last executing test programs: 2.166437075s ago: executing program 2 (id=3): syz_io_uring_setup(0x49c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x8002) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) sendfile(r1, r1, 0x0, 0x40008) 1.272164547s ago: executing program 2 (id=5): syz_open_dev$char_usb(0xc, 0xb4, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) 1.161797097s ago: executing program 2 (id=6): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1e, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00m\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x8) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) 994.08229ms ago: executing program 2 (id=7): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, 0x0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf", @ANYRES16=r0], 0x0) syz_usb_control_io(r1, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KIOCSOUND(r2, 0x4b2f, 0x7) 710.928623ms ago: executing program 1 (id=2): socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x2180, 0x0) ioctl$COMEDI_INSN(r1, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x40000000000001e9, &(0x7f0000000080)=[0x9, 0xfff, 0x4, 0xb, 0x662, 0xfffffff9, 0xe0, 0xfffffff7, 0x9, 0xf5, 0xffffffff, 0x2, 0x200, 0x3, 0x6], 0x0, 0x7}) 124.32376ms ago: executing program 0 (id=1): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000002000000000000000100000456bd0cadac0000000000"], 0x0, 0x32, 0x0, 0x4}, 0x28) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x395e000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 24.443168ms ago: executing program 3 (id=4): mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) shmget(0x3, 0x2000, 0x78000000, &(0x7f000030f000/0x2000)=nil) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r3}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) shmat(r4, &(0x7f0000ff7000/0x3000)=nil, 0x400c) shmctl$SHM_STAT(r4, 0xd, &(0x7f0000000380)=""/239) close_range(r3, 0xffffffffffffffff, 0x0) mmap(&(0x7f00003d0000/0x1000)=nil, 0x1000, 0x0, 0xb5972, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=8): r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x801, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) close(0xffffffffffffffff) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x4) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000) write$uinput_user_dev(r0, 0x0, 0x0) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="e1", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.79' (ED25519) to the list of known hosts. [ 64.307676][ T5778] cgroup: Unknown subsys name 'net' [ 64.441237][ T5778] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.812772][ T5778] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.764434][ T5792] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.773100][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.781739][ T5792] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.789612][ T5792] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.809556][ T5797] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.819522][ T5796] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.827455][ T5800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.836179][ T5800] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.843593][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.850955][ T5796] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.858789][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.869809][ T5800] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.877806][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.885504][ T5800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.892698][ T5806] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.897666][ T5803] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.901298][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.908655][ T5803] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.915927][ T5800] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.922492][ T5803] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.928764][ T5806] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.935853][ T5803] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.950027][ T5803] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.961235][ T5803] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.419089][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 68.450270][ T5798] chnl_net:caif_netlink_parms(): no params data found [ 68.473844][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 68.562216][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 68.647286][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.654440][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.662259][ T5789] bridge_slave_0: entered allmulticast mode [ 68.669749][ T5789] bridge_slave_0: entered promiscuous mode [ 68.688209][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.695745][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.702867][ T5794] bridge_slave_0: entered allmulticast mode [ 68.709984][ T5794] bridge_slave_0: entered promiscuous mode [ 68.743740][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.751056][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.758421][ T5789] bridge_slave_1: entered allmulticast mode [ 68.766337][ T5789] bridge_slave_1: entered promiscuous mode [ 68.773185][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.780436][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.788003][ T5794] bridge_slave_1: entered allmulticast mode [ 68.794850][ T5794] bridge_slave_1: entered promiscuous mode [ 68.801498][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.808761][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.816191][ T5798] bridge_slave_0: entered allmulticast mode [ 68.822807][ T5798] bridge_slave_0: entered promiscuous mode [ 68.830194][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.837538][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.844832][ T5798] bridge_slave_1: entered allmulticast mode [ 68.851480][ T5798] bridge_slave_1: entered promiscuous mode [ 68.946163][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.957930][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.971829][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.983514][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.996608][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.006617][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.013733][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.021398][ T5793] bridge_slave_0: entered allmulticast mode [ 69.028806][ T5793] bridge_slave_0: entered promiscuous mode [ 69.038587][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.086191][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.093319][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.101030][ T5793] bridge_slave_1: entered allmulticast mode [ 69.107892][ T5793] bridge_slave_1: entered promiscuous mode [ 69.146733][ T5798] team0: Port device team_slave_0 added [ 69.156001][ T5798] team0: Port device team_slave_1 added [ 69.175580][ T5789] team0: Port device team_slave_0 added [ 69.183909][ T5794] team0: Port device team_slave_0 added [ 69.191491][ T5794] team0: Port device team_slave_1 added [ 69.207953][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.220069][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.230243][ T5789] team0: Port device team_slave_1 added [ 69.293186][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.300454][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.327427][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.354985][ T5793] team0: Port device team_slave_0 added [ 69.361506][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.368908][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.395734][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.407820][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.416717][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.442746][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.455824][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.462857][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.489017][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.500981][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.508227][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.534331][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.559391][ T5793] team0: Port device team_slave_1 added [ 69.565843][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.572789][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.599041][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.662333][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.669604][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.695843][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.731470][ T5794] hsr_slave_0: entered promiscuous mode [ 69.738487][ T5794] hsr_slave_1: entered promiscuous mode [ 69.758217][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.765243][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.791355][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.826191][ T5798] hsr_slave_0: entered promiscuous mode [ 69.832331][ T5798] hsr_slave_1: entered promiscuous mode [ 69.838473][ T5798] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.846304][ T5798] Cannot create hsr debugfs directory [ 69.865612][ T5789] hsr_slave_0: entered promiscuous mode [ 69.872178][ T5789] hsr_slave_1: entered promiscuous mode [ 69.878929][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.886763][ T5789] Cannot create hsr debugfs directory [ 69.985382][ T5803] Bluetooth: hci2: command tx timeout [ 69.985989][ T5797] Bluetooth: hci1: command tx timeout [ 69.994672][ T5803] Bluetooth: hci3: command tx timeout [ 69.996764][ T5797] Bluetooth: hci0: command tx timeout [ 70.039631][ T5793] hsr_slave_0: entered promiscuous