last executing test programs: 3m18.401115837s ago: executing program 2 (id=207): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x4b, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000200)="65ab0f20e035000020000f22e066b825000f00d8f680c2040000dfb86f3800000f23c80f21f8350000b0000f23f866baf80cb8b08ff289ef66bafc0c66ed660fc7b4e7d0df0000f39e0f013f0f01f1", 0x4f}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3m17.801354656s ago: executing program 2 (id=210): bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}, 0x1, 0x0, 0x0, 0x840}, 0x20008000) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x44}}, 0x0) 3m17.494404996s ago: executing program 2 (id=212): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0xf1, @loopback, 0x19f49a9}], 0x1c) sendmsg$inet_sctp(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0xff, @loopback, 0x5}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="e6", 0x1}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000008400000007000000ac1414aa0000000020000000000000008400000008000000200100000000000000000000000000002000000000000000840000000800000000000000000000000004ffff0a010100be1e"], 0x58, 0x4855}, 0x24000052) 3m17.38830151s ago: executing program 2 (id=213): mkdir(&(0x7f00000003c0)='./file0\x00', 0x136) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x81899, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount(0x0, &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x80000, 0x0) unshare(0x6020400) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 3m17.292429993s ago: executing program 2 (id=214): syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @random="0000ea0700", @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2d, 0x28, 0x0, 0x0, 0xa3, 0x6, 0x0, @remote, @local}, {{0x4e22, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x4000}}}}}}, 0x0) 3m16.975805373s ago: executing program 2 (id=216): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) syz_genetlink_get_family_id$ethtool(0x0, r0) sendmsg$ETHTOOL_MSG_RINGS_GET(r0, 0x0, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) r2 = syz_open_dev$vim2m(0x0, 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, 0x0) recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x880) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0) r4 = socket(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0) 3m16.43288822s ago: executing program 32 (id=216): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) syz_genetlink_get_family_id$ethtool(0x0, r0) sendmsg$ETHTOOL_MSG_RINGS_GET(r0, 0x0, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) r2 = syz_open_dev$vim2m(0x0, 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, 0x0) recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x880) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0) r4 = socket(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0) 2m42.824196662s ago: executing program 0 (id=462): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000000c0)={0xf0f044, 0x7fe}) preadv(r0, 0x0, 0x0, 0x146d, 0xd) 2m42.682902987s ago: executing program 0 (id=463): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 2m42.472321724s ago: executing program 0 (id=465): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000001c0)={@val={0x0, 0x22f0}, @void, @eth={@empty, @local, @val={@void, {0x8100, 0x0, 0x0, 0x20}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0xd, 0x60, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x17c1, 0x4c, 0x0, @opaque="0f1288a84c0f8208a428801a969ef6e3ef0a4d084330d9b7301bb27d9599eecd4ec473210ae0c249cdc28783e6b7e265570287546d4ead1657bd123c27e1eeb0e02fa3d8"}}}}}}, 0x76) 2m42.160007374s ago: executing program 0 (id=467): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x10}]}}}]}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x8044) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x2400c840}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) 2m41.903857612s ago: executing program 0 (id=468): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r1, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x94) syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00') r3 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0) 2m39.977776924s ago: executing program 0 (id=478): r0 = openat$nci(0xffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(0x0, r1) socket$igmp6(0xa, 0x3, 0x2) r2 = openat$ublk_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000040), &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r7 = syz_ublk_add_dev(r3, r4, r5, r6, &(0x7f0000000200)={0x2e, 0x0, 0x0, r2, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x48, &(0x7f0000000500)=@new_dev={0x1, 0x4}}}, &(0x7f0000000300)=0x0) syz_io_uring_submit$UBLK(r4, r5, r6, &(0x7f0000000600)=@ublk_set_params_sqe={0x2e, 0x0, 0x0, r2, 0xc0207508, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', {r7, 0xffff, 0x70, &(0x7f0000000680)={0x70, 0x1, {0x0, 0x9, 0xc, 0xc, 0x9, 0x8, 0x0, 0x2}}}}) io_uring_enter(r3, 0x1, 0x1, 0x1, 0x0, 0x0) r9 = syz_open_dev$ublk_chdev(&(0x7f0000002000), r7, 0x2) syz_ublk_setup_queues(r9, r8, &(0x7f0000000700), &(0x7f0000000800)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x0, 0x1}}, {}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xb026, 0x0, 0x0, 0x0, 0x0, r3}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x2000}}], 0x1, &(0x7f0000000900)={0x2e, 0x0, 0x0, r9, 0xc0107520, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, '\x00', {0x0, 0x0, 0x0, 0x0}}, 0x0) r10 = getpid() syz_io_uring_submit$UBLK(r4, r5, r6, &(0x7f0000000c00)=@ublk_start_dev_sqe={0x2e, 0x0, 0x0, r2, 0xc0207506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', {r7, 0xffff, 0x0, 0x0, r10}}) io_uring_enter(r3, 0x1, 0x1, 0x1, 0x0, 0x0) nanosleep(&(0x7f0000001a80)={0x5}, 0x0) 2m24.931214604s ago: executing program 33 (id=478): r0 = openat$nci(0xffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(0x0, r1) socket$igmp6(0xa, 0x3, 0x2) r2 = openat$ublk_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000040), &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r7 = syz_ublk_add_dev(r3, r4, r5, r6, &(0x7f0000000200)={0x2e, 0x0, 0x0, r2, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x48, &(0x7f0000000500)=@new_dev={0x1, 0x4}}}, &(0x7f0000000300)=0x0) syz_io_uring_submit$UBLK(r4, r5, r6, &(0x7f0000000600)=@ublk_set_params_sqe={0x2e, 0x0, 0x0, r2, 0xc0207508, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', {r7, 0xffff, 0x70, &(0x7f0000000680)={0x70, 0x1, {0x0, 0x9, 0xc, 0xc, 0x9, 0x8, 0x0, 0x2}}}}) io_uring_enter(r3, 0x1, 0x1, 0x1, 0x0, 0x0) r9 = syz_open_dev$ublk_chdev(&(0x7f0000002000), r7, 0x2) syz_ublk_setup_queues(r9, r8, &(0x7f0000000700), &(0x7f0000000800)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x0, 0x1}}, {}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xb026, 0x0, 0x0, 0x0, 0x0, r3}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x2000}}], 0x1, &(0x7f0000000900)={0x2e, 0x0, 0x0, r9, 0xc0107520, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, '\x00', {0x0, 0x0, 0x0, 0x0}}, 0x0) r10 = getpid() syz_io_uring_submit$UBLK(r4, r5, r6, &(0x7f0000000c00)=@ublk_start_dev_sqe={0x2e, 0x0, 0x0, r2, 0xc0207506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', {r7, 0xffff, 0x0, 0x0, r10}}) io_uring_enter(r3, 0x1, 0x1, 0x1, 0x0, 0x0) nanosleep(&(0x7f0000001a80)={0x5}, 0x0) 5.823995918s ago: executing program 4 (id=1768): syz_usb_connect(0x0, 0x36, 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000028c0)={0x2020}, 0xe5f) 5.413176072s ago: executing program 3 (id=1771): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x101401, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x24040084) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xfff2}, {0xffff, 0xffff}, {0x2, 0xf}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2004805d}, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {}, {0xffe0, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x8}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0xfff2, 0x8}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 5.248613947s ago: executing program 3 (id=1773): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r1, &(0x7f0000000140)="ed", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(r1, 0x0, 0x0, 0x102, 0x0, 0x0) 5.221598698s ago: executing program 1 (id=1774): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd27, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xb, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x48001}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x149540, 0x0) close(r7) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) r8 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r8, &(0x7f00000001c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r9, 0x31}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000002c0)='\x00', 0x1}], 0x1}, 0x20000000) 5.101484332s ago: executing program 4 (id=1775): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000380), 0x12) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x62c40, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000\"N000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x200000d4) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) r6 = syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r6, 0xc1105511, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) syz_usb_connect$uac2(0x3, 0x80, &(0x7f0000000440)=ANY=[@ANYBLOB="1201000200000010532b230040000102030109026e00030104600e080b0202010620400904000000010120000924010700020e000105240b1400090401800001022000090401010101022000090501"], 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r7, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) socket$packet(0x11, 0x2, 0x300) socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="5800000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000008440000300012800b00010067656e657665000020000280140007000000000000000000000000007ffffffe05000c000100000008000a00", @ANYRES32=r7], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 4.54820931s ago: executing program 5 (id=1776): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000040)=0x1) read(r0, &(0x7f0000000340)=""/158, 0x9e) read(r0, &(0x7f00000002c0)=""/95, 0x5f) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) 4.217931251s ago: executing program 3 (id=1777): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) 4.045861576s ago: executing program 3 (id=1778): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000cc0)=@newtfilter={0x90, 0x2c, 0xd27, 0x70bd2a, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0xffff, 0x3}, {}, {0x7, 0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x57f}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x4e3, 0xca0b, 0x6, 0x3}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x40800}, 0x44000) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r6 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)='\r', 0x1}], 0x1, 0x0, 0x0, 0x86dd}, 0x4) 3.532103603s ago: executing program 5 (id=1779): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000080)=@x86={0x9, 0x4, 0x7, 0x0, 0x200, 0xfc, 0x4, 0xa, 0xd, 0xa0, 0x9, 0x5, 0x0, 0x2, 0x9, 0x3, 0x3, 0x2e, 0x4, '\x00', 0x1, 0xffffffffffffff7f}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x800, 0x4, 0x81, 0x4, 0x2, 0x2, 0x3, 0x12, 0x0, 0x1, 0xfffffffffffffffc, 0x7, 0x4, 0x4, 0x108000000001], 0x1000, 0x4fb40}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 3.264992803s ago: executing program 5 (id=1780): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400df0325010ebc000000000000008000f0fffeffe809035300fff5dd0000001000020008000140040000006da289", 0x57}], 0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) keyctl$join(0x1, &(0x7f0000000100)={'syz', 0x2}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.918096394s ago: executing program 5 (id=1781): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x101401, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x24040084) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xfff2}, {0xffff, 0xffff}, {0x2, 0xf}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2004805d}, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {}, {0xffe0, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x8}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0xfff2, 0x8}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 1.903760847s ago: executing program 1 (id=1782): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.856063049s ago: executing program 4 (id=1783): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.848489399s ago: executing program 3 (id=1784): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0x42000006, 0x801) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000240)={0xffffffffffffffff, 0x5, 0x2, r2}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000001c0)={0xffffffffffffffff, 0xdca, 0x2, r2}) 1.766717812s ago: executing program 5 (id=1785): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20940, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x20000800) setrlimit(0xb, &(0x7f0000000000)={0x1, 0x5}) 1.435614533s ago: executing program 1 (id=1786): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.435262143s ago: executing program 4 (id=1787): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000080)={0x1, 0x6}, 0x2) 1.435007923s ago: executing program 1 (id=1788): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@x86={0x9, 0x4, 0x7, 0x0, 0x200, 0xfc, 0x4, 0xa, 0xd, 0xa0, 0x9, 0x5, 0x0, 0x2, 0x9, 0x3, 0x3, 0x2e, 0x4, '\x00', 0x1, 0xffffffffffffff7f}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x800, 0x4, 0x81, 0x4, 0x2, 0x2, 0x3, 0x12, 0x0, 0x1, 0xfffffffffffffffc, 0x7, 0x4, 0x4, 0x108000000001], 0x1000, 0x4fb40}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.427478603s ago: executing program 4 (id=1789): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400df0325010ebc000000000000008000f0fffeffe809035300fff5dd0000001000020008000140040000006da289", 0x57}], 0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) keyctl$join(0x1, &(0x7f0000000100)={'syz', 0x2}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.377547494s ago: executing program 3 (id=1790): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd27, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xb, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x48001}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x149540, 0x0) close(r7) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) r8 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r8, &(0x7f00000001c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r9, 0x31}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000002c0)='\x00', 0x1}], 0x1}, 0x20000000) 1.20537937s ago: executing program 5 (id=1791): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000380), 0x12) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x62c40, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000\"N000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x200000d4) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) r6 = syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r6, 0xc1105511, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) syz_usb_connect$uac2(0x3, 0x80, &(0x7f0000000440)=ANY=[@ANYBLOB="1201000200000010532b230040000102030109026e00030104600e080b0202010620400904000000010120000924010700020e000105240b1400090401800001022000090401010101022000090501"], 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r7, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) socket$packet(0x11, 0x2, 0x300) socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="5800000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000008440000300012800b00010067656e657665000020000280140007000000000000000000000000007ffffffe05000c000100000008000a00", @ANYRES32=r7], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1.20444553s ago: executing program 1 (id=1792): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x4b, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) ioctl$KVM_RUN(r3, 0xae80, 0x0) 960.274758ms ago: executing program 4 (id=1793): r0 = socket$inet6(0xa, 0x3, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x560, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x490, 0xffffffff, 0xffffffff, 0x490, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'vxcan1\x00', {0x8}}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfd}}, [], [0x0, 0xffffffff], 'pim6reg\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x3a0, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_virt_wifi\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x5}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'bridge_slave_0\x00', {0x53}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x5c0) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) write(r1, 0x0, 0x0) 0s ago: executing program 1 (id=1794): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000540)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x1001, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xc2240edb8ac75ac7}, @TCA_TBF_BURST={0x8, 0x6, 0xff}, @TCA_TBF_PARMS={0x28, 0x1, {{0x5a, 0x2, 0x84a, 0x9, 0x1, 0x800}, {0x8c, 0x1, 0xfffc, 0x7fff, 0x4, 0xb}, 0x5, 0x34, 0x91f}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x50) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0x8}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x5dd}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000b0}, 0x4890) ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) kernel console output (not intermixed with test programs): ===== [ 443.578046][ T6463] tipc: Enabled bearer , priority 0 [ 443.628564][ T6463] syzkaller0: entered promiscuous mode [ 443.634316][ T6463] syzkaller0: entered