last executing test programs: 1m47.970955679s ago: executing program 4 (id=21606): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x491f}]}]}], {0x14}}, 0x68}}, 0x2000c044) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x2c, 0x17, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) 1m47.869121373s ago: executing program 4 (id=21608): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000440)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000280)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2, r1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f0000000380)=[r1], &(0x7f00000003c0)=[0x2], &(0x7f0000000100)=[r2], &(0x7f0000000180)=[0x31], 0x0, 0x8000000000009}) 1m47.746447017s ago: executing program 4 (id=21613): io_setup(0x5, &(0x7f0000000240)=0x0) r1 = inotify_init() io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x8, r1, 0x0, 0x0, 0x0, 0x0, 0x2}]) inotify_add_watch(r1, &(0x7f0000000340)='.\x00', 0xa50003d1) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) 1m47.589225118s ago: executing program 4 (id=21617): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x44000, 0x0) 1m46.695791907s ago: executing program 4 (id=21627): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x14, 0x30, 0x9e54f29ff072a93b}, 0x14}}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 1m46.244892109s ago: executing program 4 (id=21629): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000003c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 1m45.763696633s ago: executing program 32 (id=21629): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000003c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 1m30.132910649s ago: executing program 5 (id=21756): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000100)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@igmp={{0x8, 0x4, 0x1, 0x6, 0x43, 0x68, 0x0, 0xff, 0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@rr={0x7, 0xb, 0x8b, [@private=0xa010102, @multicast2]}]}}, {0x14, 0x1, 0x0, @local, "c6975072cfd871f86f2dc034f64abd929ce0cc1d27cc836ac76570"}}}, 0x51) 1m29.696408593s ago: executing program 5 (id=21758): r0 = syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00') fcntl$setstatus(r0, 0x4, 0x40800) r1 = syz_io_uring_setup(0x616f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x10100, 0x200, 0x1}, &(0x7f0000000380)=0x0, &(0x7f0000000300)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6000, @fd=r0, 0x792, &(0x7f0000000140)=[{&(0x7f0000000000)=""/4, 0x4}, {0x0}], 0x2}) io_uring_enter(r1, 0x567, 0x1000a387, 0x0, 0x0, 0x0) 1m29.459083765s ago: executing program 5 (id=21762): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 1m29.175062171s ago: executing program 5 (id=21765): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000340)='./file0\x00', 0x8) 1m28.225690796s ago: executing program 5 (id=21779): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r1, @in={{0x2, 0x0, @empty}}, 0x0, 0x10, 0x0, 0x0, 0xce024d}, 0x9c) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={r1, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0xffff, 0x0, 0xfffffffe, 0x693fffd, 0x80, 0x9}, &(0x7f0000000380)=0x9c) 1m27.972900392s ago: executing program 5 (id=21782): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0xa, 0x922000000003, 0x11) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0xc) syz_usb_connect(0x0, 0x62, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d2406010103020001000600060924030505030605810924030601030405050724", @ANYRES8=r0], 