last executing test programs: 10m7.613047803s ago: executing program 1 (id=2): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x20, 0x4, 0x44, 0x0, 0x0, 0x1}}, 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0x0) socket$nl_route(0x10, 0x3, 0x0) getpgid(r1) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2) 10m4.49207354s ago: executing program 1 (id=13): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x94) r0 = fsopen(&(0x7f00000001c0)='smb3\x00', 0x0) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffff8000, 0x0) r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0) ioctl$AUTOFS_IOC_FAIL(r5, 0x4c80, 0x7000000) ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'}) ioctl$sock_bt_hidp_HIDPCONNDEL(r3, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000003c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0, 0x0], 0x2}) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::/', 0x0) 10m1.997920244s ago: executing program 1 (id=17): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x262200, 0x0) close(r1) r2 = socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6}, 0x10) r7 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000000000)=ANY=[], 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r2, 0x0) setsockopt$inet6_mreq(r8, 0x29, 0x1b, &(0x7f0000000200)={@dev={0xfe, 0x80, '\x00', 0xfc}}, 0x14) fcntl$setstatus(r1, 0x4, 0x2000) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x3) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(&(0x7f00000002c0), r7) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x4001}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) 9m54.534428208s ago: executing program 1 (id=19): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') writev(r3, &(0x7f0000000000)=[{&(0x7f00000004c0)=' ', 0x1}], 0x1) 9m51.151352736s ago: executing program 1 (id=22): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x0, 0x0) syz_emit_ethernet(0xc0, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x8a, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x18, 0x1, "00d414ce8ad4"}, {0x0, 0x7, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34"}, {0x5, 0x1, "005ff92900ddab4992020900"}, {0x18, 0x5, "aace49d3309292c341ace5b1886d5602c075176b808ba538f4172998fc01f94be1886976a3e7"}]}}}}}}, 0x0) socket(0x11, 0x800000003, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 9m34.890547969s ago: executing program 32 (id=22): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x0, 0x0) syz_emit_ethernet(0xc0, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x8a, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x18, 0x1, "00d414ce8ad4"}, {0x0, 0x7, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34"}, {0x5, 0x1, "005ff92900ddab4992020900"}, {0x18, 0x5, "aace49d3309292c341ace5b1886d5602c075176b808ba538f4172998fc01f94be1886976a3e7"}]}}}}}}, 0x0) socket(0x11, 0x800000003, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 9m16.016080125s ago: executing program 0 (id=58): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x9, 0x20, 0x2, 0x0, 0x2004cc, 0x8000002, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x767], 0xeeef0000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_GET_REGS(r4, 0x8090ae81, &(0x7f0000000500)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x3) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) r5 = semget(0x3, 0x0, 0x251) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x111) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}}) acct(&(0x7f0000000040)='./file0\x00') socket$can_j1939(0x1d, 0x2, 0x7) semctl$GETVAL(r5, 0x1, 0xc, &(0x7f0000000100)=""/235) shmctl$SHM_INFO(0x0, 0xe, 0x0) 9m13.787897837s ago: executing program 4 (id=61): sendmmsg(0xffffffffffffffff, &(0x7f0000001500)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}, {{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x108}}], 0x2, 0xc040) 9m12.762465737s ago: executing program 0 (id=63): socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, 0x0, 0x40, 0x1ff) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000}) 9m12.315462006s ago: executing program 4 (id=64): creat(&(0x7f0000000300)='./file0\x00', 0x28) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff01800000"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x1000000}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB="f4b02b86df87851e7ae7b383760d80", @ANYRES8=r2], 0x138) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRES16=r1, @ANYBLOB="2cd8"]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x1868, &(0x7f00000007c0)={0x0, 0x3561, 0x80, 0x0, 0x274}, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f00000000c0), r7, 0x0, 0x3, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r6, &(0x7f0000000880)={0x8, 0x120, 0xfa00, {0x3, {0xfffffff9, 0xfffffffe, "169bd6f940e1ae1cae01176fdae5810ac7d89c5deb832b33730118174bcdcdd4d717d2a404faaee54cc582e205ca3b50490ccbb1f4f783e8b3f647b8fb4866aade0d3b17ff2291cb1d7384efaa3ecec736c80abe67e2c4509b9dd478fdd4e107dd9ba99350ce196128582fc07c11350d8c4498a9abdb030b5f21509fb1df4cd7f709248f5338ae5997deb7ae238e5c8ca0d7ecc25faee56834c4283fbd4bdf808a5209db698fafd595cb4e1a20cb7df8212235d65eab06f624b95e01a4794eefac7ef2e9fcb9a27d76b34f28767d609c83591f2464935a7296babbcf1e6fc20d335caa0c8d9849837a4740ec4366eb6661bdd52072a0f000c3926253293ac510", 0x9, 0x2, 0xdb, 0x5e, 0x5, 0x8, 0x2, 0x1}, r7}}, 0x128) write$RDMA_USER_CM_CMD_ACCEPT(r5, &(0x7f0000000340)={0x8, 0x120, 0xfa00, {0x2, {0x9, 0x8, "45b748bc6175c6e4e58b608b9fa813a9354783776f25f6df2be3499918586577cf2f16cf328800f99cd7e717232380077c4c537b161709f387703a1bf2d64fc121771823d23ac5722dbf9854370a50e58f3fb6589bc10b995a027be566308ab1c936244237c6c5548e8aaccc39df36a16d322c14782d5cc831b63d974d5ebb84978107c04df47a0d189521313479cc329040e36cc7f3838a5e33f86504f5fb125d8c8437c658f37730c0046a89a5d95f46a2b582ae558bca7da6a7ba4d4e466d719f26bc9e3cbb20c7e225019e6a1864a78dfb4a9d6fbe3ecdea68a85cb3446c03176588643ba1c512d5d9fc54a684623779ad092320825e4463a171cb0459c8", 0x2, 0x6, 0x4, 0x8, 0x9, 0x7, 0x9d}, r7}}, 0x128) 9m11.580979744s ago: executing program 2 (id=65): bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e22, 0x2, @private1, 0x5}, 0x1c) r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x41}}}, 0x1c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x2, @private1, 0x5}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x4) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) poll(&(0x7f0000000080), 0x0, 0x24b) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c000010", @ANYRES16=r5], 0x2c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e20, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x7, 0x0, 0x3}}}}}}}, 0x0) 9m11.515123708s ago: executing program 0 (id=66): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x20, 0x4, 0x44, 0x0, 0x0, 0x1}}, 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0x0) getpgid(r1) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2) 9m10.084243704s ago: executing program 4 (id=67): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) write$sndseq(r1, &(0x7f00000005c0)=[{0x7, 0x0, 0x0, 0x0, @time={0x4, 0xfffffff9}, {0x4}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time={0x800ffff}, {}, {}, @raw8={"272be5806cd46d7b9ff797a0"}}], 0x38) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0xd, @private2, 0x9}, 0x1c) socket$xdp(0x2c, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_PTRACER(0x59616d61, r2) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) r6 = fanotify_init(0x200, 0x0) fanotify_mark(r6, 0x1, 0x40000032, r5, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r9 = memfd_create(&(0x7f00000000c0)='\xe9`\x10\x98[\x82?O3#\xfa\x02\xdc\x96\xa1\xbc\x80\x00+\xb6O', 0x0) write$binfmt_elf32(r8, &(0x7f0000001e80)=ANY=[], 0x38) splice(r7, 0x0, r9, 0x0, 0x200002, 0x0) 9m9.892453164s ago: executing program 2 (id=68): socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, 0x0, 0x40, 0x1ff) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000}) 9m8.715295312s ago: executing program 4 (id=69): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x2200, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r0, &(0x7f00000007c0)="25d7fe75fa3496bb8e75411fe8ffffffffffffff0000000000", 0x19, 0xe044, 0x0, 0x0) sendto$inet(r0, &(0x7f00000004c0), 0x0, 0x805, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4, 0x5d032, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000000)=0xffffffffffffffff) ioctl$BTRFS_IOC_DEV_REPLACE(r1, 0xca289435, &(0x7f0000000240)={0x0, 0x4, @status={[0x0, 0xb03f, 0x84d, 0x2, 0x9, 0x10000]}, [0x77, 0x9, 0x400, 0x81, 0x40, 0x0, 0x0, 0x8, 0x0, 0x63, 0x1, 0x2, 0x7, 0x6, 0x7fffffff, 0x1ff, 0xdf, 0x3, 0x5, 0x3e, 0x0, 0x40, 0x7, 0x7, 0xb42f, 0x3, 0x4, 0x0, 0xb3a, 0x81, 0x3, 0x5, 0x3, 0x2, 0x100, 0x7fff, 0xffffffffffffffff, 0xfffffffffffffeff, 0x5, 0xffffffffffffffff, 0x30, 0x1, 0x71d, 0x8000, 0x9, 0xc9, 0x0, 0x5, 0x4, 0x9, 0xb59c, 0x4, 0x100000001, 0x8, 0x0, 0x800, 0x9, 0x6, 0x7, 0x5, 0xfffffffffffffffc, 0x5, 0xa, 0x468]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000cc0)) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_SPLIT(r4, &(0x7f0000000d80)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x240000c0}, 0x20000000) 9m7.363304661s ago: executing program 2 (id=70): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000180)=ANY=[@ANYRESDEC=r0, @ANYBLOB="9f83d5e4ad3c44feff970b12c0f89af8b8df01d1647847f944dc89be4cd01e76564bb78877a9c72b2fcc0ae729f604fef33861acae70", @ANYBLOB="0000000000000000b7080000a06700007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = fsopen(&(0x7f00000001c0)='smb3\x00', 0x0) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffff8000, 0x0) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0) ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0x7000000) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'}) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000003c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r7, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0, 0x0], 0x2}) ioctl$DRM_IOCTL_MODE_SETPLANE(r7, 0xc03064b7, &(0x7f0000000a00)={r11, r9, r10, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x3, 0x800000}) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) 9m6.985927021s ago: executing program 4 (id=72): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0) creat(&(0x7f0000000480)='./file0\x00', 0x83) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VIDIOC_ENUMSTD(r3, 0xc0485619, &(0x7f0000000300)={0x58d3c7c1, 0xb000, "a5378888ab09383a652166d5e8aaf739c7505d222988b308", {0x0, 0x4}, 0xb6c}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[], 0x17) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000140)) sendmsg$BATADV_CMD_GET_NEIGHBORS(r6, &(0x7f0000004340)={0x0, 0x0, 0x0}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) syz_open_dev$audion(&(0x7f00000011c0), 0x3, 0x8c4201) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x1, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0xa0, 0x42e6}}]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x100}, 0x800) 9m6.192499977s ago: executing program 0 (id=74): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket(0x10, 0x3, 0x0) connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bind$802154_raw(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0xc) r6 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r7 = socket$unix(0x1, 0x5, 0x0) bind$unix(r7, &(0x7f0000000140)=@abs={0x1}, 0x6e) socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000040)=0xad, 0x4) 9m6.104765666s ago: executing program 2 (id=75): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = fsopen(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(0xffffffffffffffff, &(0x7f0000002700)=""/102392, 0x18ff8) fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file4\x00', &(0x7f0000000040), 0x4, 0x0) 9m4.41764165s ago: executing program 0 (id=76): socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, 0x0, 0x40, 0x1ff) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000}) 9m3.054621029s ago: executing program 2 (id=78): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x18}, 0x0, 0x40000, 0x1}) io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 9m1.201111141s ago: executing program 4 (id=79): rseq(0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f00000000c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f00000003c0)={0x0, 0x0}) setpgid(0x0, r7) ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000040)=0x1f) r8 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000), 0x13f}}, 0x20) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000020000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x69, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000180)={0x0, 0x11d000}) 9m0.874422497s ago: executing program 2 (id=80): socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, 0x0, 0x40, 0x1ff) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000}) 9m0.341878957s ago: executing program 0 (id=81): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x2200, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r0, &(0x7f00000007c0)="25d7fe75fa3496bb8e75411fe8ffffffffffffff0000000000", 0x19, 0xe044, 0x0, 0x0) sendto$inet(r0, &(0x7f00000004c0), 0x0, 0x805, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4, 0x5d032, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000000)=0xffffffffffffffff) ioctl$BTRFS_IOC_DEV_REPLACE(r1, 0xca289435, &(0x7f0000000240)={0x0, 0x4, @status={[0x0, 0xb03f, 0x84d, 0x2, 0x9, 0x10000]}, [0x77, 0x9, 0x400, 0x81, 0x40, 0x0, 0x0, 0x8, 0x0, 0x63, 0x1, 0x2, 0x7, 0x6, 0x7fffffff, 0x1ff, 0xdf, 0x3, 0x5, 0x3e, 0x0, 0x40, 0x7, 0x7, 0xb42f, 0x3, 0x4, 0x0, 0xb3a, 0x81, 0x3, 0x5, 0x3, 0x2, 0x100, 0x7fff, 0xffffffffffffffff, 0xfffffffffffffeff, 0x5, 0xffffffffffffffff, 0x30, 0x1, 0x71d, 0x8000, 0x9, 0xc9, 0x0, 0x5, 0x4, 0x9, 0xb59c, 0x4, 0x100000001, 0x8, 0x0, 0x800, 0x9, 0x6, 0x7, 0x5, 0xfffffffffffffffc, 0x5, 0xa, 0x468]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000cc0)) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_SPLIT(r4, &(0x7f0000000d80)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000d40)={0x0, 0x70}, 0x1, 0x0, 0x0, 0x240000c0}, 0x20000000) 8m44.336061566s ago: executing program 33 (id=81): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x2200, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r0, &(0x7f00000007c0)="25d7fe75fa3496bb8e75411fe8ffffffffffffff0000000000", 0x19, 0xe044, 0x0, 0x0) sendto$inet(r0, &(0x7f00000004c0), 0x0, 0x805, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4, 0x5d032, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000000)=0xffffffffffffffff) ioctl$BTRFS_IOC_DEV_REPLACE(r1, 0xca289435, &(0x7f0000000240)={0x0, 0x4, @status={[0x0, 0xb03f, 0x84d, 0x2, 0x9, 0x10000]}, [0x77, 0x9, 0x400, 0x81, 0x40, 0x0, 0x0, 0x8, 0x0, 0x63, 0x1, 0x2, 0x7, 0x6, 0x7fffffff, 0x1ff, 0xdf, 0x3, 0x5, 0x3e, 0x0, 0x40, 0x7, 0x7, 0xb42f, 0x3, 0x4, 0x0, 0xb3a, 0x81, 0x3, 0x5, 0x3, 0x2, 0x100, 0x7fff, 0xffffffffffffffff, 0xfffffffffffffeff, 0x5, 0xffffffffffffffff, 0x30, 0x1, 0x71d, 0x8000, 0x9, 0xc9, 0x0, 0x5, 0x4, 0x9, 0xb59c, 0x4, 0x100000001, 0x8, 0x0, 0x800, 0x9, 0x6, 0x7, 0x5, 0xfffffffffffffffc, 0x5, 0xa, 0x468]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000cc0)) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_SPLIT(r4, &(0x7f0000000d80)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000d40)={0x0, 0x70}, 0x1, 0x0, 0x0, 0x240000c0}, 0x20000000) 8m44.085785121s ago: executing program 34 (id=80): socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, 0x0, 0x40, 0x1ff) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000}) 8m43.642806743s ago: executing program 35 (id=79): rseq(0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f00000000c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f00000003c0)={0x0, 0x0}) setpgid(0x0, r7) ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000040)=0x1f) r8 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000), 0x13f}}, 0x20) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000020000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x69, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000180)={0x0, 0x11d000}) 3.238401234s ago: executing program 3 (id=490): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffb0}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x600}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff13}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x9}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.789100038s ago: executing program 3 (id=491): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1}, 0x10) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r3, 0x0, &(0x7f0000fcf000/0x4000)=nil, 0x4000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r4, 0x0, 0x10000, 0x0, 0x4, 0x12fbab, 0x2976b1}) 1.66035879s ago: executing program 3 (id=492): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffb0}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x600}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff13}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x9}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (fail_nth: 