last executing test programs: 3.728080487s ago: executing program 3 (id=93): rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) r0 = gettid() timer_create(0x9, &(0x7f0000000180)={0x0, 0x1e, 0x4, @tid=r0}, &(0x7f00000000c0)=0x0) timer_settime(r1, 0x1, &(0x7f0000000080)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) timer_settime(r1, 0x1, &(0x7f00000001c0)={{}, {0x77359400}}, &(0x7f0000000780)) 3.727930581s ago: executing program 3 (id=94): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x6, 0x1e, "d41c85cb217cdd2345f01b776eeec3418a16326510e2ba8cbf6368da0559"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x7}, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x3, 0x1, 0x6}}) 3.375964814s ago: executing program 2 (id=97): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) sched_setattr(0x0, &(0x7f0000000180)={0x40, 0x0, 0x0, 0x2, 0xfffffffc, 0x0, 0x0, 0x4}, 0x0) 3.37580257s ago: executing program 2 (id=98): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000680)={'wlan0\x00'}) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x44, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) 3.37569985s ago: executing program 2 (id=99): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r1, 0x400, 0x0) r2 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) truncate(&(0x7f0000000900)='./file1\x00', 0x24b9) close_range(r0, 0xffffffffffffffff, 0x0) 3.292541836s ago: executing program 2 (id=100): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0xfffffffffffffce2, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x2, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0xe4000, 0x0) ioperm(0xd1df, 0x7, 0x9) openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) 2.116181536s ago: executing program 3 (id=103): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3}) syz_io_uring_setup(0x0, &(0x7f0000000600)={0x0, 0xfffffffe, 0x0, 0x2, 0x256}, &(0x7f0000c57000), 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000080)={&(0x7f00005dd000/0x1000)=nil, 0x1000}) 1.925659565s ago: executing program 1 (id=107): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = dup2(r0, r0) read$FUSE(r1, &(0x7f00000004c0)={0x2020}, 0x2020) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x3) 1.845912127s ago: executing program 1 (id=108): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0}) 1.791425741s ago: executing program 1 (id=109): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x81, 0x0, 0x1, 0x101, 0x0}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, 0x0) 1.790833356s ago: executing program 1 (id=110): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) personality(0x8) 1.719918061s ago: executing program 1 (id=111): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, r0, 0x1, 0x20080, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x87}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) 1.696747608s ago: executing program 1 (id=113): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0) setregid(0x0, 0xee00) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x8031, 0xffffffffffffffff, 0x148a1000) mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0) r3 = syz_usb_connect(0x0, 0x202, 0x0, 0x0) syz_usb_control_io$uac1(r3, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="02c900120200000500"], 0x17) 1.514131909s ago: executing program 0 (id=117): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TESTMODE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="2bbb2dbd3000fddbdf252d00000008000300", @ANYRES32=r3], 0x28}, 0x1, 0x0, 0x0, 0x4011}, 0x810) 1.0518397s ago: executing program 3 (id=118): r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000440)={0x2, 0x1, @remote}, 0x10, &(0x7f0000000280)=[{&(0x7f0000001880)="2a001eb34aaf5d0004985d06e64630a794231c908fd1d77f29c18291a61d856750ddace8be49df7e67d0c34e3e1064b924bc351d16f420a4968b700ec422", 0x3e}], 0x1, 0x0, 0x0, 0xe0000000}, 0x48090) 1.051691316s ago: executing program 0 (id=119): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1b3a, 0x4) sendto$inet(r0, &(0x7f0000000080)='m', 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000004800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000047c0)=""/45, 0x2d}, 0x8}], 0x1, 0x18002, 0x0) 1.051580426s ago: executing program 3 (id=120): syz_open_dev$usbfs(&(0x7f0000000000), 0x76, 0x103381) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x11) getrlimit(0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 1.051493282s ago: executing program 0 (id=121): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0)=0x100000001, 0x4) 139.767746ms ago: executing program 3 (id=122): r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0) finit_module(r0, 0x0, 0x3) 111.973351ms ago: executing program 0 (id=123): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000005c0), 0x2a02) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000600)) 35.929538ms ago: executing program 0 (id=124): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000001c0)={'syz0\x00', {0x9, 0x5, 0x8, 0x2}, 0x15, [0x4, 0xfffffff7, 0x5, 0x80, 0x40, 0x2, 0x808, 0xfffffffd, 0x4ed, 0xffff, 0x1000, 0x598, 0xfff, 0xe5bc, 0xffffffff, 0x9, 0x80000001, 0x9, 0x8001, 0x3, 0x1, 0x3, 0x8, 0x4, 0xabb, 0x9, 0xf6, 0x2, 0xe278, 0x8a, 0x2, 0x2ab1f069, 0xb, 0x9, 0x7, 0x8, 0x6, 0x80000001, 0x4, 0x80000001, 0x4, 0x8000, 0xffffffff, 0x4, 