mode [ 70.045889][ T5793] hsr_slave_1: entered promiscuous mode [ 70.051859][ T5793] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.059505][ T5793] Cannot create hsr debugfs directory [ 70.324577][ T5794] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.345045][ T5794] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.354415][ T5794] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.379567][ T5794] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.412131][ T5798] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.427920][ T5798] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.449456][ T5798] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.460597][ T5798] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.511199][ T5789] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.531976][ T5789] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.542868][ T5789] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.578096][ T5789] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.611561][ T5793] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.644938][ T5793] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.674977][ T5793] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.695677][ T5793] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.725489][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.791778][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.813469][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.826910][ T4376] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.834177][ T4376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.843857][ T4376] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.850950][ T4376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.932266][ T5798] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.959121][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.966276][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.996923][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.004022][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.018213][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.061600][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.083659][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.122439][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.133185][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.140346][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.175370][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.182454][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.208627][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.215817][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.260983][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.268182][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.321784][ T5789] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 71.336340][ T5789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.388801][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.512311][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.517124][ T5794] veth0_vlan: entered promiscuous mode [ 71.524962][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.557443][ T5794] veth1_vlan: entered promiscuous mode [ 71.646704][ T5794] veth0_macvtap: entered promiscuous mode [ 71.674806][ T5794] veth1_macvtap: entered promiscuous mode [ 71.737321][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.779314][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.805933][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.825475][ T5794] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.834383][ T5794] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.846064][ T5794] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.854979][ T5794] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.886029][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.906557][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.994431][ T5798] veth0_vlan: entered promiscuous mode [ 72.034088][ T5793] veth0_vlan: entered promiscuous mode [ 72.056646][ T5798] veth1_vlan: entered promiscuous mode [ 72.065211][ T5797] Bluetooth: hci0: command tx timeout [ 72.070655][ T5797] Bluetooth: hci3: command tx timeout [ 72.076560][ T5792] Bluetooth: hci1: command tx timeout [ 72.076577][ T5803] Bluetooth: hci2: command tx timeout [ 72.088404][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.109777][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.148223][ T5793] veth1_vlan: entered promiscuous mode [ 72.157326][ T5789] veth0_vlan: entered promiscuous mode [ 72.165135][ T132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.173407][ T5789] veth1_vlan: entered promiscuous mode [ 72.182022][ T132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.194437][ T5798] veth0_macvtap: entered promiscuous mode [ 72.224110][ T5798] veth1_macvtap: entered promiscuous mode [ 72.278920][ T5793] veth0_macvtap: entered