1) 241.555996ms ago: executing program 3 (id=493): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) 160.22796ms ago: executing program 3 (id=494): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, 0x0) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000a00)={0x0, r2, r3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x3, 0x800000}) 0s ago: executing program 3 (id=495): r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, 0x0, 0x0}, 0x94) open(&(0x7f0000000080)='./bus\x00', 0x1c91e0, 0x0) mount(&(0x7f0000000100), &(0x7f00000001c0)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f00000000c0)='trans=rdma,') r1 = gettid() syz_open_procfs(r1, &(0x7f0000000000)='cpuset\x00') (async) syz_open_procfs(r1, &(0x7f0000000000)='cpuset\x00') syz_usb_control_io$printer(r0, &(0x7f0000000780)={0x14, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00030400000084780b97"]}, 0x0) (async) syz_usb_control_io$printer(r0, &(0x7f0000000780)={0x14, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00030400000084780b97"]}, 0x0) syz_usb_connect$cdc_ncm(0x4, 0x0, 0x0, &(0x7f0000000680)={0x0, 0x0, 0x2e, &(0x7f0000000200)=ANY=[@ANYBLOB="051bccf37785a14a1b1fed0912c050f88ff800000000000000001a00000000"]}) (async) syz_usb_connect$cdc_ncm(0x4, 0x0, 0x0, &(0x7f0000000680)={0x0, 0x0, 0x2e, &(0x7f0000000200)=ANY=[@ANYBLOB="051bccf37785a14a1b1fed0912c050f88ff800000000000000001a00000000"]}) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000200)=ANY=[]) kernel console output (not intermixed with test programs): 2] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 516.183956][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 516.234311][ T5856] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 516.252942][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 516.314741][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 516.315659][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 516.433117][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 516.453517][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 516.463961][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 516.476677][ T5852] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 516.477705][ T5852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 517.672123][ T5856] Bluetooth: hci2: command tx timeout [ 518.392230][ T5856] Bluetooth: hci1: command tx timeout [ 518.561807][ T5856] Bluetooth: hci3: command tx timeout [ 520.394547][ T5856] Bluetooth: hci2: command tx timeout [ 520.471791][ T5856] Bluetooth: hci1: command tx timeout [ 520.783889][ T5856] Bluetooth: hci3: command tx timeout [ 520.976644][ T7402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 521.427962][ T5906] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 521.668364][ T5906] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 521.668403][ T5906] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 521.668422][ T5906] usb 4-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 521.668443][ T5906] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 521.676809][ T5906] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 521.676846][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.676868][ T5906] usb 4-1: Product: syz [ 521.676883][ T5906] usb 4-1: Manufacturer: 쎹獟ߡᨁ럗饆зኆ㻋馢쟂粙甇ꠛ쵺핀⚾Ђ혴澐숏큀﫹惟꓎춄捌譇C꼠剫ป꘏즉՚藟즣쥆О눺ဴ쳀졹䦡㑑ꝩ斥尾磓㘮脦鿒룡던a珔㖢⾚鼽勄໖睽붆旅鐪숤菓ꚣ↕ᙇ꼼䖛웄喫♸覧䟹캚丨ᚥ碡鹡쁧첽ᅤ猪턪䂐捾ᨩಓ׏鶬ᵅ⥖ꌞ၁꜈ᆴ欺公滿䩧諉荲 [ 521.676917][ T5906] usb 4-1: SerialNumber: syz [ 522.472236][ T5856] Bluetooth: hci2: command tx timeout [ 522.535956][ T5906] usb 4-1: 0:2 : does not exist [ 522.562575][ T5856] Bluetooth: hci1: command tx timeout [ 522.612615][ T5906] usb 4-1: USB disconnect, device number 15 [ 522.797013][ T5856] Bluetooth: hci3: command tx timeout [ 523.180364][ T1162] bridge_slave_1: left allmulticast mode [ 523.180402][ T1162] bridge_slave_1: left promiscuous mode [ 523.180702][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 523.273652][ T1162] bridge_slave_0: left allmulticast mode [ 523.273691][ T1162] bridge_slave_0: left promiscuous mode [ 523.275698][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 524.362883][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.917077][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.918674][ T5852] Bluetooth: hci1: command tx timeout [ 524.930768][ T5852] Bluetooth: hci3: command tx timeout [ 524.954475][ T5856] Bluetooth: hci2: command tx timeout [ 525.337346][ C1] vkms_vblank_simulate: vblank timer overrun [ 525.602953][ T5154] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 525.625910][ T5154] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 525.628193][ T5154] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 525.630051][ T5154] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 525.657505][ T5154] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 526.208542][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.272121][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.609541][ T6004] Bluetooth: hci5: Frame reassembly failed (-84) [ 526.624750][ T6004] Bluetooth: hci5: Frame reassembly failed (-84) [ 527.360174][ C1] vkms_vblank_simulate: vblank timer overrun [ 527.461257][ C1] vkms_vblank_simulate: vblank timer overrun [ 527.624313][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 527.682269][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 527.710412][ T1162] bond0 (unregistering): Released all slaves [ 527.751822][ T5856] Bluetooth: hci4: command tx timeout [ 527.778908][ T7700] chnl_net:caif_netlink_parms(): no params data found [ 528.100629][ T7695] chnl_net:caif_netlink_parms(): no params data found [ 528.119300][ T7703] chnl_net:caif_netlink_parms(): no params data found [ 528.331906][ T1162] hsr_slave_0: left promiscuous mode [ 528.375950][ T1162] hsr_slave_1: left promiscuous mode [ 528.377089][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 528.406071][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 528.632327][ T5154] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 529.742671][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 529.831662][ T5856] Bluetooth: hci4: command tx timeout [ 529.973315][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 531.911821][ T5856] Bluetooth: hci4: command tx timeout [ 532.350484][ T7770] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 532.351501][ T7770] batadv_slave_0: entered promiscuous mode [ 534.465246][ T5856] Bluetooth: hci4: command tx timeout [ 536.861805][ T5907] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 536.895970][ T7700] bridge0: port 1(bridge_slave_0) entered blocking state [ 536.896223][ T7700] bridge0: port 1(bridge_slave_0) entered disabled state [ 536.896452][ T7700] bridge_slave_0: entered allmulticast mode [ 536.899775][ T7700] bridge_slave_0: entered promiscuous mode [ 537.011856][ T5907] usb 4-1: Using ep0 maxpacket: 8 [ 537.016371][ T5907] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 537.016400][ T5907] usb 4-1: config 179 has no interface number 0 [ 537.016458][ T5907] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 537.016485][ T5907] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 537.016513][ T5907] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 537.016540][ T5907] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 537.016568][ T5907] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 537.016614][ T5907] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 537.016638][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 537.034658][ T7789] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 537.451800][ T7789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 537.480976][ T7796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 537.498545][ T7796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 537.510655][ T7789] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 537.568883][ T7700] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.569374][ T7700] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.570088][ T7700] bridge_slave_1: entered allmulticast mode [ 537.574291][ T7796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 537.632419][ T7700] bridge_slave_1: entered promiscuous mode [ 537.653113][ T7796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 537.838810][ T5846] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input5 [ 538.086086][ T7695] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.086272][ T7695] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.086515][ T7695] bridge_slave_0: entered allmulticast mode [ 538.117200][ T7695] bridge_slave_0: entered promiscuous mode [ 538.339716][ T7703] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.343184][ T7703] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.369301][ T7703] bridge_slave_0: entered allmulticast mode [ 538.560601][ T7703] bridge_slave_0: entered promiscuous mode [ 538.804164][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 538.804249][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 538.815066][ T5846] usb 4-1: USB disconnect, device number 16 [ 538.857918][ T7695] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.858074][ T7695] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.858310][ T7695] bridge_slave_1: entered allmulticast mode [ 538.892985][ T7695] bridge_slave_1: entered promiscuous mode [ 538.897523][ T7703] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.897711][ T7703] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.897963][ T7703] bridge_slave_1: entered allmulticast mode [ 538.933984][ T7703] bridge_slave_1: entered promiscuous mode [ 538.975071][ T7700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 539.475327][ T7700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 541.100708][ T7695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 541.117157][ T7703] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 541.286894][ T7695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 541.304272][ T7703] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 541.361356][ T7700] team0: Port device team_slave_0 added [ 542.150134][ T7700] team0: Port device team_slave_1 added [ 545.749089][ T7695] team0: Port device team_slave_0 added [ 545.753837][ T7703] team0: Port device team_slave_0 added [ 545.939788][ T7695] team0: Port device team_slave_1 added [ 545.947586][ T7703] team0: Port device team_slave_1 added [ 545.997904][ T7700] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 545.997925][ T7700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 545.997954][ T7700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 546.844426][ T7700] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 546.844446][ T7700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 546.844477][ T7700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 547.983941][ T7695] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 547.983961][ T7695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.983989][ T7695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 547.986180][ T7703] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 547.986196][ T7703] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.986233][ T7703] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 548.107898][ T7703] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 548.107914][ T7703] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 548.107931][ T7703] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 548.114243][ T7695] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 548.114268][ T7695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 548.115202][ T7695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 549.980966][ T7700] hsr_slave_0: entered promiscuous mode [ 550.008146][ T7700] hsr_slave_1: entered promiscuous mode [ 552.388026][ T7703] hsr_slave_0: entered promiscuous mode [ 552.389729][ T7703] hsr_slave_1: entered promiscuous mode [ 552.390862][ T7703] debugfs: 'hsr0' already exists in 'hsr' [ 552.390890][ T7703] Cannot create hsr debugfs directory [ 552.423797][ T7695] hsr_slave_0: entered promiscuous mode [ 552.425330][ T7695] hsr_slave_1: entered promiscuous mode [ 552.426375][ T7695] debugfs: 'hsr0' already exists in 'hsr' [ 552.426403][ T7695] Cannot create hsr debugfs directory [ 552.480545][ T7760] chnl_net:caif_netlink_parms(): no params data found [ 554.820132][ T7873] ubi: mtd0 is already attached to ubi31 [ 554.890970][ T7873] Illegal XDP return value 4294967274 on prog (id 88) dev N/A, expect packet loss! [ 557.470287][ T7760] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.471005][ T7760] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.471294][ T7760] bridge_slave_0: entered allmulticast mode [ 557.475402][ T7760] bridge_slave_0: entered promiscuous mode [ 557.625666][ T7760] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.625860][ T7760] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.626088][ T7760] bridge_slave_1: entered allmulticast mode [ 557.640874][ T7760] bridge_slave_1: entered promiscuous mode [ 559.599300][ T7760] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 560.832265][ T7760] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 563.447160][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.447214][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.617130][ T7760] team0: Port device team_slave_0 added [ 564.908605][ T7760] team0: Port device team_slave_1 added [ 566.935480][ T7760] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 566.935509][ T7760] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 566.935540][ T7760] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 566.984575][ T7963] team_slave_0: entered promiscuous mode [ 566.984648][ T7963] team_slave_1: entered promiscuous mode [ 566.985631][ T7963] vlan2: entered promiscuous mode [ 566.985647][ T7963] team0: entered promiscuous mode [ 567.669238][ T7760] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 567.669258][ T7760] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 567.669287][ T7760] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 569.007595][ T7760] hsr_slave_0: entered promiscuous mode [ 569.009642][ T7760] hsr_slave_1: entered promiscuous mode [ 569.010688][ T7760] debugfs: 'hsr0' already exists in 'hsr' [ 569.010714][ T7760] Cannot create hsr debugfs directory [ 570.331021][ T8005] FAULT_INJECTION: forcing a failure. [ 570.331021][ T8005] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 570.331058][ T8005] CPU: 0 UID: 0 PID: 8005 Comm: syz.3.364 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 570.331090][ T8005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 570.331103][ T8005] Call Trace: [ 570.331111][ T8005] [ 570.331120][ T8005] dump_stack_lvl+0x189/0x250 [ 570.331155][ T8005] ? __pfx____ratelimit+0x10/0x10 [ 570.331186][ T8005] ? __pfx_dump_stack_lvl+0x10/0x10 [ 570.331217][ T8005] ? __pfx__printk+0x10/0x10 [ 570.331240][ T8005] ? __might_fault+0xb0/0x130 [ 570.331283][ T8005] should_fail_ex+0x46c/0x600 [ 570.331319][ T8005] _copy_from_user+0x2d/0xb0 [ 570.331346][ T8005] ___sys_sendmsg+0x158/0x2a0 [ 570.331371][ T8005] ? __pfx____sys_sendmsg+0x10/0x10 [ 570.331435][ T8005] ? __fget_files+0x2a/0x420 [ 570.331463][ T8005] ? __fget_files+0x3a6/0x420 [ 570.331508][ T8005] __x64_sys_sendmsg+0x1a1/0x260 [ 570.331530][ T8005] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 570.331561][ T8005] ? __pfx_ksys_write+0x10/0x10 [ 570.331591][ T8005] ? do_syscall_64+0xbe/0x3b0 [ 570.331612][ T8005] do_syscall_64+0xfa/0x3b0 [ 570.331629][ T8005] ? lockdep_hardirqs_on+0x9c/0x150 [ 570.331655][ T8005] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.331697][ T8005] ? clear_bhb_loop+0x60/0xb0 [ 570.331720][ T8005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.331739][ T8005] RIP: 0033:0x7f815756eba9 [ 570.331759][ T8005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 570.331777][ T8005] RSP: 002b:00007f81557d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 570.331799][ T8005] RAX: ffffffffffffffda RBX: 00007f81577b5fa0 RCX: 00007f815756eba9 [ 570.331815][ T8005] RDX: 00000000200400c0 RSI: 0000200000000500 RDI: 0000000000000003 [ 570.331829][ T8005] RBP: 00007f81557d6090 R08: 0000000000000000 R09: 0000000000000000 [ 570.331841][ T8005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 570.331853][ T8005] R13: 00007f81577b6038 R14: 00007f81577b5fa0 R15: 00007fff04b0b928 [ 570.331886][ T8005] [ 572.054272][ T1162] bridge_slave_1: left allmulticast mode [ 572.054311][ T1162] bridge_slave_1: left promiscuous mode [ 572.054612][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.164494][ T1162] bridge_slave_0: left allmulticast mode [ 572.164533][ T1162] bridge_slave_0: left promiscuous mode [ 572.164861][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.300921][ T1162] bridge_slave_1: left allmulticast mode [ 572.300962][ T1162] bridge_slave_1: left promiscuous mode [ 572.304982][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.385393][ T1162] bridge_slave_0: left allmulticast mode [ 572.385433][ T1162] bridge_slave_0: left promiscuous mode [ 572.385737][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.492398][ T1162] bridge_slave_1: left allmulticast mode [ 572.492437][ T1162] bridge_slave_1: left promiscuous mode [ 572.492733][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.577429][ T1162] bridge_slave_0: left allmulticast mode [ 572.577468][ T1162] bridge_slave_0: left promiscuous mode [ 572.580247][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.362924][ T5154] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 575.378943][ T5154] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 575.380658][ T5154] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 575.387112][ T5154] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 575.387937][ T5154] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 575.572641][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 575.653459][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 575.682631][ T1162] bond0 (unregistering): Released all slaves [ 575.910719][ T5154] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 575.959714][ T5154] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 575.961272][ T5154] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 575.979015][ T5154] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 575.995541][ T5154] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 576.726136][ T5856] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 576.729589][ T5856] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 576.730830][ T5856] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 576.744450][ T5856] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 576.777427][ T5856] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 577.432046][ T5154] Bluetooth: hci5: command tx timeout [ 577.844172][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 577.902883][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 577.935333][ T1162] bond0 (unregistering): Released all slaves [ 578.081911][ T5154] Bluetooth: hci6: command tx timeout [ 578.871710][ T5154] Bluetooth: hci7: command tx timeout [ 579.511757][ T5154] Bluetooth: hci5: command tx timeout [ 579.832975][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 579.904314][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 579.958909][ T1162] bond0 (unregistering): Released all slaves [ 580.152676][ T5154] Bluetooth: hci6: command tx timeout [ 580.275184][ T8046] vlan2: entered promiscuous mode [ 580.961148][ T5154] Bluetooth: hci7: command tx timeout [ 581.609326][ T5154] Bluetooth: hci5: command tx timeout [ 581.785326][ T8059] capability: warning: `syz.3.370' uses deprecated v2 capabilities in a way that may be insecure [ 581.811769][ T1162] hsr_slave_0: left promiscuous mode [ 581.835162][ T1162] hsr_slave_1: left promiscuous mode [ 581.836327][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 581.886738][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 582.049834][ T1162] hsr_slave_0: left promiscuous mode [ 582.061985][ T1162] hsr_slave_1: left promiscuous mode [ 582.063233][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 582.129377][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 582.231920][ T5154] Bluetooth: hci6: command tx timeout [ 582.282080][ T1162] hsr_slave_0: left promiscuous mode [ 582.301744][ T1162] hsr_slave_1: left promiscuous mode [ 582.302803][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 582.321870][ T31] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 582.353074][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 582.488462][ T31] usb 4-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=64.06 [ 582.488497][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.538376][ T31] ums-freecom 4-1:127.0: USB Mass Storage device detected [ 583.031878][ T5154] Bluetooth: hci7: command tx timeout [ 583.672321][ T5154] Bluetooth: hci5: command tx timeout [ 584.244724][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 584.311892][ T5154] Bluetooth: hci6: command tx timeout [ 584.524732][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 585.113571][ T5154] Bluetooth: hci7: command tx timeout [ 586.059721][ T5856] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 586.085508][ T5856] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 586.087312][ T5856] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 586.089082][ T5856] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 586.089984][ T5856] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 588.163132][ T5154] Bluetooth: hci8: command tx timeout [ 588.390319][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 588.622925][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 590.232975][ T5154] Bluetooth: hci8: command tx timeout [ 592.039190][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 592.306342][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 592.322609][ T5154] Bluetooth: hci8: command tx timeout [ 594.391754][ T5154] Bluetooth: hci8: command tx timeout [ 594.892437][ T7688] usb 4-1: USB disconnect, device number 17 [ 595.112495][ T8076] tmpfs: Unknown parameter 'mol' [ 601.248045][ T8042] chnl_net:caif_netlink_parms(): no params data found [ 601.268607][ T8047] chnl_net:caif_netlink_parms(): no params data found [ 603.453602][ T8050] chnl_net:caif_netlink_parms(): no params data found [ 604.343333][ T8069] chnl_net:caif_netlink_parms(): no params data found [ 605.027359][ T8042] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.027572][ T8042] bridge0: port 1(bridge_slave_0) entered disabled state [ 605.027877][ T8042] bridge_slave_0: entered allmulticast mode [ 605.031134][ T8042] bridge_slave_0: entered promiscuous mode [ 605.066832][ T8047] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.067002][ T8047] bridge0: port 1(bridge_slave_0) entered disabled state [ 605.067271][ T8047] bridge_slave_0: entered allmulticast mode [ 605.093699][ T8047] bridge_slave_0: entered promiscuous mode [ 605.228409][ T8042] bridge0: port 2(bridge_slave_1) entered blocking state [ 605.228593][ T8042] bridge0: port 2(bridge_slave_1) entered disabled state [ 605.228884][ T8042] bridge_slave_1: entered allmulticast mode [ 605.234326][ T8042] bridge_slave_1: entered promiscuous mode [ 605.239746][ T8047] bridge0: port 2(bridge_slave_1) entered blocking state [ 605.239892][ T8047] bridge0: port 2(bridge_slave_1) entered disabled state [ 605.240121][ T8047] bridge_slave_1: entered allmulticast mode [ 605.243931][ T8047] bridge_slave_1: entered promiscuous mode [ 606.675910][ T8146] input: syz1 as /devices/virtual/input/input6 [ 607.078103][ T8050] bridge0: port 1(bridge_slave_0) entered blocking state [ 607.078329][ T8050] bridge0: port 1(bridge_slave_0) entered disabled state [ 607.078610][ T8050] bridge_slave_0: entered allmulticast mode [ 607.123060][ T8050] bridge_slave_0: entered promiscuous mode [ 607.135197][ T8042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 607.167080][ T8047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 607.280273][ T8050] bridge0: port 2(bridge_slave_1) entered blocking state [ 607.280491][ T8050] bridge0: port 2(bridge_slave_1) entered disabled state [ 607.280758][ T8050] bridge_slave_1: entered allmulticast mode [ 607.305423][ T8050] bridge_slave_1: entered promiscuous mode [ 607.316789][ T8042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 607.347196][ T8047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 609.855998][ T8069] bridge0: port 1(bridge_slave_0) entered blocking state [ 609.856193][ T8069] bridge0: port 1(bridge_slave_0) entered disabled state [ 609.856487][ T8069] bridge_slave_0: entered allmulticast mode [ 609.859956][ T8069] bridge_slave_0: entered promiscuous mode [ 609.904585][ T8050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 609.924327][ T8042] team0: Port device team_slave_0 added [ 609.930597][ T8047] team0: Port device team_slave_0 added [ 609.933743][ T8069] bridge0: port 2(bridge_slave_1) entered blocking state [ 609.938868][ T8069] bridge0: port 2(bridge_slave_1) entered disabled state [ 609.939126][ T8069] bridge_slave_1: entered allmulticast mode [ 609.949374][ T8069] bridge_slave_1: entered promiscuous mode [ 609.981123][ T8050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 609.994388][ T8042] team0: Port device team_slave_1 added [ 609.999151][ T8047] team0: Port device team_slave_1 added [ 612.196288][ T8069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 612.648135][ T8169] FAULT_INJECTION: forcing a failure. [ 612.648135][ T8169] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 612.648173][ T8169] CPU: 0 UID: 0 PID: 8169 Comm: syz.3.390 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 612.648196][ T8169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 612.648209][ T8169] Call Trace: [ 612.648217][ T8169] [ 612.648226][ T8169] dump_stack_lvl+0x189/0x250 [ 612.648262][ T8169] ? __pfx____ratelimit+0x10/0x10 [ 612.648293][ T8169] ? __pfx_dump_stack_lvl+0x10/0x10 [ 612.648323][ T8169] ? __pfx__printk+0x10/0x10 [ 612.648347][ T8169] ? __might_fault+0xb0/0x130 [ 612.648390][ T8169] should_fail_ex+0x46c/0x600 [ 612.648427][ T8169] _copy_from_user+0x2d/0xb0 [ 612.648455][ T8169] ___sys_sendmsg+0x158/0x2a0 [ 612.648479][ T8169] ? __pfx____sys_sendmsg+0x10/0x10 [ 612.648544][ T8169] ? __fget_files+0x2a/0x420 [ 612.648570][ T8169] ? __fget_files+0x3a6/0x420 [ 612.648611][ T8169] __x64_sys_sendmsg+0x1a1/0x260 [ 612.648635][ T8169] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 612.648668][ T8169] ? __pfx_ksys_write+0x10/0x10 [ 612.648691][ T8169] ? rcu_is_watching+0x15/0xb0 [ 612.648729][ T8169] ? do_syscall_64+0xbe/0x3b0 [ 612.648753][ T8169] do_syscall_64+0xfa/0x3b0 [ 612.648771][ T8169] ? lockdep_hardirqs_on+0x9c/0x150 [ 612.648800][ T8169] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.648830][ T8169] ? clear_bhb_loop+0x60/0xb0 [ 612.648855][ T8169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.648875][ T8169] RIP: 0033:0x7f815756eba9 [ 612.648894][ T8169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 612.648912][ T8169] RSP: 002b:00007f8155794038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 612.648935][ T8169] RAX: ffffffffffffffda RBX: 00007f81577b6180 RCX: 00007f815756eba9 [ 612.648951][ T8169] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 000000000000000a [ 612.648964][ T8169] RBP: 00007f8155794090 R08: 0000000000000000 R09: 0000000000000000 [ 612.648978][ T8169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 612.648991][ T8169] R13: 00007f81577b6218 R14: 00007f81577b6180 R15: 00007fff04b0b928 [ 612.649025][ T8169] [ 613.847019][ T8173] fuse: Unknown parameter 'f0x00000000000000050000000000000000000000500000000000000000000' [ 613.954204][ T8050] team0: Port device team_slave_0 added [ 613.972110][ T8042] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 613.972130][ T8042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.972158][ T8042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 613.975147][ T8047] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 613.975162][ T8047] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.975189][ T8047] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 614.075272][ T8069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 614.079044][ T8050] team0: Port device team_slave_1 added [ 614.080689][ T8042] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 614.080703][ T8042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 614.080732][ T8042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 614.145617][ T8047] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 614.145637][ T8047] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 614.145668][ T8047] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 614.785398][ T8069] team0: Port device team_slave_0 added [ 614.791028][ T8050] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 614.791048][ T8050] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 614.791077][ T8050] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 615.097575][ T8069] team0: Port device team_slave_1 added [ 615.099519][ T8050] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 615.099537][ T8050] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 615.099565][ T8050] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 616.443127][ C1] vkms_vblank_simulate: vblank timer overrun [ 616.695822][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.396737][ T8042] hsr_slave_0: entered promiscuous mode [ 617.397657][ T8042] hsr_slave_1: entered promiscuous mode [ 617.398275][ T8042] debugfs: 'hsr0' already exists in 'hsr' [ 617.398293][ T8042] Cannot create hsr debugfs directory [ 617.483721][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.592144][ T8047] hsr_slave_0: entered promiscuous mode [ 617.593891][ T8047] hsr_slave_1: entered promiscuous mode [ 617.595143][ T8047] debugfs: 'hsr0' already exists in 'hsr' [ 617.595172][ T8047] Cannot create hsr debugfs directory [ 617.623452][ T8069] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 617.623471][ T8069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 617.623495][ T8069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 617.750402][ T8069] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 617.750432][ T8069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 617.750458][ T8069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 618.539601][ C1] vkms_vblank_simulate: vblank timer overrun [ 618.572262][ C1] vkms_vblank_simulate: vblank timer overrun [ 621.247517][ T8050] hsr_slave_0: entered promiscuous mode [ 621.250571][ T8050] hsr_slave_1: entered promiscuous mode [ 621.255594][ T8050] debugfs: 'hsr0' already exists in 'hsr' [ 621.255626][ T8050] Cannot create hsr debugfs directory [ 621.566981][ T8199] netlink: 12 bytes leftover after parsing attributes in process `syz.3.399'. [ 622.033368][ T8203] FAULT_INJECTION: forcing a failure. [ 622.033368][ T8203] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 622.033404][ T8203] CPU: 0 UID: 0 PID: 8203 Comm: syz.3.400 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 622.033427][ T8203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 622.033438][ T8203] Call Trace: [ 622.033446][ T8203] [ 622.033456][ T8203] dump_stack_lvl+0x189/0x250 [ 622.033492][ T8203] ? __pfx____ratelimit+0x10/0x10 [ 622.033520][ T8203] ? __pfx_dump_stack_lvl+0x10/0x10 [ 622.033549][ T8203] ? __pfx__printk+0x10/0x10 [ 622.033589][ T8203] should_fail_ex+0x46c/0x600 [ 622.033627][ T8203] _copy_to_user+0x31/0xb0 [ 622.033656][ T8203] simple_read_from_buffer+0xe1/0x170 [ 622.033691][ T8203] proc_fail_nth_read+0x1b6/0x220 [ 622.033717][ T8203] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 622.033743][ T8203] ? rw_verify_area+0x2ac/0x4e0 [ 622.033776][ T8203] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 622.033799][ T8203] vfs_read+0x206/0xa30 [ 622.033836][ T8203] ? __pfx_vfs_read+0x10/0x10 [ 622.033857][ T8203] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 622.033894][ T8203] ? mutex_lock_nested+0x154/0x1d0 [ 622.033917][ T8203] ? fdget_pos+0x253/0x320 [ 622.033957][ T8203] ksys_read+0x14b/0x260 [ 622.033985][ T8203] ? __pfx_ksys_read+0x10/0x10 [ 622.034007][ T8203] ? rcu_is_watching+0x15/0xb0 [ 622.034046][ T8203] ? do_syscall_64+0xbe/0x3b0 [ 622.034071][ T8203] do_syscall_64+0xfa/0x3b0 [ 622.034088][ T8203] ? lockdep_hardirqs_on+0x9c/0x150 [ 622.034118][ T8203] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.034139][ T8203] ? clear_bhb_loop+0x60/0xb0 [ 622.034165][ T8203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.034186][ T8203] RIP: 0033:0x7f815756d5bc [ 622.034205][ T8203] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 622.034222][ T8203] RSP: 002b:00007f81557b5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 622.034245][ T8203] RAX: ffffffffffffffda RBX: 00007f81577b6090 RCX: 00007f815756d5bc [ 622.034261][ T8203] RDX: 000000000000000f RSI: 00007f81557b50a0 RDI: 0000000000000005 [ 622.034275][ T8203] RBP: 00007f81557b5090 R08: 0000000000000000 R09: 0000000000000000 [ 622.034288][ T8203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 622.034301][ T8203] R13: 00007f81577b6128 R14: 00007f81577b6090 R15: 00007fff04b0b928 [ 622.034338][ T8203] [ 622.890518][ T8069] hsr_slave_0: entered promiscuous mode [ 622.903204][ T8069] hsr_slave_1: entered promiscuous mode [ 622.909550][ T8069] debugfs: 'hsr0' already exists in 'hsr' [ 622.909582][ T8069] Cannot create hsr debugfs directory [ 623.347629][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.752617][ T5914] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 623.915507][ T5914] usb 4-1: config 0 has an invalid interface number: 50 but max is 0 [ 623.915539][ T5914] usb 4-1: config 0 has no interface number 0 [ 623.918837][ T5914] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 623.918866][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.918887][ T5914] usb 4-1: Product: syz [ 623.918901][ T5914] usb 4-1: Manufacturer: syz [ 623.918916][ T5914] usb 4-1: SerialNumber: syz [ 623.928678][ T5914] usb 4-1: config 0 descriptor?? [ 623.957181][ T5914] yurex 4-1:0.50: Could not find endpoints [ 624.186031][ T37] audit: type=1800 audit(1757787850.080:7): pid=8217 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.403" name="3" dev="overlay" ino=1808 res=0 errno=0 [ 624.724498][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.724667][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.845593][ T1162] bridge_slave_1: left allmulticast mode [ 624.845694][ T1162] bridge_slave_1: left promiscuous mode [ 624.845987][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.904992][ T1162] bridge_slave_0: left allmulticast mode [ 624.905031][ T1162] bridge_slave_0: left promiscuous mode [ 624.905361][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.965257][ T1162] bridge_slave_1: left allmulticast mode [ 624.965284][ T1162] bridge_slave_1: left promiscuous mode [ 624.965453][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.023982][ T1162] bridge_slave_0: left allmulticast mode [ 625.024020][ T1162] bridge_slave_0: left promiscuous mode [ 625.024327][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.105354][ T1162] bridge_slave_1: left allmulticast mode [ 625.105394][ T1162] bridge_slave_1: left promiscuous mode [ 625.105691][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.163796][ T1162] bridge_slave_0: left allmulticast mode [ 625.163835][ T1162] bridge_slave_0: left promiscuous mode [ 625.164131][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.644909][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 625.723167][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 625.796181][ T1162] bond0 (unregistering): Released all slaves [ 625.899439][ C0] vkms_vblank_simulate: vblank timer overrun [ 626.125621][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 626.222605][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 626.305884][ T1162] bond0 (unregistering): Released all slaves [ 626.447676][ T5846] usb 4-1: USB disconnect, device number 18 [ 626.713332][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 626.802856][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 626.869298][ T1162] bond0 (unregistering): Released all slaves [ 627.299514][ T8042] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 627.369061][ T8042] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 627.420522][ T8042] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 627.687358][ T8042] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 627.985354][ T1162] hsr_slave_0: left promiscuous mode [ 628.041945][ T1162] hsr_slave_1: left promiscuous mode [ 628.043048][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 628.112609][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 628.281630][ T10] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 628.344415][ T1162] hsr_slave_0: left promiscuous mode [ 628.383854][ T1162] hsr_slave_1: left promiscuous mode [ 628.384951][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 628.434656][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 628.434764][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 628.437847][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 628.442852][ T10] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 628.442881][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 628.442899][ T10] usb 4-1: Product: syz [ 628.442913][ T10] usb 4-1: Manufacturer: syz [ 628.442927][ T10] usb 4-1: SerialNumber: syz [ 628.455420][ T10] usb 4-1: config 0 descriptor?? [ 628.484061][ T10] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 628.484095][ T10] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 628.691729][ T1162] hsr_slave_0: left promiscuous mode [ 628.721727][ T1162] hsr_slave_1: left promiscuous mode [ 628.732657][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 628.773376][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 629.066765][ T10] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 629.555462][ T8240] FAULT_INJECTION: forcing a failure. [ 629.555462][ T8240] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 629.555500][ T8240] CPU: 0 UID: 0 PID: 8240 Comm: syz.3.407 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 629.555525][ T8240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 629.555538][ T8240] Call Trace: [ 629.555546][ T8240] [ 629.555556][ T8240] dump_stack_lvl+0x189/0x250 [ 629.555592][ T8240] ? __pfx____ratelimit+0x10/0x10 [ 629.555624][ T8240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 629.555652][ T8240] ? __pfx__printk+0x10/0x10 [ 629.555694][ T8240] should_fail_ex+0x46c/0x600 [ 629.555731][ T8240] _copy_to_user+0x31/0xb0 [ 629.555760][ T8240] simple_read_from_buffer+0xe1/0x170 [ 629.555795][ T8240] proc_fail_nth_read+0x1b6/0x220 [ 629.555820][ T8240] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 629.555845][ T8240] ? rw_verify_area+0x2ac/0x4e0 [ 629.555868][ T8240] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 629.555890][ T8240] vfs_read+0x206/0xa30 [ 629.555924][ T8240] ? __pfx_vfs_read+0x10/0x10 [ 629.555945][ T8240] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 629.555979][ T8240] ? mutex_lock_nested+0x154/0x1d0 [ 629.556001][ T8240] ? fdget_pos+0x253/0x320 [ 629.556039][ T8240] ksys_read+0x14b/0x260 [ 629.556063][ T8240] ? __fget_files+0x3a6/0x420 [ 629.556092][ T8240] ? __pfx_ksys_read+0x10/0x10 [ 629.556122][ T8240] ? do_syscall_64+0xbe/0x3b0 [ 629.556145][ T8240] do_syscall_64+0xfa/0x3b0 [ 629.556165][ T8240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.556184][ T8240] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 629.556204][ T8240] ? clear_bhb_loop+0x60/0xb0 [ 629.556229][ T8240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.556250][ T8240] RIP: 0033:0x7f815756d5bc [ 629.556269][ T8240] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 629.556288][ T8240] RSP: 002b:00007f81557d6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 629.556311][ T8240] RAX: ffffffffffffffda RBX: 00007f81577b5fa0 RCX: 00007f815756d5bc [ 629.556327][ T8240] RDX: 000000000000000f RSI: 00007f81557d60a0 RDI: 0000000000000004 [ 629.556339][ T8240] RBP: 00007f81557d6090 R08: 0000000000000000 R09: 0000000000000000 [ 629.556353][ T8240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 629.556365][ T8240] R13: 00007f81577b6038 R14: 00007f81577b5fa0 R15: 00007fff04b0b928 [ 629.556411][ T8240] [ 629.557608][ T10] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 629.557641][ T10] em28xx 4-1:0.0: board has no eeprom [ 629.685197][ T10] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 629.685225][ T10] em28xx 4-1:0.0: dvb set to bulk mode. [ 629.687326][ T5906] em28xx 4-1:0.0: Binding DVB extension [ 629.725490][ T10] usb 4-1: USB disconnect, device number 19 [ 629.727858][ T10] em28xx 4-1:0.0: Disconnecting em28xx [ 629.957557][ T5906] em28xx 4-1:0.0: Registering input extension [ 629.959828][ T10] em28xx 4-1:0.0: Closing input extension [ 630.443086][ C1] vkms_vblank_simulate: vblank timer overrun [ 630.569039][ C1] vkms_vblank_simulate: vblank timer overrun [ 630.954971][ T10] em28xx 4-1:0.0: Freeing device [ 631.196498][ C1] vkms_vblank_simulate: vblank timer overrun [ 631.358596][ C1] vkms_vblank_simulate: vblank timer overrun [ 631.629468][ C1] vkms_vblank_simulate: vblank timer overrun [ 631.651389][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 631.814390][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 632.151506][ C1] vkms_vblank_simulate: vblank timer overrun [ 632.498592][ C1] vkms_vblank_simulate: vblank timer overrun [ 633.502005][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 633.662273][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 635.115844][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 635.289714][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 636.056949][ T8042] kthread_run failed with err -4 [ 636.113198][ T8259] vlan2: entered promiscuous mode [ 636.813790][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 636.829527][ T5856] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 636.842497][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 636.859863][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 636.882394][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 637.113955][ C0] vkms_vblank_simulate: vblank timer overrun [ 638.159130][ T8285] FAULT_INJECTION: forcing a failure. [ 638.159130][ T8285] name failslab, interval 1, probability 0, space 0, times 0 [ 638.159168][ T8285] CPU: 1 UID: 0 PID: 8285 Comm: syz.3.413 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 638.159192][ T8285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 638.159204][ T8285] Call Trace: [ 638.159213][ T8285] [ 638.159222][ T8285] dump_stack_lvl+0x189/0x250 [ 638.159257][ T8285] ? __pfx____ratelimit+0x10/0x10 [ 638.159286][ T8285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 638.159314][ T8285] ? __pfx__printk+0x10/0x10 [ 638.159343][ T8285] ? __pfx___might_resched+0x10/0x10 [ 638.159366][ T8285] ? fs_reclaim_acquire+0x7d/0x100 [ 638.159391][ T8285] should_fail_ex+0x46c/0x600 [ 638.159424][ T8285] should_failslab+0xa8/0x100 [ 638.159463][ T8285] __kmalloc_noprof+0xcb/0x430 [ 638.159487][ T8285] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 638.159521][ T8285] tomoyo_realpath_from_path+0xe3/0x5d0 [ 638.159550][ T8285] ? tomoyo_domain+0xda/0x130 [ 638.159584][ T8285] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 638.159608][ T8285] tomoyo_path_number_perm+0x1e8/0x5a0 [ 638.159634][ T8285] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 638.159662][ T8285] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 638.159691][ T8285] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.159728][ T8285] ? __lock_acquire+0xab9/0xd20 [ 638.159776][ T8285] ? __fget_files+0x2a/0x420 [ 638.159805][ T8285] ? __fget_files+0x2a/0x420 [ 638.159829][ T8285] ? __fget_files+0x3a6/0x420 [ 638.159854][ T8285] ? __fget_files+0x2a/0x420 [ 638.159885][ T8285] security_file_ioctl+0xcb/0x2d0 [ 638.159913][ T8285] __se_sys_ioctl+0x47/0x170 [ 638.159939][ T8285] do_syscall_64+0xfa/0x3b0 [ 638.159956][ T8285] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.159982][ T8285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.160002][ T8285] ? clear_bhb_loop+0x60/0xb0 [ 638.160026][ T8285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.160044][ T8285] RIP: 0033:0x7f815756eba9 [ 638.160062][ T8285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 638.160079][ T8285] RSP: 002b:00007f81557b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 638.160101][ T8285] RAX: ffffffffffffffda RBX: 00007f81577b6090 RCX: 00007f815756eba9 [ 638.160115][ T8285] RDX: 0000200000000000 RSI: 00000000000007a8 RDI: 0000000000000005 [ 638.160128][ T8285] RBP: 00007f81557b5090 R08: 0000000000000000 R09: 0000000000000000 [ 638.160140][ T8285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 638.160152][ T8285] R13: 00007f81577b6128 R14: 00007f81577b6090 R15: 00007fff04b0b928 [ 638.160185][ T8285] [ 638.160193][ T8285] ERROR: Out of memory at tomoyo_realpath_from_path. [ 638.416713][ T5856] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 638.436702][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 638.440304][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 638.446584][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 638.465111][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 638.867937][ C0] vkms_vblank_simulate: vblank timer overrun [ 639.037208][ T5856] Bluetooth: hci1: command tx timeout [ 639.342350][ C0] vkms_vblank_simulate: vblank timer overrun [ 640.290581][ T5154] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 640.309556][ T5154] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 640.310875][ T5154] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 640.321765][ T5154] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 640.322724][ T5154] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 640.445554][ C0] vkms_vblank_simulate: vblank timer overrun [ 640.563690][ T5154] Bluetooth: hci2: command tx timeout [ 641.111824][ T5154] Bluetooth: hci1: command tx timeout [ 641.372310][ T8069] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 641.515168][ T8069] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 641.825065][ C0] vkms_vblank_simulate: vblank timer overrun [ 642.395620][ T5154] Bluetooth: hci3: command tx timeout [ 642.835281][ T5154] Bluetooth: hci2: command tx timeout [ 643.046394][ T8069] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 643.360983][ T5154] Bluetooth: hci1: command tx timeout [ 643.450776][ T8069] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 644.471847][ T5154] Bluetooth: hci3: command tx timeout [ 644.958918][ T5154] Bluetooth: hci2: command tx timeout [ 645.431983][ T5154] Bluetooth: hci1: command tx timeout [ 645.641182][ C0] vkms_vblank_simulate: vblank timer overrun [ 645.724456][ C0] vkms_vblank_simulate: vblank timer overrun [ 645.732467][ T8339] vlan2: entered promiscuous mode [ 645.827125][ C0] vkms_vblank_simulate: vblank timer overrun [ 646.080265][ T8265] chnl_net:caif_netlink_parms(): no params data found [ 646.551977][ T5154] Bluetooth: hci3: command tx timeout [ 646.966664][ T8286] chnl_net:caif_netlink_parms(): no params data found [ 647.031718][ T5154] Bluetooth: hci2: command tx timeout [ 647.518794][ T8265] bridge0: port 1(bridge_slave_0) entered blocking state [ 647.518965][ T8265] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.519216][ T8265] bridge_slave_0: entered allmulticast mode [ 647.572448][ T8265] bridge_slave_0: entered promiscuous mode [ 647.954820][ T8265] bridge0: port 2(bridge_slave_1) entered blocking state [ 647.954991][ T8265] bridge0: port 2(bridge_slave_1) entered disabled state [ 647.955226][ T8265] bridge_slave_1: entered allmulticast mode [ 647.964878][ T8265] bridge_slave_1: entered promiscuous mode [ 648.176525][ C0] vkms_vblank_simulate: vblank timer overrun [ 648.197540][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 648.220288][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 648.223758][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 648.226376][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 648.227221][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 648.262035][ T31] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 648.414155][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 648.414193][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 648.414234][ T31] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00 [ 648.414257][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 648.420846][ T31] usb 4-1: config 0 descriptor?? [ 648.634316][ T5856] Bluetooth: hci3: command tx timeout [ 648.653223][ T8384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 648.655256][ T8384] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 648.687647][ T8265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 648.706360][ T31] usbhid 4-1:0.0: can't add hid device: -71 [ 648.706505][ T31] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 648.738758][ T31] usb 4-1: USB disconnect, device number 20 [ 648.905200][ T8265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 649.282236][ T8286] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.282329][ T8286] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.282515][ T8286] bridge_slave_0: entered allmulticast mode [ 649.284318][ T8286] bridge_slave_0: entered promiscuous mode [ 649.388653][ T8298] chnl_net:caif_netlink_parms(): no params data found [ 649.480837][ T8286] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.480929][ T8286] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.481120][ T8286] bridge_slave_1: entered allmulticast mode [ 649.484673][ T8286] bridge_slave_1: entered promiscuous mode [ 649.508288][ T8265] team0: Port device team_slave_0 added [ 649.707537][ T8265] team0: Port device team_slave_1 added [ 650.095714][ C0] vkms_vblank_simulate: vblank timer overrun [ 650.245440][ C0] vkms_vblank_simulate: vblank timer overrun [ 650.317523][ T5856] Bluetooth: hci4: command tx timeout [ 651.356093][ C0] vkms_vblank_simulate: vblank timer overrun [ 651.712752][ T8403] netlink: 72 bytes leftover after parsing attributes in process `syz.3.424'. [ 651.714235][ T8403] netlink: 64 bytes leftover after parsing attributes in process `syz.3.424'. [ 651.932918][ T8286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 652.412722][ T5856] Bluetooth: hci4: command tx timeout [ 652.450642][ T8286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 652.464939][ T8265] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 652.464956][ T8265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 652.464986][ T8265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 653.434129][ T8265] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 653.434149][ T8265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 653.434178][ T8265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 654.478938][ T5856] Bluetooth: hci4: command