allmulticast mode [ 445.232922][ T27] tipc: Node number set to 3126493878 [ 445.598328][ T6470] tipc: Resetting bearer [ 445.906318][ T6460] tipc: Resetting bearer [ 445.983945][ T6460] tipc: Disabling bearer [ 447.541325][ T6490] vivid-003: ================= START STATUS ================= [ 447.549427][ T6490] vivid-003: RDS Tx I/O Mode: Controls [ 447.555212][ T6490] vivid-003: RDS Program ID: 32904 [ 447.560596][ T6490] vivid-003: RDS Program Type: 3 [ 447.565941][ T6490] vivid-003: RDS PS Name: VIVID-TX [ 447.571690][ T6490] vivid-003: RDS Radio Text: This is a VIVID default Radio Text template text, change at will [ 447.582334][ T6490] vivid-003: RDS Stereo: true [ 447.587232][ T6490] vivid-003: RDS Artificial Head: false [ 447.593182][ T6490] vivid-003: RDS Compressed: false [ 447.598579][ T6490] vivid-003: RDS Dynamic PTY: false [ 447.604078][ T6490] vivid-003: RDS Traffic Announcement: false [ 447.610271][ T6490] vivid-003: RDS Traffic Program: true [ 447.616049][ T6490] vivid-003: RDS Music: true [ 447.621319][ T6490] vivid-003: ================== END STATUS ================== [ 448.672165][ T6509] netlink: 8 bytes leftover after parsing attributes in process `syz.3.148'. [ 449.309572][ T6525] 9pnet_virtio: no channels available for device syz [ 449.492509][ T788] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 449.511494][ T6532] ======================================================= [ 449.511494][ T6532] WARNING: The mand mount option has been deprecated and [ 449.511494][ T6532] and is ignored by this kernel. Remove the mand [ 449.511494][ T6532] option from the mount to silence this warning. [ 449.511494][ T6532] ======================================================= [ 449.637333][ T28] audit: type=1326 audit(1780139194.935:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6534 comm="syz.2.159" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f185079ce59 code=0x0 [ 449.731548][ T9] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.747370][ T788] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 449.772416][ T788] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 449.786103][ T9] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 449.811983][ T788] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 449.856564][ T788] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 449.869484][ T788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.890734][ T6522] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 449.919686][ T788] hub 1-1:1.0: bad descriptor, ignoring hub [ 449.936197][ T788] hub: probe of 1-1:1.0 failed with error -5 [ 449.947570][ T788] cdc_wdm 1-1:1.0: skipping garbage [ 449.953472][ T788] cdc_wdm 1-1:1.0: skipping garbage [ 449.973192][ T788] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 449.981555][ T788] cdc_wdm 1-1:1.0: Unknown control protocol [ 450.282468][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 450.289396][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 450.296549][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 450.303197][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 450.304465][ T6539] fido_id[6539]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 450.314585][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 450.329413][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 450.520547][ T788] usb 1-1: USB disconnect, device number 2 [ 450.566404][ T6550] syzkaller0: entered promiscuous mode [ 450.573133][ T6550] syzkaller0: entered allmulticast mode [ 450.758107][ T28] audit: type=1800 audit(1780139196.055:49): pid=6552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.165" name="/" dev="fuse" ino=1 res=0 errno=0 [ 450.933108][ T6562] netlink: 8 bytes leftover after parsing attributes in process `syz.2.168'. [ 451.080153][ T6566] 9pnet_virtio: no channels available for device syz [ 451.096126][ T6566] overlayfs: upper fs does not support file handles, falling back to index=off. [ 451.215410][ T5866] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 451.419422][ T5866] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 451.430845][ T5866] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 451.458334][ T5866] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 451.478498][ T5866] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 451.487934][ T5866] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.523427][ T5866] usb 2-1: config 0 descriptor?? [ 451.874743][ T6586] 0x0000fffffffd-0x00010000fffd : "" [ 451.881289][ T6586] mtd: partition "" is out of reach -- disabled [ 451.912392][ T6586] ftl_cs: FTL header not found. [ 451.963686][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 451.983491][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.001179][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.034119][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.065617][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.091045][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.103823][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.126224][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.166552][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.191867][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.219685][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.235771][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.276328][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.302640][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.331455][ T5866] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 452.354596][ T5866] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 452.422120][ T5866] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 452.486266][ T5866] usb 2-1: USB disconnect, device number 2 [ 452.611567][ T6604] fido_id[6604]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 452.845107][ T6611] autofs4:pid:6611:autofs_fill_super: called with bogus options [ 453.348679][ T6623] netlink: 'syz.1.189': attribute type 3 has an invalid length. [ 453.476278][ T6627] input: syz0 as /devices/virtual/input/input5 [ 454.367312][ T6646] tipc: Enabled bearer , priority 0 [ 454.388798][ T6652] syzkaller0: entered promiscuous mode [ 454.401972][ T6652] syzkaller0: entered allmulticast mode [ 454.501554][ T6646] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 454.561301][ T6660] 9pnet_virtio: no channels available for device syz [ 454.619433][ T6652] tipc: Resetting bearer [ 454.778740][ T6645] tipc: Resetting bearer [ 454.883700][ T6645] tipc: Disabling bearer [ 455.622044][ T27] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 455.861734][ T27] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 455.882024][ T27] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 455.931944][ T27] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 455.941071][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.998907][ T27] usb 1-1: config 0 descriptor?? [ 456.019247][ T27] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 456.231721][ T5866] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 456.451916][ T5866] usb 2-1: config 0 has an invalid interface number: 50 but max is 0 [ 456.471955][ T5866] usb 2-1: config 0 has no interface number 0 [ 456.478143][ T5866] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 456.533603][ T5866] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 456.556427][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.581825][ T5866] usb 2-1: Product: syz [ 456.586058][ T5866] usb 2-1: Manufacturer: syz [ 456.590694][ T5866] usb 2-1: SerialNumber: syz [ 456.629403][ T5866] usb 2-1: config 0 descriptor?? [ 456.667381][ T5866] yurex 2-1:0.50: USB YUREX device now attached to Yurex #0 [ 456.888654][ T5888] usb 2-1: USB disconnect, device number 3 [ 456.910007][ T5888] yurex 2-1:0.50: USB YUREX #0 now disconnected [ 456.962681][ T6714] fuse: Bad value for 'rootmode' [ 457.251969][ T27] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 457.441831][ T27] usb 4-1: Using ep0 maxpacket: 16 [ 457.455869][ T27] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 457.489870][ T27] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 457.530680][ T27] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 457.559468][ T27] usb 4-1: config 1 interface 1 has no altsetting 0 [ 457.584824][ T27] usb 4-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 457.606983][ T5873] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.619057][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.641702][ T27] usb 4-1: Product: syz [ 457.648670][ T27] usb 4-1: Manufacturer: syz [ 457.662486][ T27] usb 4-1: SerialNumber: syz [ 457.783520][ T5873] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.903684][ T5873] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.944405][ T6714] netlink: 'syz.3.211': attribute type 1 has an invalid length. [ 458.037795][ T6714] 8021q: adding VLAN 0 to HW filter on device bond1 [ 458.094961][ T6740] bond1: (slave geneve2): making interface the new active one [ 458.107606][ T6740] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 458.141385][ T5873] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.169699][ T27] usb 4-1: selecting invalid altsetting 0 [ 458.262582][ T27] usb 4-1: USB disconnect, device number 2 [ 458.506064][ T6750] udevd[6750]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 458.573124][ T9] usb 1-1: USB disconnect, device number 3 [ 458.737593][ T6740] syz.3.211 (6740) used greatest stack depth: 18384 bytes left [ 459.053294][ T6765] xt_hashlimit: size too large, truncated to 1048576 [ 459.300443][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 459.313804][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 459.327971][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 459.339846][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 459.353585][ T5833] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 459.360994][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 459.381091][ T5089] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 459.438141][ T5089] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 459.445826][ T5089] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 459.461816][ T5089] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 459.472938][ T5089] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 459.480578][ T5089] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 460.452113][ T5760] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 460.644675][ T5760] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 460.653164][ T5760] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 460.671902][ T5760] usb 2-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 460.691798][ T5760] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 460.699291][ T5760] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 460.726828][ T5760] usb 2-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 460.740661][ T5760] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 460.755158][ T5760] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 460.771846][ T5760] usb 2-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 460.805116][ T5760] usb 2-1: string descriptor 0 read error: -22 [ 460.811499][ T5760] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 460.842144][ T5760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.874101][ T5760] adutux 2-1:168.0: interrupt endpoints not found [ 460.937133][ T6775] chnl_net:caif_netlink_parms(): no params data found [ 461.085724][ T5760] usb 2-1: USB disconnect, device number 4 [ 461.298472][ T5873] hsr_slave_0: left promiscuous mode [ 461.320641][ T5873] hsr_slave_1: left promiscuous mode [ 461.332683][ T5873] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 461.340348][ T5873] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 461.356491][ T5873] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 461.365971][ T5873] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 461.382630][ T5873] bridge_slave_1: left allmulticast mode [ 461.391667][ T5873] bridge_slave_1: left promiscuous mode [ 461.398741][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.423045][ T5873] bridge_slave_0: left allmulticast mode [ 461.428754][ T5873] bridge_slave_0: left promiscuous mode [ 461.441823][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.497599][ T5873] veth1_macvtap: left promiscuous mode [ 461.504814][ T5873] veth0_macvtap: left promiscuous mode [ 461.510509][ T5873] veth1_vlan: left promiscuous mode [ 461.512422][ T5833] Bluetooth: hci3: command tx timeout [ 461.526040][ T5873] veth0_vlan: left promiscuous mode [ 462.600791][ T5873] team0 (unregistering): Port device team_slave_1 removed [ 462.655363][ T5873] team0 (unregistering): Port device team_slave_0 removed [ 462.700900][ T5873] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 462.752709][ T5873] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 463.082391][ T6834] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 463.361072][ T5873] bond0 (unregistering): Released all slaves [ 463.594406][ T5833] Bluetooth: hci3: command tx timeout [ 463.779631][ T6775] bridge0: port 1(bridge_slave_0) entered blocking state [ 463.822050][ T6775] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.829361][ T6775] bridge_slave_0: entered allmulticast mode [ 463.877115][ T6775] bridge_slave_0: entered promiscuous mode [ 464.020735][ T6775] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.052523][ T6775] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.082059][ T6775] bridge_slave_1: entered allmulticast mode [ 464.123790][ T6775] bridge_slave_1: entered promiscuous mode [ 464.333601][ T6775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 464.390885][ T6775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 464.574017][ T6775] team0: Port device team_slave_0 added [ 464.593127][ T6870] xt_hashlimit: size too large, truncated to 1048576 [ 464.613879][ T6775] team0: Port device team_slave_1 added [ 464.720646][ T6775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 464.746293][ T6775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.814224][ T6775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 464.850572][ T6775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 464.880003][ T6775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.977579][ T6775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 465.222572][ T6775] hsr_slave_0: entered promiscuous mode [ 465.243389][ T6775] hsr_slave_1: entered promiscuous mode [ 465.258091][ T6775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 465.279365][ T6775] Cannot create hsr debugfs directory [ 465.671880][ T5833] Bluetooth: hci3: command tx timeout [ 466.036063][ T6775] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 466.084604][ T6775] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 466.108968][ T6775] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 466.130046][ T6775] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 466.433417][ T6775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 466.499827][ T6775] 8021q: adding VLAN 0 to HW filter on device team0 [ 466.563153][ T5956] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.570497][ T5956] bridge0: port 1(bridge_slave_0) entered forwarding state [ 466.659003][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.666258][ T5847] bridge0: port 2(bridge_slave_1) entered forwarding state [ 467.072417][ T6911] syzkaller1: entered promiscuous mode [ 467.081560][ T6913] xt_hashlimit: size too large, truncated to 1048576 [ 467.116116][ T6911] syzkaller1: entered allmulticast mode [ 467.358957][ T6775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 467.751861][ T5833] Bluetooth: hci3: command tx timeout [ 468.374951][ T6775] veth0_vlan: entered promiscuous mode [ 468.399309][ T6775] veth1_vlan: entered promiscuous mode [ 468.530674][ T6775] veth0_macvtap: entered promiscuous mode [ 468.570976][ T6775] veth1_macvtap: entered promiscuous mode [ 468.624453][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.661675][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.689087][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.712227][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.751747][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.785699][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.824459][ T6775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.865325][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.898736][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.930169][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.950914][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.967130][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.987896][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.013360][ T6775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 469.092010][ T6775] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.111092][ T6775] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.136664][ T6775] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.156124][ T6775] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.455937][ T5865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.493104][ T5865] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.597198][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.626055][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.652545][ T6961] capability: warning: `syz.1.264' uses deprecated v2 capabilities in a way that may be insecure [ 469.897813][ T6966] syz_tun: entered promiscuous mode [ 469.919137][ T6966] syz_tun: entered allmulticast mode [ 469.997778][ T6972] syzkaller1: entered promiscuous mode [ 470.008371][ T6972] syzkaller1: entered allmulticast mode [ 470.191733][ T5994] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 470.247691][ T6976] syzkaller0: entered promiscuous mode [ 470.271165][ T6976] syzkaller0: entered allmulticast mode [ 470.392202][ T5994] usb 5-1: Using ep0 maxpacket: 32 [ 470.401522][ T5994] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 470.453556][ T5994] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 470.477993][ T5994] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 470.493711][ T5994] usb 5-1: Product: syz [ 470.497940][ T5994] usb 5-1: Manufacturer: syz [ 470.511702][ T5994] usb 5-1: SerialNumber: syz [ 470.542995][ T5994] usb 5-1: config 0 descriptor?? [ 470.548797][ T6968] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 470.573538][ T5994] hub 5-1:0.0: bad descriptor, ignoring hub [ 470.603996][ T5994] hub: probe of 5-1:0.0 failed with error -5 [ 471.141740][ T5994] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 471.331942][ T5994] usb 2-1: Using ep0 maxpacket: 32 [ 471.340669][ T5994] usb 2-1: unable to get BOS descriptor or descriptor too short [ 471.354848][ T5994] usb 2-1: config 14 has an invalid interface number: 57 but max is 1 [ 471.366113][ T5994] usb 2-1: config 14 has an invalid interface number: 228 but max is 1 [ 471.381813][ T5994] usb 2-1: config 14 has no interface number 0 [ 471.397308][ T5994] usb 2-1: config 14 has no interface number 1 [ 471.411704][ T5994] usb 2-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 471.437592][ T5994] usb 2-1: config 14 interface 228 altsetting 5 has an invalid endpoint with address 0xD1, skipping [ 471.472144][ T5994] usb 2-1: config 14 interface 228 altsetting 5 endpoint 0x9 has an invalid bInterval 122, changing to 10 [ 471.497115][ T5994] usb 2-1: config 14 interface 228 altsetting 5 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 471.527863][ T5994] usb 2-1: config 14 interface 57 has no altsetting 0 [ 471.541827][ T5994] usb 2-1: config 14 interface 228 has no altsetting 0 [ 471.577776][ T5994] usb 2-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 471.593132][ T6968] usb 5-1: reset high-speed USB device number 2 using dummy_hcd [ 471.612939][ T5994] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 471.631725][ T5994] usb 2-1: Product: syz [ 471.636147][ T5994] usb 2-1: Manufacturer: syz [ 471.640796][ T5994] usb 2-1: SerialNumber: syz [ 471.840572][ T6968] usb 5-1: device firmware changed [ 471.857902][ T9] usb 5-1: USB disconnect, device number 2 [ 472.062266][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 472.089182][ T5994] legousbtower 2-1:14.57: interrupt endpoints not found [ 472.253504][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 472.270797][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 472.293774][ T5994] legousbtower 2-1:14.228: interrupt endpoints not found [ 472.324308][ T9] usb 5-1: string descriptor 0 read error: -22 [ 472.330682][ T9] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 472.371704][ T9] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 472.416694][ T9] usb 5-1: config 0 descriptor?? [ 472.433744][ T6989] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 472.460330][ T9] hub 5-1:0.0: bad descriptor, ignoring hub [ 472.481049][ T9] hub: probe of 5-1:0.0 failed with error -5 [ 472.797915][ T1627] usb 5-1: USB disconnect, device number 3 [ 474.049259][ T7075] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input6 [ 474.096057][ T7078] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 474.221879][ T1627] usb 2-1: USB disconnect, device number 5 [ 477.113404][ T7191] IPv6: NLM_F_REPLACE set, but no existing node found! [ 477.464458][ T7204] kvm: user requested TSC rate below hardware speed [ 477.477444][ T7204] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2149952964 (68798494848 ns) > initial count (536870912 ns). Using initial count to start timer. [ 478.567330][ T7139] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 478.691767][ T7235] syzkaller0: entered promiscuous mode [ 478.697333][ T7235] syzkaller0: entered allmulticast mode [ 478.851695][ T5866] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 478.950012][ T7241] tipc: Started in network mode [ 478.979554][ T7241] tipc: Node identity 8648098dad7f, cluster identity 4711 [ 478.998088][ T7241] tipc: Enabled bearer , priority 0 [ 479.017006][ T7236] tipc: Resetting bearer [ 479.041917][ T5866] usb 1-1: Using ep0 maxpacket: 32 [ 479.054896][ T5866] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 479.076263][ T5866] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 479.088984][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 479.115821][ T5866] usb 1-1: Product: syz [ 479.140390][ T5866] usb 1-1: Manufacturer: syz [ 479.151808][ T5866] usb 1-1: SerialNumber: syz [ 479.174535][ T5866] usb 1-1: config 0 descriptor?? [ 479.187124][ T7230] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 479.229863][ T5866] hub 1-1:0.0: bad descriptor, ignoring hub [ 479.240561][ T5866] hub: probe of 1-1:0.0 failed with error -5 [ 480.204441][ T5760] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 480.411434][ T5760] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 480.420782][ T5760] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 480.439755][ T5760] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.463202][ T5760] usb 4-1: Product: syz [ 480.463223][ T5760] usb 4-1: Manufacturer: syz [ 480.463240][ T5760] usb 4-1: SerialNumber: syz [ 480.481777][ T5760] usb 4-1: config 0 descriptor?? [ 480.483090][ T7271] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 480.487284][ T5760] streamzap 4-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0) [ 481.559792][ T7236] tipc: Disabling bearer [ 481.569108][ T1627] tipc: Node number set to 725027213 [ 481.577937][ T7278] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.508541][ T7314] syzkaller0: entered promiscuous mode [ 482.517977][ T7314] syzkaller0: entered allmulticast mode [ 482.885011][ T9] usb 4-1: USB disconnect, device number 3 [ 483.250685][ T7337] syzkaller0: entered promiscuous mode [ 483.259808][ T7337] syzkaller0: entered allmulticast mode [ 483.780264][ T5866] usb 1-1: USB disconnect, device number 4 [ 484.302738][ T7376] syzkaller0: entered promiscuous mode [ 484.317116][ T7376] syzkaller0: entered allmulticast mode [ 485.297275][ T7410] syzkaller0: entered promiscuous mode [ 485.303715][ T7410] syzkaller0: entered allmulticast mode [ 485.712467][ T7427] xt_hashlimit: size too large, truncated to 1048576 [ 486.556273][ T7445] syzkaller0: entered promiscuous mode [ 486.561956][ T7445] syzkaller0: entered allmulticast mode [ 486.979399][ T7453] syzkaller0: entered promiscuous mode [ 486.991979][ T7453] syzkaller0: entered allmulticast mode [ 487.218546][ T7458] overlayfs: failed to resolve './bus': -2 [ 487.699067][ T7473] syzkaller0: entered promiscuous mode [ 487.712096][ T7473] syzkaller0: entered allmulticast mode [ 488.024644][ T7402] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 488.122933][ T7485] syzkaller0: entered promiscuous mode [ 488.128487][ T7485] syzkaller0: entered allmulticast mode [ 488.472539][ T7494] overlayfs: failed to resolve './bus': -2 [ 489.104928][ T7523] 9pnet_virtio: no channels available for device syz [ 489.172816][ T7525] syzkaller0: entered promiscuous mode [ 489.178372][ T7525] syzkaller0: entered allmulticast mode [ 489.560914][ T7540] overlayfs: failed to resolve './bus': -2 [ 490.213587][ T7565] syzkaller0: entered promiscuous mode [ 490.219148][ T7565] syzkaller0: entered allmulticast mode [ 491.229038][ T7610] syzkaller0: entered promiscuous mode [ 491.250179][ T7610] syzkaller0: entered allmulticast mode [ 491.511915][ T1627] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 491.709462][ T1627] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 491.720204][ T1627] usb 5-1: config 0 has no interface number 0 [ 491.727408][ T1627] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 491.748339][ T1627] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 491.766482][ T1627] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 491.794336][ T1627] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.829209][ T1627] usb 5-1: config 0 descriptor?? [ 491.846646][ T7612] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 491.865952][ T1627] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 491.917806][ T7634] binder_alloc: 7633: binder_alloc_buf, no vma [ 492.015965][ T7638] syzkaller0: entered promiscuous mode [ 492.021815][ T7638] syzkaller0: entered allmulticast mode [ 492.094606][ C0] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1 [ 492.122719][ T27] usb 5-1: USB disconnect, device number 4 [ 493.002356][ T7559] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 493.069106][ T7670] syzkaller1: entered promiscuous mode [ 493.072284][ T5868] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 493.083166][ T7670] syzkaller1: entered allmulticast mode [ 493.293858][ T5868] usb 5-1: unable to get BOS descriptor or descriptor too short [ 493.318007][ T5868] usb 5-1: not running at top speed; connect to a high speed hub [ 493.339694][ T5868] usb 5-1: config 1 interface 0 altsetting 43 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 493.381683][ T5868] usb 5-1: config 1 interface 0 altsetting 43 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 493.439949][ T5868] usb 5-1: config 1 interface 0 has no altsetting 0 [ 493.478870][ T5868] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 493.498973][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.538311][ T5868] usb 5-1: Product: syz [ 493.552381][ T5868] usb 5-1: Manufacturer: syz [ 493.566207][ T5868] usb 5-1: SerialNumber: syz [ 493.612273][ T7663] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 493.870554][ T5868] cdc_ether: probe of 5-1:1.0 failed with error -71 [ 493.932952][ T5868] usb 5-1: USB disconnect, device number 5 [ 494.925529][ T7695] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 494.932502][ T7695] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 494.941754][ T7695] vhci_hcd vhci_hcd.0: Device attached [ 495.213062][ T5994] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 495.232209][ T1627] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 495.333061][ T7719] syzkaller0: entered promiscuous mode [ 495.348872][ T7719] syzkaller0: entered allmulticast mode [ 495.435160][ T1627] usb 4-1: Using ep0 maxpacket: 32 [ 495.452929][ T1627] usb 4-1: config 0 has no interfaces? [ 495.467224][ T7722] binder_alloc: 7721: binder_alloc_buf, no vma [ 495.470414][ T1627] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 495.486192][ T1627] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.495152][ T1627] usb 4-1: Product: syz [ 495.499461][ T1627] usb 4-1: Manufacturer: syz [ 495.509387][ T1627] usb 4-1: SerialNumber: syz [ 495.532881][ T1627] usb 4-1: config 0 descriptor?? [ 495.774014][ T5867] usb 4-1: USB disconnect, device number 4 [ 495.781522][ T7706] vhci_hcd: connection closed [ 495.792705][ T5956] vhci_hcd: stop threads [ 495.823758][ T5956] vhci_hcd: release socket [ 495.849669][ T5956] vhci_hcd: disconnect device [ 495.999779][ T7741] syzkaller0: entered promiscuous mode [ 496.011171][ T7741] syzkaller0: entered allmulticast mode [ 496.760239][ T7770] binder_alloc: 7769: binder_alloc_buf, no vma [ 497.177503][ T7786] syzkaller0: entered promiscuous mode [ 497.184036][ T7786] syzkaller0: entered allmulticast mode [ 497.958285][ T7814] syzkaller0: entered promiscuous mode [ 497.969173][ T7814] syzkaller0: entered allmulticast mode [ 499.060778][ T7847] syzkaller0: entered promiscuous mode [ 499.080667][ T7847] syzkaller0: entered allmulticast mode [ 499.307211][ T7854] overlayfs: failed to resolve './bus': -2 [ 499.546635][ T7863] syzkaller0: entered promiscuous mode [ 499.553705][ T7863] syzkaller0: entered allmulticast mode [ 499.878166][ T7879] binder: BINDER_SET_CONTEXT_MGR already set [ 499.889567][ T7879] binder: 7878:7879 ioctl 4018620d 200000000040 returned -16 [ 500.013918][ T7881] syzkaller0: entered promiscuous mode [ 500.019603][ T7881] syzkaller0: entered allmulticast mode [ 500.056960][ T7883] overlayfs: failed to resolve './bus': -2 [ 500.191557][ T7888] netlink: 104 bytes leftover after parsing attributes in process `syz.4.535'. [ 500.457176][ T7901] syzkaller0: entered promiscuous mode [ 500.463252][ T7901] syzkaller0: entered allmulticast mode [ 500.580284][ T7905] binder: BINDER_SET_CONTEXT_MGR already set [ 500.588154][ T7905] binder: 7904:7905 ioctl 4018620d 200000000040 returned -16 [ 500.754688][ T7912] overlayfs: failed to resolve './bus': -2 [ 501.106932][ T7930] binder: BINDER_SET_CONTEXT_MGR already set [ 501.113278][ T7930] binder: 7929:7930 ioctl 4018620d 200000000040 returned -16 [ 501.225272][ T7932] syzkaller0: entered promiscuous mode [ 501.230986][ T7932] syzkaller0: entered allmulticast mode [ 501.480780][ T7942] netlink: 12 bytes leftover after parsing attributes in process `syz.1.556'. [ 501.605372][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.620184][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.013484][ T7960] syzkaller0: entered promiscuous mode [ 502.019068][ T7960] syzkaller0: entered allmulticast mode [ 502.283992][ T7971] capability: warning: `syz.3.568' uses 32-bit capabilities (legacy support in use) [ 502.353489][ T7971] overlayfs: failed to clone upperpath [ 502.779067][ T7992] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 502.877289][ T7994] syzkaller0: entered promiscuous mode [ 502.886119][ T7994] syzkaller0: entered allmulticast mode [ 503.038563][ T7998] 9pnet_virtio: no channels available for device syz [ 503.595908][ T8021] syzkaller0: entered promiscuous mode [ 503.601696][ T8021] syzkaller0: entered allmulticast mode [ 503.821991][ T8028] binder: BINDER_SET_CONTEXT_MGR already set [ 503.828082][ T8028] binder: 8027:8028 ioctl 4018620d 200000000040 returned -16 [ 504.254134][ T8043] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 504.569660][ T8050] binder: BINDER_SET_CONTEXT_MGR already set [ 504.576771][ T8050] binder: 8049:8050 ioctl 4018620d 200000000040 returned -16 [ 505.224696][ T8071] binder: BINDER_SET_CONTEXT_MGR already set [ 505.230919][ T8071] binder: 8070:8071 ioctl 4018620d 200000000040 returned -16 [ 506.218781][ T8082] overlayfs: missing 'lowerdir' [ 506.781498][ T8102] overlayfs: missing 'lowerdir' [ 507.232416][ T8117] block device autoloading is deprecated and will be removed. [ 507.440239][ T8125] overlayfs: missing 'lowerdir' [ 507.878716][ T8140] syzkaller0: entered promiscuous mode [ 507.884551][ T8140] syzkaller0: entered allmulticast mode [ 507.892177][ T5868] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 508.091739][ T5868] usb 2-1: Using ep0 maxpacket: 8 [ 508.105571][ T5868] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 508.131957][ T5868] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 508.151125][ T5868] usb 2-1: config 1 has no interface number 0 [ 508.157537][ T5868] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 508.181863][ T5868] usb 2-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40 [ 508.191413][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.211732][ T5868] usb 2-1: Product: syz [ 508.215968][ T5868] usb 2-1: Manufacturer: syz [ 508.220665][ T5868] usb 2-1: SerialNumber: syz [ 508.904943][ T27] usb 2-1: USB disconnect, device number 6 [ 508.995905][ T8152] overlayfs: missing 'lowerdir' [ 509.711407][ T8162] syzkaller0: entered promiscuous mode [ 509.737865][ T8162] syzkaller0: entered allmulticast mode [ 510.043425][ T8169] netlink: 236 bytes leftover after parsing attributes in process `syz.1.651'. [ 510.161219][ T8171] overlayfs: missing 'lowerdir' [ 510.222725][ T5089] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 510.232887][ T5089] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 510.252001][ T5089] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 510.266721][ T5089] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 510.274805][ T5089] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 510.286162][ T5089] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 510.705212][ T8174] chnl_net:caif_netlink_parms(): no params data found [ 510.746315][ T8192] syzkaller0: entered promiscuous mode [ 510.760509][ T8192] syzkaller0: entered allmulticast mode [ 510.936447][ T8174] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.961792][ T8174] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.979289][ T8174] bridge_slave_0: entered allmulticast mode [ 510.993522][ T8174] bridge_slave_0: entered promiscuous mode [ 511.007807][ T8174] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.015492][ T8174] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.023092][ T8174] bridge_slave_1: entered allmulticast mode [ 511.030712][ T8174] bridge_slave_1: entered promiscuous mode [ 511.082660][ T8174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 511.102713][ T8174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 511.174907][ T8174] team0: Port device team_slave_0 added [ 511.189792][ T8174] team0: Port device team_slave_1 added [ 511.248996][ T8174] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 511.256333][ T8174] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 511.282386][ C1] vkms_vblank_simulate: vblank timer overrun [ 511.313276][ T8174] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 511.338813][ T8174] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 511.354337][ T8174] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 511.381398][ T8174] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 