T6722] ? __fget_files+0x2a/0x420 [ 192.116087][ T6722] security_file_ioctl+0xcb/0x2d0 [ 192.116110][ T6722] __se_sys_ioctl+0x47/0x170 [ 192.116132][ T6722] do_syscall_64+0xfa/0x3b0 [ 192.116147][ T6722] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.116170][ T6722] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.116185][ T6722] ? clear_bhb_loop+0x60/0xb0 [ 192.116205][ T6722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.116221][ T6722] RIP: 0033:0x7ffa7959ec29 [ 192.116237][ T6722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.116250][ T6722] RSP: 002b:00007ffa77806038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 192.116268][ T6722] RAX: ffffffffffffffda RBX: 00007ffa797e5fa0 RCX: 00007ffa7959ec29 [ 192.116282][ T6722] RDX: 0000200000000040 RSI: 0000000000003b8b RDI: 0000000000000003 [ 192.116293][ T6722] RBP: 00007ffa77806090 R08: 0000000000000000 R09: 0000000000000000 [ 192.116304][ T6722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.116314][ T6722] R13: 00007ffa797e6038 R14: 00007ffa797e5fa0 R15: 00007fffe3aea498 [ 192.116344][ T6722] [ 192.116351][ T6722] ERROR: Out of memory at tomoyo_realpath_from_path. [ 192.804196][ T6725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.208'. [ 193.276698][ T6737] FAULT_INJECTION: forcing a failure. [ 193.276698][ T6737] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 193.276730][ T6737] CPU: 0 UID: 0 PID: 6737 Comm: syz.0.211 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 193.276751][ T6737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 193.276762][ T6737] Call Trace: [ 193.276769][ T6737] [ 193.276777][ T6737] dump_stack_lvl+0x189/0x250 [ 193.276812][ T6737] ? __pfx____ratelimit+0x10/0x10 [ 193.276836][ T6737] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.276859][ T6737] ? __pfx__printk+0x10/0x10 [ 193.276878][ T6737] ? __might_fault+0xb0/0x130 [ 193.276911][ T6737] should_fail_ex+0x46c/0x600 [ 193.276940][ T6737] _copy_from_user+0x2d/0xb0 [ 193.276962][ T6737] ___sys_sendmsg+0x158/0x2a0 [ 193.276983][ T6737] ? __pfx____sys_sendmsg+0x10/0x10 [ 193.277037][ T6737] ? __fget_files+0x2a/0x420 [ 193.277059][ T6737] ? __fget_files+0x3a6/0x420 [ 193.277091][ T6737] __x64_sys_sendmsg+0x1a1/0x260 [ 193.277112][ T6737] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 193.277139][ T6737] ? __pfx_ksys_write+0x10/0x10 [ 193.277166][ T6737] ? do_syscall_64+0xbe/0x3b0 [ 193.277187][ T6737] do_syscall_64+0xfa/0x3b0 [ 193.277202][ T6737] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.277225][ T6737] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.277243][ T6737] ? clear_bhb_loop+0x60/0xb0 [ 193.277264][ T6737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.277281][ T6737] RIP: 0033:0x7f71a6f0ec29 [ 193.277296][ T6737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.277310][ T6737] RSP: 002b:00007f71a514d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.277329][ T6737] RAX: ffffffffffffffda RBX: 00007f71a7156090 RCX: 00007f71a6f0ec29 [ 193.277342][ T6737] RDX: 0000000004000050 RSI: 0000200000000000 RDI: 000000000000000a [ 193.277354][ T6737] RBP: 00007f71a514d090 R08: 0000000000000000 R09: 0000000000000000 [ 193.277364][ T6737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.277375][ T6737] R13: 00007f71a7156128 R14: 00007f71a7156090 R15: 00007ffdf3a84fd8 [ 193.277404][ T6737] [ 193.701726][ T990] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 193.865353][ T990] usb 5-1: Using ep0 maxpacket: 32 [ 193.877627][ T990] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.914834][ T990] usb 5-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 193.914862][ T990] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.914881][ T990] usb 5-1: Product: syz [ 193.914895][ T990] usb 5-1: Manufacturer: syz [ 193.914909][ T990] usb 5-1: SerialNumber: syz [ 193.931719][ T990] usb 5-1: config 0 descriptor?? [ 193.944885][ T990] usb 5-1: no audio or video endpoints found [ 194.089315][ T5928] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 194.220101][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.220198][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.255330][ T6739] mmap: syz.4.212 (6739): VmData 37597184 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data. [ 194.297464][ T5928] usb 4-1: config 0 has an invalid descriptor of length 88, skipping remainder of the config [ 194.297517][ T5928] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 194.297559][ T5928] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 194.297580][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.307323][ T5928] usb 4-1: config 0 descriptor?? [ 194.362701][ T5928] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 194.503548][ T990] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 196.672141][ T990] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.672172][ T990] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.672209][ T990] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 196.672230][ T990] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.862894][ T990] usb 1-1: config 0 descriptor?? [ 196.905960][ T31] usb 5-1: USB disconnect, device number 3 [ 197.115272][ T5852] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 197.268932][ T5852] usb 3-1: config 0 has an invalid descriptor of length 88, skipping remainder of the config [ 197.268985][ T5852] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 197.269026][ T5852] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 197.269048][ T5852] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.322811][ T990] samsung 0003:0419:0600.0004: item fetching failed at offset 5/7 [ 197.324995][ T990] samsung 0003:0419:0600.0004: parse failed [ 197.325064][ T990] samsung 0003:0419:0600.0004: probe with driver samsung failed with error -22 [ 197.352582][ T5852] usb 3-1: config 0 descriptor?? [ 197.365655][ T5852] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 198.209799][ T6770] netlink: 12 bytes leftover after parsing attributes in process `syz.1.219'. [ 198.817650][ T990] usb 4-1: USB disconnect, device number 5 [ 198.874918][ T31] usb 1-1: USB disconnect, device number 3 [ 199.082945][ T6779] FAULT_INJECTION: forcing a failure. [ 199.082945][ T6779] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.082976][ T6779] CPU: 0 UID: 0 PID: 6779 Comm: syz.3.220 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 199.082997][ T6779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 199.083007][ T6779] Call Trace: [ 199.083014][ T6779] [ 199.083022][ T6779] dump_stack_lvl+0x189/0x250 [ 199.083050][ T6779] ? __pfx____ratelimit+0x10/0x10 [ 199.083074][ T6779] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.083097][ T6779] ? __pfx__printk+0x10/0x10 [ 199.083130][ T6779] should_fail_ex+0x46c/0x600 [ 199.083158][ T6779] _copy_to_user+0x31/0xb0 [ 199.083181][ T6779] simple_read_from_buffer+0xe1/0x170 [ 199.083208][ T6779] proc_fail_nth_read+0x1b6/0x220 [ 199.083230][ T6779] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 199.083251][ T6779] ? rw_verify_area+0x2ac/0x4e0 [ 199.083271][ T6779] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 199.083297][ T6779] vfs_read+0x206/0xa30 [ 199.083326][ T6779] ? __pfx_vfs_read+0x10/0x10 [ 199.083350][ T6779] ? tipc_setsockopt+0x194/0x970 [ 199.083371][ T6779] ? kmem_cache_free+0x195/0x510 [ 199.083397][ T6779] ? __pfx_tipc_setsockopt+0x10/0x10 [ 199.083426][ T6779] ksys_read+0x14b/0x260 [ 199.083448][ T6779] ? __pfx_ksys_read+0x10/0x10 [ 199.083474][ T6779] ? do_syscall_64+0xbe/0x3b0 [ 199.083494][ T6779] do_syscall_64+0xfa/0x3b0 [ 199.083510][ T6779] ? lockdep_hardirqs_on+0x9c/0x150 [ 199.083533][ T6779] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.083550][ T6779] ? clear_bhb_loop+0x60/0xb0 [ 199.083571][ T6779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.083588][ T6779] RIP: 0033:0x7fbd5f88d63c [ 199.083604][ T6779] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 199.083622][ T6779] RSP: 002b:00007fbd5daee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 199.083641][ T6779] RAX: ffffffffffffffda RBX: 00007fbd5fad5fa0 RCX: 00007fbd5f88d63c [ 199.083654][ T6779] RDX: 000000000000000f RSI: 00007fbd5daee0a0 RDI: 0000000000000004 [ 199.083665][ T6779] RBP: 00007fbd5daee090 R08: 0000000000000000 R09: 0000000000000000 [ 199.083676][ T6779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 199.083686][ T6779] R13: 00007fbd5fad6038 R14: 00007fbd5fad5fa0 R15: 00007ffd32dfb288 [ 199.083725][ T6779] [ 199.458380][ T6778] netlink: 4 bytes leftover after parsing attributes in process `syz.0.221'. [ 202.686006][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 202.867433][ T6817] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 203.036087][ C1] vkms_vblank_simulate: vblank timer overrun [ 203.137056][ C1] vkms_vblank_simulate: vblank timer overrun [ 203.257598][ C1] vkms_vblank_simulate: vblank timer overrun [ 203.410201][ C1] vkms_vblank_simulate: vblank timer overrun [ 203.477282][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 203.477311][ T9] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 203.477324][ T9] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 203.477334][ T9] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 203.479592][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 203.479607][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.479617][ T9] usb 4-1: Product: syz [ 203.479624][ T9] usb 4-1: Manufacturer: syz [ 203.479631][ T9] usb 4-1: SerialNumber: syz [ 203.497114][ T9] cdc_mbim 4-1:1.0: skipping garbage [ 203.696167][ T6811] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 204.095359][ T31] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 204.120242][ T9] cdc_mbim 4-1:1.0: failed GET_NTB_PARAMETERS [ 204.120321][ T9] cdc_mbim 4-1:1.0: bind() failure [ 204.144130][ T9] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 204.144174][ T9] cdc_ncm 4-1:1.1: bind() failure [ 204.165814][ T9] usb 4-1: USB disconnect, device number 6 [ 204.267512][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 204.267544][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 204.267582][ T31] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 204.267610][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.322105][ T31] usb 2-1: config 0 descriptor?? [ 204.745052][ T31] samsung 0003:0419:0600.0005: item fetching failed at offset 5/7 [ 204.745976][ T31] samsung 0003:0419:0600.0005: parse failed [ 204.746048][ T31] samsung 0003:0419:0600.0005: probe with driver samsung failed with error -22 [ 204.915011][ T6825] FAULT_INJECTION: forcing a failure. [ 204.915011][ T6825] name failslab, interval 1, probability 0, space 0, times 0 [ 204.915042][ T6825] CPU: 1 UID: 0 PID: 6825 Comm: syz.4.232 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 204.915062][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 204.915072][ T6825] Call Trace: [ 204.915080][ T6825] [ 204.915088][ T6825] dump_stack_lvl+0x189/0x250 [ 204.915119][ T6825] ? __pfx____ratelimit+0x10/0x10 [ 204.915144][ T6825] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.915165][ T6825] ? __pfx__printk+0x10/0x10 [ 204.915188][ T6825] ? __pfx___might_resched+0x10/0x10 [ 204.915206][ T6825] ? fs_reclaim_acquire+0x7d/0x100 [ 204.915227][ T6825] should_fail_ex+0x46c/0x600 [ 204.915255][ T6825] should_failslab+0xa8/0x100 [ 204.915279][ T6825] __kmalloc_noprof+0xcb/0x430 [ 204.915298][ T6825] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 204.915327][ T6825] tomoyo_realpath_from_path+0xe3/0x5d0 [ 204.915351][ T6825] ? tomoyo_domain+0xda/0x130 [ 204.915380][ T6825] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 204.915400][ T6825] tomoyo_path_number_perm+0x1e8/0x5a0 [ 204.915424][ T6825] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 