promiscuous mode [ 72.293493][ T5789] veth0_macvtap: entered promiscuous mode [ 72.312271][ T5793] veth1_macvtap: entered promiscuous mode [ 72.369683][ T5789] veth1_macvtap: entered promiscuous mode [ 72.382432][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.400829][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.419565][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.432355][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.443839][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.453901][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.464431][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.496610][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.666173][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.716045][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.880674][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.964781][ T5798] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.997998][ T5798] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.031564][ T5798] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.043375][ T5798] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.070757][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.084626][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.095975][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.115082][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.126294][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.146367][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.166958][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.188211][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.203622][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.225704][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.236557][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.248369][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.297390][ T5793] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.306509][ T5793] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.317770][ T5793] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.328575][ T5793] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.365103][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.377924][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.392056][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.406245][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.416469][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.427287][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.438553][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.452473][ T5789] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.461221][ T5789] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.479068][ T5789] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.493037][ T5789] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.599858][ T3437] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.608575][ T3437] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.658504][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.667707][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.710645][ T3437] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.724068][ T3437] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.798011][ T4376] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.809418][ T4376] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.867143][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.875456][ T5886] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 73.876968][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.887577][ T2975] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.991702][ T2975] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.114903][ T5886] usb 3-1: Using ep0 maxpacket: 16 [ 74.144983][ T5803] Bluetooth: hci2: command tx timeout [ 74.147302][ T5797] Bluetooth: hci3: command tx timeout [ 74.150900][ T5803] Bluetooth: hci1: command tx timeout [ 74.156346][ T5806] Bluetooth: hci0: command tx timeout [ 74.192401][ T5886] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 74.313282][ T5886] usb 3-1: config 0 has no interface number 0 [ 74.363417][ T5886] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 74.468380][ T5886] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 74.504992][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 74.513121][ T5886] usb 3-1: Product: syz [ 74.539947][ T5886] usb 3-1: SerialNumber: syz [ 74.570620][ T5886] usb 3-1: config 0 descriptor?? [ 74.597424][ T5886] cm109 3-1:0.8: invalid payload size 3, expected 4 [ 74.665623][ T5886] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input6 [ 74.720003][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 74.764501][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 74.774483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 74.795046][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 