511.515667][ T8174] hsr_slave_0: entered promiscuous mode [ 511.526441][ T8174] hsr_slave_1: entered promiscuous mode [ 511.539726][ T8174] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 511.553168][ T8174] Cannot create hsr debugfs directory [ 511.621131][ T8205] overlayfs: missing 'lowerdir' [ 511.994859][ T8216] syzkaller0: entered promiscuous mode [ 512.000428][ T8216] syzkaller0: entered allmulticast mode [ 512.091997][ T8218] autofs4:pid:8218:autofs_fill_super: called with bogus options [ 512.216890][ T8174] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 512.245624][ T8174] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 512.300863][ T8174] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 512.312955][ T5833] Bluetooth: hci4: command tx timeout [ 512.382316][ T8174] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 513.550315][ T8174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.571122][ T8239] fuse: Unknown parameter '0x0000000000000004' [ 515.331846][ T5833] Bluetooth: hci4: command tx timeout [ 515.385684][ T8174] 8021q: adding VLAN 0 to HW filter on device team0 [ 515.445426][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.452659][ T5865] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.503663][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.510882][ T5865] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.529586][ T28] audit: type=1326 audit(1780139260.815:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.673" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3deef9ce59 code=0x7ffc0000 [ 515.735602][ T28] audit: type=1326 audit(1780139260.815:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.673" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3deef9ce59 code=0x7ffc0000 [ 516.066649][ T28] audit: type=1326 audit(1780139260.825:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.673" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3deef9ce59 code=0x7ffc0000 [ 516.388021][ T28] audit: type=1326 audit(1780139260.825:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.673" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3deef9ce59 code=0x7ffc0000 [ 516.495606][ T28] audit: type=1326 audit(1780139260.915:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.673" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f3deef9ce59 code=0x7ffc0000 [ 516.519456][ C1] vkms_vblank_simulate: vblank timer overrun [ 516.525831][ T28] audit: type=1326 audit(1780139260.935:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.673" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3deef9ce59 code=0x7ffc0000 [ 516.549839][ C1] vkms_vblank_simulate: vblank timer overrun [ 516.556181][ T28] audit: type=1326 audit(1780139260.995:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.673" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3deef5d68e code=0x7ffc0000 [ 516.580168][ T28] audit: type=1326 audit(1780139261.015:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.673" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3deef5d68e code=0x7ffc0000 [ 516.603988][ C1] vkms_vblank_simulate: vblank timer overrun [ 516.610389][ T28] audit: type=1326 audit(1780139261.025:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.673" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3deef5d68e code=0x7ffc0000 [ 516.634240][ C1] vkms_vblank_simulate: vblank timer overrun [ 516.746656][ T28] audit: type=1326 audit(1780139261.025:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.673" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3deef5d68e code=0x7ffc0000 [ 516.931117][ T8254] fuse: Unknown parameter '0x0000000000000003' [ 517.259650][ T8174] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 517.353510][ T5833] Bluetooth: hci4: command tx timeout [ 519.431903][ T5833] Bluetooth: hci4: command tx timeout [ 521.445741][ T8174] veth0_vlan: entered promiscuous mode [ 521.520455][ T5833] Bluetooth: hci4: command tx timeout [ 521.570101][ T8174] veth1_vlan: entered promiscuous mode [ 522.604737][ T8174] veth0_macvtap: entered promiscuous mode [ 522.655423][ T8174] veth1_macvtap: entered promiscuous mode [ 522.727626][ T8174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.746761][ T8174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.759513][ T8174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.775944][ T8174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.786236][ T8174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.797341][ T8174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.807462][ T8174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.824413][ T8174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.836627][ T8174] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 522.855919][ T8174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.877667][ T8174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.898419][ T8174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.919251][ T8174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.952099][ T8174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.973320][ T8174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.991761][ T8174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 523.003082][ T8174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.015132][ T8174] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 523.043443][ T8174] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.071664][ T8174] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.080511][ T8174] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.209379][ T8174] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.071335][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 525.092129][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.189714][ T5865] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 525.205287][ T5865] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.429086][ T8309] input: syz1 as /devices/virtual/input/input7 [ 525.772229][ T8316] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 526.481782][ T5760] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 526.696006][ T5760] usb 2-1: Using ep0 maxpacket: 16 [ 526.739592][ T5760] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 526.764712][ T5760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.777951][ T5760] usb 2-1: Product: syz [ 526.782641][ T5760] usb 2-1: Manufacturer: syz [ 526.788165][ T5760] usb 2-1: SerialNumber: syz [ 526.805507][ T5760] usb 2-1: config 0 descriptor?? [ 526.815536][ T5760] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 527.012001][ T5866] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 527.038527][ T5760] ssu100: probe of 2-1:0.0 failed with error -5 [ 527.218558][ T5866] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 527.227920][ T5866] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.251630][ T5866] usb 6-1: Product: syz [ 527.255865][ T5866] usb 6-1: Manufacturer: syz [ 527.260505][ T5866] usb 6-1: SerialNumber: syz [ 527.275929][ T5866] usb 6-1: config 0 descriptor?? [ 527.536291][ T5866] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 527.689928][ T8366] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.706'. [ 528.139420][ T5866] dvb_usb_rtl28xxu: probe of 6-1:0.0 failed with error -32 [ 528.204749][ T8380] netlink: 12 bytes leftover after parsing attributes in process `syz.4.711'. [ 529.237383][ T1627] usb 2-1: USB disconnect, device number 7 [ 529.339539][ T8413] team0: entered allmulticast mode [ 529.371642][ T8413] team_slave_0: entered allmulticast mode [ 529.392342][ T8413] team_slave_1: entered allmulticast mode [ 529.577862][ T8425] overlayfs: missing 'workdir' [ 529.786942][ T8433] syzkaller0: entered promiscuous mode [ 529.792744][ T8433] syzkaller0: entered allmulticast mode [ 529.821998][ T5868] usb 6-1: USB disconnect, device number 2 [ 530.121117][ T8443] binder: 8441:8443 ioctl 4018620d 0 returned -22 [ 530.261501][ T8447] netlink: 12 bytes leftover after parsing attributes in process `syz.3.735'. [ 530.382093][ T1627] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 530.397684][ T8449] overlayfs: missing 'workdir' [ 530.582754][ T1627] usb 2-1: Using ep0 maxpacket: 8 [ 530.593799][ T1627] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 530.610234][ T1627] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 530.630450][ T1627] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 530.650749][ T1627] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 530.676189][ T1627] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 530.705717][ T1627] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 530.740482][ T1627] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.783939][ T8460] syzkaller0: entered promiscuous mode [ 530.789489][ T8460] syzkaller0: entered allmulticast mode [ 530.805036][ T8458] syzkaller0: entered promiscuous mode [ 530.810609][ T8458] syzkaller0: entered allmulticast mode [ 530.986756][ T1627] usb 2-1: usb_control_msg returned -32 [ 531.000156][ T1627] usbtmc 2-1:16.0: can't read capabilities [ 531.038492][ T8462] binder: 8461:8462 ioctl 4018620d 0 returned -22 [ 531.191521][ T8467] netlink: 'syz.3.746': attribute type 1 has an invalid length. [ 531.226611][ T8467] 8021q: adding VLAN 0 to HW filter on device bond2 [ 531.352689][ T8475] overlayfs: missing 'lowerdir' [ 531.372216][ T8474] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 531.383260][ T27] usb 2-1: USB disconnect, device number 8 [ 531.598547][ T8482] syzkaller0: entered promiscuous mode [ 531.604736][ T8482] syzkaller0: entered allmulticast mode [ 531.837768][ T8492] binder: 8491:8492 ioctl 4018620d 0 returned -22 [ 532.044533][ T8496] 9pnet_virtio: no channels available for device syz [ 532.270836][ T8504] overlayfs: missing 'lowerdir' [ 532.436339][ T8512] binder: BINDER_SET_CONTEXT_MGR already set [ 532.446783][ T8512] binder: 8511:8512 ioctl 4018620d 200000000040 returned -16 [ 532.454989][ T8510] syzkaller0: entered promiscuous mode [ 532.460608][ T8510] syzkaller0: entered allmulticast mode [ 532.780734][ T8524] netlink: 'syz.4.765': attribute type 1 has an invalid length. [ 532.923669][ T8524] 8021q: adding VLAN 0 to HW filter on device bond1 [ 532.989207][ T8530] bond1: (slave geneve2): making interface the new active one [ 533.001214][ T8530] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 533.067331][ T8530] syz.4.765 (8530) used greatest stack depth: 17128 bytes left [ 533.255053][ T8538] overlayfs: missing 'lowerdir' [ 533.417520][ T8546] binder: BINDER_SET_CONTEXT_MGR already set [ 533.426751][ T8546] binder: 8545:8546 ioctl 4018620d 200000000040 returned -16 [ 533.705109][ T8552] syzkaller0: entered promiscuous mode [ 533.711317][ T8552] syzkaller0: entered allmulticast mode [ 534.061058][ T8569] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 534.099837][ T8569] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 534.357688][ T8576] binder: BINDER_SET_CONTEXT_MGR already set [ 534.382130][ T8576] binder: 8575:8576 ioctl 4018620d 200000000040 returned -16 [ 534.578750][ T8584] syzkaller0: entered promiscuous mode [ 534.583017][ T8586] 9pnet_virtio: no channels available for device syz [ 534.598358][ T8584] syzkaller0: entered allmulticast mode [ 534.796650][ T8591] netlink: 256 bytes leftover after parsing attributes in process `syz.3.787'. [ 534.819785][ T8593] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 534.841900][ T8593] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 535.449164][ T8613] binder: 8612:8613 ioctl c0306201 0 returned -14 [ 535.731287][ T8625] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 535.766332][ T8625] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 536.094324][ T8640] binder: BINDER_SET_CONTEXT_MGR already set [ 536.128348][ T8640] binder: 8639:8640 ioctl 4018620d 200000000040 returned -16 [ 536.469739][ T8658] binder: 8657:8658 ioctl c0306201 0 returned -14 [ 536.633847][ T27] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 536.821739][ T27] usb 6-1: Using ep0 maxpacket: 8 [ 536.837933][ T27] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 536.855461][ T27] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 536.881665][ T27] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.905130][ T27] usb 6-1: config 0 descriptor?? [ 537.132125][ T27] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 537.213665][ T8683] dummy0: entered allmulticast mode [ 537.347127][ T27] usb 6-1: USB disconnect, device number 3 [ 537.507003][ T8695] binder: 8693:8695 ioctl c0306201 0 returned -14 [ 537.947386][ T8715] netlink: 68 bytes leftover after parsing attributes in process `syz.3.820'. [ 540.537319][ T8808] binder: 8807:8808 unknown command 1074553620 [ 540.544341][ T8808] binder: 8807:8808 ioctl c0306201 2000000001c0 returned -22 [ 540.688593][ T8810] geneve3: entered promiscuous mode [ 540.903718][ T8817] 9pnet: Could not find request transport: v [ 541.132304][ T27] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 541.321825][ T27] usb 2-1: Using ep0 maxpacket: 8 [ 541.329088][ T27] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 541.338040][ T27] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 541.348302][ T27] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 541.362619][ T27] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 541.378521][ T27] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 541.392063][ T27] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 541.401142][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.565944][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 541.771839][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 541.789687][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 541.807755][ T9] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 541.820772][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 541.833442][ T9] usb 5-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 541.844640][ T9] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 541.858411][ T9] usb 5-1: config 168 interface 0 has no altsetting 0 [ 541.872247][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 541.879770][ T9] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 541.897060][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 541.909949][ T9] usb 5-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 541.922637][ T9] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 541.936431][ T9] usb 5-1: config 168 interface 0 has no altsetting 0 [ 541.945064][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 541.953108][ T9] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 541.964694][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 541.976495][ T9] usb 5-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 541.987767][ T9] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 542.019847][ T9] usb 5-1: config 168 interface 0 has no altsetting 0 [ 542.055913][ T9] usb 5-1: string descriptor 0 read error: -22 [ 542.062904][ T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 542.074852][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.098770][ T9] adutux 5-1:168.0: interrupt endpoints not found [ 542.208724][ T8851] usbtmc 2-1:16.0: simple usb_control_msg returned 0 [ 542.316751][ T9] usb 5-1: USB disconnect, device number 6 [ 542.410543][ T1627] usb 2-1: USB disconnect, device number 9 [ 543.971742][ T1627] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 544.152722][ T1627] usb 4-1: Using ep0 maxpacket: 8 [ 544.176588][ T1627] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 544.200162][ T1627] usb 4-1: config 179 has no interface number 0 [ 544.215612][ T1627] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 544.228838][ T1627] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 544.243525][ T1627] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 544.255121][ T1627] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 544.269987][ T1627] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 544.288369][ T1627] usb 4-1: config 179 interface 65 has no altsetting 0 [ 544.296752][ T1627] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 544.325053][ T1627] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.430407][ T1627] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input8 [ 544.639825][ T5994] usb 4-1: USB disconnect, device number 5 [ 544.645877][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 544.716767][ T5994] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 545.982289][ T8948] sd 0:0:1:0: PR command failed: 1026 [ 545.987795][ T8948] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 546.013741][ T8948] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 546.606613][ T8975] netlink: 'syz.3.894': attribute type 1 has an invalid length. [ 546.684389][ T8975] 8021q: adding VLAN 0 to HW filter on device bond3 [ 546.714466][ T8975] bond3: (slave geneve4): making interface the new active one [ 546.724257][ T8975] bond3: (slave geneve4): Enslaving as an active interface with an up link [ 546.862430][ T8983] random: crng reseeded on system resumption [ 546.971181][ T8988] fuse: Bad value for 'fd' [ 547.592172][ T1627] usb 4-1: new low-speed USB device number 6 using dummy_hcd [ 547.797415][ T1627] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 547.817050][ T1627] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 547.840172][ T1627] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 547.871838][ T1627] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 547.891684][ T1627] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.923305][ T8993] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 