0xfcf, 0x8, 0xffffffff, 0x7ff, 0x6, 0x1, 0x9, 0x5, 0xffffffff, 0x80, 0x80000001, 0x1ff, 0x0, 0x4, 0x2, 0xfffffffa, 0x9, 0x0, 0x5, 0xfffffffd], [0xb, 0x6, 0x8, 0xb6, 0xfffffffa, 0x2, 0xff, 0x1, 0x80000001, 0x1000, 0x0, 0x4, 0x8, 0x9, 0x9, 0x0, 0xf, 0x200, 0x1ff, 0x5, 0x1, 0x3, 0x8000, 0x8000, 0x6, 0x5, 0xa9, 0x7fff, 0x8000, 0x1, 0x4, 0xe, 0x8, 0x2, 0x7b, 0x2b, 0x7df572ac, 0x86bc, 0x2, 0x40, 0x5, 0x7, 0x1, 0x2, 0x7f, 0x81, 0x1, 0x2, 0x8, 0x5, 0x1ff, 0xfffff8d7, 0x9, 0x6, 0x0, 0xfffffffa, 0x3, 0x0, 0x7, 0x9, 0x8, 0x5, 0x6, 0x6], [0xd212, 0xffffffff, 0x112, 0xbc3, 0xf, 0x40, 0x15, 0x800, 0x80000001, 0x65465973, 0x3, 0x800, 0x7, 0x3, 0x1, 0xe, 0xfffffeff, 0xc, 0x8, 0x8001, 0x47, 0x0, 0xc0000, 0x4, 0x3569, 0xac84, 0x3, 0x401, 0x2, 0x28b, 0x100, 0xc, 0xfffff001, 0x10000, 0x76, 0x1, 0x6, 0x8, 0xfd8, 0x0, 0x1000, 0x1f58bc65, 0x400, 0x1ff, 0x8, 0x6, 0x70a5bade, 0x8, 0x6, 0x2, 0x2, 0x8, 0x5, 0x80000000, 0x2f, 0x3, 0x2, 0x10001, 0x8, 0x10001, 0x80000000, 0x8001, 0x5, 0x2], [0x5, 0x0, 0x2, 0x2, 0x3, 0x2, 0x101, 0x8, 0x4, 0x80000000, 0x0, 0x7, 0x8, 0xd978, 0x1, 0x2, 0x8, 0xc88, 0x9, 0x6, 0x4, 0x10001, 0x9, 0x8, 0x9, 0x2, 0x8, 0xff, 0xd, 0x5, 0x6, 0x5, 0x9, 0x0, 0x9, 0x3, 0xfff, 0x6, 0x8, 0x1ff, 0x6, 0x11d2e17b, 0xac1dfa3, 0x3, 0x7, 0x9, 0x9, 0xffff9ba1, 0xdc9, 0x3, 0x9, 0x4, 0xb4, 0xfffffffa, 0xee06, 0x3, 0x8, 0x0, 0x8000, 0x0, 0x6, 0x4fc, 0x9, 0x4]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x10000000000001b) 35.737305ms ago: executing program 2 (id=125): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f00000018c0)={0x28, 0x1, 0x1, 0x201, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_FILTER={0x14, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x80}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x801}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 26.828128ms ago: executing program 0 (id=126): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x4, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) dup(r1) syz_open_dev$tty1(0xc, 0x4, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 0s ago: executing program 2 (id=127): socket(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) open$dir(&(0x7f0000000140)='./file0\x00', 0x500, 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.177' (ED25519) to the list of known hosts. [ 50.759285][ T5847] cgroup: Unknown subsys name 'net' [ 50.899844][ T5847] cgroup: Unknown subsys name 'cpuset' [ 50.906988][ T5847] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 51.950036][ T5847] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.717019][ T5861] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.724917][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.732207][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.739608][ T5870] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.746852][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.748591][ T5869] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.754171][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.761360][ T5869] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.768625][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.775700][ T5868] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.782083][ T5870] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.789139][ T5868] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.796516][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.810071][ T5870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.817643][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.819252][ T5868] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.824862][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.839835][ T5869] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.847702][ T5870] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.858510][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 54.100595][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 54.157015][ T5859] chnl_net:caif_netlink_parms(): no params data found [ 54.218652][ T5857] chnl_net:caif_netlink_parms(): no params data found [ 54.271097][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.278827][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.285941][ T5858] bridge_slave_0: entered allmulticast mode [ 54.292848][ T5858] bridge_slave_0: entered promiscuous mode [ 54.301896][ T5856] chnl_net:caif_netlink_parms(): no params data found [ 54.312863][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.320030][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.327082][ T5858] bridge_slave_1: entered allmulticast mode [ 54.333618][ T5858] bridge_slave_1: entered promiscuous mode [ 54.392825][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.400586][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.407719][ T5859] bridge_slave_0: entered allmulticast mode [ 54.414470][ T5859] bridge_slave_0: entered promiscuous mode [ 54.422329][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.434299][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.441445][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.448559][ T5857] bridge_slave_0: entered allmulticast mode [ 54.454910][ T5857] bridge_slave_0: entered promiscuous mode [ 54.461646][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.468786][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.475837][ T5859] bridge_slave_1: entered allmulticast mode [ 54.482359][ T5859] bridge_slave_1: entered promiscuous mode [ 54.490048][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.507163][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.514328][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.521875][ T5857] bridge_slave_1: entered allmulticast mode [ 54.528340][ T5857] bridge_slave_1: entered promiscuous mode [ 54.572056][ T5858] team0: Port device team_slave_0 added [ 54.579558][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.595518][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.605729][ T5858] team0: Port device team_slave_1 added [ 54.612751][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.621963][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.629302][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.636391][ T5856] bridge_slave_0: entered allmulticast mode [ 54.642997][ T5856] bridge_slave_0: entered promiscuous mode [ 54.650712][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.676153][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.684011][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.691256][ T5856] bridge_slave_1: entered allmulticast mode [ 54.697631][ T5856] bridge_slave_1: entered promiscuous mode [ 54.726854][ T5857] team0: Port device team_slave_0 added [ 54.733441][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.740464][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.767145][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.780048][ T5859] team0: Port device team_slave_0 added [ 54.786564][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.793818][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.819973][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.837154][ T5857] team0: Port device team_slave_1 added [ 54.851301][ T5859] team0: Port device team_slave_1 added [ 54.862051][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.889890][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.896812][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.922939][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.935327][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.944903][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.952029][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.978077][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.990338][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.997265][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.023290][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.034920][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.042023][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.068240][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.110753][ T5856] team0: Port device team_slave_0 added [ 55.117854][ T5856] team0: Port device team_slave_1 added [ 55.131728][ T5858] hsr_slave_0: entered promiscuous mode [ 55.137714][ T5858] hsr_slave_1: entered promiscuous mode [ 55.175218][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.182275][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.208777][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.227495][ T5857] hsr_slave_0: entered promiscuous mode [ 55.233607][ T5857] hsr_slave_1: entered promiscuous mode [ 55.239516][ T5857] debugfs: 'hsr0' already exists in 'hsr' [ 55.245245][ T5857] Cannot create hsr debugfs directory [ 55.256480][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.263520][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.289773][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.313490][ T5859] hsr_slave_0: entered promiscuous mode [ 55.319699][ T5859] hsr_slave_1: entered promiscuous mode [ 55.325488][ T5859] debugfs: 'hsr0' already exists in 'hsr' [ 55.331232][ T5859] Cannot create hsr debugfs directory [ 55.409935][ T5856] hsr_slave_0: entered promiscuous mode [ 55.415860][ T5856] hsr_slave_1: entered promiscuous mode [ 55.421862][ T5856] debugfs: 'hsr0' already exists in 'hsr' [ 55.427574][ T5856] Cannot create hsr debugfs directory [ 55.572223][ T5858] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.586891][ T5858] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.598109][ T5858] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.616932][ T5858] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.641978][ T5857] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.651197][ T5857] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.660655][ T5857] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.677623][ T5857] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.703198][ T5859] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.714224][ T5859] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.727036][ T5859] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.736274][ T5859] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.788069][ T5856] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.797966][ T5856] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.812671][ T5856] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.821955][ T5856] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.893485][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.899539][ T51] Bluetooth: hci1: command tx timeout [ 55.901212][ T5870] Bluetooth: hci2: command