tx timeout [ 655.047719][ T8286] team0: Port device team_slave_0 added [ 655.185170][ T8286] team0: Port device team_slave_1 added [ 655.200049][ T8298] bridge0: port 1(bridge_slave_0) entered blocking state [ 655.200317][ T8298] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.200575][ T8298] bridge_slave_0: entered allmulticast mode [ 655.224448][ T8298] bridge_slave_0: entered promiscuous mode [ 656.631686][ T5856] Bluetooth: hci4: command tx timeout [ 658.807763][ C1] vkms_vblank_simulate: vblank timer overrun [ 658.886352][ C1] vkms_vblank_simulate: vblank timer overrun [ 659.003286][ T8423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 659.004024][ T8423] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 659.010247][ T8423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 659.012414][ T8424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 659.013106][ T8424] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 659.013623][ T8423] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 659.051838][ T8423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 659.052408][ T8423] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 659.063373][ T8424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 659.063941][ T8424] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 659.261841][ T5907] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 659.383015][ T8298] bridge0: port 2(bridge_slave_1) entered blocking state [ 659.383184][ T8298] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.383888][ T8298] bridge_slave_1: entered allmulticast mode [ 659.387304][ T8298] bridge_slave_1: entered promiscuous mode [ 659.431705][ T5907] usb 4-1: Using ep0 maxpacket: 32 [ 659.463863][ T5907] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 659.463899][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.463920][ T5907] usb 4-1: Product: syz [ 659.463935][ T5907] usb 4-1: Manufacturer: syz [ 659.463949][ T5907] usb 4-1: SerialNumber: syz [ 659.512947][ T5907] usb 4-1: config 0 descriptor?? [ 659.519706][ T5907] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 659.735341][ T5907] gspca_ov534_9: reg_w failed -71 [ 659.810446][ T8286] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 659.810464][ T8286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 659.810500][ T8286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 659.824766][ T8265] hsr_slave_0: entered promiscuous mode [ 659.826078][ T8265] hsr_slave_1: entered promiscuous mode [ 659.984992][ C1] vkms_vblank_simulate: vblank timer overrun [ 660.128521][ T8286] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 660.128542][ T8286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.128571][ T8286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 660.161053][ T8298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 660.191704][ T5907] gspca_ov534_9: Unknown sensor 0000 [ 660.191814][ T5907] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22 [ 660.215642][ T5907] usb 4-1: USB disconnect, device number 21 [ 660.230643][ T8298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 660.243242][ T8427] udevd[8427]: setting mode of /dev/bus/usb/004/021 to 020664 failed: No such file or directory [ 660.243487][ T8427] udevd[8427]: setting owner of /dev/bus/usb/004/021 to uid=0, gid=0 failed: No such file or directory [ 660.810227][ T8433] FAULT_INJECTION: forcing a failure. [ 660.810227][ T8433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 660.810300][ T8433] CPU: 1 UID: 0 PID: 8433 Comm: syz.3.430 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 660.810325][ T8433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 660.810338][ T8433] Call Trace: [ 660.810354][ T8433] [ 660.810365][ T8433] dump_stack_lvl+0x189/0x250 [ 660.810402][ T8433] ? __pfx____ratelimit+0x10/0x10 [ 660.810434][ T8433] ? __pfx_dump_stack_lvl+0x10/0x10 [ 660.810462][ T8433] ? __pfx__printk+0x10/0x10 [ 660.810489][ T8433] ? __might_fault+0xb0/0x130 [ 660.810530][ T8433] should_fail_ex+0x46c/0x600 [ 660.810566][ T8433] _copy_from_user+0x2d/0xb0 [ 660.810593][ T8433] __x64_sys_epoll_ctl+0x126/0x1a0 [ 660.810627][ T8433] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 660.810662][ T8433] ? do_syscall_64+0xbe/0x3b0 [ 660.810686][ T8433] do_syscall_64+0xfa/0x3b0 [ 660.810707][ T8433] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.810727][ T8433] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 660.810746][ T8433] ? clear_bhb_loop+0x60/0xb0 [ 660.810771][ T8433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.810791][ T8433] RIP: 0033:0x7f815756eba9 [ 660.810810][ T8433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.810828][ T8433] RSP: 002b:00007f8155794038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 660.810851][ T8433] RAX: ffffffffffffffda RBX: 00007f81577b6180 RCX: 00007f815756eba9 [ 660.810866][ T8433] RDX: 0000000000000008 RSI: 0000000000000001 RDI: 0000000000000003 [ 660.810878][ T8433] RBP: 00007f8155794090 R08: 0000000000000000 R09: 0000000000000000 [ 660.810892][ T8433] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 660.810905][ T8433] R13: 00007f81577b6218 R14: 00007f81577b6180 R15: 00007fff04b0b928 [ 660.810941][ T8433] [ 661.954546][ T8435] vlan2: entered promiscuous mode [ 662.426327][ T8442] FAULT_INJECTION: forcing a failure. [ 662.426327][ T8442] name failslab, interval 1, probability 0, space 0, times 0 [ 662.426365][ T8442] CPU: 0 UID: 0 PID: 8442 Comm: syz.3.433 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 662.426387][ T8442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 662.426400][ T8442] Call Trace: [ 662.426409][ T8442] [ 662.426418][ T8442] dump_stack_lvl+0x189/0x250 [ 662.426452][ T8442] ? __pfx____ratelimit+0x10/0x10 [ 662.426484][ T8442] ? __pfx_dump_stack_lvl+0x10/0x10 [ 662.426514][ T8442] ? __pfx__printk+0x10/0x10 [ 662.426545][ T8442] ? __pfx___might_resched+0x10/0x10 [ 662.426569][ T8442] ? fs_reclaim_acquire+0x7d/0x100 [ 662.426595][ T8442] should_fail_ex+0x46c/0x600 [ 662.426632][ T8442] should_failslab+0xa8/0x100 [ 662.426663][ T8442] __kmalloc_noprof+0xcb/0x430 [ 662.426688][ T8442] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 662.426725][ T8442] tomoyo_realpath_from_path+0xe3/0x5d0 [ 662.426756][ T8442] ? tomoyo_domain+0xda/0x130 [ 662.426793][ T8442] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 662.426818][ T8442] tomoyo_path_number_perm+0x1e8/0x5a0 [ 662.426846][ T8442] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 662.426877][ T8442] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 662.426908][ T8442] ? lockdep_hardirqs_on+0x9c/0x150 [ 662.426948][ T8442] ? __lock_acquire+0xab9/0xd20 [ 662.427008][ T8442] ? __fget_files+0x2a/0x420 [ 662.427040][ T8442] ? __fget_files+0x2a/0x420 [ 662.427067][ T8442] ? __fget_files+0x3a6/0x420 [ 662.427094][ T8442] ? __fget_files+0x2a/0x420 [ 662.427129][ T8442] security_file_ioctl+0xcb/0x2d0 [ 662.427158][ T8442] __se_sys_ioctl+0x47/0x170 [ 662.427192][ T8442] do_syscall_64+0xfa/0x3b0 [ 662.427210][ T8442] ? lockdep_hardirqs_on+0x9c/0x150 [ 662.427239][ T8442] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.427259][ T8442] ? clear_bhb_loop+0x60/0xb0 [ 662.427285][ T8442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.427305][ T8442] RIP: 0033:0x7f815756eba9 [ 662.427324][ T8442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 662.427342][ T8442] RSP: 002b:00007f81557d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 662.427365][ T8442] RAX: ffffffffffffffda RBX: 00007f81577b5fa0 RCX: 00007f815756eba9 [ 662.427381][ T8442] RDX: 00002000000005c0 RSI: 0000000000002285 RDI: 0000000000000003 [ 662.427395][ T8442] RBP: 00007f81557d6090 R08: 0000000000000000 R09: 0000000000000000 [ 662.427408][ T8442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 662.427420][ T8442] R13: 00007f81577b6038 R14: 00007f81577b5fa0 R15: 00007fff04b0b928 [ 662.427454][ T8442] [ 662.427463][ T8442] ERROR: Out of memory at tomoyo_realpath_from_path. [ 662.455518][ T8298] team0: Port device team_slave_0 added [ 662.661985][ T8298] team0: Port device team_slave_1 added [ 662.831175][ T8446] FAULT_INJECTION: forcing a failure. [ 662.831175][ T8446] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 662.831211][ T8446] CPU: 1 UID: 0 PID: 8446 Comm: syz.3.435 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 662.831234][ T8446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 662.831245][ T8446] Call Trace: [ 662.831253][ T8446] [ 662.831262][ T8446] dump_stack_lvl+0x189/0x250 [ 662.831296][ T8446] ? __pfx____ratelimit+0x10/0x10 [ 662.831324][ T8446] ? __pfx_dump_stack_lvl+0x10/0x10 [ 662.831350][ T8446] ? __pfx__printk+0x10/0x10 [ 662.831389][ T8446] ? __might_fault+0xb0/0x130 [ 662.831428][ T8446] should_fail_ex+0x46c/0x600 [ 662.831468][ T8446] _copy_to_iter+0x1de/0x1790 [ 662.831504][ T8446] ? __local_bh_enable+0x23f/0x3d0 [ 662.831529][ T8446] ? __pfx__copy_to_iter+0x10/0x10 [ 662.831549][ T8446] ? __pfx___local_bh_enable+0x10/0x10 [ 662.831583][ T8446] ? __local_bh_enable_ip+0x1b2/0x270 [ 662.831610][ T8446] __skb_datagram_iter+0x41a/0x990 [ 662.831635][ T8446] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 662.831669][ T8446] skb_copy_datagram_iter+0xc5/0x230 [ 662.831695][ T8446] mptcp_recvmsg+0x573/0x2580 [ 662.831770][ T8446] ? __lock_acquire+0xab9/0xd20 [ 662.831799][ T8446] ? __pfx_mptcp_recvmsg+0x10/0x10 [ 662.831845][ T8446] ? sock_rps_record_flow+0x19/0x410 [ 662.831870][ T8446] ? __pfx_mptcp_recvmsg+0x10/0x10 [ 662.831899][ T8446] inet_recvmsg+0x24a/0x250 [ 662.831926][ T8446] ? __pfx_inet_recvmsg+0x10/0x10 [ 662.831955][ T8446] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 662.831974][ T8446] ? security_socket_recvmsg+0x7e/0x2e0 [ 662.832002][ T8446] sock_recvmsg+0x1a8/0x270 [ 662.832034][ T8446] __sys_recvfrom+0x206/0x350 [ 662.832066][ T8446] ? __pfx___sys_recvfrom+0x10/0x10 [ 662.832125][ T8446] ? ksys_write+0x230/0x260 [ 662.832153][ T8446] ? __pfx_ksys_write+0x10/0x10 [ 662.832184][ T8446] ? rcu_is_watching+0x15/0xb0 [ 662.832222][ T8446] __x64_sys_recvfrom+0xde/0x100 [ 662.832258][ T8446] do_syscall_64+0xfa/0x3b0 [ 662.832276][ T8446] ? lockdep_hardirqs_on+0x9c/0x150 [ 662.832305][ T8446] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.832326][ T8446] ? clear_bhb_loop+0x60/0xb0 [ 662.832352][ T8446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.832372][ T8446] RIP: 0033:0x7f815756eba9 [ 662.832392][ T8446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 662.832409][ T8446] RSP: 002b:00007f81557d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 662.832432][ T8446] RAX: ffffffffffffffda RBX: 00007f81577b5fa0 RCX: 00007f815756eba9 [ 662.832448][ T8446] RDX: fffffffffffffecb RSI: 0000200000000180 RDI: 0000000000000004 [ 662.832462][ T8446] RBP: 00007f81557d6090 R08: 0000000000000000 R09: 0000000000000000 [ 662.832475][ T8446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 662.832488][ T8446] R13: 00007f81577b6038 R14: 00007f81577b5fa0 R15: 00007fff04b0b928 [ 662.832524][ T8446] [ 662.904256][ T8286] hsr_slave_0: entered promiscuous mode [ 662.917421][ T8286] hsr_slave_1: entered promiscuous mode [ 662.919729][ T8286] debugfs: 'hsr0' already exists in 'hsr' [ 662.919757][ T8286] Cannot create hsr debugfs directory [ 663.270370][ T8449] ======================================================= [ 663.270370][ T8449] WARNING: The mand mount option has been deprecated and [ 663.270370][ T8449] and is ignored by this kernel. Remove the mand [ 663.270370][ T8449] option from the mount to silence this warning. [ 663.270370][ T8449] ======================================================= [ 663.270938][ T8449] overlay: Unknown parameter 'dont_hash' [ 663.484335][ T8298] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 663.484354][ T8298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 663.484385][ T8298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 663.614538][ T8454] FAULT_INJECTION: forcing a failure. [ 663.614538][ T8454] name failslab, interval 1, probability 0, space 0, times 0 [ 663.614580][ T8454] CPU: 1 UID: 0 PID: 8454 Comm: syz.3.437 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 663.614605][ T8454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 663.614617][ T8454] Call Trace: [ 663.614626][ T8454] [ 663.614635][ T8454] dump_stack_lvl+0x189/0x250 [ 663.614672][ T8454] ? __pfx____ratelimit+0x10/0x10 [ 663.614704][ T8454] ? __pfx_dump_stack_lvl+0x10/0x10 [ 663.614734][ T8454] ? __pfx__printk+0x10/0x10 [ 663.614764][ T8454] ? __pfx___might_resched+0x10/0x10 [ 663.614787][ T8454] ? fs_reclaim_acquire+0x7d/0x100 [ 663.614811][ T8454] should_fail_ex+0x46c/0x600 [ 663.614847][ T8454] should_failslab+0xa8/0x100 [ 663.614878][ T8454] __kmalloc_node_noprof+0xd5/0x460 [ 663.614906][ T8454] ? alloc_slab_obj_exts+0x39/0xa0 [ 663.614938][ T8454] alloc_slab_obj_exts+0x39/0xa0 [ 663.614965][ T8454] __memcg_slab_post_alloc_hook+0x33c/0x820 [ 663.615010][ T8454] ? alloc_buffer_head+0x2a/0x280 [ 663.615040][ T8454] kmem_cache_alloc_noprof+0x1ce/0x310 [ 663.615075][ T8454] alloc_buffer_head+0x2a/0x280 [ 663.615104][ T8454] ? folio_alloc_buffers+0x342/0x6e0 [ 663.615138][ T8454] folio_alloc_buffers+0x360/0x6e0 [ 663.615191][ T8454] create_empty_buffers+0x3a/0x530 [ 663.615220][ T8454] __block_write_full_folio+0xc5/0xe10 [ 663.615245][ T8454] ? __pfx_blkdev_get_block+0x10/0x10 [ 663.615277][ T8454] blkdev_writepages+0xd1/0x170 [ 663.615301][ T8454] ? __pfx_blkdev_writepages+0x10/0x10 [ 663.615341][ T8454] ? rt_spin_unlock+0x65/0x80 [ 663.615368][ T8454] ? __pfx_blkdev_writepages+0x10/0x10 [ 663.615394][ T8454] do_writepages+0x32e/0x550 [ 663.615421][ T8454] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 663.615464][ T8454] filemap_write_and_wait_range+0x222/0x320 [ 663.615497][ T8454] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 663.615570][ T8454] ? current_time+0x222/0x370 [ 663.615594][ T8454] ? __pfx_current_time+0x10/0x10 [ 663.615625][ T8454] kiocb_invalidate_pages+0xb5/0x140 [ 663.615650][ T8454] blkdev_direct_write+0x48/0x140 [ 663.615681][ T8454] blkdev_write_iter+0x54a/0x720 [ 663.615718][ T8454] vfs_write+0x5d5/0xb40 [ 663.615749][ T8454] ? __pfx_blkdev_write_iter+0x10/0x10 [ 663.615775][ T8454] ? __pfx_vfs_write+0x10/0x10 [ 663.615813][ T8454] ? __fget_files+0x2a/0x420 [ 663.615852][ T8454] ksys_write+0x14b/0x260 [ 663.615882][ T8454] ? __pfx_ksys_write+0x10/0x10 [ 663.615913][ T8454] ? do_syscall_64+0xbe/0x3b0 [ 663.615937][ T8454] do_syscall_64+0xfa/0x3b0 [ 663.615954][ T8454] ? lockdep_hardirqs_on+0x9c/0x150 [ 663.615984][ T8454] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.616004][ T8454] ? clear_bhb_loop+0x60/0xb0 [ 663.616030][ T8454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.616049][ T8454] RIP: 0033:0x7f815756eba9 [ 663.616070][ T8454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 663.616088][ T8454] RSP: 002b:00007f81557b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 663.616112][ T8454] RAX: ffffffffffffffda RBX: 00007f81577b6090 RCX: 00007f815756eba9 [ 663.616127][ T8454] RDX: 00000000ffffffdb RSI: 0000000000000000 RDI: 0000000000000004 [ 663.616140][ T8454] RBP: 00007f81557b5090 R08: 0000000000000000 R09: 0000000000000000 [ 663.616169][ T8454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 663.616182][ T8454] R13: 00007f81577b6128 R14: 00007f81577b6090 R15: 00007fff04b0b928 [ 663.616216][ T8454] [ 664.091415][ T8298] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 664.091436][ T8298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.092061][ T8298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 664.515162][ T8385] chnl_net:caif_netlink_parms(): no params data found [ 665.715650][ T8298] hsr_slave_0: entered promiscuous mode [ 665.717286][ T8298] hsr_slave_1: entered promiscuous mode [ 665.718332][ T8298] debugfs: 'hsr0' already exists in 'hsr' [ 665.718360][ T8298] Cannot create hsr debugfs directory [ 665.898126][ C0] vkms_vblank_simulate: vblank timer overrun [ 666.058789][ T8464] bridge0: entered allmulticast mode [ 666.201882][ T31] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 666.351625][ T31] usb 4-1: device descriptor read/64, error -71 [ 666.631859][ T31] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 666.761818][ T31] usb 4-1: device descriptor read/64, error -71 [ 666.885744][ C0] vkms_vblank_simulate: vblank timer overrun [ 666.898414][ T31] usb usb4-port1: attempt power cycle [ 667.053216][ T8385] bridge0: port 1(bridge_slave_0) entered blocking state [ 667.053387][ T8385] bridge0: port 1(bridge_slave_0) entered disabled state [ 667.053610][ T8385] bridge_slave_0: entered allmulticast mode [ 667.057754][ T8385] bridge_slave_0: entered promiscuous mode [ 667.097741][ T8385] bridge0: port 2(bridge_slave_1) entered blocking state [ 667.097992][ T8385] bridge0: port 2(bridge_slave_1) entered disabled state [ 667.098213][ T8385] bridge_slave_1: entered allmulticast mode [ 667.108189][ T8385] bridge_slave_1: entered promiscuous mode [ 667.241835][ T31] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 667.262474][ T31] usb 4-1: device descriptor read/8, error -71 [ 667.394650][ T8385] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 667.418167][ T8385] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 667.511915][ T31] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 667.542941][ T31] usb 4-1: device descriptor read/8, error -71 [ 667.652567][ T31] usb usb4-port1: unable to enumerate USB device [ 667.814932][ T8385] team0: Port device team_slave_0 added [ 667.844127][ T8385] team0: Port device team_slave_1 added [ 668.278220][ T8385] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 668.278240][ T8385] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 668.278270][ T8385] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 668.430455][ T8385] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 668.430483][ T8385] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 668.430515][ T8385] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 668.431444][ T1162] bridge_slave_1: left allmulticast mode [ 668.451548][ T1162] bridge_slave_1: left promiscuous mode [ 668.451884][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.583579][ T1162] bridge_slave_0: left allmulticast mode [ 668.583618][ T1162] bridge_slave_0: left promiscuous mode [ 668.583959][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.675277][ T1162] bridge_slave_1: left allmulticast mode [ 668.675318][ T1162] bridge_slave_1: left promiscuous mode [ 668.675617][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.723913][ T1162] bridge_slave_0: left allmulticast mode [ 668.723953][ T1162] bridge_slave_0: left promiscuous mode [ 668.724254][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.807016][ T1162] bridge_slave_1: left allmulticast mode [ 668.807056][ T1162] bridge_slave_1: left promiscuous mode [ 668.807353][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.873621][ T1162] bridge_slave_0: left allmulticast mode [ 668.873661][ T1162] bridge_slave_0: left promiscuous mode [ 668.873967][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.937766][ T1162] bridge_slave_1: left allmulticast mode [ 668.937805][ T1162] bridge_slave_1: left promiscuous mode [ 668.938116][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.003621][ T1162] bridge_slave_0: left allmulticast mode [ 669.003670][ T1162] bridge_slave_0: left promiscuous mode [ 669.004027][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 669.064529][ T1162] bridge_slave_1: left allmulticast mode [ 669.064557][ T1162] bridge_slave_1: left promiscuous mode [ 669.064745][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.123682][ T1162] bridge_slave_0: left allmulticast mode [ 669.123720][ T1162] bridge_slave_0: left promiscuous mode [ 669.124022][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 669.694344][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 669.782595][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 669.846589][ T1162] bond0 (unregistering): Released all slaves [ 670.182808][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 670.273257][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 670.340572][ T1162] bond0 (unregistering): Released all slaves [ 670.666327][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 670.742630][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 670.806505][ T1162] bond0 (unregistering): Released all slaves [ 671.124113][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 671.202677][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 671.267410][ T1162] bond0 (unregistering): Released all slaves [ 671.636199][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 671.743612][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 671.826450][ T1162] bond0 (unregistering): Released all slaves [ 671.908283][ T8460] bridge0: left allmulticast mode [ 672.514900][ T8470] FAULT_INJECTION: forcing a failure. [ 672.514900][ T8470] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 672.514935][ T8470] CPU: 1 UID: 0 PID: 8470 Comm: syz.3.440 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 672.514956][ T8470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 672.514968][ T8470] Call Trace: [ 672.514976][ T8470] [ 672.514984][ T8470] dump_stack_lvl+0x189/0x250 [ 672.515017][ T8470] ? __pfx____ratelimit+0x10/0x10 [ 672.515045][ T8470] ? __pfx_dump_stack_lvl+0x10/0x10 [ 672.515072][ T8470] ? __pfx__printk+0x10/0x10 [ 672.515093][ T8470] ? __might_fault+0xb0/0x130 [ 672.515140][ T8470] should_fail_ex+0x46c/0x600 [ 672.515172][ T8470] _copy_from_user+0x2d/0xb0 [ 672.515197][ T8470] __sys_sendto+0x262/0x520 [ 672.515227][ T8470] ? __pfx___sys_sendto+0x10/0x10 [ 672.515281][ T8470] ? ksys_write+0x230/0x260 [ 672.515307][ T8470] ? __pfx_ksys_write+0x10/0x10 [ 672.515327][ T8470] ? rcu_is_watching+0x15/0xb0 [ 672.515361][ T8470] __x64_sys_sendto+0xde/0x100 [ 672.515391][ T8470] do_syscall_64+0xfa/0x3b0 [ 672.515409][ T8470] ? lockdep_hardirqs_on+0x9c/0x150 [ 672.515435][ T8470] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.515454][ T8470] ? clear_bhb_loop+0x60/0xb0 [ 672.515478][ T8470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.515496][ T8470] RIP: 0033:0x7f815756eba9 [ 672.515513][ T8470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 672.515530][ T8470] RSP: 002b:00007f81557d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 672.515551][ T8470] RAX: ffffffffffffffda RBX: 00007f81577b5fa0 RCX: 00007f815756eba9 [ 672.515565][ T8470] RDX: 000000000000e90c RSI: 00002000000000c0 RDI: 0000000000000004 [ 672.515577][ T8470] RBP: 00007f81557d6090 R08: 0000200000000540 R09: 0000000000000014 [ 672.515590][ T8470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 672.515601][ T8470] R13: 00007f81577b6038 R14: 00007f81577b5fa0 R15: 00007fff04b0b928 [ 672.515632][ T8470] [ 672.874529][ T8385] hsr_slave_0: entered promiscuous mode [ 672.876053][ T8385] hsr_slave_1: entered promiscuous mode [ 672.877061][ T8385] debugfs: 'hsr0' already exists in 'hsr' [ 672.877089][ T8385] Cannot create hsr debugfs directory [ 673.410896][ T8475] netlink: 16 bytes leftover after parsing attributes in process `syz.3.441'. [ 674.457179][ C1] vkms_vblank_simulate: vblank timer overrun [ 674.541091][ C1] vkms_vblank_simulate: vblank timer overrun [ 674.788420][ C1] vkms_vblank_simulate: vblank timer overrun [ 675.341800][ T1162] hsr_slave_0: left promiscuous mode [ 675.386238][ T1162] hsr_slave_1: left promiscuous mode [ 675.387354][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 675.418934][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 675.594240][ C1] vkms_vblank_simulate: vblank timer overrun [ 676.022598][ C1] vkms_vblank_simulate: vblank timer overrun [ 676.181824][ T1162] hsr_slave_0: left promiscuous mode [ 676.201836][ T1162] hsr_slave_1: left promiscuous mode [ 676.202909][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 676.243031][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 676.389199][ T8489] FAULT_INJECTION: forcing a failure. [ 676.389199][ T8489] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 676.389239][ T8489] CPU: 0 UID: 0 PID: 8489 Comm: syz.3.445 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 676.389262][ T8489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 676.389275][ T8489] Call Trace: [ 676.389284][ T8489] [ 676.389293][ T8489] dump_stack_lvl+0x189/0x250 [ 676.389328][ T8489] ? __pfx____ratelimit+0x10/0x10 [ 676.389358][ T8489] ? __pfx_dump_stack_lvl+0x10/0x10 [ 676.389387][ T8489] ? __pfx__printk+0x10/0x10 [ 676.389411][ T8489] ? __might_fault+0xb0/0x130 [ 676.389454][ T8489] should_fail_ex+0x46c/0x600 [ 676.389491][ T8489] _copy_from_user+0x2d/0xb0 [ 676.389518][ T8489] ___sys_sendmsg+0x158/0x2a0 [ 676.389543][ T8489] ? __pfx____sys_sendmsg+0x10/0x10 [ 676.389606][ T8489] ? __fget_files+0x2a/0x420 [ 676.389634][ T8489] ? __fget_files+0x3a6/0x420 [ 676.389675][ T8489] __sys_sendmmsg+0x22d/0x430 [ 676.389703][ T8489] ? __pfx___sys_sendmmsg+0x10/0x10 [ 676.389735][ T8489] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 676.389778][ T8489] ? ksys_write+0x230/0x260 [ 676.389806][ T8489] ? __pfx_ksys_write+0x10/0x10 [ 676.389828][ T8489] ? rcu_is_watching+0x15/0xb0 [ 676.389868][ T8489] __x64_sys_sendmmsg+0xa0/0xc0 [ 676.389891][ T8489] do_syscall_64+0xfa/0x3b0 [ 676.389909][ T8489] ? lockdep_hardirqs_on+0x9c/0x150 [ 676.389939][ T8489] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.389959][ T8489] ? clear_bhb_loop+0x60/0xb0 [ 676.389985][ T8489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.390005][ T8489] RIP: 0033:0x7f815756eba9 [ 676.390025][ T8489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.390044][ T8489] RSP: 002b:00007f81557d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 676.390067][ T8489] RAX: ffffffffffffffda RBX: 00007f81577b5fa0 RCX: 00007f815756eba9 [ 676.390083][ T8489] RDX: 0000000000000001 RSI: 0000200000001340 RDI: 0000000000000004 [ 676.390104][ T8489] RBP: 00007f81557d6090 R08: 0000000000000000 R09: 0000000000000000 [ 676.390117][ T8489] R10: 0000000004020010 R11: 0000000000000246 R12: 0000000000000001 [ 676.390130][ T8489] R13: 00007f81577b6038 R14: 00007f81577b5fa0 R15: 00007fff04b0b928 [ 676.390165][ T8489] [ 676.459931][ T8491] FAULT_INJECTION: forcing a failure. [ 676.459931][ T8491] name failslab, interval 1, probability 0, space 0, times 0 [ 676.459967][ T8491] CPU: 0 UID: 0 PID: 8491 Comm: syz.3.446 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 676.459988][ T8491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 676.459998][ T8491] Call Trace: [ 676.460006][ T8491] [ 676.460014][ T8491] dump_stack_lvl+0x189/0x250 [ 676.460046][ T8491] ? __pfx____ratelimit+0x10/0x10 [ 676.460071][ T8491] ? __pfx_dump_stack_lvl+0x10/0x10 [ 676.460097][ T8491] ? __pfx__printk+0x10/0x10 [ 676.460125][ T8491] ? __pfx___might_resched+0x10/0x10 [ 676.460154][ T8491] should_fail_ex+0x46c/0x600 [ 676.460186][ T8491] ? __alloc_skb+0x112/0x2d0 [ 676.460212][ T8491] should_failslab+0xa8/0x100 [ 676.460242][ T8491] ? __alloc_skb+0x112/0x2d0 [ 676.460267][ T8491] kmem_cache_alloc_node_noprof+0x77/0x330 [ 676.460302][ T8491] __alloc_skb+0x112/0x2d0 [ 676.460344][ T8491] alloc_skb_with_frags+0xca/0x890 [ 676.460370][ T8491] ? __lock_acquire+0xab9/0xd20 [ 676.460406][ T8491] sock_alloc_send_pskb+0x863/0x9a0 [ 676.460455][ T8491] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 676.460476][ T8491] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 676.460511][ T8491] ? __might_fault+0xb0/0x130 [ 676.460545][ T8491] hci_sock_sendmsg+0x207/0xef0 [ 676.460572][ T8491] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 676.460596][ T8491] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 676.460614][ T8491] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 676.460634][ T8491] __sock_sendmsg+0x21c/0x270 [ 676.460664][ T8491] sock_write_iter+0x25e/0x330 [ 676.460690][ T8491] ? __pfx_sock_write_iter+0x10/0x10 [ 676.460738][ T8491] vfs_write+0x5d5/0xb40 [ 676.460770][ T8491] ? __pfx_sock_write_iter+0x10/0x10 [ 676.460795][ T8491] ? __pfx_vfs_write+0x10/0x10 [ 676.460832][ T8491] ? __fget_files+0x2a/0x420 [ 676.460870][ T8491] ksys_write+0x14b/0x260 [ 676.460895][ T8491] ? __pfx_ksys_write+0x10/0x10 [ 676.460916][ T8491] ? rcu_is_watching+0x15/0xb0 [ 676.460952][ T8491] ? do_syscall_64+0xbe/0x3b0 [ 676.460976][ T8491] do_syscall_64+0xfa/0x3b0 [ 676.460993][ T8491] ? lockdep_hardirqs_on+0x9c/0x150 [ 676.461017][ T8491] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.461035][ T8491] ? clear_bhb_loop+0x60/0xb0 [ 676.461057][ T8491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.461074][ T8491] RIP: 0033:0x7f815756eba9 [ 676.461091][ T8491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.461107][ T8491] RSP: 002b:00007f81557d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 676.461126][ T8491] RAX: ffffffffffffffda RBX: 00007f81577b5fa0 RCX: 00007f815756eba9 [ 676.461140][ T8491] RDX: 0000000000000006 RSI: 0000200000001280 RDI: 0000000000000007 [ 676.461151][ T8491] RBP: 00007f81557d6090 R08: 0000000000000000 R09: 0000000000000000 [ 676.461162][ T8491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 676.461173][ T8491] R13: 00007f81577b6038 R14: 00007f81577b5fa0 R15: 00007fff04b0b928 [ 676.461204][ T8491] [ 676.985221][ T1162] hsr_slave_0: left promiscuous mode [ 677.035096][ T1162] hsr_slave_1: left promiscuous mode [ 677.037332][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 677.083205][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 677.244799][ T1162] hsr_slave_0: left promiscuous mode [ 677.281925][ T1162] hsr_slave_1: left promiscuous mode [ 677.283407][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 677.348288][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 677.531828][ T1162] hsr_slave_0: left promiscuous mode [ 677.593331][ T1162] hsr_slave_1: left promiscuous mode [ 677.594381][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 677.642698][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 678.556426][ C1] vkms_vblank_simulate: vblank timer overrun [ 678.675319][ C1] vkms_vblank_simulate: vblank timer overrun [ 678.887743][ C1] vkms_vblank_simulate: vblank timer overrun [ 679.009177][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 679.071957][ C1] vkms_vblank_simulate: vblank timer overrun [ 679.202681][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 680.473420][ C1] vkms_vblank_simulate: vblank timer overrun [ 680.656160][ C1] vkms_vblank_simulate: vblank timer overrun [ 680.714183][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 680.873062][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 681.274555][ C1] vkms_vblank_simulate: vblank timer overrun [ 681.340588][ C1] vkms_vblank_simulate: vblank timer overrun [ 681.954887][ C1] vkms_vblank_simulate: vblank timer overrun [ 682.056063][ C1] vkms_vblank_simulate: vblank timer overrun [ 682.124245][ C1] vkms_vblank_simulate: vblank timer overrun [ 682.401801][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 682.564257][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 682.957295][ C1] vkms_vblank_simulate: vblank timer overrun [ 684.062160][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 684.212754][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 685.693256][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 685.882705][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 686.163328][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.163456][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.068986][ T8507] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 687.378604][ T8298] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 687.465213][ T8298] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 687.618515][ T8298] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 687.659782][ T8298] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 687.705696][ T8511] FAULT_INJECTION: forcing a failure. [ 687.705696][ T8511] name failslab, interval 1, probability 0, space 0, times 0 [ 687.705733][ T8511] CPU: 0 UID: 0 PID: 8511 Comm: syz.3.453 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 687.705756][ T8511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 687.705769][ T8511] Call Trace: [ 687.705777][ T8511] [ 687.705786][ T8511] dump_stack_lvl+0x189/0x250 [ 687.705820][ T8511] ? __pfx____ratelimit+0x10/0x10 [ 687.705851][ T8511] ? __pfx_dump_stack_lvl+0x10/0x10 [ 687.705886][ T8511] ? __pfx__printk+0x10/0x10 [ 687.705917][ T8511] ? __pfx___might_resched+0x10/0x10 [ 687.705940][ T8511] ? fs_reclaim_acquire+0x7d/0x100 [ 687.705966][ T8511] should_fail_ex+0x46c/0x600 [ 687.706011][ T8511] should_failslab+0xa8/0x100 [ 687.706041][ T8511] __kmalloc_noprof+0xcb/0x430 [ 687.706066][ T8511] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 687.706103][ T8511] tomoyo_realpath_from_path+0xe3/0x5d0 [ 687.706134][ T8511] ? tomoyo_domain+0xda/0x130 [ 687.706170][ T8511] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 687.706194][ T8511] tomoyo_path_number_perm+0x1e8/0x5a0 [ 687.706223][ T8511] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 687.706251][ T8511] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 687.706281][ T8511] ? lockdep_hardirqs_on+0x9c/0x150 [ 687.706320][ T8511] ? __lock_acquire+0xab9/0xd20 [ 687.706372][ T8511] ? __fget_files+0x2a/0x420 [ 687.706405][ T8511] ? __fget_files+0x2a/0x420 [ 687.706432][ T8511] ? __fget_files+0x3a6/0x420 [ 687.706459][ T8511] ? __fget_files+0x2a/0x420 [ 687.706492][ T8511] security_file_ioctl+0xcb/0x2d0 [ 687.706521][ T8511] __se_sys_ioctl+0x47/0x170 [ 687.706548][ T8511] do_syscall_64+0xfa/0x3b0 [ 687.706567][ T8511] ? lockdep_hardirqs_on+0x9c/0x150 [ 687.706595][ T8511] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.706616][ T8511] ? clear_bhb_loop+0x60/0xb0 [ 687.706642][ T8511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.706662][ T8511] RIP: 0033:0x7f815756eba9 [ 687.706680][ T8511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 687.706698][ T8511] RSP: 002b:00007f81557d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 687.706721][ T8511] RAX: ffffffffffffffda