547.938716][ T1627] hub 4-1:1.0: bad descriptor, ignoring hub [ 547.955901][ T1627] hub: probe of 4-1:1.0 failed with error -5 [ 547.972418][ T1627] cdc_wdm 4-1:1.0: skipping garbage [ 547.977692][ T1627] cdc_wdm 4-1:1.0: skipping garbage [ 547.981528][ T9017] random: crng reseeded on system resumption [ 548.002680][ T1627] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 548.013843][ T1627] cdc_wdm 4-1:1.0: Unknown control protocol [ 548.026160][ T9015] sd 0:0:1:0: PR command failed: 1026 [ 548.032926][ T9015] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 548.047742][ T9015] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 548.264363][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 548.271072][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 548.277448][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 548.284104][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 548.290517][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 548.297178][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 548.303617][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 548.310269][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 548.316838][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 548.323495][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 548.329805][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 548.336447][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 548.343025][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 548.349668][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 548.356088][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 548.362733][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 548.369095][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 548.375736][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 548.382045][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 548.388693][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 548.830858][ T5888] usb 4-1: USB disconnect, device number 6 [ 549.001723][ T5888] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 549.191667][ T1627] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 549.211781][ T5888] usb 4-1: Using ep0 maxpacket: 8 [ 549.221385][ T5888] usb 4-1: config 0 has no interfaces? [ 549.230837][ T5888] usb 4-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5 [ 549.247056][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.259186][ T5888] usb 4-1: config 0 descriptor?? [ 549.381863][ T1627] usb 5-1: Using ep0 maxpacket: 8 [ 549.411775][ T1627] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 549.433865][ T1627] usb 5-1: config 179 has no interface number 0 [ 549.440236][ T1627] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 549.467368][ T1627] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 549.496860][ T27] usb 4-1: USB disconnect, device number 7 [ 549.524854][ T1627] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 549.558753][ T1627] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 549.570710][ T1627] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 549.570828][ T9049] netlink: 12 bytes leftover after parsing attributes in process `syz.1.921'. [ 549.612193][ T9052] IPv6: Can't replace route, no match found [ 549.619529][ T1627] usb 5-1: config 179 interface 65 has no altsetting 0 [ 549.630064][ T1627] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 549.652350][ T1627] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.730562][ T1627] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input9 [ 550.050639][ T9] usb 5-1: USB disconnect, device number 7 [ 550.050642][ C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 550.097314][ T9] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 551.197069][ T9081] netlink: 32 bytes leftover after parsing attributes in process `syz.3.933'. [ 552.465088][ T9115] syzkaller0: entered promiscuous mode [ 552.482504][ T9115] syzkaller0: entered allmulticast mode [ 553.184744][ T28] kauditd_printk_skb: 32 callbacks suppressed [ 553.184759][ T28] audit: type=1326 audit(1780139298.485:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9139 comm="syz.4.948" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a6119ce59 code=0x0 [ 553.787104][ T9158] syzkaller0: entered promiscuous mode [ 553.792784][ T9158] syzkaller0: entered allmulticast mode [ 554.449034][ T9176] netlink: 'syz.5.960': attribute type 1 has an invalid length. [ 554.541380][ T9176] 8021q: adding VLAN 0 to HW filter on device bond1 [ 554.590991][ T9179] bond1: (slave geneve2): making interface the new active one [ 554.605661][ T9179] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 554.765174][ T9185] syzkaller0: entered promiscuous mode [ 554.770929][ T9185] syzkaller0: entered allmulticast mode [ 554.957503][ T9190] tipc: Started in network mode [ 554.970923][ T9190] tipc: Node identity a21f1152281e, cluster identity 4711 [ 554.992771][ T9190] tipc: Enabled bearer , priority 0 [ 555.008874][ T9191] syzkaller0: entered promiscuous mode [ 555.022376][ T9191] syzkaller0: entered allmulticast mode [ 555.039367][ T9190] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 555.083467][ T9190] tipc: Resetting bearer [ 555.107084][ T9189] tipc: Resetting bearer [ 555.162274][ T9189] tipc: Disabling bearer [ 555.978566][ T9209] syzkaller0: entered promiscuous mode [ 555.984311][ T9209] syzkaller0: entered allmulticast mode [ 556.150392][ T9211] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 556.625944][ T28] audit: type=1800 audit(1780139301.925:93): pid=9224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.980" name="/" dev="fuse" ino=1 res=0 errno=0 [ 556.724514][ T9233] syzkaller0: entered promiscuous mode [ 556.730199][ T9233] syzkaller0: entered allmulticast mode [ 557.053368][ T9247] syzkaller0: entered promiscuous mode [ 557.059048][ T9247] syzkaller0: entered allmulticast mode [ 557.143448][ T1627] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 557.342547][ T1627] usb 2-1: Using ep0 maxpacket: 8 [ 557.352951][ T1627] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 557.363796][ T1627] usb 2-1: config 179 has no interface number 0 [ 557.370155][ T1627] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 557.382279][ T1627] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 557.394122][ T1627] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 557.405895][ T1627] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 557.418298][ T1627] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 557.432341][ T1627] usb 2-1: config 179 interface 65 has no altsetting 0 [ 557.439353][ T1627] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 557.449609][ T1627] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.487288][ T1627] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input10 [ 557.698791][ T1627] usb 2-1: USB disconnect, device number 10 [ 557.704863][ C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 557.733348][ T1627] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 558.229957][ T9271] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 558.263569][ T9274] syzkaller0: entered promiscuous mode [ 558.269134][ T9274] syzkaller0: entered allmulticast mode [ 558.739423][ T9290] fuse: Bad value for 'rootmode' [ 559.041923][ T5868] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 559.111715][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 559.133369][ T9304] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 559.221679][ T5868] usb 2-1: Using ep0 maxpacket: 16 [ 559.230351][ T5868] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 559.250696][ T5868] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 559.260369][ T5868] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 559.270638][ T5868] usb 2-1: config 1 interface 1 has no altsetting 0 [ 559.282929][ T5868] usb 2-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 559.292114][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.300158][ T5868] usb 2-1: Product: syz [ 559.312138][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 559.323989][ T9] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 559.337071][ T5868] usb 2-1: Manufacturer: syz [ 559.343899][ T9] usb 5-1: config 179 has no interface number 0 [ 559.350245][ T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 559.361940][ T5868] usb 2-1: SerialNumber: syz [ 559.376216][ T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 559.398308][ T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 559.416970][ T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 559.437218][ T9] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 559.451229][ T9] usb 5-1: config 179 interface 65 has no altsetting 0 [ 559.458642][ T9] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 559.468169][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.537182][ T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input11 [ 559.602272][ T9290] netlink: 'syz.1.1007': attribute type 1 has an invalid length. [ 559.703718][ T9290] 8021q: adding VLAN 0 to HW filter on device bond1 [ 559.712486][ T9313] syzkaller0: entered promiscuous mode [ 559.718051][ T9313] syzkaller0: entered allmulticast mode [ 559.739805][ T5888] usb 5-1: USB disconnect, device number 8 [ 559.739809][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 559.808416][ T5888] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 559.885114][ T9312] bond1: (slave geneve2): making interface the new active one [ 559.916848][ T9312] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 559.983449][ T5868] usb 2-1: selecting invalid altsetting 0 [ 560.023027][ T5868] usb 2-1: USB disconnect, device number 11 [ 560.140764][ T9317] udevd[9317]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 560.578317][ T9332] tipc: Enabled bearer , priority 0 [ 560.587640][ T9332] syzkaller0: entered promiscuous mode [ 560.601795][ T9332] syzkaller0: entered allmulticast mode [ 560.618080][ T9332] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 560.660180][ T9332] tipc: Resetting bearer [ 560.694607][ T9331] tipc: Resetting bearer [ 560.749726][ T9331] tipc: Disabling bearer [ 560.831039][ T9340] syzkaller0: entered promiscuous mode [ 560.845178][ T9340] syzkaller0: entered allmulticast mode [ 561.475177][ T28] audit: type=1800 audit(1780139306.775:94): pid=9357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1034" name="/" dev="fuse" ino=1 res=0 errno=0 [ 561.519764][ T9366] netlink: 'syz.4.1036': attribute type 1 has an invalid length. [ 561.676203][ T9366] 8021q: adding VLAN 0 to HW filter on device bond2 [ 561.693924][ T9372] syzkaller0: entered promiscuous mode [ 561.699606][ T9372] syzkaller0: entered allmulticast mode [ 562.012167][ T9383] binder: 9380:9383 ioctl c0306201 0 returned -14 [ 562.569162][ T9404] netlink: 'syz.1.1051': attribute type 1 has an invalid length. [ 562.627093][ T9404] 8021q: adding VLAN 0 to HW filter on device bond2 [ 562.848396][ T9414] binder: 9413:9414 ioctl c0306201 0 returned -14 [ 562.948996][ T9416] syzkaller0: entered promiscuous mode [ 562.954766][ T9416] syzkaller0: entered allmulticast mode [ 563.035675][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.042627][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.124612][ T28] audit: type=1800 audit(1780139308.415:95): pid=9394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1048" name="/" dev="fuse" ino=1 res=0 errno=0 [ 563.664151][ T9438] binder: 9437:9438 ioctl c0306201 0 returned -14 [ 563.778570][ T9440] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 564.134033][ T9456] tipc: Enabled bearer , priority 0 [ 564.156489][ T9456] syzkaller0: entered promiscuous mode [ 564.163159][ T9456] syzkaller0: entered allmulticast mode [ 564.174282][ T9456] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 564.199128][ T9456] tipc: Resetting bearer [ 564.222605][ T9455] tipc: Resetting bearer [ 564.273430][ T9455] tipc: Disabling bearer [ 564.306063][ T9459] binder_alloc: 9458: binder_alloc_buf, no vma [ 564.574373][ T9468] syzkaller0: entered promiscuous mode [ 564.580028][ T9468] syzkaller0: entered allmulticast mode [ 564.798508][ T28] audit: type=1800 audit(1780139310.095:96): pid=9449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1068" name="/" dev="fuse" ino=1 res=0 errno=0 [ 564.873457][ T9472] syzkaller0: entered promiscuous mode [ 564.879009][ T9472] syzkaller0: entered allmulticast mode [ 564.948550][ T9474] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 565.011113][ T9477] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 565.130096][ T9480] binder_alloc: 9479: binder_alloc_buf, no vma [ 565.470851][ T9492] syzkaller0: entered promiscuous mode [ 565.478930][ T9492] syzkaller0: entered allmulticast mode [ 565.754789][ T9501] syzkaller0: entered promiscuous mode [ 565.760475][ T9501] syzkaller0: entered allmulticast mode [ 565.822693][ T9503] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 565.952366][ T9506] binder_alloc: 9505: binder_alloc_buf, no vma [ 566.176457][ T9513] tipc: Started in network mode [ 566.185368][ T9513] tipc: Node identity fad79ab368c2, cluster identity 4711 [ 566.193005][ T9513] tipc: Enabled bearer , priority 0 [ 566.205667][ T9513] syzkaller0: entered promiscuous mode [ 566.211238][ T9513] syzkaller0: entered allmulticast mode [ 566.223593][ T9513] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 566.279217][ T9513] tipc: Resetting bearer [ 566.293874][ T9512] tipc: Resetting bearer [ 566.339125][ T9512] tipc: Disabling bearer [ 566.526791][ T9520] syzkaller0: entered promiscuous mode [ 566.534194][ T9520] syzkaller0: entered allmulticast mode [ 566.763859][ T9526] syzkaller0: entered promiscuous mode [ 566.769549][ T9526] syzkaller0: entered allmulticast mode [ 567.012983][ T9536] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 567.423390][ T9549] syzkaller0: entered promiscuous mode [ 567.428969][ T9549] syzkaller0: entered allmulticast mode [ 567.532703][ T9551] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 567.894297][ T9564] syzkaller0: entered promiscuous mode [ 567.899841][ T9564] syzkaller0: entered allmulticast mode [ 568.063412][ T9573] tipc: Enabled bearer , priority 0 [ 568.112557][ T9573] syzkaller0: entered promiscuous mode [ 568.118206][ T9573] syzkaller0: entered allmulticast mode [ 568.155929][ T9573] tipc: Resetting bearer [ 568.184749][ T9572] tipc: Resetting bearer [ 568.237131][ T9572] tipc: Disabling bearer [ 568.440584][ T9583] tipc: Enabled bearer , priority 0 [ 568.464204][ T9584] syzkaller0: entered promiscuous mode [ 568.479669][ T9584] syzkaller0: entered allmulticast mode [ 568.572341][ T9577] tipc: Resetting bearer [ 568.975555][ T9601] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 569.107093][ T9604] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 569.426135][ T28] audit: type=1800 audit(1780139314.725:97): pid=9590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1127" name="/" dev="fuse" ino=1 res=0 errno=0 [ 570.663026][ T9641] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 571.785763][ T9577] tipc: Disabling bearer [ 571.917029][ T9662] overlayfs: overlapping lowerdir path [ 572.249585][ T9673] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 572.461263][ T9680] binder: BINDER_SET_CONTEXT_MGR already set [ 572.467609][ T9680] binder: 9679:9680 ioctl 4018620d 200000000040 returned -16 [ 572.622273][ T9689] syzkaller0: entered promiscuous mode [ 572.627892][ T9689] syzkaller0: entered allmulticast mode [ 572.818030][ T9691] binder: BINDER_SET_CONTEXT_MGR already set [ 572.828690][ T9691] binder: 9690:9691 ioctl 4018620d 200000004a80 returned -16 [ 573.079353][ T9699] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 573.121845][ T9703] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 573.663326][ T9718] kvm: kvm [9717]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 573.682020][ T9718] kvm: kvm [9717]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 573.723471][ T9724] tipc: Enabled bearer , priority 0 [ 573.731228][ T9724] syzkaller0: entered promiscuous mode [ 573.741793][ T9724] syzkaller0: entered allmulticast mode [ 573.754585][ T9725] kvm: vcpu 0: requested 130560 ns lapic timer period limited to 200000 ns [ 573.773216][ T9724] tipc: Resetting bearer [ 573.793974][ T9723] tipc: Resetting bearer [ 573.849454][ T9723] tipc: Disabling bearer [ 573.870728][ T9727] fuse: Bad value for 'rootmode' [ 574.161694][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 574.381214][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 574.402165][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 574.420955][ T9] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 574.442365][ T9] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 574.459919][ T9] usb 4-1: config 1 interface 1 has no altsetting 0 [ 574.489736][ T9] usb 4-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 574.507865][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.520878][ T9] usb 4-1: Product: syz [ 574.525466][ T9] usb 4-1: Manufacturer: syz [ 574.530229][ T9] usb 4-1: SerialNumber: syz [ 574.681408][ T9752] kvm: kvm [9751]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 574.690603][ T9752] kvm: kvm [9751]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 574.728802][ T9752] kvm: vcpu 0: requested 130560 ns lapic timer period limited to 200000 ns [ 574.759598][ T9727] netlink: 'syz.3.1174': attribute type 1 has an invalid length. [ 574.809498][ T9727] 8021q: adding VLAN 0 to HW filter on device bond4 [ 574.840449][ T9] usb 4-1: selecting invalid altsetting 0 [ 574.919479][ T9] usb 4-1: USB disconnect, device number 8 [ 575.060730][ T9318] udevd[9318]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 