tx timeout [ 55.905455][ T51] Bluetooth: hci0: command tx timeout [ 55.911910][ T5863] Bluetooth: hci3: command tx timeout [ 55.928051][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.949491][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.973242][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.982616][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.993485][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.009749][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.016806][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.025615][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.032686][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.041834][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.048888][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.062724][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.069812][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.085325][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.092389][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.106192][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.131502][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.138644][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.153224][ T5858] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.163957][ T5858] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.190525][ T5856] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.221729][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.228832][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.240906][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.247988][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.364896][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.421071][ T5858] veth0_vlan: entered promiscuous mode [ 56.439607][ T5858] veth1_vlan: entered promiscuous mode [ 56.484167][ T5858] veth0_macvtap: entered promiscuous mode [ 56.526961][ T5858] veth1_macvtap: entered promiscuous mode [ 56.556910][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.576992][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.586193][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.604349][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.615272][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.632779][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.641688][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.659117][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.667802][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.689594][ T5859] veth0_vlan: entered promiscuous mode [ 56.713647][ T5859] veth1_vlan: entered promiscuous mode [ 56.752025][ T5857] veth0_vlan: entered promiscuous mode [ 56.763598][ T5856] veth0_vlan: entered promiscuous mode [ 56.769988][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.777573][ T5857] veth1_vlan: entered promiscuous mode [ 56.784997][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.792215][ T5859] veth0_macvtap: entered promiscuous mode [ 56.812686][ T5859] veth1_macvtap: entered promiscuous mode [ 56.829901][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.830814][ T5856] veth1_vlan: entered promiscuous mode [ 56.843320][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.864922][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.881287][ T5858] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.884795][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.930419][ T59] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.949675][ T59] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.961989][ T5857] veth0_macvtap: entered promiscuous mode [ 56.972033][ T59] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.980898][ T59] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.990795][ T5857] veth1_macvtap: entered promiscuous mode [ 57.012293][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.024310][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.041296][ T5856] veth0_macvtap: entered promiscuous mode [ 57.055098][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.065713][ T5856] veth1_macvtap: entered promiscuous mode [ 57.080770][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.089713][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.106061][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.118080][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.129024][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.136296][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.144885][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.167384][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.176181][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.185892][ T5926] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 57.207143][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.217172][ T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.226746][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.234711][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.303756][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.313662][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.326722][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.335590][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.362207][ T5926] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 