204.915449][ T6825] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 204.915473][ T6825] ? lockdep_hardirqs_on+0x9c/0x150 [ 204.915524][ T6825] ? __lock_acquire+0xab9/0xd20 [ 204.915567][ T6825] ? __fget_files+0x2a/0x420 [ 204.915593][ T6825] ? __fget_files+0x2a/0x420 [ 204.915614][ T6825] ? __fget_files+0x3a6/0x420 [ 204.915635][ T6825] ? __fget_files+0x2a/0x420 [ 204.915661][ T6825] security_file_ioctl+0xcb/0x2d0 [ 204.915687][ T6825] __se_sys_ioctl+0x47/0x170 [ 204.915710][ T6825] do_syscall_64+0xfa/0x3b0 [ 204.915725][ T6825] ? lockdep_hardirqs_on+0x9c/0x150 [ 204.915747][ T6825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.915764][ T6825] ? clear_bhb_loop+0x60/0xb0 [ 204.915785][ T6825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.915802][ T6825] RIP: 0033:0x7fac7159ec29 [ 204.915818][ T6825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.915832][ T6825] RSP: 002b:00007fac6f7fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 204.915851][ T6825] RAX: ffffffffffffffda RBX: 00007fac717e5fa0 RCX: 00007fac7159ec29 [ 204.915864][ T6825] RDX: 0000200000000080 RSI: 00000000000089e0 RDI: 0000000000000003 [ 204.915875][ T6825] RBP: 00007fac6f7fe090 R08: 0000000000000000 R09: 0000000000000000 [ 204.915886][ T6825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 204.915896][ T6825] R13: 00007fac717e6038 R14: 00007fac717e5fa0 R15: 00007fff40977c78 [ 204.915926][ T6825] [ 205.196325][ T6825] ERROR: Out of memory at tomoyo_realpath_from_path. [ 205.666361][ T6831] netlink: 12 bytes leftover after parsing attributes in process `syz.3.233'. [ 206.090361][ T6836] netlink: 16 bytes leftover after parsing attributes in process `syz.0.235'. [ 206.476933][ T6840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.235'. [ 206.513467][ C1] vkms_vblank_simulate: vblank timer overrun [ 206.748725][ T6822] Bluetooth: hci4: command 0x0406 tx timeout [ 206.749489][ T6821] Bluetooth: hci1: command 0x0406 tx timeout [ 206.749518][ T6821] Bluetooth: hci0: command 0x080f tx timeout [ 206.749541][ T6821] Bluetooth: hci3: command 0x0406 tx timeout [ 206.749564][ T6821] Bluetooth: hci2: command 0x0406 tx timeout [ 206.770729][ T6088] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 206.830119][ T31] usb 3-1: USB disconnect, device number 10 [ 206.979470][ C1] vkms_vblank_simulate: vblank timer overrun [ 206.995409][ T5848] usb 2-1: USB disconnect, device number 4 [ 207.005254][ T6088] usb 5-1: Using ep0 maxpacket: 8 [ 207.008203][ T6088] usb 5-1: unable to get BOS descriptor or descriptor too short [ 207.014670][ T6088] usb 5-1: config 4 interface 0 has no altsetting 0 [ 207.019762][ T6088] usb 5-1: string descriptor 0 read error: -22 [ 207.019907][ T6088] usb 5-1: New USB device found, idVendor=058f, idProduct=7010, bcdDevice=48.05 [ 207.019929][ T6088] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.279727][ T6838] netlink: 20 bytes leftover after parsing attributes in process `syz.4.234'. [ 207.279957][ T6838] netlink: 4 bytes leftover after parsing attributes in process `syz.4.234'. [ 207.331903][ T6839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.332317][ T6839] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.410859][ C1] vkms_vblank_simulate: vblank timer overrun [ 208.343749][ T37] kauditd_printk_skb: 29 callbacks suppressed [ 208.343766][ T37] audit: type=1326 audit(1758393395.111:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6854 comm="syz.0.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 208.362305][ T37] audit: type=1326 audit(1758393395.131:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6854 comm="syz.0.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 208.368392][ T37] audit: type=1326 audit(1758393395.141:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6854 comm="syz.0.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 208.368436][ T37] audit: type=1326 audit(1758393395.141:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6854 comm="syz.0.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 208.368472][ T37] audit: type=1326 audit(1758393395.141:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6854 comm="syz.0.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 208.386769][ T37] audit: type=1326 audit(1758393395.161:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6854 comm="syz.0.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 208.386813][ T37] audit: type=1326 audit(1758393395.161:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6854 comm="syz.0.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 208.410793][ T37] audit: type=1326 audit(1758393395.161:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6854 comm="syz.0.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f71a6f05be7 code=0x7ffc0000 [ 208.410837][ T37] audit: type=1326 audit(1758393395.171:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6854 comm="syz.0.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f71a6eaae09 code=0x7ffc0000 [ 208.410879][ T37] audit: type=1326 audit(1758393395.171:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6854 comm="syz.0.