RBX: 00007f81577b5fa0 RCX: 00007f815756eba9 [ 687.706737][ T8511] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 687.706750][ T8511] RBP: 00007f81557d6090 R08: 0000000000000000 R09: 0000000000000000 [ 687.706763][ T8511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 687.706776][ T8511] R13: 00007f81577b6038 R14: 00007f81577b5fa0 R15: 00007fff04b0b928 [ 687.706811][ T8511] [ 687.707687][ T8511] ERROR: Out of memory at tomoyo_realpath_from_path. [ 687.913794][ T8286] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 688.064159][ T8286] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 688.137357][ T8286] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 688.266734][ T8286] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 688.437147][ C0] vkms_vblank_simulate: vblank timer overrun [ 688.664584][ T8265] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 688.702362][ C0] vkms_vblank_simulate: vblank timer overrun [ 688.727313][ T8265] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 688.751619][ C0] vkms_vblank_simulate: vblank timer overrun [ 688.835109][ C0] vkms_vblank_simulate: vblank timer overrun [ 689.011341][ T8265] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 689.104326][ T8265] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 689.950523][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.026131][ T5846] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 690.181688][ T5846] usb 4-1: Using ep0 maxpacket: 16 [ 690.182707][ T5846] usb 4-1: too many configurations: 206, using maximum allowed: 8 [ 690.189374][ T5846] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 690.189416][ T5846] usb 4-1: can't read configurations, error -61 [ 690.249759][ T8298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 690.281945][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.341806][ T5846] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 690.486674][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.504984][ T5846] usb 4-1: Using ep0 maxpacket: 16 [ 690.509963][ T5846] usb 4-1: too many configurations: 206, using maximum allowed: 8 [ 690.532025][ T5846] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 690.532067][ T5846] usb 4-1: can't read configurations, error -61 [ 690.535595][ T5846] usb usb4-port1: attempt power cycle [ 690.648316][ T8286] 8021q: adding VLAN 0 to HW filter on device bond0 [ 690.658834][ T8298] 8021q: adding VLAN 0 to HW filter on device team0 [ 690.764897][ T1418] bridge0: port 1(bridge_slave_0) entered blocking state [ 690.765132][ T1418] bridge0: port 1(bridge_slave_0) entered forwarding state [ 690.822362][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.876226][ T85] bridge0: port 2(bridge_slave_1) entered blocking state [ 690.876420][ T85] bridge0: port 2(bridge_slave_1) entered forwarding state [ 690.921625][ T5846] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 690.966903][ T5846] usb 4-1: Using ep0 maxpacket: 16 [ 690.970159][ T5846] usb 4-1: too many configurations: 206, using maximum allowed: 8 [ 690.987446][ T5846] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 690.987491][ T5846] usb 4-1: can't read configurations, error -61 [ 691.056827][ T8286] 8021q: adding VLAN 0 to HW filter on device team0 [ 691.069839][ T8385] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 691.117852][ T8385] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 691.121850][ T5846] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 691.145410][ T5846] usb 4-1: Using ep0 maxpacket: 16 [ 691.146112][ T5846] usb 4-1: too many configurations: 206, using maximum allowed: 8 [ 691.147801][ T5846] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 691.147823][ T5846] usb 4-1: can't read configurations, error -61 [ 691.149972][ T5846] usb usb4-port1: unable to enumerate USB device [ 691.196875][ T8265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 691.213625][ T8385] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 691.250005][ C0] vkms_vblank_simulate: vblank timer overrun [ 691.273489][ T3536] bridge0: port 1(bridge_slave_0) entered blocking state [ 691.273682][ T3536] bridge0: port 1(bridge_slave_0) entered forwarding state [ 691.300570][ C0] vkms_vblank_simulate: vblank timer overrun [ 691.302781][ T8385] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 691.367653][ C0] vkms_vblank_simulate: vblank timer overrun [ 691.410944][ T85] bridge0: port 2(bridge_slave_1) entered blocking state [ 691.411099][ T85] bridge0: port 2(bridge_slave_1) entered forwarding state [ 691.515595][ T8265] 8021q: adding VLAN 0 to HW filter on device team0 [ 691.551359][ C0] vkms_vblank_simulate: vblank timer overrun [ 691.645085][ T6015] bridge0: port 1(bridge_slave_0) entered blocking state [ 691.645349][ T6015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 691.731254][ T85] bridge0: port 2(bridge_slave_1) entered blocking state [ 691.733499][ T85] bridge0: port 2(bridge_slave_1) entered forwarding state [ 691.768817][ C0] vkms_vblank_simulate: vblank timer overrun [ 692.734581][ T8385] 8021q: adding VLAN 0 to HW filter on device bond0 [ 692.763357][ T8298] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 692.891718][ T5846] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 692.969702][ T8385] 8021q: adding VLAN 0 to HW filter on device team0 [ 693.028706][ T8286] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 693.043722][ T5846] usb 4-1: Using ep0 maxpacket: 8 [ 693.087709][ T5846] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 693.087745][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.087765][ T5846] usb 4-1: Product: syz [ 693.087780][ T5846] usb 4-1: Manufacturer: syz [ 693.087794][ T5846] usb 4-1: SerialNumber: syz [ 693.124879][ T5846] usb 4-1: config 0 descriptor?? [ 693.130524][ T6004] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.130691][ T6004] bridge0: port 1(bridge_slave_0) entered forwarding state [ 693.239654][ T6004] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.241763][ T6004] bridge0: port 2(bridge_slave_1) entered forwarding state [ 693.266731][ T5846] radio-usb-si4713 4-1:0.0: Si4713 development board discovered: (10C4:8244) [ 693.421314][ T8558] Bluetooth: MGMT ver 1.23 [ 693.927059][ T5846] radio-usb-si4713 4-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 693.927722][ T5846] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 693.942309][ T5846] usb 4-1: USB disconnect, device number 30 [ 694.008193][ T8265] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 694.325667][ T8298] veth0_vlan: entered promiscuous mode [ 694.384426][ T8298] veth1_vlan: entered promiscuous mode [ 694.692502][ T8286] veth0_vlan: entered promiscuous mode [ 694.721591][ T8298] veth0_macvtap: entered promiscuous mode [ 694.759361][ T8298] veth1_macvtap: entered promiscuous mode [ 694.792958][ T8286] veth1_vlan: entered promiscuous mode [ 695.335436][ C0] vkms_vblank_simulate: vblank timer overrun [ 695.382184][ T8298] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 695.406484][ T8298] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 695.489228][ T1162] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.531808][ T1162] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.571622][ T1162] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.600733][ T3618] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.298742][ C0] vkms_vblank_simulate: vblank timer overrun [ 696.624031][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.162333][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.343478][ T8604] syz.3.460 (8604) used greatest stack depth: 17992 bytes left [ 697.466158][ T8385] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 697.698853][ T8286] veth0_macvtap: entered promiscuous mode [ 697.822030][ T8286] veth1_macvtap: entered promiscuous mode [ 697.833569][ T1418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.833593][ T1418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 698.119609][ T8286] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 698.153844][ T3536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 698.153867][ T3536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 698.208133][ T8286] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 698.336449][ T6015] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.337071][ T6015] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.337678][ T6015] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.338715][ T6015] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.313762][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 700.359513][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 700.392717][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 700.394562][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 700.395505][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 701.023465][ T8385] veth0_vlan: entered promiscuous mode [ 702.045429][ T5154] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 702.076726][ T5154] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 702.095746][ T5154] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 702.097663][ T5154] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 702.098621][ T5154] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 702.163417][ T5906] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 702.257581][ T5154] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 702.288635][ T5154] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 702.291778][ T5906] usb 4-1: device descriptor read/64, error -71 [ 702.296514][ T5154] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 702.313545][ T5154] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 702.321795][ T5154] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 702.481663][ T5856] Bluetooth: hci1: command tx timeout [ 702.536660][ T5906] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 702.661735][ T5906] usb 4-1: device descriptor read/64, error -71 [ 702.774599][ T5906] usb usb4-port1: attempt power cycle [ 702.939892][ T8385] veth1_vlan: entered promiscuous mode [ 703.111859][ T5906] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 703.150144][ T5906] usb 4-1: device descriptor read/8, error -71 [ 703.391882][ T5906] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 703.417351][ T5906] usb 4-1: device descriptor read/8, error -71 [ 703.522133][ T5906] usb usb4-port1: unable to enumerate USB device [ 704.118354][ T8385] veth0_macvtap: entered promiscuous mode [ 704.236482][ T5856] Bluetooth: hci2: command tx timeout [ 704.323304][ T8385] veth1_macvtap: entered promiscuous mode [ 704.392460][ T5856] Bluetooth: hci3: command tx timeout [ 704.551699][ T5856] Bluetooth: hci1: command tx timeout [ 704.735899][ T6004] bridge_slave_1: left allmulticast mode [ 704.735978][ T6004] bridge_slave_1: left promiscuous mode [ 704.736299][ T6004] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.836377][ T6004] bridge_slave_0: left allmulticast mode [ 704.836418][ T6004] bridge_slave_0: left promiscuous mode [ 704.838130][ T6004] bridge0: port 1(bridge_slave_0) entered disabled state [ 706.321587][ T5856] Bluetooth: hci2: command tx timeout [ 706.464216][ C1] vkms_vblank_simulate: vblank timer overrun [ 706.471768][ T5856] Bluetooth: hci3: command tx timeout [ 706.561868][ C1] vkms_vblank_simulate: vblank timer overrun [ 706.611759][ C1] vkms_vblank_simulate: vblank timer overrun [ 706.632510][ T5856] Bluetooth: hci1: command tx timeout [ 706.797347][ T6004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 706.884620][ T6004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 706.928657][ T6004] bond0 (unregistering): Released all slaves [ 707.025948][ T8671] bond_slave_0: entered promiscuous mode [ 707.026020][ T8671] bond_slave_1: entered promiscuous mode [ 707.026391][ T8671] vlan2: entered promiscuous mode [ 707.026404][ T8671] bond0: entered promiscuous mode [ 707.390826][ T8635] chnl_net:caif_netlink_parms(): no params data found [ 707.661635][ T6004] hsr_slave_0: left promiscuous mode [ 707.741878][ T6004] hsr_slave_1: left promiscuous mode [ 707.742965][ T6004] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 707.795498][ T6004] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 708.392628][ T5856] Bluetooth: hci2: command tx timeout [ 708.551621][ T5856] Bluetooth: hci3: command tx timeout [ 708.711655][ T5856] Bluetooth: hci1: command tx timeout [ 709.397874][ T5154] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 709.405151][ T5154] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 709.464470][ T5154] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 709.485038][ T5154] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 709.501292][ T5154] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 710.122446][ T6004] team0 (unregistering): Port device team_slave_1 removed [ 710.454064][ T6004] team0 (unregistering): Port device team_slave_0 removed [ 710.484203][ T5856] Bluetooth: hci2: command tx timeout [ 710.632660][ T5856] Bluetooth: hci3: command tx timeout [ 710.639757][ T31] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 710.827836][ T31] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 710.827871][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 710.856933][ T31] usb 4-1: config 0 descriptor?? [ 711.601607][ T5856] Bluetooth: hci4: command tx timeout [ 711.829726][ T31] usb 4-1: Cannot set autoneg [ 711.843057][ T31] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 711.910314][ T31] usb 4-1: USB disconnect, device number 35 [ 712.321623][ C0] vkms_vblank_simulate: vblank timer overrun [ 712.803914][ C0] vkms_vblank_simulate: vblank timer overrun [ 713.247203][ C0] vkms_vblank_simulate: vblank timer overrun [ 713.453540][ C0] vkms_vblank_simulate: vblank timer overrun [ 713.672139][ T5856] Bluetooth: hci4: command tx timeout [ 713.984978][ C0] vkms_vblank_simulate: vblank timer overrun [ 714.039409][ C0] vkms_vblank_simulate: vblank timer overrun [ 714.474591][ T8647] chnl_net:caif_netlink_parms(): no params data found [ 714.489917][ T8649] chnl_net:caif_netlink_parms(): no params data found [ 714.824195][ C0] vkms_vblank_simulate: vblank timer overrun [ 715.100175][ T8729] loop7: detected capacity change from 0 to 7 [ 715.136681][ T8729] Dev loop7: unable to read RDB block 7 [ 715.136724][ T8729] loop7: AHDI p1 p2 [ 715.136762][ T8729] loop7: partition table partially beyond EOD, truncated [ 715.137135][ T8729] loop7: p1 start 1702000233 is beyond EOD, truncated [ 715.753569][ C0] vkms_vblank_simulate: vblank timer overrun [ 715.765178][ T5856] Bluetooth: hci4: command tx timeout [ 716.508602][ T8635] bridge0: port 1(bridge_slave_0) entered blocking state [ 716.508849][ T8635] bridge0: port 1(bridge_slave_0) entered disabled state [ 716.509136][ T8635] bridge_slave_0: entered allmulticast mode [ 716.515469][ T8635] bridge_slave_0: entered promiscuous mode [ 717.873855][ T5856] Bluetooth: hci4: command tx timeout [ 718.068792][ T8635] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.068971][ T8635] bridge0: port 2(bridge_slave_1) entered disabled state [ 718.069236][ T8635] bridge_slave_1: entered allmulticast mode [ 718.077160][ T8635] bridge_slave_1: entered promiscuous mode [ 719.572152][ T8647] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.572343][ T8647] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.572617][ T8647] bridge_slave_0: entered allmulticast mode [ 719.575889][ T8647] bridge_slave_0: entered promiscuous mode [ 719.578245][ T8649] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.578379][ T8649] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.578565][ T8649] bridge_slave_0: entered allmulticast mode [ 719.582736][ T8649] bridge_slave_0: entered promiscuous mode [ 719.783823][ T8647] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.783987][ T8647] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.784252][ T8647] bridge_slave_1: entered allmulticast mode [ 719.801607][ T8647] bridge_slave_1: entered promiscuous mode [ 719.814505][ T8649] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.814647][ T8649] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.814874][ T8649] bridge_slave_1: entered allmulticast mode [ 719.827443][ T8649] bridge_slave_1: entered promiscuous mode [ 719.884496][ T8635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.227276][ T8635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.370836][ T8758] FAULT_INJECTION: forcing a failure. [ 720.370836][ T8758] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 720.370874][ T8758] CPU: 1 UID: 0 PID: 8758 Comm: syz.3.481 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 720.370897][ T8758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 720.370908][ T8758] Call Trace: [ 720.370916][ T8758] [ 720.370925][ T8758] dump_stack_lvl+0x189/0x250 [ 720.370960][ T8758] ? __pfx____ratelimit+0x10/0x10 [ 720.370990][ T8758] ? __pfx_dump_stack_lvl+0x10/0x10 [ 720.371027][ T8758] ? __pfx__printk+0x10/0x10 [ 720.371051][ T8758] ? __might_fault+0xb0/0x130 [ 720.371093][ T8758] should_fail_ex+0x46c/0x600 [ 720.371128][ T8758] _copy_from_user+0x2d/0xb0 [ 720.371155][ T8758] do_ipv6_setsockopt+0x23e/0x2eb0 [ 720.371199][ T8758] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 720.371225][ T8758] ? __lock_acquire+0xab9/0xd20 [ 720.371262][ T8758] ? do_raw_spin_lock+0x121/0x290 [ 720.371296][ T8758] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 720.371327][ T8758] ? lockdep_hardirqs_on+0x9c/0x150 [ 720.371363][ T8758] ? __lock_acquire+0xab9/0xd20 [ 720.371412][ T8758] ? __fget_files+0x2a/0x420 [ 720.371442][ T8758] ipv6_setsockopt+0x59/0x170 [ 720.371465][ T8758] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 720.371492][ T8758] do_sock_setsockopt+0x179/0x1b0 [ 720.371525][ T8758] __x64_sys_setsockopt+0x145/0x1b0 [ 720.371557][ T8758] do_syscall_64+0xfa/0x3b0 [ 720.371574][ T8758] ? lockdep_hardirqs_on+0x9c/0x150 [ 720.371600][ T8758] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.371619][ T8758] ? clear_bhb_loop+0x60/0xb0 [ 720.371643][ T8758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.371662][ T8758] RIP: 0033:0x7f815756eba9 [ 720.371680][ T8758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 720.371696][ T8758] RSP: 002b:00007f81557d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 720.371719][ T8758] RAX: ffffffffffffffda RBX: 00007f81577b5fa0 RCX: 00007f815756eba9 [ 720.371735][ T8758] RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000003 [ 720.371748][ T8758] RBP: 00007f81557d6090 R08: 0000000000000090 R09: 0000000000000000 [ 720.371759][ T8758] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 720.371771][ T8758] R13: 00007f81577b6038 R14: 00007f81577b5fa0 R15: 00007fff04b0b928 [ 720.371805][ T8758] [ 720.783780][ T8776] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 720.783780][ T8776] The task syz.3.482 (8776) triggered the difference, watch for misbehavior. [ 720.784511][ T8776] netlink: 8 bytes leftover after parsing attributes in process `syz.3.482'. [ 720.832587][ T8647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.929724][ T8649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 721.023654][ T8647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 721.047243][ T8649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 721.051142][ T8635] team0: Port device team_slave_0 added [ 721.255885][ T8635] team0: Port device team_slave_1 added [ 721.861843][ T6020] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 721.919585][ T8647] team0: Port device team_slave_0 added [ 721.930204][ T8649] team0: Port device team_slave_0 added [ 722.019703][ T6020] usb 4-1: config 0 has an invalid interface number: 228 but max is 0 [ 722.019735][ T6020] usb 4-1: config 0 has no interface number 0 [ 722.019788][ T6020] usb 4-1: config 0 interface 228 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 722.026540][ T6020] usb 4-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=34.b1 [ 722.026568][ T6020] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.026586][ T6020] usb 4-1: Product: syz [ 722.026598][ T6020] usb 4-1: Manufacturer: syz [ 722.026612][ T6020] usb 4-1: SerialNumber: syz [ 722.040725][ T6020] usb 4-1: config 0 descriptor?? [ 722.054876][ T6020] bfusb 4-1:0.228: probe with driver bfusb failed with error -5 [ 722.238963][ T8647] team0: Port device team_slave_1 added [ 722.256052][ T8649] team0: Port device team_slave_1 added [ 722.257865][ T8635] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 722.257880][ T8635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 722.257910][ T8635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 722.459203][ T8635] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 722.459224][ T8635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 722.459254][ T8635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 722.897112][ T8647] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 722.897132][ T8647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 722.897162][ T8647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 722.900903][ T8649] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 722.900920][ T8649] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 722.900948][ T8649] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 723.147595][ T8647] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 723.147616][ T8647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 723.147644][ T8647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 723.149928][ T8649] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 723.149943][ T8649] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 723.149970][ T8649] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 723.916151][ T8635] hsr_slave_0: entered promiscuous mode [ 723.917648][ T8635] hsr_slave_1: entered promiscuous mode [ 724.322400][ T8647] hsr_slave_0: entered promiscuous mode [ 724.324052][ T8647] hsr_slave_1: entered promiscuous mode [ 724.325076][ T8647] debugfs: 'hsr0' already exists in 'hsr' [ 724.325103][ T8647] Cannot create hsr debugfs directory [ 724.356936][ T8649] hsr_slave_0: entered promiscuous mode [ 724.358717][ T8649] hsr_slave_1: entered promiscuous mode [ 724.367857][ T8649] debugfs: 'hsr0' already exists in 'hsr' [ 724.367902][ T8649] Cannot create hsr debugfs directory [ 724.396818][ T8699] chnl_net:caif_netlink_parms(): no params data found [ 724.577246][ T7926] usb 4-1: USB disconnect, device number 36 [ 726.027314][ T8812] binder_alloc: 8811: pid 8811 spamming oneway? 1 buffers allocated for a total size of 4096 [ 728.803350][ T8699] bridge0: port 1(bridge_slave_0) entered blocking state [ 728.803520][ T8699] bridge0: port 1(bridge_slave_0) entered disabled state [ 728.803732][ T8699] bridge_slave_0: entered allmulticast mode [ 728.807352][ T8699] bridge_slave_0: entered promiscuous mode [ 729.027282][ T8699] bridge0: port 2(bridge_slave_1) entered blocking state [ 729.027594][ T8699] bridge0: port 2(bridge_slave_1) entered disabled state [ 729.027881][ T8699] bridge_slave_1: entered allmulticast mode [ 729.127146][ T8699] bridge_slave_1: entered promiscuous mode [ 731.525973][ T8699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 731.967351][ T8838] FAULT_INJECTION: forcing a failure. [ 731.967351][ T8838] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 731.967427][ T8838] CPU: 0 UID: 0 PID: 8838 Comm: syz.3.492 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 731.967452][ T8838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 731.967465][ T8838] Call Trace: [ 731.967474][ T8838] [ 731.967484][ T8838] dump_stack_lvl+0x189/0x250 [ 731.967520][ T8838] ? __pfx____ratelimit+0x10/0x10 [ 731.967559][ T8838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 731.967589][ T8838] ? __pfx__printk+0x10/0x10 [ 731.967613][ T8838] ? __might_fault+0xb0/0x130 [ 731.967657][ T8838] should_fail_ex+0x46c/0x600 [ 731.967693][ T8838] _copy_from_user+0x2d/0xb0 [ 731.967720][ T8838] __sys_bpf+0x1ed/0x870 [ 731.967749][ T8838] ? __pfx___sys_bpf+0x10/0x10 [ 731.967810][ T8838] __x64_sys_bpf+0x7c/0x90 [ 731.967834][ T8838] do_syscall_64+0xfa/0x3b0 [ 731.967856][ T8838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.967875][ T8838] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 731.967895][ T8838] ? clear_bhb_loop+0x60/0xb0 [ 731.967921][ T8838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.967940][ T8838] RIP: 0033:0x7f815756eba9 [ 731.967967][ T8838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 731.968001][ T8838] RSP: 002b:00007f8155794038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 731.968024][ T8838] RAX: ffffffffffffffda RBX: 00007f81577b6180 RCX: 00007f815756eba9 [ 731.968040][ T8838] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005 [ 731.968053][ T8838] RBP: 00007f8155794090 R08: 0000000000000000 R09: 0000000000000000 [ 731.968066][ T8838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 731.968079][ T8838] R13: 00007f81577b6218 R14: 00007f81577b6180 R15: 00007fff04b0b928 [ 731.968113][ T8838] [ 732.973952][ T6004] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 733.062571][ T8699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 733.462082][ T6020] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 733.614955][ T6020] usb 4-1: Using ep0 maxpacket: 16 [ 733.619421][ T6020] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 733.619486][ T6020] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 733.619515][ T6020] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 733.619537][ T6020] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 733.619561][ T6020] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 733.621795][ T6020] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 733.621821][ T6020] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 733.621840][ T6020] usb 4-1: Manufacturer: syz [ 733.639546][ T6020] usb 4-1: config 0 descriptor?? [ 734.007297][ T6004] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 734.132514][ T8699] team0: Port device team_slave_0 added [ 734.330704][ T8699] team0: Port device team_slave_1 added [ 734.658600][ T6004] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.085905][ T8699] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 735.085926][ T8699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 735.085956][ T8699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 735.295297][ T6004] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.601948][ T8699] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 735.601977][ T8699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 735.602007][ T8699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 735.910796][ T8699] hsr_slave_0: entered promiscuous mode [ 735.922648][ T8699] hsr_slave_1: entered promiscuous mode [ 735.923701][ T8699] debugfs: 'hsr0' already exists in 'hsr' [ 735.923730][ T8699] Cannot create hsr debugfs directory [ 736.197782][ T8844] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 736.197808][ T8844] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 8844, name: syz.3.495 [ 736.197825][ T8844] preempt_count: 0, expected: 0 [ 736.197840][ T8844] RCU nest depth: 0, expected: 0 [ 736.197850][ T8844] 1 lock held by syz.3.495/8844: [ 736.197862][ T8844] #0: ffff888146360058 (&dum_hcd->dum->lock){+.+.}-{3:3}, at: dummy_dequeue+0x164/0x480 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 736.197932][ T8844] irq event stamp: 5796 [ 736.197940][ T8844] hardirqs last enabled at (5795): [] finish_task_switch+0x266/0x950 [ 736.197974][ T8844] hardirqs last disabled at (5796): [] dummy_dequeue+0x151/0x480 [ 736.198003][ T8844] softirqs last enabled at (3518): [] __local_bh_enable_ip+0x1a4/0x270 [ 736.198032][ T8844] softirqs last disabled at (3504): [] queue_req+0x22/0x150 [ 736.198066][ T8844] CPU: 1 UID: 0 PID: 8844 Comm: syz.3.495 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 736.198089][ T8844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 736.198101][ T8844] Call Trace: [ 736.198111][ T8844] [ 736.198121][ T8844] dump_stack_lvl+0x189/0x250 [ 736.198150][ T8844] ? queue_req+0x22/0x150 [ 736.198170][ T8844] ? queue_req+0x22/0x150 [ 736.198194][ T8844] ? __pfx_dump_stack_lvl+0x10/0x10 [ 736.198233][ T8844] ? print_lock_name+0xde/0x100 [ 736.198262][ T8844] __might_resched+0x44b/0x5d0 [ 736.198290][ T8844] ? preempt_schedule+0xae/0xc0 [ 736.198319][ T8844] ? __pfx___might_resched+0x10/0x10 [ 736.198342][ T8844] ? dummy_dequeue+0x164/0x480 [ 736.198369][ T8844] ? preempt_schedule+0xae/0xc0 [ 736.198410][ T8844] rt_spin_lock+0xc7/0x2c0 [ 736.198435][ T8844] ? preempt_schedule_thunk+0x16/0x30 [ 736.198460][ T8844] ? __pfx_rt_spin_lock+0x10/0x10 [ 736.198504][ T8844] ? rcu_is_watching+0x15/0xb0 [ 736.198539][ T8844] dummy_dequeue+0x164/0x480 [ 736.198573][ T8844] ? __pfx_dummy_dequeue+0x10/0x10 [ 736.198601][ T8844] ? __pfx_schedule_timeout+0x10/0x10 [ 736.198628][ T8844] ? __pfx___wait_for_common+0x10/0x10 [ 736.198668][ T8844] usb_ep_dequeue+0x66/0x250 [ 736.198698][ T8844] raw_process_ep_io+0x5a3/0xaf0 [ 736.198739][ T8844] ? __pfx_raw_process_ep_io+0x10/0x10 [ 736.198785][ T8844] ? _copy_from_user+0x94/0xb0 [ 736.198816][ T8844] raw_ioctl+0x22dc/0x3ba0 [ 736.198846][ T8844] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 736.198873][ T8844] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 736.198903][ T8844] ? do_vfs_ioctl+0xbeb/0x1440 [ 736.198938][ T8844] ? __pfx_raw_ioctl+0x10/0x10 [ 736.198965][ T8844] ? __pfx_smack_log+0x10/0x10 [ 736.198997][ T8844] ? smk_access+0x14c/0x4e0 [ 736.199037][ T8844] ? smk_tskacc+0x2fc/0x370 [ 736.199074][ T8844] ? smack_file_ioctl+0x24d/0x340 [ 736.199100][ T8844] ? __pfx_smack_file_ioctl+0x10/0x10 [ 736.199136][ T8844] ? __fget_files+0x2a/0x420 [ 736.199163][ T8844] ? __fget_files+0x3a6/0x420 [ 736.199190][ T8844] ? __fget_files+0x2a/0x420 [ 736.199223][ T8844] ? bpf_lsm_file_ioctl+0x9/0x20 [ 736.199248][ T8844] ? __pfx_raw_ioctl+0x10/0x10 [ 736.199273][ T8844] __se_sys_ioctl+0xff/0x170 [ 736.199301][ T8844] do_syscall_64+0xfa/0x3b0 [ 736.199320][ T8844] ? lockdep_hardirqs_on+0x9c/0x150 [ 736.199349][ T8844] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.199370][ T8844] ? clear_bhb_loop+0x60/0xb0 [ 736.199396][ T8844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.199416][ T8844] RIP: 0033:0x7f815756e7ab [ 736.199436][ T8844] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 736.199453][ T8844] RSP: 002b:00007f81557d4f70 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 736.199474][ T8844] RAX: ffffffffffffffda RBX: 0000000000000c38 RCX: 00007f815756e7ab [ 736.199488][ T8844] RDX: 00007f81557d4ff0 RSI: 0000000040085507 RDI: 0000000000000003 [ 736.199502][ T8844] RBP: 0000000000000003 R08: 00007f81578e0320 R09: 0000000000000000 [ 736.199515][ T8844] R10: 0000000000000003 R11: 0000000000000246 R12: 0000200000000200 [ 736.199529][ T8844] R13: 000000000000000a R14: 00007f81577b5fa0 R15: 00007fff04b0b928 [ 736.199564][ T8844] [ 736.845209][ T6020] rc_core: IR keymap rc-hauppauge not found [ 736.845233][ T6020] Registered IR keymap rc-empty [ 736.845990][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 736.862016][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 736.885457][ T6020] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 736.889524][ T6020] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input9 [ 736.982045][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 737.001746][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 737.021705][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 737.041750][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 737.061755][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 737.081762][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 737.101768][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 737.124349][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 737.141712][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 737.161633][ T6020] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 737.186463][ T6020] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 737.186493][ T6020] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 737.351745][ T6020] usb 4-1: USB disconnect, device number 37 [ 737.944388][ T6004] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.487015][ T6004] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.764603][ T6004] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.097737][ T6004] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.118537][ T6004] bridge_slave_1: left allmulticast mode [ 740.118578][ T6004] bridge_slave_1: left promiscuous mode [ 740.118913][ T6004] bridge0: port 2(bridge_slave_1) entered disabled state [ 740.264876][ T6004] bridge_slave_0: left allmulticast mode [ 740.264923][ T6004] bridge_slave_0: left promiscuous mode [ 740.265263][ T6004] bridge0: port 1(bridge_slave_0) entered disabled state [ 740.368438][ T6004] bridge_slave_1: left allmulticast mode [ 740.368478][ T6004] bridge_slave_1: left promiscuous mode [ 740.368784][ T6004] bridge0: port 2(bridge_slave_1) entered disabled state [ 740.468440][ T6004] bridge_slave_0: left allmulticast mode [ 740.468475][ T6004] bridge_slave_0: left promiscuous mode [ 740.468764][ T6004] bridge0: port 1(bridge_slave_0) entered disabled state [ 740.559501][ T6004] bridge_slave_1: left allmulticast mode [ 740.559544][ T6004] bridge_slave_1: left promiscuous mode [ 740.559857][ T6004] bridge0: port 2(bridge_slave_1) entered disabled state [ 740.663511][ T6004] bridge_slave_0: left allmulticast mode [ 740.663550][ T6004] bridge_slave_0: left promiscuous mode [ 740.663913][ T6004] bridge0: port 1(bridge_slave_0) entered disabled state [ 743.113058][ T6004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 743.174516][ T6004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 743.216999][ T6004] bond0 (unregistering): Released all slaves [ 745.012608][ T6004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 745.072488][ T6004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 745.136909][ T6004] bond0 (unregistering): Released all slaves