57.391892][ T5926] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 57.420183][ T1111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.421320][ T5926] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 57.428002][ T1111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.438725][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 57.454004][ T5926] usb 3-1: SerialNumber: syz [ 57.516471][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.535929][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.796846][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.978495][ T5870] Bluetooth: hci0: command tx timeout [ 57.984047][ T5870] Bluetooth: hci1: command tx timeout [ 57.991823][ T5863] Bluetooth: hci2: command tx timeout [ 57.997370][ T5863] Bluetooth: hci3: command tx timeout [ 58.089139][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 58.089460][ T5926] usb 3-1: 0:2 : does not exist [ 58.120452][ T5926] usb 3-1: USB disconnect, device number 2 [ 58.184014][ T5873] udevd[5873]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 58.207494][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 58.671401][ T5973] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 59.243214][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 59.252062][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 59.260594][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 59.608303][ T43] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 59.768901][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 59.799049][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 59.828076][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 59.862790][ T43] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 59.903549][ T43] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 59.931467][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.975145][ T43] usb 4-1: config 0 descriptor?? [ 60.058822][ T5870] Bluetooth: hci1: command tx timeout [ 60.087716][ T5863] Bluetooth: hci3: command tx timeout [ 60.093167][ T5870] Bluetooth: hci2: command tx timeout [ 60.099061][ T5863] Bluetooth: hci0: command tx timeout [ 60.372274][ T6023] capability: warning: `syz.1.31' uses deprecated v2 capabilities in a way that may be insecure [ 60.407203][ T43] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 60.424955][ T43] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 60.436019][ T43] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 60.453908][ T43] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 60.468982][ T43] microsoft 0003:045E:07DA.0001: reserved main item tag 0xe [ 60.481827][ T43] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 60.494668][ T43] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 60.512737][ T43] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 60.535630][ T43] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 60.548255][ T43] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 60.558355][ T5926] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 60.571094][ T43] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 60.581205][ T43] microsoft 0003:045E:07DA.0001: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 60.594616][ T43] microsoft 0003:045E:07DA.0001: no inputs found [ 60.603095][ T43] microsoft 0003:045E:07DA.0001: could not initialize ff, continuing anyway [ 60.642973][ T43] usb 4-1: USB disconnect, device number 2 [ 60.684025][ T6035] fido_id[6035]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 60.734638][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 60.748980][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 60.768420][ T5926] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 60.781580][ T5912] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 60.792637][ T5926] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 60.802230][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.817835][ T5926] usb 3-1: config 0 descriptor?? [ 60.958359][ T5912] usb 1-1: Using ep0 maxpacket: 32 [ 60.974648][ T5912] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 60.982915][ T5912] usb 1-1: config 0 has no interface number 0 [ 60.990636][ T5912] usb 1-1: config 0 interface 184 has no altsetting 0 [ 61.000042][ T5912] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 61.010646][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.019752][ T5912] usb 1-1: Product: syz [ 61.023940][ T5912] usb 1-1: Manufacturer: syz [ 61.029063][ T5912] usb 1-1: SerialNumber: syz [ 61.037432][ T5912] usb 1-1: config 0 descriptor?? [ 61.044232][ T5912] smsc75xx v1.0.0 [ 61.205647][ T6059] tmpfs: Unknown parameter 'trans' [ 61.263039][ T5926] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 61.628199][ T43] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 61.650528][ T5912] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 61.662486][ T5912] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 61.778799][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 61.786640][ T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.799909][ T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.809672][ T43] usb 2-1: config 0 interface 0 has no altsetting 0 [ 61.816272][ T43] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 61.826347][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.835518][ T43] usb 2-1: config 0 descriptor?? [ 61.860481][ C1] plantronics 0003:047F:FFFF.0002: hid_field_extract() called with n (132) > 32! (swapper/1) [ 61.873043][ T5912] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 61.884199][ T5912] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 61.894090][ T5912] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 61.912885][ T5912] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 61.932367][ T5912] usb 1-1: USB disconnect, device number 2 [ 62.073138][ T5860] usb 3-1: USB disconnect, device number 3 [ 62.138251][ T51] Bluetooth: hci2: command 0x0419 tx timeout [ 62.140273][ T5870] Bluetooth: hci3: command tx timeout [ 62.144812][ T5869] Bluetooth: hci0: command tx timeout [ 62.238240][ T5926] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 62.392317][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 62.403418][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 62.414258][ T5926] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 62.428783][ T5926] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 62.437817][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.447446][ T5926] usb 4-1: config 0 descriptor?? [ 62.453885][ T5906] usb 2-1: USB disconnect, device number 2 [ 62.649333][ T43] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 62.729966][ T6092] syz.2.61 uses obsolete (PF_INET,SOCK_PACKET) [ 62.808206][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 62.815454][ T43] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 62.823916][ T43] usb 1-1: config 0 has no interface number 0 [ 62.830134][ T43] usb 1-1: config 0 interface 184 has no altsetting 0 [ 62.840201][ T43] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 62.849305][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.857286][ T43] usb 1-1: Product: syz [ 62.861552][ T43] usb 1-1: Manufacturer: syz [ 62.866142][ T43] usb 1-1: SerialNumber: syz [ 62.873493][ T43] usb 1-1: config 0 descriptor?? [ 62.883255][ T5926] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 62.897420][ T43] smsc75xx v1.0.0 [ 63.001679][ T6102] binder: 6101:6102 ioctl c0306201 0 returned -14 [ 63.130037][ T5860] usb 4-1: USB disconnect, device number 3 [ 63.139482][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 63.430897][ T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 63.439630][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 63.599444][ T24] usb 3-1: config 0 has an invalid interface number: 95 but max is 0 [ 63.607573][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 63.617713][ T24] usb 3-1: config 0 has no interface number 0 [ 63.623826][ T24] usb 3-1: config 0 interface 95 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 63.635143][ T24] usb 3-1: config 0 interface 95 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 63.652082][ T24] usb 3-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46 [ 63.667875][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.676209][ T24] usb 3-1: Product: syz [ 63.681868][ T24] usb 3-1: Manufacturer: syz [ 63.686483][ T24] usb 3-1: SerialNumber: syz [ 63.700921][ T24] usb 3-1: config 0 descriptor?? [ 63.758216][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 63.907704][ T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 63.932959][ T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 63.944766][ T24] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 63.951917][ T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 63.963213][ T24] usb 3-1: MIDIStreaming interface descriptor not found [ 63.975482][ T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 63.987713][ T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 64.004584][ T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 64.030611][ T24] usb 3-1: USB disconnect, device number 4 [ 64.049205][ T43] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 64.070294][ T43] usb 1-1: USB disconnect, device number 3 [ 64.095107][ T5867] udevd[5867]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.95/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 64.230191][ T5869] Bluetooth: hci2: command 0x0419 tx timeout [ 64.318181][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 64.738250][ T43] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 64.833082][ T30] audit: type=1326 audit(1756518409.276:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a418ebe9 code=0x7ffc0000 [ 64.856902][ T30] audit: type=1326 audit(1756518409.276:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a418ebe9 code=0x7ffc0000 [ 64.880067][ T30] audit: type=1326 audit(1756518409.276:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a418ebe9 code=0x7ffc0000 [ 64.902149][ T5906] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 64.904643][ T30] audit: type=1326 audit(1756518409.276:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a418ebe9 code=0x7ffc0000 [ 64.933072][ T30] audit: type=1326 audit(1756518409.276:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fc7a418ebe9 code=0x7ffc0000 [ 64.955638][ T43] usb 3-1: config index 0 descriptor too short (expected 3133, got 61) [ 64.963979][ T30] audit: type=1326 audit(1756518409.276:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a418ebe9 code=0x7ffc0000 [ 64.964056][ T43] usb 3-1: config 0 has an