575.448312][ T9773] overlayfs: failed to resolve './file1/file0': -2 [ 575.616262][ T9781] fuse: Bad value for 'rootmode' [ 575.789459][ T9787] binder: BINDER_SET_CONTEXT_MGR already set [ 575.800343][ T9787] binder: 9784:9787 ioctl 4018620d 200000000040 returned -16 [ 575.911847][ T5888] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 576.114079][ T5888] usb 4-1: Using ep0 maxpacket: 16 [ 576.121272][ T5888] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 576.131675][ T5888] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 576.140715][ T5888] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 576.150722][ T5888] usb 4-1: config 1 interface 1 has no altsetting 0 [ 576.168347][ T5888] usb 4-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 576.177540][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.195835][ T5888] usb 4-1: Product: syz [ 576.200590][ T5888] usb 4-1: Manufacturer: syz [ 576.211749][ T5888] usb 4-1: SerialNumber: syz [ 576.433938][ T9781] netlink: 'syz.3.1202': attribute type 1 has an invalid length. [ 576.467623][ T9781] 8021q: adding VLAN 0 to HW filter on device bond5 [ 576.506235][ T5888] usb 4-1: selecting invalid altsetting 0 [ 576.528039][ T5888] usb 4-1: USB disconnect, device number 9 [ 576.588703][ T8251] udevd[8251]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 576.969346][ T9819] binder: BINDER_SET_CONTEXT_MGR already set [ 576.979474][ T9819] binder: 9818:9819 ioctl 4018620d 200000000040 returned -16 [ 577.259710][ T9825] syzkaller0: entered promiscuous mode [ 577.265539][ T9825] syzkaller0: entered allmulticast mode [ 577.487392][ T9833] tipc: Enabled bearer , priority 0 [ 577.507229][ T9833] syzkaller0: entered promiscuous mode [ 577.521511][ T9833] syzkaller0: entered allmulticast mode [ 577.572194][ T9833] tipc: Resetting bearer [ 577.594634][ T9832] tipc: Resetting bearer [ 577.646239][ T9832] tipc: Disabling bearer [ 577.760809][ T9843] binder: BINDER_SET_CONTEXT_MGR already set [ 577.771688][ T9843] binder: 9842:9843 ioctl 4018620d 200000000040 returned -16 [ 577.862856][ T9845] fuse: Bad value for 'rootmode' [ 578.152101][ T5868] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 578.371854][ T5868] usb 5-1: Using ep0 maxpacket: 16 [ 578.396010][ T5868] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 578.430717][ T5868] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 578.462124][ T5868] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 578.473295][ T9866] tipc: Enabled bearer , priority 0 [ 578.489577][ T5868] usb 5-1: config 1 interface 1 has no altsetting 0 [ 578.504094][ T9866] syzkaller0: entered promiscuous mode [ 578.524617][ T5868] usb 5-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 578.534408][ T9866] syzkaller0: entered allmulticast mode [ 578.547456][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.581872][ T5868] usb 5-1: Product: syz [ 578.586123][ T5868] usb 5-1: Manufacturer: syz [ 578.590758][ T5868] usb 5-1: SerialNumber: syz [ 578.604484][ T9866] tipc: Resetting bearer [ 578.639481][ T9865] tipc: Resetting bearer [ 578.689206][ T9865] tipc: Disabling bearer [ 578.831941][ T9845] netlink: 'syz.4.1219': attribute type 1 has an invalid length. [ 578.944979][ T9845] 8021q: adding VLAN 0 to HW filter on device bond3 [ 578.993540][ T5868] usb 5-1: selecting invalid altsetting 0 [ 579.070885][ T5868] usb 5-1: USB disconnect, device number 9 [ 579.200701][ T9318] udevd[9318]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 579.600055][ T9892] syzkaller0: entered promiscuous mode [ 579.606105][ T9892] syzkaller0: entered allmulticast mode [ 579.692459][ T9894] binder: BINDER_SET_CONTEXT_MGR already set [ 579.698590][ T9894] binder: 9893:9894 ioctl 4018620d 200000004a80 returned -16 [ 579.976433][ T9901] kvm: kvm [9900]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 579.985509][ T9901] kvm: kvm [9900]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 580.752830][ T9934] binder: BINDER_SET_CONTEXT_MGR already set [ 580.781466][ T9934] binder: 9933:9934 ioctl 4018620d 200000004a80 returned -16 [ 581.147826][ T9947] binder_alloc: 9946: binder_alloc_buf, no vma [ 581.273797][ T9949] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 583.324864][ T9973] binder: BINDER_SET_CONTEXT_MGR already set [ 583.336935][ T9973] binder: 9970:9973 ioctl 4018620d 200000004a80 returned -16 [ 583.427276][ T9975] binder_alloc: 9974: binder_alloc_buf, no vma [ 583.743778][ T9989] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 583.753041][ T9989] syzkaller0: entered promiscuous mode [ 583.758609][ T9989] syzkaller0: entered allmulticast mode [ 583.850757][ T9991] fuse: Bad value for 'fd' [ 584.132731][T10002] binder_alloc: 10001: binder_alloc_buf, no vma [ 584.321015][T10010] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 584.611500][T10021] fuse: Bad value for 'rootmode' [ 584.902397][ T27] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 585.039432][T10036] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 585.092751][ T27] usb 5-1: Using ep0 maxpacket: 16 [ 585.124511][ T27] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 585.155425][ T27] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 585.182033][ T27] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 585.199017][ T27] usb 5-1: config 1 interface 1 has no altsetting 0 [ 585.214793][ T27] usb 5-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 585.231757][ T27] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.250077][ T27] usb 5-1: Product: syz [ 585.254836][ T27] usb 5-1: Manufacturer: syz [ 585.260201][ T27] usb 5-1: SerialNumber: syz [ 585.533493][ T27] usb 5-1: selecting invalid altsetting 0 [ 585.609229][ T27] usb 5-1: USB disconnect, device number 10 [ 585.733161][ T8251] udevd[8251]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 585.949616][T10059] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 586.358068][T10077] team0: entered allmulticast mode [ 586.363662][T10077] team_slave_0: entered allmulticast mode [ 586.369581][T10077] team_slave_1: entered allmulticast mode [ 586.719447][T10088] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 586.819303][T10092] fuse: Bad value for 'rootmode' [ 586.911873][ T28] audit: type=1800 audit(1780139332.205:98): pid=10090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1309" name="/" dev="fuse" ino=1 res=0 errno=0 [ 587.101745][ T27] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 587.198109][T10106] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1317'. [ 587.311626][ T27] usb 2-1: Using ep0 maxpacket: 16 [ 587.320892][ T27] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 587.341667][ T27] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 587.359030][ T27] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 587.378336][ T27] usb 2-1: config 1 interface 1 has no altsetting 0 [ 587.387840][T10113] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 587.400614][ T27] usb 2-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 587.432048][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.440414][ T27] usb 2-1: Product: syz [ 587.447256][ T27] usb 2-1: Manufacturer: syz [ 587.471663][ T27] usb 2-1: SerialNumber: syz [ 587.713443][ T27] usb 2-1: selecting invalid altsetting 0 [ 587.748572][ T27] usb 2-1: USB disconnect, device number 12 [ 587.826969][ T9318] udevd[9318]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 588.314956][T10138] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 588.353496][T10140] fuse: Bad value for 'fd' [ 588.622727][T10147] syzkaller0: entered promiscuous mode [ 588.628306][T10147] syzkaller0: entered allmulticast mode [ 589.076008][T10171] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 589.351432][T10183] fuse: Bad value for 'fd' [ 591.758346][T10213] binder: BINDER_SET_CONTEXT_MGR already set [ 591.772107][T10213] binder: 10211:10213 ioctl 4018620d 200000000040 returned -16 [ 591.817206][T10217] fuse: Bad value for 'fd' [ 593.066100][T10258] binder: BINDER_SET_CONTEXT_MGR already set [ 593.072372][T10258] binder: 10257:10258 ioctl 4018620d 200000004a80 returned -16 [ 593.160901][T10260] binder: BINDER_SET_CONTEXT_MGR already set [ 593.177972][T10260] binder: 10259:10260 ioctl 4018620d 200000000040 returned -16 [ 593.384028][T10264] fuse: Bad value for 'fd' [ 595.048860][T10287] binder: BINDER_SET_CONTEXT_MGR already set [ 595.055162][T10287] binder: 10285:10287 ioctl 4018620d 200000004a80 returned -16 [ 595.093586][T10286] syzkaller0: entered promiscuous mode [ 595.104593][T10289] binder: BINDER_SET_CONTEXT_MGR already set [ 595.110636][T10289] binder: 10288:10289 ioctl 4018620d 200000000040 returned -16 [ 595.118457][T10286] syzkaller0: entered allmulticast mode [ 595.218774][T10291] fuse: Bad value for 'fd' [ 595.339624][T10295] fuse: Bad value for 'fd' [ 595.609587][ T28] audit: type=1800 audit(1780139340.905:99): pid=10302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1379" name="/" dev="fuse" ino=1 res=0 errno=0 [ 595.949144][T10317] binder: BINDER_SET_CONTEXT_MGR already set [ 595.955403][T10317] binder: 10316:10317 ioctl 4018620d 200000004a80 returned -16 [ 598.192163][T10345] syzkaller0: entered promiscuous mode [ 598.212164][T10345] syzkaller0: entered allmulticast mode [ 598.503761][T10355] binder: 10354:10355 ioctl c0306201 0 returned -14 [ 598.618368][T10359] binder: 10358:10359 ioctl c0306201 0 returned -14 [ 598.850439][T10369] syzkaller0: entered promiscuous mode [ 598.871625][T10369] syzkaller0: entered allmulticast mode [ 598.889078][T10369] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 599.048353][T10377] fuse: Bad value for 'fd' [ 599.192093][T10383] syzkaller0: entered promiscuous mode [ 599.199344][T10383] syzkaller0: entered allmulticast mode [ 599.463743][T10392] binder: 10391:10392 ioctl c0306201 0 returned -14 [ 599.765974][T10408] fuse: Bad value for 'fd' [ 600.110362][T10421] syzkaller0: entered promiscuous mode [ 600.116762][T10421] syzkaller0: entered allmulticast mode [ 600.142500][T10424] binder: 10423:10424 ioctl c0306201 0 returned -14 [ 600.159404][T10424] binder: BINDER_SET_CONTEXT_MGR already set [ 600.177710][T10424] binder: 10423:10424 ioctl 4018620d 200000004a80 returned -16 [ 600.254603][T10428] fuse: Bad value for 'rootmode' [ 600.531891][ T5888] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 600.717251][ T5888] usb 4-1: Using ep0 maxpacket: 16 [ 600.727171][ T5888] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 600.738946][ T5888] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 600.748367][ T5888] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 600.758468][ T5888] usb 4-1: config 1 interface 1 has no altsetting 0 [ 600.770714][ T5888] usb 4-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 600.786331][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.795512][ T5888] usb 4-1: Product: syz [ 600.799818][ T5888] usb 4-1: Manufacturer: syz [ 600.804902][ T5888] usb 4-1: SerialNumber: syz [ 601.025299][T10428] netlink: 'syz.3.1414': attribute type 1 has an invalid length. [ 601.075730][T10428] 8021q: adding VLAN 0 to HW filter on device bond6 [ 601.165000][T10456] binder: BINDER_SET_CONTEXT_MGR already set [ 601.171061][T10456] binder: 10455:10456 ioctl 4018620d 200000000040 returned -16 [ 601.252573][ T5888] usb 4-1: selecting invalid altsetting 0 [ 601.293449][T10460] syzkaller0: entered promiscuous mode [ 601.322096][T10460] syzkaller0: entered allmulticast mode [ 601.334668][ T5888] usb 4-1: USB disconnect, device number 10 [ 601.448235][ T8251] udevd[8251]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 602.187547][T10497] syzkaller0: entered promiscuous mode [ 602.193705][T10497] syzkaller0: entered allmulticast mode [ 602.697731][T10515] fuse: Bad value for 'rootmode' [ 602.981863][ T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 603.174642][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 603.198436][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 603.217776][ T9] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 603.243709][ T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 603.243753][T10531] binder: BINDER_SET_CONTEXT_MGR already set [ 603.266482][T10531] binder: 10530:10531 ioctl 4018620d 200000000040 returned -16 [ 603.272349][ T9] usb 5-1: config 1 interface 1 has no altsetting 0 [ 603.300753][ T9] usb 5-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 603.319207][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.337290][ T9] usb 5-1: Product: syz [ 603.341806][ T9] usb 5-1: Manufacturer: syz [ 603.346488][ T9] usb 5-1: SerialNumber: syz [ 605.789318][T10515] netlink: 'syz.4.1441': attribute type 1 has an invalid length. [ 605.799174][T10515] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 605.907805][ T9] usb 5-1: selecting invalid altsetting 0 [ 606.022118][ T9] usb 5-1: USB disconnect, device number 11 [ 606.078254][T10564] syzkaller0: entered promiscuous mode [ 606.093428][T10564] syzkaller0: entered allmulticast mode [ 606.127163][ T9318] udevd[9318]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 606.563831][T10576] tipc: Enabled bearer , priority 0 [ 606.575467][T10576] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 606.647676][T10573] tipc: Disabling bearer [ 606.701471][T10586] fuse: Bad value for 'rootmode' [ 606.991689][ T5888] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 607.211964][ T5888] usb 2-1: Using ep0 maxpacket: 16 [ 607.233501][ T5888] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 607.254778][ T5888] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 607.274197][ T5888] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 607.284511][ T5888] usb 2-1: config 1 interface 1 has no altsetting 0 [ 607.317414][ T5888] usb 2-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 607.339174][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.347371][ T5888] usb 2-1: Product: syz [ 607.358246][ T5888] usb 2-1: Manufacturer: syz [ 607.362992][ T5888] usb 2-1: SerialNumber: syz [ 608.279863][T10616] binder: 10615:10616 ioctl 4018620d 0 returned -22 [ 609.621721][T10586] netlink: 'syz.1.1465': attribute type 1 has an invalid length. [ 609.782004][T10586] 8021q: adding VLAN 0 to HW filter on device bond3 [ 609.926544][ T5888] usb 2-1: selecting invalid altsetting 0 [ 609.952276][T10634] syzkaller0: entered promiscuous mode [ 610.011811][T10634] syzkaller0: entered allmulticast mode [ 610.022513][ T5888] usb 2-1: USB disconnect, device number 13 [ 610.087292][T10644] binder: BINDER_SET_CONTEXT_MGR already set [ 610.122434][T10644] binder: 10643:10644 ioctl 4018620d 200000004a80 returned -16 [ 610.218881][ T8251] udevd[8251]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 611.070813][T10678] qrtr: Invalid version 91 [ 611.076252][T10676] binder: BINDER_SET_CONTEXT_MGR already set [ 611.091125][T10676] binder: 10675:10676 ioctl 4018620d 200000004a80 returned -16 [ 612.754748][T10726] qrtr: Invalid version 91 [ 613.809361][T10691] tipc: Enabling of bearer rejected, failed to enable media [ 613.920386][T10734] binder: BINDER_SET_CONTEXT_MGR already set [ 613.927824][T10734] binder: 10733:10734 ioctl 4018620d 200000004a80 returned -16 [ 614.386894][T10753] qrtr: Invalid version 91 [ 614.462318][T10757] tipc: Enabled bearer , priority 0 [ 614.471678][T10755] tipc: Disabling bearer [ 614.685669][T10761] syzkaller0: entered promiscuous mode [ 614.691214][T10761] syzkaller0: entered allmulticast mode [ 614.771060][T10765] tipc: Enabling of bearer rejected, failed to enable media [ 615.354298][T10788] binder: BINDER_SET_CONTEXT_MGR already set [ 615.360369][T10788] binder: 10787:10788 ioctl 4018620d 200000000040 returned -16 [ 615.428504][T10790] tipc: Enabled bearer , priority 0 [ 615.449045][T10789] tipc: Disabling bearer [ 615.470076][T10792] qrtr: Invalid version 91 [ 615.717875][T10803] syzkaller0: entered promiscuous mode [ 615.724733][T10803] syzkaller0: entered allmulticast mode [ 615.929835][T10813] tipc: Enabling of bearer rejected, failed to enable media [ 616.489980][T10832] qrtr: Invalid version 91 [ 616.516617][T10834] tipc: Enabled bearer , priority 0 [ 616.534363][T10833] tipc: Disabling bearer [ 616.772668][T10843] fuse: Bad value for 'rootmode' [ 616.820650][T10842] syzkaller0: entered promiscuous mode [ 616.831645][T10842] syzkaller0: entered allmulticast mode [ 616.865061][T10846] overlayfs: missing 'lowerdir' [ 617.012503][T10850] tipc: Enabling of bearer rejected, failed to enable media [ 617.071972][ T5760] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 617.195492][T10859] qrtr: Invalid version 91 [ 617.301743][ T5760] usb 2-1: Using ep0 maxpacket: 16 [ 617.310289][ T5760] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 617.335212][ T5760] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 617.360445][ T5760] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 617.379374][ T5760] usb 2-1: config 1 interface 1 has no altsetting 0 [ 617.397185][ T5760] usb 2-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 617.417178][ T5760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.435121][ T5760] usb 2-1: Product: syz [ 617.444914][ T5760] usb 2-1: Manufacturer: syz [ 617.455761][ T5760] usb 2-1: SerialNumber: syz [ 617.685216][T10843] netlink: 'syz.1.1536': attribute type 1 has an invalid length. [ 617.738065][T10843] 8021q: adding VLAN 0 to HW filter on device bond4 [ 617.763501][ T5760] usb 2-1: selecting invalid altsetting 0 [ 617.795496][ T5760] usb 2-1: USB disconnect, device number 14 [ 617.886852][ T8434] udevd[8434]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 618.086779][T10882] overlayfs: missing 'lowerdir' [ 618.164495][T10884] syzkaller0: entered promiscuous