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 208.992209][ T6862] capability: warning: `syz.0.241' uses deprecated v2 capabilities in a way that may be insecure [ 209.890644][ T994] usb 5-1: USB disconnect, device number 4 [ 210.209308][ T6871] 8021q: VLANs not supported on ip6tnl0 [ 210.432659][ T994] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 210.575255][ T994] usb 5-1: Using ep0 maxpacket: 32 [ 210.660381][ T994] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 210.660435][ T994] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 210.703684][ T994] usb 5-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=a7.c0 [ 210.703764][ T994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.703784][ T994] usb 5-1: Product: syz [ 210.703797][ T994] usb 5-1: Manufacturer: syz [ 210.703811][ T994] usb 5-1: SerialNumber: syz [ 210.764549][ T994] usb 5-1: config 0 descriptor?? [ 210.786496][ T994] qmi_wwan 5-1:0.0: probe with driver qmi_wwan failed with error -22 [ 211.025805][ T5848] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 211.459941][ T5848] usb 3-1: config 0 has an invalid descriptor of length 88, skipping remainder of the config [ 211.459996][ T5848] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 211.460037][ T5848] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 211.460059][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.552425][ T5848] usb 3-1: config 0 descriptor?? [ 211.587277][ T5848] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 211.925734][ T994] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 213.119045][ T994] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.119072][ T994] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.119095][ T994] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 213.119107][ T994] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.147713][ T5928] usb 5-1: USB disconnect, device number 5 [ 213.177668][ T994] usb 2-1: config 0 descriptor?? [ 213.322373][ T6896] netlink: 16 bytes leftover after parsing attributes in process `syz.4.250'. [ 213.512010][ T37] kauditd_printk_skb: 3 callbacks suppressed [ 213.512026][ T37] audit: type=1326 audit(1758393400.281:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6897 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 213.704632][ T6896] netlink: 4 bytes leftover after parsing attributes in process `syz.4.250'. [ 213.710698][ T994] samsung 0003:0419:0600.0006: item fetching failed at offset 5/7 [ 213.711471][ T994] samsung 0003:0419:0600.0006: parse failed [ 213.711538][ T994] samsung 0003:0419:0600.0006: probe with driver samsung failed with error -22 [ 213.723392][ T37] audit: type=1326 audit(1758393400.491:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6897 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 213.750778][ T37] audit: type=1326 audit(1758393400.521:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6897 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 213.757740][ T37] audit: type=1326 audit(1758393400.521:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6897 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 213.761359][ T37] audit: type=1326 audit(1758393400.531:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6897 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 213.762589][ T37] audit: type=1326 audit(1758393400.531:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6897 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 213.764830][ T37] audit: type=1326 audit(1758393400.531:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6897 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 213.766638][ T37] audit: type=1326 audit(1758393400.541:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6897 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71a6f0ec29 code=0x7ffc0000 [ 213.767153][ T37] audit: type=1326 audit(1758393400.541:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6897 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f71a6f05be7 code=0x7ffc0000 [ 213.770419][ T37] audit: type=1326 audit(1758393400.541:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6897 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f71a6eaae09 code=0x7ffc0000 [ 214.360850][ T994] usb 3-1: USB disconnect, device number 11 [ 214.484029][ T6088] usb 2-1: USB disconnect, device number 5 [ 214.583047][ T6914] FAULT_INJECTION: forcing a failure. [ 214.583047][ T6914] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 214.583077][ T6914] CPU: 0 UID: 0 PID: 6914 Comm: syz.4.254 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 214.583097][ T6914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 214.583106][ T6914] Call Trace: [ 214.583113][ T6914] [ 214.583121][ T6914] dump_stack_lvl+0x189/0x250 [ 214.583149][ T6914] ? __pfx____ratelimit+0x10/0x10 [ 214.583172][ T6914] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.583196][ T6914] ? __pfx__printk+0x10/0x10 [ 214.583229][ T6914] should_fail_ex+0x46c/0x600 [ 214.583256][ T6914] _copy_to_user+0x31/0xb0 [ 214.583279][ T6914] simple_read_from_buffer+0xe1/0x170 [ 214.583305][ T6914] proc_fail_nth_read+0x1b6/0x220 [ 214.583326][ T6914] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 214.583348][ T6914] ? rw_verify_area+0x2ac/0x4e0 [ 214.583372][ T6914] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 214.583390][ T6914] vfs_read+0x206/0xa30 [ 214.583419][ T6914] ? __pfx_vfs_read+0x10/0x10 [ 214.583436][ T6914] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 214.583466][ T6914] ? mutex_lock_nested+0x154/0x1d0 [ 214.583484][ T6914] ? fdget_pos+0x253/0x320 [ 214.583515][ T6914] ksys_read+0x14b/0x260 [ 214.583534][ T6914] ? __fget_files+0x3a6/0x420 [ 214.583556][ T6914] ? __pfx_ksys_read+0x10/0x10 [ 214.583580][ T6914] ? do_syscall_64+0xbe/0x3b0 [ 214.583602][ T6914] do_syscall_64+0xfa/0x3b0 [ 214.583617][ T6914] ? lockdep_hardirqs_on+0x9c/0x150 [ 214.583639][ T6914] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.583656][ T6914] ? clear_bhb_loop+0x60/0xb0 [ 214.583677][ T6914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.583693][ T6914] RIP: 0033:0x7fac7159d63c [ 214.583709][ T6914] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 214.583723][ T6914] RSP: 002b:00007fac6f7dd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 214.583742][ T6914] RAX: ffffffffffffffda RBX: 00007fac717e6090 RCX: 00007fac7159d63c [ 214.583754][ T6914] RDX: 000000000000000f RSI: 00007fac6f7dd0a0 RDI: 0000000000000005 [ 214.583766][ T6914] RBP: 00007fac6f7dd090 R08: 0000000000000000 R09: 0000000000000000 [ 214.583777][ T6914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.583787][ T6914] R13: 00007fac717e6128 R14: 