74.864481][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 74.944603][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 75.004588][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 75.012930][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 75.032967][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 75.104799][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 75.823884][ C1] cm109 3-1:0.8: cm109_urb_irq_callback: urb status -71 [ 75.827382][ T5860] usb 3-1: USB disconnect, device number 2 [ 75.831311][ C1] ------------[ cut here ]------------ [ 75.842758][ C1] URB ffff88805bf06e00 submitted while active [ 75.849578][ C1] WARNING: CPU: 1 PID: 5904 at drivers/usb/core/urb.c:379 usb_submit_urb+0xf95/0x1850 [ 75.859171][ C1] Modules linked in: [ 75.863080][ C1] CPU: 1 PID: 5904 Comm: syz.3.4 Not tainted 6.6.101-syzkaller #0 [ 75.870880][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 75.880934][ C1] RIP: 0010:usb_submit_urb+0xf95/0x1850 [ 75.886501][ C1] Code: 04 00 00 eb 58 e8 1b f1 36 fb e9 1a f1 ff ff e8 11 f1 36 fb c6 05 70 88 e6 07 01 48 c7 c7 00 c6 4a 8b 48 89 de e8 3b 66 01 fb <0f> 0b e9 e5 f0 ff ff e8 ef f0 36 fb eb 11 e8 e8 f0 36 fb bd 80 00 [ 75.906115][ C1] RSP: 0018:ffffc900001f0860 EFLAGS: 00010046 [ 75.912178][ C1] RAX: c071a95c2b552a00 RBX: ffff88805bf06e00 RCX: 0000000000040000 [ 75.920142][ C1] RDX: ffffc900022f1000 RSI: 0000000000037c54 RDI: 0000000000037c55 [ 75.928108][ C1] RBP: 000000000000000f R08: ffff8880b8f28c13 R09: 1ffff110171e5182 [ 75.936072][ C1] R10: dffffc0000000000 R11: ffffed10171e5183 R12: 1ffff110048b190a [ 75.944032][ C1] R13: dffffc0000000000 R14: ffff88805bf06e08 R15: 0000000000000820 [ 75.951994][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 75.960945][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.967523][ C1] CR2: 0000200000028000 CR3: 000000000cb30000 CR4: 00000000003506e0 [ 75.975492][ C1] Call Trace: [ 75.978762][ C1] [ 75.981606][ C1] ? _raw_spin_lock+0x40/0x40 [ 75.986287][ C1] ? kcov_remote_start+0x8f/0x7f0 [ 75.991306][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 75.996502][ C1] cm109_urb_irq_callback+0x72c/0xc90 [ 76.001870][ C1] __usb_hcd_giveback_urb+0x35f/0x520 [ 76.007241][ C1] dummy_timer+0x8a3/0x31b0 [ 76.011759][ C1] ? debug_deactivate+0x1d/0x1d0 [ 76.016695][ C1] ? lock_chain_count+0x20/0x20 [ 76.021540][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 76.027442][ C1] ? dummy_free_streams+0x530/0x530 [ 76.032643][ C1] ? debug_object_deactivate+0x67/0x350 [ 76.038214][ C1] __hrtimer_run_queues+0x51e/0xc40 [ 76.043435][ C1] ? dummy_free_streams+0x530/0x530 [ 76.048695][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 76.053825][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 76.059907][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 76.065026][ C1] handle_softirqs+0x280/0x820 [ 76.069796][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 76.074559][ C1] ? do_softirq+0x180/0x180 [ 76.079064][ C1] __irq_exit_rcu+0xc7/0x190 [ 76.083648][ C1] ? irq_exit_rcu+0x20/0x20 [ 76.088146][ C1] irq_exit_rcu+0x9/0x20 [ 76.092382][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 76.098040][ C1] [ 76.100971][ C1] [ 76.103903][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 76.109903][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x0/0x80 [ 76.116674][ C1] Code: c0 4c 89 01 48 c7 44 11 08 05 00 00 00 48 89 7c 11 10 48 89 74 11 18 48 89 44 11 20 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 0f 1e fa 48 8b 04 24 65 48 8b 0d 20 20 7e 7e 65 8b 15 21 20 7e [ 76.136285][ C1] RSP: 0018:ffffc90004dbf2e8 EFLAGS: 00000246 [ 76.142350][ C1] RAX: 0000000000000000 RBX: ffff888078cd1140 RCX: ffff8880306f1e00 [ 76.150315][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.158278][ C1] RBP: 0000000000080000 R08: ffffea0001b63807 R09: 1ffffd400036c700 [ 76.166249][ C1] R10: dffffc0000000000 R11: fffff9400036c701 R12: 1ffffd400036c701 [ 76.174216][ C1] R13: 1ffffd400036c700 R14: 0000000000000000 R15: dffffc0000000000 [ 76.182194][ C1] folio_mapping+0x1be/0x4c0 [ 76.186792][ C1] ? __folio_cancel_dirty+0x24/0x580 [ 76.192102][ C1] __folio_cancel_dirty+0x2c/0x580 [ 76.197231][ C1] ? folio_mapping+0x1be/0x4c0 [ 76.201997][ C1] ? truncate_cleanup_folio+0x33/0x5c0 [ 76.207548][ C1] truncate_cleanup_folio+0x2bc/0x5c0 [ 76.212923][ C1] ? truncate_inode_folio+0x4d/0x70 [ 76.218125][ C1] truncate_inode_folio+0x55/0x70 [ 76.223149][ C1] shmem_undo_range+0x3b9/0x1a40 [ 76.228111][ C1] ? __lock_acquire+0x1334/0x7c80 [ 76.233153][ C1] ? shmem_truncate_range+0xa0/0xa0 [ 76.238350][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 76.244339][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 76.249548][ C1] ? inode_wait_for_writeback+0x1b4/0x200 [ 76.255274][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 76.260301][ C1] ? do_raw_spin_lock+0x121/0x2c0 [ 76.265342][ C1] shmem_evict_inode+0x273/0xa70 [ 76.270288][ C1] ? inode_wait_for_writeback+0x1b4/0x200 [ 