mode [ 618.170012][T10884] syzkaller0: entered allmulticast mode [ 618.496792][T10891] tipc: Enabling of bearer rejected, failed to enable media [ 618.533784][T10892] binder: BINDER_SET_CONTEXT_MGR already set [ 618.553864][T10895] binder: BINDER_SET_CONTEXT_MGR already set [ 618.566453][T10892] binder: 10889:10892 ioctl 4018620d 200000004a80 returned -16 [ 618.572449][T10895] binder: 10894:10895 ioctl 4018620d 200000000040 returned -16 [ 618.915204][T10912] overlayfs: missing 'lowerdir' [ 619.161912][T10918] syzkaller0: entered promiscuous mode [ 619.167473][T10918] syzkaller0: entered allmulticast mode [ 619.249511][T10924] binder: 10923:10924 ioctl c0306201 0 returned -14 [ 619.390953][T10928] fuse: Bad value for 'rootmode' [ 619.448605][T10930] binder: BINDER_SET_CONTEXT_MGR already set [ 619.457937][T10930] binder: 10929:10930 ioctl 4018620d 200000004a80 returned -16 [ 619.539355][T10932] binder: BINDER_SET_CONTEXT_MGR already set [ 619.546582][T10932] binder: 10931:10932 ioctl 4018620d 200000000040 returned -16 [ 619.649839][T10934] overlayfs: missing 'lowerdir' [ 619.691788][ T5760] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 619.760067][T10938] tipc: Enabling of bearer rejected, failed to enable media [ 619.872585][T10944] tipc: Enabled bearer , priority 0 [ 619.887854][T10942] tipc: Disabling bearer [ 619.932346][ T5760] usb 5-1: Using ep0 maxpacket: 16 [ 619.951435][ T5760] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 619.977717][ T5760] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 620.001627][ T5760] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 620.036617][ T5760] usb 5-1: config 1 interface 1 has no altsetting 0 [ 620.075819][ T5760] usb 5-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 620.102106][ T5760] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 620.120424][ T5760] usb 5-1: Product: syz [ 620.133250][ T5760] usb 5-1: Manufacturer: syz [ 620.137938][ T5760] usb 5-1: SerialNumber: syz [ 620.149471][T10950] binder: 10949:10950 ioctl c0306201 0 returned -14 [ 620.290164][T10954] syzkaller0: entered promiscuous mode [ 620.310806][T10954] syzkaller0: entered allmulticast mode [ 620.418898][T10958] binder: BINDER_SET_CONTEXT_MGR already set [ 620.425359][T10958] binder: 10957:10958 ioctl 4018620d 200000004a80 returned -16 [ 620.461791][T10928] netlink: 'syz.4.1564': attribute type 1 has an invalid length. [ 620.636245][T10966] overlayfs: missing 'lowerdir' [ 620.642742][T10928] 8021q: adding VLAN 0 to HW filter on device bond4 [ 620.696512][ T5760] usb 5-1: selecting invalid altsetting 0 [ 620.766507][ T5760] usb 5-1: USB disconnect, device number 12 [ 620.878596][ T9318] udevd[9318]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 621.045563][T10975] tipc: Enabled bearer , priority 0 [ 621.055489][T10974] tipc: Disabling bearer [ 621.255359][T10980] binder: 10979:10980 ioctl c0306201 0 returned -14 [ 621.529814][T10990] overlayfs: missing 'lowerdir' [ 621.687094][T10994] tipc: Enabled bearer , priority 0 [ 621.704241][T10993] tipc: Disabling bearer [ 622.185687][T11008] fuse: Bad value for 'rootmode' [ 622.239431][T11011] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 622.258701][T11011] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 622.461677][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 622.661642][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 622.668909][ T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 622.699845][ T9] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 622.714660][ T9] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 622.725734][T11020] tipc: Enabled bearer , priority 0 [ 622.730711][ T9] usb 6-1: config 1 interface 1 has no altsetting 0 [ 622.742621][ T9] usb 6-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 622.754118][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.763230][ T9] usb 6-1: Product: syz [ 622.767449][ T9] usb 6-1: Manufacturer: syz [ 622.772585][ T9] usb 6-1: SerialNumber: syz [ 622.785023][T11019] tipc: Disabling bearer [ 622.966086][T11022] binder: 11021:11022 ioctl c0306201 0 returned -14 [ 622.984092][T11008] netlink: 'syz.5.1594': attribute type 1 has an invalid length. [ 623.108081][T11008] 8021q: adding VLAN 0 to HW filter on device bond2 [ 623.319340][ T9] usb 6-1: selecting invalid altsetting 0 [ 623.399753][T11036] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 623.402836][ T9] usb 6-1: USB disconnect, device number 4 [ 623.434694][T11036] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 623.525758][ T9318] udevd[9318]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 623.925363][T11049] tipc: Enabled bearer , priority 0 [ 623.964435][T11048] tipc: Disabling bearer [ 624.382343][T11064] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 624.417869][T11064] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 624.480929][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.488503][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.832922][T11077] fuse: Bad value for 'rootmode' [ 625.162426][ T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 625.225451][T11089] overlayfs: missing 'lowerdir' [ 625.371871][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 625.410445][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 625.439448][ T9] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 625.456746][ T9] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 625.471223][ T9] usb 4-1: config 1 interface 1 has no altsetting 0 [ 625.484178][ T9] usb 4-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 625.506269][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.521794][ T9] usb 4-1: Product: syz [ 625.526176][ T9] usb 4-1: Manufacturer: syz [ 625.530820][ T9] usb 4-1: SerialNumber: syz [ 625.751231][T11077] netlink: 'syz.3.1623': attribute type 1 has an invalid length. [ 625.914064][T11077] 8021q: adding VLAN 0 to HW filter on device bond7 [ 626.015339][ T9] usb 4-1: selecting invalid altsetting 0 [ 626.076860][ T9] usb 4-1: USB disconnect, device number 11 [ 626.184865][ T8434] udevd[8434]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 626.386753][T11113] overlayfs: missing 'lowerdir' [ 626.979402][T11137] overlayfs: missing 'lowerdir' [ 627.130420][T11142] fuse: Bad value for 'rootmode' [ 627.433831][ T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 627.631846][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 627.651729][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 627.671747][ T9] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 627.680814][ T9] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 627.701600][ T9] usb 2-1: config 1 interface 1 has no altsetting 0 [ 627.710682][ T9] usb 2-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 627.725929][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.735506][ T9] usb 2-1: Product: syz [ 627.739726][ T9] usb 2-1: Manufacturer: syz [ 627.751984][ T9] usb 2-1: SerialNumber: syz [ 627.972714][T11142] netlink: 'syz.1.1653': attribute type 1 has an invalid length. [ 628.055873][T11142] 8021q: adding VLAN 0 to HW filter on device bond5 [ 628.115529][T11163] tipc: Enabling of bearer rejected, failed to enable media [ 628.145123][ T9] usb 2-1: selecting invalid altsetting 0 [ 628.201842][ T9] usb 2-1: USB disconnect, device number 15 [ 628.320193][ T8251] udevd[8251]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 628.641127][T11178] overlayfs: missing 'workdir' [ 629.284484][T11201] overlayfs: missing 'workdir' [ 629.487350][T11207] fuse: Bad value for 'rootmode' [ 629.787037][ T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 629.888597][T11209] tipc: Enabling of bearer rejected, failed to enable media [ 630.001610][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 630.015427][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 630.044309][ T9] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 630.090103][ T9] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 630.133511][ T9] usb 2-1: config 1 interface 1 has no altsetting 0 [ 630.168041][ T9] usb 2-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 630.188018][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 630.228224][ T9] usb 2-1: Product: syz [ 630.256985][ T9] usb 2-1: Manufacturer: syz [ 630.281845][ T9] usb 2-1: SerialNumber: syz [ 630.518825][T11207] netlink: 'syz.1.1673': attribute type 1 has an invalid length. [ 630.631454][T11227] binder: 11225:11227 ioctl 4018620d 0 returned -22 [ 630.692158][T11207] 8021q: adding VLAN 0 to HW filter on device bond6 [ 630.809959][ T9] usb 2-1: selecting invalid altsetting 0 [ 630.898367][ T9] usb 2-1: USB disconnect, device number 16 [ 630.998810][ T8251] udevd[8251]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 631.028528][T11239] overlayfs: missing 'workdir' [ 631.533514][T11255] tipc: Enabled bearer , priority 0 [ 631.547875][T11255] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 631.577128][T11254] tipc: Disabling bearer [ 632.104837][T11268] binder: 11267:11268 ioctl 4018620d 0 returned -22 [ 632.547737][T11278] tipc: Enabled bearer , priority 0 [ 632.601161][T11279] fuse: Bad value for 'rootmode' [ 632.607321][T11278] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 632.803553][T11276] tipc: Disabling bearer [ 632.921827][ T1627] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 633.124510][T11294] tipc: Enabled bearer , priority 0 [ 633.141774][ T1627] usb 4-1: Using ep0 maxpacket: 16 [ 633.158030][T11294] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 633.176867][ T1627] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 633.201752][ T1627] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 633.210846][ T1627] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 633.251745][ T1627] usb 4-1: config 1 interface 1 has no altsetting 0 [ 633.283194][ T1627] usb 4-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 633.305108][ T1627] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 633.331788][ T1627] usb 4-1: Product: syz [ 633.336026][ T1627] usb 4-1: Manufacturer: syz [ 633.340690][ T1627] usb 4-1: SerialNumber: syz [ 633.399231][T11292] tipc: Disabling bearer [ 633.602353][T11279] netlink: 'syz.3.1694': attribute type 1 has an invalid length. [ 633.642991][T11299] binder: 11298:11299 ioctl 4018620d 0 returned -22 [ 633.930413][T11279] 8021q: adding VLAN 0 to HW filter on device bond8 [ 634.069991][ T1627] usb 4-1: selecting invalid altsetting 0 [ 634.107444][ T1627] usb 4-1: USB disconnect, device number 12 [ 634.214829][ T9318] udevd[9318]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 634.407222][T11316] team0: entered allmulticast mode [ 634.472240][T11316] team_slave_0: entered allmulticast mode [ 634.478064][T11316] team_slave_1: entered allmulticast mode [ 634.851018][T11330] binder: BINDER_SET_CONTEXT_MGR already set [ 634.865190][T11328] syzkaller0: entered promiscuous mode [ 634.870740][T11328] syzkaller0: entered allmulticast mode [ 634.876905][T11330] binder: 11329:11330 ioctl 4018620d 200000004a80 returned -16 [ 634.905788][T11328] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 635.722580][T11348] binder_alloc: 11347: binder_alloc_buf size 16384 failed, no address space [ 635.740814][T11348] binder_alloc: allocated: 4096 (num: 1 largest: 4096), free: 8192 (num: 1 largest: 8192) [ 635.770219][T11352] fuse: Bad value for 'rootmode' [ 635.812700][T11354] binder: BINDER_SET_CONTEXT_MGR already set [ 635.837986][T11354] binder: 11353:11354 ioctl 4018620d 200000004a80 returned -16 [ 636.051997][ T5867] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 636.234622][ T5867] usb 6-1: Using ep0 maxpacket: 16 [ 636.267758][ T5867] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 636.284262][ T5867] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 636.301152][ T5867] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 636.319295][ T5867] usb 6-1: config 1 interface 1 has no altsetting 0 [ 636.330083][ T5867] usb 6-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 636.360017][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.380370][ T5867] usb 6-1: Product: syz [ 636.402384][ T5867] usb 6-1: Manufacturer: syz [ 636.412430][ T5867] usb 6-1: SerialNumber: syz [ 639.049932][T11357] team0: entered allmulticast mode [ 639.055467][T11357] team_slave_0: entered allmulticast mode [ 639.065518][T11357] team_slave_1: entered allmulticast mode [ 639.073312][T11368] tipc: Enabling of bearer rejected, failed to enable media [ 639.085858][T11352] netlink: 'syz.5.1720': attribute type 1 has an invalid length. [ 639.150665][T11352] 8021q: adding VLAN 0 to HW filter on device bond3 [ 639.294158][ T5867] usb 6-1: selecting invalid altsetting 0 [ 639.376935][ T5867] usb 6-1: USB disconnect, device number 5 [ 639.426656][T11380] fuse: Unknown parameter 'grou00000000000000000000' [ 639.448599][ T9318] udevd[9318]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 639.688536][T11388] binder: BINDER_SET_CONTEXT_MGR already set [ 639.707073][T11388] binder: 11387:11388 ioctl 4018620d 200000004a80 returned -16 [ 640.613437][T11405] fuse: Bad value for 'rootmode' [ 640.892243][ T5867] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 641.064993][T11411] binder_alloc: 11410: binder_alloc_buf size 16384 failed, no address space [ 641.087955][T11411] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 641.111772][ T5867] usb 5-1: Using ep0 maxpacket: 16 [ 641.137537][ T5867] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 641.147845][ T5867] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 641.169607][ T5867] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 641.179707][ T5867] usb 5-1: config 1 interface 1 has no altsetting 0 [ 641.208303][ T5867] usb 5-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 641.232836][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.240947][ T5867] usb 5-1: Product: syz [ 641.250160][ T5867] usb 5-1: Manufacturer: syz [ 641.265086][ T5867] usb 5-1: SerialNumber: syz [ 641.290445][T11416] binder: 11415:11416 ioctl 4018620d 0 returned -22 [ 643.626991][T11405] netlink: 'syz.4.1738': attribute type 1 has an invalid length. [ 643.641391][T11405] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 643.757703][T11449] binder: 11447:11449 ioctl c0306201 0 returned -14 [ 643.822027][ T5867] usb 5-1: selecting invalid altsetting 0 [ 643.912520][ T5867] usb 5-1: USB disconnect, device number 13 [ 643.915133][T11454] binder: 11453:11454 ioctl 4018620d 0 returned -22 [ 643.948270][T11456] binder_alloc: 11455: binder_alloc_buf size 16384 failed, no address space [ 643.978423][T11456] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 644.095572][ T9318] udevd[9318]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 644.264649][T11465] binder: 11463:11465 ioctl c0306201 0 returned -14 [ 644.490441][T11472] fuse: Bad value for 'rootmode' [ 644.781795][ T5760] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 644.895087][ T27] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 645.001761][ T5760] usb 2-1: Using ep0 maxpacket: 16 [ 645.011051][ T5760] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 645.028762][ T5760] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 645.038366][ T5760] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 645.048606][ T5760] usb 2-1: config 1 interface 1 has no altsetting 0 [ 645.061237][ T5760] usb 2-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 645.076879][ T5760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.081896][ T27] usb 6-1: Using ep0 maxpacket: 16 [ 645.090192][ T5760] usb 2-1: Product: syz [ 645.101480][ T5760] usb 2-1: Manufacturer: syz [ 645.106715][ T5760] usb 2-1: SerialNumber: syz [ 645.135649][ T27] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 645.150237][ T27] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 645.178431][ T27] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 645.188383][ T27] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 645.198485][ T27] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 645.238426][ T27] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 645.258188][ T27] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 645.268998][ T27] usb 6-1: Manufacturer: syz [ 645.297404][ T27] usb 6-1: config 0 descriptor?? [ 646.499753][ T27] rc_core: IR keymap rc-hauppauge not found [ 646.514318][ T27] Registered IR keymap rc-empty [ 646.529167][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 646.530644][T11500] binder: 11499:11500 ioctl c0306201 0 returned -14 [ 646.581676][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 646.617397][ T27] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 646.661287][ T27] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input12 [ 646.698964][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 646.749135][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 646.794211][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 646.824594][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 646.864934][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 646.907574][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 646.958051][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 647.007804][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 647.048568][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 647.098088][ T27] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 647.145676][ T27] mceusb 6-1:0.0: Registered with mce emulator interface version 1 [ 647.162259][ T27] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 647.197815][ T27] usb 6-1: USB disconnect, device number 6 [ 648.484458][T11472] netlink: 'syz.1.1759': attribute type 1 has an