00007fac717e6090 R15: 00007fff40977c78 [ 214.583817][ T6914] [ 222.122163][ C0] vkms_vblank_simulate: vblank timer overrun [ 222.259072][ C0] vkms_vblank_simulate: vblank timer overrun [ 224.452354][ T6952] ieee802154 phy0 wpan0: encryption failed: -90 [ 224.931097][ T994] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 225.797880][ T994] usb 4-1: config 0 has an invalid descriptor of length 88, skipping remainder of the config [ 225.797935][ T994] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 225.797977][ T994] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 225.797998][ T994] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.803290][ T994] usb 4-1: config 0 descriptor?? [ 225.876591][ T994] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 226.180615][ T6960] syz_tun: entered allmulticast mode [ 226.203884][ T6960] syz_tun: left allmulticast mode [ 227.444247][ T994] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 235.421132][ C1] sched: DL replenish lagged too much [ 256.425955][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.426031][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 266.530170][ T5154] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 266.551982][ T5154] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 266.553130][ T5154] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 266.554726][ T5154] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 266.594850][ T5154] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 269.248861][ T5154] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 269.253923][ T5154] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 269.270965][ T5154] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 269.272214][ T5154] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 269.273026][ T5154] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 269.376958][ T5844] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 269.381842][ T5844] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 269.382945][ T5844] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 269.384126][ T5844] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 269.414094][ T5844] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 269.782383][ T59] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 269.793817][ T59] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 269.817572][ T5839] Bluetooth: hci5: command tx timeout [ 269.818051][ T59] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 269.821246][ T59] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 269.822142][ T59] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 270.113903][ T5839] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 270.133544][ T5839] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 270.134691][ T5839] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 270.150265][ T5839] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 270.151075][ T5839] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 270.284050][ T6976] chnl_net:caif_netlink_parms(): no params data found [ 272.775643][ T5839] Bluetooth: hci5: command tx timeout [ 276.275337][ T6822] Bluetooth: hci5: command tx timeout [ 276.429849][ T5154] Bluetooth: hci9: command tx timeout [ 278.295467][ T5839] Bluetooth: hci5: command tx timeout [ 278.455572][ T5839] Bluetooth: hci9: command tx timeout [ 278.455888][ T5839] Bluetooth: hci8: command tx timeout [ 278.456094][ T5839] Bluetooth: hci6: command tx timeout [ 278.456239][ T5839] Bluetooth: hci7: command tx timeout [ 280.535538][ T59] Bluetooth: hci7: command tx timeout [ 280.535570][ T59] Bluetooth: hci8: command tx timeout [ 280.535590][ T59] Bluetooth: hci6: command tx timeout [ 280.565307][ T5839] Bluetooth: hci9: command tx timeout [ 283.406609][ T59] Bluetooth: hci6: command tx timeout [ 283.406646][ T59] Bluetooth: hci9: command tx timeout [ 283.406667][ T59] Bluetooth: hci8: command tx timeout [ 283.406686][ T59] Bluetooth: hci7: command tx timeout [ 285.415290][ T5839] Bluetooth: hci8: command tx timeout [ 285.415324][ T5839] Bluetooth: hci6: command tx timeout [ 285.495269][ T59] Bluetooth: hci7: command tx timeout [ 299.930098][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 299.942700][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 299.944128][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 299.959988][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 299.960795][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 302.085342][ T5839] Bluetooth: hci0: command tx timeout [ 308.526885][ T5839] Bluetooth: hci0: command tx timeout [ 310.535291][ T59] Bluetooth: hci0: command tx timeout [ 316.917755][ T59] Bluetooth: hci0: command tx timeout [ 317.102171][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.102246][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 330.210648][ T59] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 330.214173][ T59] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 330.215897][ T59] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 330.245870][ T59] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 330.246694][ T59] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 330.412456][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 330.447894][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 330.449001][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 330.450555][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 330.451709][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 330.593315][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 330.605553][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 330.606636][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 330.607778][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 330.608567][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 331.031928][ T59] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 331.047439][ T59] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 331.048504][ T59] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 331.049692][ T59] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 331.050482][ T59] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 332.375351][ T5839] Bluetooth: hci1: command tx timeout [ 332.539823][ T5839] Bluetooth: hci2: command tx timeout [ 332.705297][ T5839] Bluetooth: hci3: command tx timeout [ 333.095533][ T5839] Bluetooth: hci10: command tx timeout [ 334.458883][ T5839] Bluetooth: hci1: command tx timeout [ 334.622787][ T5839] Bluetooth: hci2: command tx timeout [ 334.775281][ T5839] Bluetooth: hci3: command tx timeout [ 335.175318][ T5839] Bluetooth: hci10: command tx timeout [ 336.535264][ T5839] Bluetooth: hci1: command tx timeout [ 336.695627][ T5839] Bluetooth: hci2: command tx timeout [ 336.855546][ T5839] Bluetooth: hci3: command tx timeout [ 337.265764][ T5839] Bluetooth: hci10: command tx timeout [ 338.615246][ T5839] Bluetooth: hci1: command tx timeout [ 338.785451][ T5839] Bluetooth: hci2: command tx timeout [ 338.935553][ T5839] Bluetooth: hci3: command tx timeout [ 339.335438][ T5839] Bluetooth: hci10: command tx timeout [ 354.335212][ T6976] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg0": -EINTR [ 360.051854][ T59] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 360.079808][ T59] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 360.080981][ T59] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 360.082662][ T59] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 360.084064][ T59] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 367.735464][ T5839] Bluetooth: hci11: command tx timeout [ 369.815538][ T5839] Bluetooth: hci11: command tx timeout [ 371.895362][ T5839] Bluetooth: hci11: command tx timeout [ 373.985273][ T5839] Bluetooth: hci11: command tx timeout [ 378.548967][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.549043][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.305958][ T38] INFO: task syz.0.266:6956 blocked for more than 146 seconds. [ 384.305981][ T38] Not tainted syzkaller #0 [ 384.305991][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 384.305999][ T38] task:syz.0.266 state:D stack:25128 pid:6956 tgid:6956 ppid:5851 task_flags:0x400040 flags:0x00004006 [ 384.306054][ T38] Call Trace: [ 384.306061][ T38] [ 384.306074][ T38] __schedule+0x16f3/0x4c20 [ 384.306128][ T38] ? __lock_acquire+0xab9/0xd20 [ 384.306152][ T38] ? __pfx___schedule+0x10/0x10 [ 384.306192][ T38] ? schedule+0x91/0x360 [ 384.306218][ T38] schedule+0x165/0x360 [ 384.306243][ T38] schedule_timeout+0x9a/0x270 [ 384.306265][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 384.306301][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 384.306324][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 384.306345][ T38] ? wait_for_completion+0x267/0x5d0 [ 384.306371][ T38] wait_for_completion+0x2bf/0x5d0 [ 384.306408][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 384.306433][ T38] ? __raw_spin_lock_init+0x45/0x100 [ 384.306462][ T38] rcu_barrier+0x463/0x570 [ 384.306493][ T38] kvm_mmu_uninit_vm+0x53/0x90 [ 384.306512][ T38] kvm_arch_destroy_vm+0x23d/0x280 [ 384.306537][ T38] kvm_put_kvm+0xf8e/0x1670 [ 384.306566][ T38] ? __pfx_kvm_vm_release+0x10/0x10 [ 384.306588][ T38] kvm_vm_release+0x46/0x50 [ 384.306608][ T38] __fput+0x458/0xa80 [ 384.306638][ T38] task_work_run+0x1d4/0x260 [ 384.306660][ T38] ? __pfx_task_work_run+0x10/0x10 [ 384.306684][ T38] ? exit_to_user_mode_loop+0x40/0x110 [ 384.306710][ T38] exit_to_user_mode_loop+0xec/0x110 [ 384.306733][ T38] do_syscall_64+0x2bd/0x3b0 [ 384.306749][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 384.306772][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.306790][ T38] ? clear_bhb_loop+0x60/0xb0 [ 384.306811][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.306834][ T38] RIP: 0033:0x7f71a6f0ec29 [ 384.306850][ T38] RSP: 002b:00007ffdf3a85138 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 384.306874][ T38] RAX: 0000000000000000 RBX: 00000000000371aa RCX: 00007f71a6f0ec29 [ 384.306886][ T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 384.306897][ T38] RBP: 00007f71a7157da0 R08: 0000000000000001 R09: 0000001df3a8542f [ 384.306909][ T38] R10: 0000001b30720000 R11: 0000000000000246 R12: 00007f71a7155fac [ 384.306922][ T38] R13: 00007f71a7155fa0 R14: ffffffffffffffff R15: 00007ffdf3a85250 [ 384.306953][ T38] [ 384.306975][ T38] [ 384.306975][ T38] Showing all locks held in the system: [ 384.306985][ T38] 2 locks held by ksoftirqd/1/30: [ 384.306996][ T38] 1 lock held by khungtaskd/38: [ 384.307006][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 384.307050][ T38] 3 locks held by kworker/u8:2/43: [ 384.307060][ T38] #0: ffff88814c71a938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.307106][ T38] #1: ffffc90000b47bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.307151][ T38] #2: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 384.307197][ T38] 3 locks held by kworker/u8:4/64: [ 384.307207][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.307253][ T38] #1: ffffc900014ffbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.307297][ T38] #2: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 384.307345][ T38] 7 locks held by kworker/1:2/990: [ 384.307357][ T38] 2 locks held by kworker/u8:8/1165: [ 384.307368][ T38] #0: ffff888146e83938 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.307413][ T38] #1: ffffc90004a27bc0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.307471][ T38] 2 locks held by getty/5599: [ 384.307481][ T38] #0: ffff88823bf2e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 384.307529][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 384.307574][ T38] 1 lock held by syz-executor/5836: [ 384.307584][ T38] #0: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 