invalid interface number: 156 but max is 1 [ 64.987846][ T30] audit: type=1326 audit(1756518409.276:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a418ebe9 code=0x7ffc0000 [ 65.016700][ T30] audit: type=1326 audit(1756518409.276:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a418ebe9 code=0x7ffc0000 [ 65.028692][ T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 65.039097][ T30] audit: type=1326 audit(1756518409.276:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a418ebe9 code=0x7ffc0000 [ 65.052254][ T43] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 65.072668][ T30] audit: type=1326 audit(1756518409.276:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fc7a418ebe9 code=0x7ffc0000 [ 65.082648][ T43] usb 3-1: config 0 has no interface number 0 [ 65.102384][ T5906] usb 1-1: Using ep0 maxpacket: 16 [ 65.109857][ T43] usb 3-1: config 0 interface 156 altsetting 0 has an endpoint descriptor with address 0xF5, changing to 0x85 [ 65.115004][ T5906] usb 1-1: config 0 has an invalid interface number: 214 but max is 0 [ 65.125727][ T43] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 65.135032][ T5906] usb 1-1: config 0 has no interface number 0 [ 65.143888][ T43] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 65.150656][ T5906] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 65.160951][ T43] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 65.177934][ T5906] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 65.182439][ T43] usb 3-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 65.204056][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.204230][ T43] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 65.221471][ T5906] usb 1-1: Product: syz [ 65.221486][ T5906] usb 1-1: Manufacturer: syz [ 65.225814][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.238222][ T5906] usb 1-1: SerialNumber: syz [ 65.240382][ T43] usb 3-1: config 0 descriptor?? [ 65.250621][ T43] gspca_main: spca561-2.14.0 probing abcd:cdee [ 65.256627][ T5906] usb 1-1: config 0 descriptor?? [ 65.454361][ T43] spca561 3-1:0.156: probe with driver spca561 failed with error -22 [ 65.463353][ T43] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 65.471199][ T43] usb 3-1: MIDIStreaming interface descriptor not found [ 65.492652][ T43] usb 3-1: USB disconnect, device number 5 [ 65.866949][ T5906] usbtouchscreen 1-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 65.879157][ T5906] usb 1-1: USB disconnect, device number 4 [ 65.978191][ T5926] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 66.128363][ T5926] usb 4-1: Using ep0 maxpacket: 32 [ 66.134994][ T5926] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.146151][ T5926] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.162429][ T5926] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 66.171810][ T5926] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 66.180637][ T5926] usb 4-1: Product: syz [ 66.186220][ T5926] usb 4-1: Manufacturer: syz [ 66.194759][ T5926] hub 4-1:4.0: USB hub found [ 66.395178][ T6186] 9p: Unknown parameter 'k' [ 66.402884][ T5926] hub 4-1:4.0: 2 ports detected [ 66.429431][ T5906] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 66.588248][ T5906] usb 3-1: Using ep0 maxpacket: 32 [ 66.594871][ T5906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.606108][ T5906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.615897][ T5906] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 66.626292][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.635482][ T5906] usb 3-1: config 0 descriptor?? [ 66.641962][ T5906] hub 3-1:0.0: USB hub found [ 66.668240][ T24] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 66.820445][ T24] usb 1-1: unable to get BOS descriptor or descriptor too short [ 66.828585][ T5926] hub 4-1:4.0: set hub depth failed [ 66.828635][ T24] usb 1-1: not running at top speed; connect to a high speed hub [ 66.839747][ T5926] usb 4-1: USB disconnect, device number 4 [ 66.851554][ T5906] hub 3-1:0.0: 1 port detected [ 66.857252][ T24] usb 1-1: config 129 has an invalid interface number: 135 but max is 0 [ 66.867119][ T24] usb 1-1: config 129 has an invalid interface number: 5 but max is 0 [ 66.875345][ T24] usb 1-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 66.884999][ T24] usb 1-1: config 129 has no interface number 0 [ 66.891591][ T24] usb 1-1: config 129 has no interface number 1 [ 66.897861][ T24] usb 1-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 66.911514][ T24] usb 1-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30 [ 66.922822][ T24] usb 1-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 66.936046][ T24] usb 1-1: config 129 interface 135 has no altsetting 0 [ 66.943033][ T24] usb 1-1: config 129 interface 5 has no altsetting 0 [ 66.951816][ T24] usb 1-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00 [ 66.960884][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.968893][ T24] usb 1-1: Product: syz [ 66.973041][ T24] usb 1-1: Manufacturer: syz [ 66.977619][ T24] usb 1-1: SerialNumber: syz [ 67.193637][ T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 67.200664][ T24] usb 1-1: MIDIStreaming interface descriptor not found [ 67.219732][ T24] usb 1-1: USB disconnect, device number 5 [ 67.254497][ T5872] udevd[5872]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:129.5/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 67.807727][ T6220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.114'. [ 67.943091][ T5906] hub 3-1:0.0: hub_hub_status failed (err = -32) [ 67.956301][ T5906] hub 3-1:0.0: config failed, can't get hub status (err -32) [ 67.968293][ T5906] usbhid 3-1:0.0: can't add hid device: -32 [ 67.971089][ T6227] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 67.974237][ T5906] usbhid 3-1:0.0: probe with driver usbhid failed with error -32 [ 68.054776][ T5869] Bluetooth: Frame is too long (len 18, expected len 4) [ 69.506459][ T6248] ------------[ cut here ]------------ [ 69.518410][ T24] usb 3-1: USB disconnect, device number 6 [ 69.528215][ T6248] UBSAN: shift-out-of-bounds in fs/9p/vfs_super.c:57:22 [ 69.535163][ T6248] shift exponent 32 is too large for 32-bit type 'int' [ 69.568933][ T6248] CPU: 1 UID: 0 PID: 6248 Comm: syz.2.127 Not tainted syzkaller #0 PREEMPT(full) [ 69.568955][ T6248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 69.568967][ T6248] Call Trace: [ 69.568973][ T6248] [ 69.568980][ T6248] dump_stack_lvl+0x189/0x250 [ 69.569011][ T6248] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.569035][ T6248] ? __pfx__printk+0x10/0x10 [ 69.569062][ T6248] ubsan_epilogue+0xa/0x40 [ 69.569080][ T6248] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 69.569103][ T6248] ? __pfx_v9fs_set_super+0x10/0x10 [ 69.569122][ T6248] v9fs_get_tree+0x957/0xa90 [ 69.569141][ T6248] ? __pfx_v9fs_get_tree+0x10/0x10 [ 69.569161][ T6248] vfs_get_tree+0x8f/0x2b0 [ 69.569179][ T6248] do_new_mount+0x2a2/0xa30 [ 69.569198][ T6248] ? ns_capable+0x8a/0xf0 [ 69.569218][ T6248] ? __pfx_do_new_mount+0x10/0x10 [ 69.569235][ T6248] ? path_mount+0x61c/0xfe0 [ 69.569250][ T6248] ? user_path_at+0x44/0x60 [ 69.569274][ T6248] __se_sys_mount+0x317/0x410 [ 69.569293][ T6248] ? __pfx___se_sys_mount+0x10/0x10 [ 69.569312][ T6248] ? rcu_is_watching+0x15/0xb0 [ 69.569329][ T6248] ? __x64_sys_mount+0x20/0xc0 [ 69.569347][ T6248] do_syscall_64+0xfa/0xfa0 [ 69.569367][ T6248] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.569383][ T6248] ? clear_bhb_loop+0x60/0xb0 [ 69.569401][ T6248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.569416][ T6248] RIP: 0033:0x7ff943f8ebe9 [ 69.569442][ T6248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.569457][ T6248] RSP: 002b:00007ff944d7a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.569476][ T6248] RAX: ffffffffffffffda RBX: 00007ff9441c5fa0 RCX: 00007ff943f8ebe9 [ 69.569489][ T6248] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000 [ 69.569501][ T6248] RBP: 00007ff944011e19 R08: 0000200000000580 R09: 0000000000000000 [ 69.569513][ T6248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.569523][ T6248] R13: 00007ff9441c6038 R14: 00007ff9441c5fa0 R15: 00007ffc2ecc8638 [ 69.569543][ T6248] [ 69.570161][ T6248] ---[ end trace ]--- [ 69.788004][ T6248] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 69.795219][ T6248] CPU: 1 UID: 0 PID: 6248 Comm: syz.2.127 Not tainted syzkaller #0 PREEMPT(full) [ 69.804411][ T6248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 69.814455][ T6248] Call Trace: [ 69.817718][ T6248] [ 69.820631][ T6248] dump_stack_lvl+0x99/0x250 [ 69.825212][ T6248] ? __asan_memcpy+0x40/0x70 [ 69.829788][ T6248] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.834971][ T6248] ? __pfx__printk+0x10/0x10 [ 69.839551][ T6248] vpanic+0x281/0x750 [ 69.843536][ T6248] ? __pfx_vpanic+0x10/0x10 [ 69.848036][ T6248] panic+0xb9/0xc0 [ 69.851744][ T6248] ? __pfx_panic+0x10/0x10 [ 69.856142][ T6248] ? __pfx__printk+0x10/0x10 [ 69.860721][ T6248] check_panic_on_warn+0x89/0xb0 [ 69.865646][ T6248] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 69.872048][ T6248] ? __pfx_v9fs_set_super+0x10/0x10 [ 69.877232][ T6248] v9fs_get_tree+0x957/0xa90 [ 69.881808][ T6248] ? __pfx_v9fs_get_tree+0x10/0x10 [ 69.886909][ T6248] vfs_get_tree+0x8f/0x2b0 [ 69.891310][ T6248] do_new_mount+0x2a2/0xa30 [ 69.895803][ T6248] ? ns_capable+0x8a/0xf0 [ 69.900119][ T6248] ? __pfx_do_new_mount+0x10/0x10 [ 69.905127][ T6248] ? path_mount+0x61c/0xfe0 [ 69.909611][ T6248] ? user_path_at+0x44/0x60 [ 69.914102][ T6248] __se_sys_mount+0x317/0x410 [ 69.918766][ T6248] ? __pfx___se_sys_mount+0x10/0x10 [ 69.923949][ T6248] ? rcu_is_watching+0x15/0xb0 [ 69.928703][ T6248] ? __x64_sys_mount+0x20/0xc0 [ 69.933455][ T6248] do_syscall_64+0xfa/0xfa0 [ 69.937942][ T6248] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.943987][ T6248] ? clear_bhb_loop+0x60/0xb0 [ 69.948649][ T6248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.954521][ T6248] RIP: 0033:0x7ff943f8ebe9 [ 69.958916][ T6248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.978507][ T6248] RSP: 002b:00007ff944d7a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.986910][ T6248] RAX: ffffffffffffffda RBX: 00007ff9441c5fa0 RCX: 00007ff943f8ebe9 [ 69.994866][ T6248] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000 [ 70.002822][ T6248] RBP: 00007ff944011e19 R08: 0000200000000580 R09: 0000000000000000 [ 70.010783][ T6248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.018743][ T6248] R13: 00007ff9441c6038 R14: 00007ff9441c5fa0 R15: 00007ffc2ecc8638 [ 70.026707][ T6248] [ 70.029933][ T6248] Kernel Offset: disabled [ 70.034237][ T6248] Rebooting in 86400 seconds..