76.276007][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 76.281553][ C1] ? sb_clear_inode_writeback+0x360/0x360 [ 76.287273][ C1] ? do_raw_spin_lock+0x121/0x2c0 [ 76.292299][ C1] ? bit_waitqueue+0x30/0x30 [ 76.296887][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 76.302089][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 76.307632][ C1] evict+0x486/0x870 [ 76.311525][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 76.316617][ C1] ? proc_nr_inodes+0x230/0x230 [ 76.321460][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 76.326655][ C1] ? _raw_spin_unlock+0x28/0x40 [ 76.331504][ C1] ? iput+0x70a/0x920 [ 76.335486][ C1] __dentry_kill+0x431/0x650 [ 76.340075][ C1] dentry_kill+0xb8/0x290 [ 76.344404][ C1] ? dput+0x3b/0x1e0 [ 76.348295][ C1] dput+0xfe/0x1e0 [ 76.352013][ C1] __fput+0x5e5/0x970 [ 76.356005][ C1] task_work_run+0x1ce/0x250 [ 76.360596][ C1] ? task_work_cancel+0x240/0x240 [ 76.365624][ C1] do_exit+0x90b/0x23c0 [ 76.369784][ C1] ? put_task_struct+0xc0/0xc0 [ 76.374556][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 76.380544][ C1] ? get_signal+0x1068/0x1400 [ 76.385225][ C1] ? lock_chain_count+0x20/0x20 [ 76.390069][ C1] ? _raw_spin_lock_irq+0xaf/0xe0 [ 76.395093][ C1] do_group_exit+0x21b/0x2d0 [ 76.399683][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 76.404882][ C1] get_signal+0x12fc/0x1400 [ 76.409403][ C1] arch_do_signal_or_restart+0x96/0x780 [ 76.414947][ C1] ? bpf_link_show_fdinfo+0x350/0x350 [ 76.420311][ C1] ? get_sigframe_size+0x20/0x20 [ 76.425254][ C1] ? exit_to_user_mode_loop+0x3b/0x110 [ 76.430710][ C1] exit_to_user_mode_loop+0x70/0x110 [ 76.435993][ C1] exit_to_user_mode_prepare+0xb1/0x140 [ 76.441534][ C1] syscall_exit_to_user_mode+0x1a/0x50 [ 76.446994][ C1] do_syscall_64+0x61/0xb0 [ 76.451415][ C1] ? clear_bhb_loop+0x40/0x90 [ 76.456083][ C1] ? clear_bhb_loop+0x40/0x90 [ 76.460751][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 76.466656][ C1] RIP: 0033:0x7f687bf8eb69 [ 76.471102][ C1] Code: Unable to access opcode bytes at 0x7f687bf8eb3f. [ 76.478117][ C1] RSP: 002b:00007f687cd1e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 76.486528][ C1] RAX: fffffffffffffe00 RBX: 00007f687c1b6168 RCX: 00007f687bf8eb69 [ 76.494494][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f687c1b6168 [ 76.502454][ C1] RBP: 00007f687c1b6160 R08: 0000000000000000 R09: 0000000000000000 [ 76.510414][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f687c1b616c [ 76.518374][ C1] R13: 0000000000000000 R14: 00007ffd464587c0 R15: 00007ffd464588a8 [ 76.526349][ C1] [ 76.529359][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.536629][ C1] CPU: 1 PID: 5904 Comm: syz.3.4 Not tainted 6.6.101-syzkaller #0 [ 76.544420][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 76.554472][ C1] Call Trace: [ 76.557750][ C1] [ 76.560584][ C1] dump_stack_lvl+0x16c/0x230 [ 76.565259][ C1] ? show_regs_print_info+0x20/0x20 [ 76.570449][ C1] ? load_image+0x3b0/0x3b0 [ 76.574960][ C1] panic+0x2c0/0x710 [ 76.578859][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 76.583374][ C1] __warn+0x2e0/0x470 [ 76.587352][ C1] ? usb_submit_urb+0xf95/0x1850 [ 76.592286][ C1] ? usb_submit_urb+0xf95/0x1850 [ 76.597215][ C1] report_bug+0x2be/0x4f0 [ 76.601534][ C1] ? usb_submit_urb+0xf95/0x1850 [ 76.606463][ C1] ? usb_submit_urb+0xf95/0x1850 [ 76.611390][ C1] ? usb_submit_urb+0xf97/0x1850 [ 76.616317][ C1] handle_bug+0xcf/0x120 [ 76.620550][ C1] exc_invalid_op+0x1a/0x50 [ 76.625048][ C1] asm_exc_invalid_op+0x1a/0x20 [ 76.629900][ C1] RIP: 0010:usb_submit_urb+0xf95/0x1850 [ 76.635442][ C1] Code: 04 00 00 eb 58 e8 1b f1 36 fb e9 1a f1 ff ff e8 11 f1 36 fb c6 05 70 88 e6 07 01 48 c7 c7 00 c6 4a 8b 48 89 de e8 3b 66 01 fb <0f> 0b e9 e5 f0 ff ff e8 ef f0 36 fb eb 11 e8 e8 f0 36 fb bd 80 00 [ 76.655037][ C1] RSP: 0018:ffffc900001f0860 EFLAGS: 00010046 [ 76.661093][ C1] RAX: c071a95c2b552a00 RBX: ffff88805bf06e00 RCX: 0000000000040000 [ 76.669058][ C1] RDX: ffffc900022f1000 RSI: 0000000000037c54 RDI: 0000000000037c55 [ 76.677024][ C1] RBP: 000000000000000f R08: ffff8880b8f28c13 R09: 1ffff110171e5182 [ 76.684986][ C1] R10: dffffc0000000000 R11: ffffed10171e5183 R12: 1ffff110048b190a [ 76.692945][ C1] R13: dffffc0000000000 R14: ffff88805bf06e08 R15: 0000000000000820 [ 76.700921][ C1] ? _raw_spin_lock+0x40/0x40 [ 76.705605][ C1] ? kcov_remote_start+0x8f/0x7f0 [ 76.710628][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 76.715825][ C1] cm109_urb_irq_callback+0x72c/0xc90 [ 76.721195][ C1] __usb_hcd_giveback_urb+0x35f/0x520 [ 76.726568][ C1] dummy_timer+0x8a3/0x31b0 [ 76.731081][ C1] ? debug_deactivate+0x1d/0x1d0 [ 76.736015][ C1] ? lock_chain_count+0x20/0x20 [ 76.740856][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 76.746755][ C1] ? dummy_free_streams+0x530/0x530 [ 76.751940][ C1] ? debug_object_deactivate+0x67/0x350 [ 76.757487][ C1] __hrtimer_run_queues+0x51e/0xc40 [ 76.762682][ C1] ? dummy_free_streams+0x530/0x530 [ 76.767883][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 