384.307631][ T38] 1 lock held by syz-executor/5837: [ 384.307641][ T38] #0: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 384.307688][ T38] 1 lock held by syz-executor/5846: [ 384.307698][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 384.307747][ T38] 1 lock held by syz.1.263/6949: [ 384.307757][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 384.307799][ T38] 1 lock held by syz.3.264/6964: [ 384.307809][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 384.307856][ T38] 1 lock held by syz.0.266/6956: [ 384.307867][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 384.307909][ T38] 3 locks held by kworker/0:9/6967: [ 384.307919][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.307964][ T38] #1: ffffc9001c25fbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.308009][ T38] #2: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 384.308052][ T38] 1 lock held by syz-executor/6976: [ 384.308062][ T38] #0: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 384.308108][ T38] 2 locks held by syz-executor/6986: [ 384.308118][ T38] #0: ffffffff8ecc6940 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 384.308164][ T38] #1: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 384.308207][ T38] 2 locks held by syz-executor/6987: [ 384.308217][ T38] #0: ffffffff8ecc6940 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 384.308262][ T38] #1: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 384.308304][ T38] 2 locks held by syz-executor/6991: [ 384.308314][ T38] #0: ffffffff8ecc6940 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 384.308358][ T38] #1: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 384.308403][ T38] 2 locks held by syz-executor/6993: [ 384.308413][ T38] #0: ffffffff8ecc6940 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 384.308457][ T38] #1: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x990 [ 384.308503][ T38] 1 lock held by syz-executor/6996: [ 384.308513][ T38] #0: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 384.308556][ T38] 1 lock held by syz-executor/7003: [ 384.308567][ T38] #0: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 384.308608][ T38] 1 lock held by syz-executor/7005: [ 384.308618][ T38] #0: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 384.308661][ T38] 1 lock held by syz-executor/7007: [ 384.308671][ T38] #0: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 384.308713][ T38] 1 lock held by syz-executor/7009: [ 384.308723][ T38] #0: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 384.308765][ T38] 1 lock held by syz-executor/7016: [ 384.308775][ T38] #0: ffffffff8ecd3838 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 384.308817][ T38] [ 384.308822][ T38] ============================================= [ 384.308822][ T38] [ 384.308838][ T38] NMI backtrace for cpu 0 [ 384.308860][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 384.308881][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 384.308891][ T38] Call Trace: [ 384.308898][ T38] [ 384.308905][ T38] dump_stack_lvl+0x189/0x250 [ 384.308932][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.308955][ T38] ? __pfx__printk+0x10/0x10 [ 384.308986][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 384.309010][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 384.309035][ T38] ? __pfx__printk+0x10/0x10 [ 384.309057][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 384.309081][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 384.309105][ T38] watchdog+0xf93/0xfe0 [ 384.309131][ T38] ? watchdog+0x1de/0xfe0 [ 384.309157][ T38] kthread+0x70e/0x8a0 [ 384.309183][ T38] ? __pfx_watchdog+0x10/0x10 [ 384.309203][ T38] ? __pfx_kthread+0x10/0x10 [ 384.309231][ T38] ? __pfx_kthread+0x10/0x10 [ 384.309255][ T38] ret_from_fork+0x436/0x7d0 [ 384.309279][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 384.309306][ T38] ? __switch_to_asm+0x39/0x70 [ 384.309322][ T38] ? __switch_to_asm+0x33/0x70 [ 384.309337][ T38] ? __pfx_kthread+0x10/0x10 [ 384.309361][ T38] ret_from_fork_asm+0x1a/0x30 [ 384.309393][ T38] [ 384.309400][ T38] Sending NMI from CPU 0 to CPUs 1: [ 384.309425][ C1] NMI backtrace for cpu 1 [ 384.309438][ C1] CPU: 1 UID: 0 PID: 990 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 384.309456][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 384.309466][ C1] Workqueue: events_power_efficient neigh_periodic_work [ 384.309486][ C1] RIP: 0010:lock_acquire+0xa9/0x360 [ 384.309504][ C1] Code: b4 24 90 00 00 00 4c 89 ef e8 83 87 81 00 83 3d 1c 70 81 0d 00 0f 84 fa 00 00 00 65 8b 05 7f 7d 5a 10 85 c0 0f 85 eb 00 00 00 <65> 48 8b 04 25 08 40 f6 91 83 b8 1c 0b 00 00 00 0f 85 d5 00 00 00 [ 384.309518][ C1] RSP: 0018:ffffc90004666380 EFLAGS: 00000046 [ 384.309530][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: c6eeb0f35a888400 [ 384.309541][ C1] RDX: 0000000000000000 RSI: ffffffff8afa8087 RDI: 1ffffd1ffffa040b [ 384.309552][ C1] RBP: ffffffff8af96440 R08: 0000000000000001 R09: 0000000000000000 [ 384.309562][ C1] R10: dffffc0000000000 R11: fffffbfff1e3ac47 R12: 0000000000000000 [ 384.309573][ C1] R13: ffffe8ffffd02058 R14: 0000000000000000 R15: 0000000000000001 [ 384.309583][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 384.309596][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 384.309612][ C1] CR2: 0000001b31d1aff8 CR3: 000000003f46a000 CR4: 00000000003526f0 [ 384.309626][ C1] Call Trace: [ 384.309632][ C1] [ 384.309645][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 384.309664][ C1] ? rt_mutex_slowunlock+0xb0/0x8a0 [ 384.309681][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 384.309704][ C1] rt_mutex_slowunlock+0xb0/0x8a0 [ 384.309721][ C1] ? reacquire_held_locks+0x127/0x1d0 [ 384.309741][ C1] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 384.309760][ C1] ? rt_spin_unlock+0x65/0x80 [ 384.309779][ C1] ___slab_alloc+0x4d2/0xdc0 [ 