invalid length. [ 648.517801][T11472] 8021q: adding VLAN 0 to HW filter on device bond7 [ 648.628322][ T5760] usb 2-1: selecting invalid altsetting 0 [ 648.653837][T11511] tipc: Enabling of bearer rejected, failed to enable media [ 648.711424][T11515] binder: 11514:11515 ioctl c0306201 0 returned -14 [ 648.742161][ T5760] usb 2-1: USB disconnect, device number 17 [ 648.848824][ T8434] udevd[8434]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 649.179846][T11531] binder: 11530:11531 ioctl c0306201 0 returned -14 [ 649.463786][T11538] fuse: Bad value for 'rootmode' [ 649.763198][ T5760] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 649.971656][ T5760] usb 5-1: Using ep0 maxpacket: 16 [ 649.987671][ T5760] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 649.999034][ T5760] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 650.029384][ T5760] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 650.048383][ T5760] usb 5-1: config 1 interface 1 has no altsetting 0 [ 650.104708][ T5760] usb 5-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 650.129611][ T5760] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.150608][ T5760] usb 5-1: Product: syz [ 650.159178][ T5760] usb 5-1: Manufacturer: syz [ 650.170993][ T5760] usb 5-1: SerialNumber: syz [ 650.346457][T11544] binder: 11543:11544 ioctl c0306201 0 returned -14 [ 652.425401][T11538] netlink: 'syz.4.1775': attribute type 1 has an invalid length. [ 652.434716][T11538] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 652.554411][ T5760] usb 5-1: selecting invalid altsetting 0 [ 652.659960][ T5760] usb 5-1: USB disconnect, device number 14 [ 652.678527][T11575] binder: BINDER_SET_CONTEXT_MGR already set [ 652.702349][T11575] binder: 11574:11575 ioctl 4018620d 200000000040 returned -16 [ 652.713466][T11575] binder: 11574:11575 ioctl c0306201 0 returned -14 [ 652.844938][ T8251] udevd[8251]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 653.353414][T11600] fuse: Bad value for 'rootmode' [ 653.605916][T11605] xt_hashlimit: size too large, truncated to 1048576 [ 653.671847][ T9] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 653.895766][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 653.913484][ T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 653.942628][ T9] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 653.980368][ T9] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 654.007955][ T9] usb 6-1: config 1 interface 1 has no altsetting 0 [ 654.033597][ T9] usb 6-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40 [ 654.072730][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 654.080810][ T9] usb 6-1: Product: syz [ 654.107583][ T9] usb 6-1: Manufacturer: syz [ 654.113946][ T9] usb 6-1: SerialNumber: syz [ 655.198166][ T29] INFO: task syz.0.478:7701 blocked for more than 143 seconds. [ 655.209710][ T29] Not tainted syzkaller #0 [ 655.217435][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 655.226817][ T29] task:syz.0.478 state:D stack:25448 pid:7701 ppid:5820 flags:0x00004000 [ 655.251602][ T29] Call Trace: [ 655.255067][ T29] [ 655.258268][ T29] __schedule+0x1553/0x45a0 [ 655.267642][ T29] ? asan.module_dtor+0x20/0x20 [ 655.278494][ T29] schedule+0xbd/0x170 [ 655.288471][ T29] schedule_timeout+0xc1/0x2d0 [ 655.300225][ T29] ? console_conditional_schedule+0x40/0x40 [ 655.319924][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 655.337234][ T29] ? lock_chain_count+0x20/0x20 [ 655.346843][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 655.363070][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 655.368724][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 655.391953][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 655.397437][ T29] ? wait_for_completion+0x27a/0x5b0 [ 655.411914][ T29] wait_for_completion+0x2cb/0x5b0 [ 655.417125][ T29] ? io_schedule+0xd0/0xd0 [ 655.431563][ T29] ? try_to_wake_up+0x74f/0x1190 [ 655.441579][ T29] io_wq_put_and_exit+0x474/0x810 [ 655.446719][ T29] ? io_wq_put_and_exit+0x16a/0x810 [ 655.462519][ T29] io_uring_clean_tctx+0x130/0x1b0 [ 655.467756][ T29] ? io_uring_del_tctx_node+0x2c0/0x2c0 [ 655.492866][ T29] ? io_uring_drop_tctx_refs+0x111/0x1a0 [ 655.498581][ T29] io_uring_cancel_generic+0x610/0x6c0 [ 655.511641][ T29] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 655.517358][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 655.541577][ T29] ? wake_bit_function+0x200/0x200 [ 655.546781][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 655.572024][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 655.577629][ T29] ? io_uring_unreg_ringfd+0x52b/0x540 [ 655.587062][ T29] do_exit+0x5f1/0x2460 [ 655.591680][ T29] ? put_task_struct+0xc0/0xc0 [ 655.596841][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 655.603613][ T29] ? get_signal+0x1068/0x13f0 [ 655.608715][ T29] ? lock_chain_count+0x20/0x20 [ 655.614191][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 655.619429][ T29] do_group_exit+0x21b/0x2d0 [ 655.625078][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 655.630483][ T29] get_signal+0x12fc/0x13f0 [ 655.635692][ T29] arch_do_signal_or_restart+0xc2/0x800 [ 655.643256][ T29] ? get_sigframe_size+0x20/0x20 [ 655.648692][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 655.657348][ T29] ? exit_to_user_mode_loop+0x3b/0x110 [ 655.663585][ T29] exit_to_user_mode_loop+0x70/0x110 [ 655.669095][ T29] exit_to_user_mode_prepare+0xee/0x180 [ 655.675725][ T29] syscall_exit_to_user_mode+0x1a/0x50 [ 655.681423][ T29] do_syscall_64+0x61/0xb0 [ 655.686664][ T29] ? clear_bhb_loop+0x40/0x90 [ 655.696858][ T29] ? clear_bhb_loop+0x40/0x90 [ 655.702093][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 655.708437][ T29] RIP: 0033:0x7f07ec99ce59 [ 655.713630][ T29] RSP: 002b:00007f07ed908028 EFLAGS: 00000246 ORIG_RAX: 00000000000000db [ 655.723047][ T29] RAX: fffffffffffffdfc RBX: 00007f07ecc15fa0 RCX: 00007f07ec99ce59 [ 655.731212][ T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000001a80 [ 655.740191][ T29] RBP: 00007f07eca32d6f R08: 0000000000000000 R09: 0000000000000000 [ 655.748735][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 655.760477][ T29] R13: 00007f07ecc16038 R14: 00007f07ecc15fa0 R15: 00007fff1a527918 [ 655.776535][ T29] [ 655.800432][ T29] INFO: task iou-wrk-7701:7702 blocked for more than 143 seconds. [ 655.814869][ T29] Not tainted syzkaller #0 [ 655.819900][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 655.829439][ T29] task:iou-wrk-7701 state:D stack:25032 pid:7702 ppid:5820 flags:0x00024006 [ 655.839958][ T29] Call Trace: [ 655.843725][ T29] [ 655.846745][ T29] __schedule+0x1553/0x45a0 [ 655.851423][ T29] ? asan.module_dtor+0x20/0x20 [ 655.858400][ T29] ? schedule+0x64/0x170 [ 655.865118][ T29] ? do_raw_spin_unlock+0x121/0x230 [ 655.870426][ T29] schedule+0xbd/0x170 [ 655.876875][ T29] io_schedule+0x80/0xd0 [ 655.881253][ T29] folio_wait_bit_common+0x714/0xfa0 [ 655.887442][ T29] ? folio_wait_bit+0x30/0x30 [ 655.892585][ T29] ? _compound_head+0x120/0x120 [ 655.897584][ T29] ? filemap_add_folio+0x192/0x3c0 [ 655.907458][ T29] ? __filemap_get_folio+0x704/0xbb0 [ 655.913243][ T29] ? blkdev_writepage+0x30/0x30 [ 655.918274][ T29] do_read_cache_folio+0x1c0/0x7d0 [ 655.938099][ T29] ? blkdev_writepage+0x30/0x30 [ 655.943262][ T29] read_part_sector+0xd2/0x340 [ 655.950071][ T29] adfspart_check_POWERTEC+0x93/0xed0 [ 655.961471][ T29] ? adfspart_check_ADFS+0x620/0x620 [ 655.967279][ T29] ? put_partition+0x370/0x370 [ 655.985100][ T29] ? alloc_pages+0x4dc/0x740 [ 655.989848][ T29] bdev_disk_changed+0x740/0x1420 [ 656.001355][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 656.007044][ T29] ? capable+0x88/0xe0 [ 656.011218][ T29] blkdev_get_whole+0x30d/0x390 [ 656.023131][ T29] blkdev_get_by_dev+0x279/0x600 [ 656.028321][ T29] disk_scan_partitions+0x1bc/0x2c0 [ 656.044407][ T29] device_add_disk+0xc1a/0xf50 [ 656.049473][ T29] ublk_ctrl_start_dev+0xadb/0xfd0 [ 656.059606][ T29] ublk_ctrl_uring_cmd+0x3b4/0x5e0 [ 656.067898][ T29] ? alloc_object+0x640/0x640 [ 656.075977][ T29] ? ublk_check_inflight_rq+0xa0/0xa0 [ 656.081731][ T29] io_uring_cmd+0x149/0x410 [ 656.086467][ T29] io_issue_sqe+0x2c5/0xc90 [ 656.091113][ T29] io_wq_submit_work+0x418/0x9c0 [ 656.109219][ T29] io_worker_handle_work+0x847/0x11b0 [ 656.116583][ T29] io_wq_worker+0x4a0/0xf10 [ 656.121268][ T29] ? io_wq_worker+0x3c5/0xf10 [ 656.131351][ T29] ? create_worker_cont+0x590/0x590 [ 656.138657][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 656.151585][ T29] ? lock_chain_count+0x20/0x20 [ 656.160569][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 656.178065][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 656.183508][ T29] ? create_worker_cont+0x590/0x590 [ 656.188967][ T29] ret_from_fork+0x48/0x80 [ 656.200524][ T29] ? create_worker_cont+0x590/0x590 [ 656.209077][ T29] ret_from_fork_asm+0x11/0x20 [ 656.224213][ T29] [ 656.261981][ T29] [ 656.261981][ T29] Showing all locks held in the system: [ 656.269846][ T29] 4 locks held by kworker/0:1/9: [ 656.278693][ T29] #0: ffff888146e57d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 656.290845][ T29] #1: ffffc900000e7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 656.310480][ T29] #2: ffff888142fd5190 (&dev->mutex){....}-{3:3}, at: hub_event+0x180/0x49f0 [ 656.325118][ T29] #3: ffff8880799f9190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x89/0x420 [ 656.344320][ T29] 2 locks held by kworker/u4:1/12: [ 656.349582][ T29] #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 656.371656][ T29] #1: ffffc90000117d00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 656.391106][ T29] 1 lock held by khungtaskd/29: [ 656.396608][ T29] #0: ffffffff8d132120 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 656.415770][ T29] 2 locks held by kworker/1:2/1627: [ 656.421131][ T29] #0: ffff888017c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 656.441613][ T29] #1: ffffc90005417d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 656.458654][ T29] 3 locks held by kworker/u4:9/3452: [ 656.465633][ T29] #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 656.484864][ T29] #1: ffffc9000d1c7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 656.496353][ T29] #2: ffffffff8e3c5848 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 656.505659][ T29] 1 lock held by klogd/5133: [ 656.510477][ T29] #0: ffff8880b8f3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 656.521026][ T29] 2 locks held by getty/5532: [ 656.525845][ T29] #0: ffff8880316c20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 656.535932][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 [ 656.551110][ T29] 2 locks held by kworker/1:4/5888: [ 656.559444][ T29] 2 locks held by iou-wrk-7701/7702: [ 656.568625][ T29] #0: ffff88801cf286c0 (&ub->mutex){+.+.}-{3:3}, at: ublk_ctrl_start_dev+0xf8/0xfd0 [ 656.578497][ T29] #1: ffff88807f3864c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 656.597427][ T29] 4 locks held by udevd/9317: [ 656.603698][ T29] #0: ffff88801b73de80 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb1/0xd50 [ 656.612893][ T29] #1: ffff88802e756888 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x5c/0x410 [ 656.622750][ T29] #2: ffff88802cd85ca0 (kn->active#21){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x410 [ 656.632951][ T29] #3: ffff8880799f9190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0 [ 656.642542][ T29] 2 locks held by syz.3.1790/11594: [ 656.647960][ T29] #0: ffffffff8e3c5848 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 [ 656.660214][ T29] #1: ffffffff8d137af8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x306/0x880 [ 656.671322][ T29] 1 lock held by syz.5.1791/11600: [ 656.683036][ T29] #0: ffffffff8e3c5848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 [ 656.698737][ T29] 1 lock held by syz.5.1791/11608: [ 656.706141][ T29] #0: ffffffff8e3c5848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 [ 656.723578][ T29] 1 lock held by syz.1.1794/11610: [ 656.728834][ T29] #0: ffffffff8e3c5848 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x400/0x2000 [ 656.751581][ T29] 1 lock held by syz.1.1794/11611: [ 656.756762][ T29] #0: ffffffff8e3c5848 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 [ 656.781632][ T29] 1 lock held by syz.1.1794/11612: [ 656.786823][ T29] #0: ffffffff8e3c5848 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x7a4/0x1140 [ 656.811587][ T29] 1 lock held by syz.1.1794/11614: [ 656.818802][ T29] #0: ffffffff8e3c5848 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x7a4/0x1140 [ 656.832244][ T29] 1 lock held by syz.1.1794/11617: [ 656.837530][ T29] #0: ffffffff8e3c5848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 [ 656.848064][ T29] 1 lock held by syz.1.1794/11621: [ 656.853626][ T29] #0: ffffffff8e3c5848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 [ 656.863776][ T29] [ 656.866282][ T29] ============================================= [ 656.866282][ T29] [ 656.875543][ T29] NMI backtrace for cpu 0 [ 656.879936][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 656.887168][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 656.897290][ T29] Call Trace: [ 656.900624][ T29] [ 656.903598][ T29] dump_stack_lvl+0x18c/0x250 [ 656.908324][ T29] ? show_regs_print_info+0x20/0x20 [ 656.913565][ T29] ? load_image+0x420/0x420 [ 656.918120][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 656.923140][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 656.929343][ T29] ? _printk+0xde/0x130 [ 656.933533][ T29] ? load_image+0x420/0x420 [ 656.938075][ T29] ? load_image+0x420/0x420 [ 656.942619][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 656.948736][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 656.954773][ T29] watchdog+0xf3d/0xf80 [ 656.959026][ T29] ? watchdog+0x1e1/0xf80 [ 656.963409][ T29] kthread+0x2fa/0x390 [ 656.967515][ T29] ? hungtask_pm_notify+0x90/0x90 [ 656.972589][ T29] ? kthread_blkcg+0xd0/0xd0 [ 656.977222][ T29] ret_from_fork+0x48/0x80 [ 656.981679][ T29] ? kthread_blkcg+0xd0/0xd0 [ 656.986311][ T29] ret_from_fork_asm+0x11/0x20 [ 656.991135][ T29] [ 656.995321][ T29] Sending NMI from CPU 0 to CPUs 1: [ 657.000628][ C1] NMI backtrace for cpu 1 [ 657.000638][ C1] CPU: 1 PID: 5885 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 657.000654][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 657.000671][ C1] Workqueue: events_unbound nsim_dev_trap_report_work [ 657.000732][ C1] RIP: 0010:__local_bh_disable_ip+0x92/0x1a0 [ 657.000755][ C1] Code: f8 f3 f3 f3 65 8b 05 25 4d b1 7e a9 00 00 0f 00 0f 85 f5 00 00 00 43 c6 44 3c 08 00 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 <4c> 8b 74 24 40 43 c6 44 3c 08 f8 fa 65 01 1d f3 4c b1 7e 65 8b 05 [ 657.000769][ C1] RSP: 0018:ffffc90004b3fa00 EFLAGS: 00000246 [ 657.000782][ C1] RAX: 0000000080000001 RBX: 0000000000000201 RCX: 0000000000000000 [ 657.000793][ C1] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8650eaab [ 657.000803][ C1] RBP: ffffc90004b3faa8 R08: ffffc90004b3f9df R09: 0000000000000000 [ 657.000815][ C1] R10: ffffc90004b3f9a0 R11: fffff52000967f3c R12: 1ffff92000967f40 [ 657.000827][ C1] R13: ffff88807b6d5dc0 R14: ffffffff8650eaab R15: dffffc0000000000 [ 657.000840][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 657.000853][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 657.000866][ C1] CR2: 0000555578a6d4e8 CR3: 000000007e22c000 CR4: 00000000003506e0 [ 657.000883][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000004b8 [ 657.000893][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 657.000903][ C1] Call Trace: [ 657.000908][ C1] [ 657.000915][ C1] ? __bpf_trace_tasklet+0x160/0x160 [ 657.000938][ C1] ? nsim_dev_trap_report_work+0x6db/0xb10 [ 657.000958][ C1] _raw_spin_lock_bh+0x1c/0x50 [ 657.000983][ C1] nsim_dev_trap_report_work+0x6db/0xb10 [ 657.001016][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 657.001040][ C1] process_scheduled_works+0xa5d/0x15d0 [ 657.001075][ C1] ? worker_attach_to_pool+0x380/0x380 [ 657.001100][ C1] ? assign_work+0x3d2/0x5d0 [ 657.001123][ C1] worker_thread+0xa55/0xfc0 [ 657.001144][ C1] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 657.001173][ C1] ? _raw_spin_unlock+0x40/0x40 [ 657.001195][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 657.001229][ C1] kthread+0x2fa/0x390 [ 657.001244][ C1] ? pr_cont_work+0x560/0x560 [ 657.001264][ C1] ? kthread_blkcg+0xd0/0xd0 [ 657.001280][ C1] ret_from_fork+0x48/0x80 [ 657.001302][ C1] ? kthread_blkcg+0xd0/0xd0 [ 657.001320][ C1] ret_from_fork_asm+0x11/0x20 [ 657.001350][ C1] [ 657.262145][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 657.269059][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 657.276296][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 657.286386][ T29] Call Trace: [ 657.289694][ T29] [ 657.292667][ T29] dump_stack_lvl+0x18c/0x250 [ 657.297399][ T29] ? show_regs_print_info+0x20/0x20 [ 657.302645][ T29] ? load_image+0x420/0x420 [ 657.307212][ T29] panic+0x2dc/0x730 [ 657.311193][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 657.316873][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 657.321423][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 657.327068][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 657.333364][ T29] watchdog+0xf7c/0xf80 [ 657.337589][ T29] ? watchdog+0x1e1/0xf80 [ 657.341970][ T29] kthread+0x2fa/0x390 [ 657.346161][ T29] ? hungtask_pm_notify+0x90/0x90 [ 657.351239][ T29] ? kthread_blkcg+0xd0/0xd0 [ 657.355863][ T29] ret_from_fork+0x48/0x80 [ 657.360326][ T29] ? kthread_blkcg+0xd0/0xd0 [ 657.365040][ T29] ret_from_fork_asm+0x11/0x20 [ 657.369858][ T29] [ 657.373095][ T29] Kernel Offset: disabled [ 657.377519][ T29] Rebooting in 86400 seconds..