76.772984][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 76.779055][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 76.784162][ C1] handle_softirqs+0x280/0x820 [ 76.788919][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 76.793675][ C1] ? do_softirq+0x180/0x180 [ 76.798172][ C1] __irq_exit_rcu+0xc7/0x190 [ 76.802760][ C1] ? irq_exit_rcu+0x20/0x20 [ 76.807267][ C1] irq_exit_rcu+0x9/0x20 [ 76.811498][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 76.817132][ C1] [ 76.820049][ C1] [ 76.822968][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 76.828965][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x0/0x80 [ 76.835737][ C1] Code: c0 4c 89 01 48 c7 44 11 08 05 00 00 00 48 89 7c 11 10 48 89 74 11 18 48 89 44 11 20 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 0f 1e fa 48 8b 04 24 65 48 8b 0d 20 20 7e 7e 65 8b 15 21 20 7e [ 76.855429][ C1] RSP: 0018:ffffc90004dbf2e8 EFLAGS: 00000246 [ 76.861493][ C1] RAX: 0000000000000000 RBX: ffff888078cd1140 RCX: ffff8880306f1e00 [ 76.869470][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.877444][ C1] RBP: 0000000000080000 R08: ffffea0001b63807 R09: 1ffffd400036c700 [ 76.885412][ C1] R10: dffffc0000000000 R11: fffff9400036c701 R12: 1ffffd400036c701 [ 76.893378][ C1] R13: 1ffffd400036c700 R14: 0000000000000000 R15: dffffc0000000000 [ 76.901360][ C1] folio_mapping+0x1be/0x4c0 [ 76.905953][ C1] ? __folio_cancel_dirty+0x24/0x580 [ 76.911240][ C1] __folio_cancel_dirty+0x2c/0x580 [ 76.916352][ C1] ? folio_mapping+0x1be/0x4c0 [ 76.921114][ C1] ? truncate_cleanup_folio+0x33/0x5c0 [ 76.926567][ C1] truncate_cleanup_folio+0x2bc/0x5c0 [ 76.931929][ C1] ? truncate_inode_folio+0x4d/0x70 [ 76.937148][ C1] truncate_inode_folio+0x55/0x70 [ 76.942191][ C1] shmem_undo_range+0x3b9/0x1a40 [ 76.947138][ C1] ? __lock_acquire+0x1334/0x7c80 [ 76.952171][ C1] ? shmem_truncate_range+0xa0/0xa0 [ 76.957360][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 76.963348][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 76.968557][ C1] ? inode_wait_for_writeback+0x1b4/0x200 [ 76.974280][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 76.979299][ C1] ? do_raw_spin_lock+0x121/0x2c0 [ 76.984338][ C1] shmem_evict_inode+0x273/0xa70 [ 76.989280][ C1] ? inode_wait_for_writeback+0x1b4/0x200 [ 76.995015][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 77.000563][ C1] ? sb_clear_inode_writeback+0x360/0x360 [ 77.006281][ C1] ? do_raw_spin_lock+0x121/0x2c0 [ 77.011309][ C1] ? bit_waitqueue+0x30/0x30 [ 77.015900][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 77.021106][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 77.026648][ C1] evict+0x486/0x870 [ 77.030541][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 77.035560][ C1] ? proc_nr_inodes+0x230/0x230 [ 77.040400][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 77.045592][ C1] ? _raw_spin_unlock+0x28/0x40 [ 77.050437][ C1] ? iput+0x70a/0x920 [ 77.054411][ C1] __dentry_kill+0x431/0x650 [ 77.059003][ C1] dentry_kill+0xb8/0x290 [ 77.063326][ C1] ? dput+0x3b/0x1e0 [ 77.067217][ C1] dput+0xfe/0x1e0 [ 77.070932][ C1] __fput+0x5e5/0x970 [ 77.074922][ C1] task_work_run+0x1ce/0x250 [ 77.079513][ C1] ? task_work_cancel+0x240/0x240 [ 77.084551][ C1] do_exit+0x90b/0x23c0 [ 77.088728][ C1] ? put_task_struct+0xc0/0xc0 [ 77.093493][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 77.099467][ C1] ? get_signal+0x1068/0x1400 [ 77.104142][ C1] ? lock_chain_count+0x20/0x20 [ 77.108988][ C1] ? _raw_spin_lock_irq+0xaf/0xe0 [ 77.114012][ C1] do_group_exit+0x21b/0x2d0 [ 77.118600][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 77.123824][ C1] get_signal+0x12fc/0x1400 [ 77.128354][ C1] arch_do_signal_or_restart+0x96/0x780 [ 77.133922][ C1] ? bpf_link_show_fdinfo+0x350/0x350 [ 77.139300][ C1] ? get_sigframe_size+0x20/0x20 [ 77.144250][ C1] ? exit_to_user_mode_loop+0x3b/0x110 [ 77.149715][ C1] exit_to_user_mode_loop+0x70/0x110 [ 77.155000][ C1] exit_to_user_mode_prepare+0xb1/0x140 [ 77.160544][ C1] syscall_exit_to_user_mode+0x1a/0x50 [ 77.166006][ C1] do_syscall_64+0x61/0xb0 [ 77.170412][ C1] ? clear_bhb_loop+0x40/0x90 [ 77.175077][ C1] ? clear_bhb_loop+0x40/0x90 [ 77.179746][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 77.185643][ C1] RIP: 0033:0x7f687bf8eb69 [ 77.190047][ C1] Code: Unable to access opcode bytes at 0x7f687bf8eb3f. [ 77.197048][ C1] RSP: 002b:00007f687cd1e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 77.205453][ C1] RAX: fffffffffffffe00 RBX: 00007f687c1b6168 RCX: 00007f687bf8eb69 [ 77.213412][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f687c1b6168 [ 77.221371][ C1] RBP: 00007f687c1b6160 R08: 0000000000000000 R09: 0000000000000000 [ 77.229330][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f687c1b616c [ 77.237287][ C1] R13: 0000000000000000 R14: 00007ffd464587c0 R15: 00007ffd464588a8 [ 77.245257][ C1] [ 77.248485][ C1] Kernel Offset: disabled [ 77.252850][ C1] Rebooting in 86400 seconds..