384.309794][ C1] ? dst_alloc+0x105/0x170 [ 384.309810][ C1] ? dst_alloc+0x105/0x170 [ 384.309824][ C1] kmem_cache_alloc_noprof+0xe6/0x310 [ 384.309844][ C1] dst_alloc+0x105/0x170 [ 384.309861][ C1] ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 384.309882][ C1] ? ip_route_output_key_hash+0xde/0x2e0 [ 384.309898][ C1] ip_route_output_key_hash+0x1b9/0x2e0 [ 384.309913][ C1] ? __lock_acquire+0xab9/0xd20 [ 384.309930][ C1] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 384.309948][ C1] ? ip_route_me_harder+0x4ad/0x1030 [ 384.309969][ C1] ip_route_output_flow+0x2a/0x150 [ 384.309982][ C1] ? ip_route_me_harder+0x6c0/0x1030 [ 384.309999][ C1] ip_route_me_harder+0x6d2/0x1030 [ 384.310021][ C1] ? __pfx_ip_route_me_harder+0x10/0x10 [ 384.310050][ C1] synproxy_send_tcp+0x359/0x6c0 [ 384.310073][ C1] synproxy_send_client_synack+0x8bb/0xe20 [ 384.310098][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 384.310116][ C1] ? nft_synproxy_eval_v6+0x378/0x560 [ 384.310131][ C1] ? synproxy_pernet+0x45/0x270 [ 384.310149][ C1] nft_synproxy_eval_v4+0x36e/0x560 [ 384.310166][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 384.310183][ C1] ? nf_ip_checksum+0x13c/0x510 [ 384.310200][ C1] nft_synproxy_do_eval+0x345/0x570 [ 384.310217][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 384.310240][ C1] nft_do_chain+0x409/0x1920 [ 384.310253][ C1] ? rcu_is_watching+0x15/0xb0 [ 384.310273][ C1] ? __schedule+0x1709/0x4c20 [ 384.310292][ C1] ? do_raw_spin_lock+0x121/0x290 [ 384.310308][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 384.310340][ C1] nft_do_chain_inet+0x25d/0x340 [ 384.310355][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 384.310369][ C1] ? __lock_acquire+0xab9/0xd20 [ 384.310390][ C1] ? NF_HOOK+0x9a/0x3a0 [ 384.310408][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 384.310423][ C1] nf_hook_slow+0xc2/0x220 [ 384.310443][ C1] NF_HOOK+0x206/0x3a0 [ 384.310460][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 384.310478][ C1] ? NF_HOOK+0x9a/0x3a0 [ 384.310494][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 384.310510][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 384.310529][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 384.310547][ C1] ? skb_dst+0x4f/0xd0 [ 384.310565][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 384.310583][ C1] NF_HOOK+0x30c/0x3a0 [ 384.310607][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 384.310624][ C1] ? NF_HOOK+0x9a/0x3a0 [ 384.310640][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 384.310659][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 384.310681][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 384.310697][ C1] __netif_receive_skb+0x143/0x380 [ 384.310714][ C1] ? rt_spin_unlock+0x65/0x80 [ 384.310732][ C1] ? process_backlog+0x27b/0x900 [ 384.310748][ C1] process_backlog+0x31e/0x900 [ 384.310771][ C1] __napi_poll+0xb6/0x540 [ 384.310789][ C1] net_rx_action+0x707/0xe00 [ 384.310814][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 384.310833][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 384.310856][ C1] ? __pfx_sched_clock_cpu+0x10/0x10 [ 384.310877][ C1] handle_softirqs+0x22f/0x710 [ 384.310898][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 384.310919][ C1] __local_bh_enable_ip+0x179/0x270 [ 384.310935][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 384.310953][ C1] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 384.310968][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 384.310992][ C1] ? neigh_periodic_work+0x57/0xe90 [ 384.311010][ C1] neigh_periodic_work+0xc37/0xe90 [ 384.311030][ C1] ? neigh_periodic_work+0x57/0xe90 [ 384.311047][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 384.311065][ C1] process_scheduled_works+0xade/0x17b0 [ 384.311094][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 384.311118][ C1] worker_thread+0x8a0/0xda0 [ 384.311141][ C1] ? __kthread_parkme+0x7b/0x200 [ 384.311162][ C1] kthread+0x70e/0x8a0 [ 384.311182][ C1] ? __pfx_worker_thread+0x10/0x10 [ 384.311198][ C1] ? __pfx_kthread+0x10/0x10 [ 384.311219][ C1] ? __pfx_kthread+0x10/0x10 [ 384.311237][ C1] ret_from_fork+0x436/0x7d0 [ 384.311255][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 384.311274][ C1] ? __switch_to_asm+0x39/0x70 [ 384.311288][ C1] ? __switch_to_asm+0x33/0x70 [ 384.311300][ C1] ? __pfx_kthread+0x10/0x10 [ 384.311319][ C1] ret_from_fork_asm+0x1a/0x30 [ 384.311340][ C1] [ 384.311426][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 384.311439][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 384.311459][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 384.311469][ T38] Call Trace: [ 384.311477][ T38] [ 384.311484][ T38] dump_stack_lvl+0x99/0x250 [ 384.311508][ T38] ? __asan_memcpy+0x40/0x70 [ 384.311527][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.311550][ T38] ? __pfx__printk+0x10/0x10 [ 384.311581][ T38] vpanic+0x281/0x750 [ 384.311607][ T38] ? __pfx_vpanic+0x10/0x10 [ 384.311628][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 384.311646][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 384.311679][ T38] panic+0xb9/0xc0 [ 384.311701][ T38] ? __pfx_panic+0x10/0x10 [ 384.311726][ T38] ? irq_work_queue+0xc3/0x140 [ 384.311751][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 384.311775][ T38] watchdog+0xfd2/0xfe0 [ 384.311800][ T38] ? watchdog+0x1de/0xfe0 [ 384.311827][ T38] kthread+0x70e/0x8a0 [ 384.311859][ T38] ? __pfx_watchdog+0x10/0x10 [ 384.311879][ T38] ? __pfx_kthread+0x10/0x10 [ 384.311907][ T38] ? __pfx_kthread+0x10/0x10 [ 384.311932][ T38] ret_from_fork+0x436/0x7d0 [ 384.311956][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 384.311983][ T38] ? __switch_to_asm+0x39/0x70 [ 384.311998][ T38] ? __switch_to_asm+0x33/0x70 [ 384.312014][ T38] ? __pfx_kthread+0x10/0x10 [ 384.312038][ T38] ret_from_fork_asm+0x1a/0x30 [ 384.312070][ T38] [ 384.312328][ T38] Kernel Offset: disabled