0x0) 1m27.57030443s ago: executing program 33 (id=21782): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0xa, 0x922000000003, 0x11) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0xc) syz_usb_connect(0x0, 0x62, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d2406010103020001000600060924030505030605810924030601030405050724", @ANYRES8=r0], 0x0) 6.444861216s ago: executing program 6 (id=22706): setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x2, 0x4, 0x3d0, 0x0, 0x200, 0x110, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @rand_addr, @empty}}}, {{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30}}, {{@arp={@remote, @dev, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0\x00', 'ip6tnl0\x00'}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xe0}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x420) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x1a7a40) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x4, 0x48dd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac100875397bdb22d0000b420a1a93c9e01177d3d058dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x100000000, 0x7]}}) 6.229991152s ago: executing program 6 (id=22709): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x2, 0x101, 0x4}) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000280)={0x3, r2, 0x1, 0xffff, 0xa, 0x1ff, 0x1}) 6.064424647s ago: executing program 6 (id=22710): sched_setaffinity(0x0, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0) 5.913020025s ago: executing program 6 (id=22713): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUSAGES(r1, 0xd01c4813, &(0x7f0000001580)={{0x3, 0xffffffff, 0xfffffffe, 0x2, 0x10, 0x7ff}, 0x172, [0x9, 0xfe, 0x821, 0x2, 0x0, 0x7, 0x6, 0x46, 0x3, 0x7, 0x401, 0x3, 0x2, 0x7, 0x6, 0xd, 0x7, 0x3, 0xfffffff7, 0x5d, 0x8, 0x1, 0x30000, 0x1, 0x0, 0x4, 0x5, 0x9, 0x9, 0x8000000, 0x3, 0xfffffffc, 0x5, 0x2, 0x5, 0x10001, 0xedc4, 0xfffffffb, 0xc, 0x7, 0x9, 0x0, 0xfffffff8, 0x4, 0x85, 0x2, 0x5, 0x1, 0x2, 0x6, 0x9, 0x800, 0xb, 0x5, 0x3, 0x2, 0x2b, 0x2c34, 0x7, 0xdab8, 0xffff, 0x3585, 0x9, 0x5, 0x4, 0x8, 0x0, 0xb, 0x9, 0x4, 0xe70, 0x1, 0x7, 0x0, 0xfffffffd, 0x0, 0x2, 0xc, 0x3ff, 0x8, 0x1, 0x0, 0x8, 0x48b, 0x1, 0x8, 0x5, 0x6, 0x448, 0x6, 0x6, 0xffffffff, 0xe45c, 0xab74, 0x100, 0x7, 0x80000001, 0x8000000, 0x7, 0x0, 0x0, 0x6, 0xfffffff9, 0xb4d, 0xbd, 0xffff, 0x9, 0xfffffd49, 0x2, 0x5, 0x1, 0xfffff6d5, 0x9, 0x4, 0x5, 0xf, 0x3, 0x2000400, 0xe, 0x4800000, 0x7, 0x9, 0x6, 0xfffffff8, 0x8, 0x3, 0x5, 0x0, 0x8, 0xa2, 0xfffffffd, 0xfffffff9, 0x8, 0x3, 0x200, 0xd, 0x6, 0x0, 0x1, 0x0, 0x1, 0x1, 0x10, 0x6, 0x7ff, 0xd, 0x2, 0x5, 0x10000, 0xfffffffe, 0x81, 0x6, 0x0, 0x7fff, 0x1, 0x0, 0x7, 0x9f, 0x6, 0x7, 0x1, 0x8, 0x2, 0x2027, 0x8000, 0x8, 0x5, 0x5c79, 0x9, 0x4, 0x7, 0x3d, 0x53, 0xffffffff, 0xfffffff7, 0x2, 0x8, 0x6, 0x37, 0x3ff, 0x1, 0x7, 0x10001, 0x0, 0xffff, 0x500000, 0x40000000, 0x6, 0xfffffffe, 0x1, 0x9, 0x5, 0x966e, 0x1, 0xfffffffe, 0x0, 0x10000, 0x0, 0x2, 0x9, 0xb7a, 0x9, 0x2, 0x5, 0xa1c3, 0x80, 0x6, 0x9, 0x3, 0x0, 0x10, 0x9, 0x200, 0xa6, 0x2, 0x703e, 0x9, 0x0, 0x6, 0x7ff, 0x7ff, 0x4, 0x2, 0xfffffffb, 0x8a, 0x100, 0x4, 0x0, 0x80000000, 0x5, 0x4, 0x5, 0x6, 0x6, 0x3, 0x2dfb68ba, 0x3, 0x6, 0x5, 0x9, 0x9, 0x8, 0x7, 0x15, 0x8, 0x5, 0x238, 0xd5, 0xb3f1, 0x5, 0xdf, 0x6a4a1f7, 0x0, 0x0, 0x10, 0x8, 0x5, 0xe527, 0xf0d3, 0x5, 0x5, 0x0, 0xcd9, 0x8000, 0x7, 0x1, 0xffffffff, 0xfffffff9, 0x7, 0x3, 0x6a79, 0x5, 0x2, 0x2, 0x0, 0x3, 0x1, 0x6, 0xfffffffe, 0x5, 0x6, 0xd7, 0x4, 0x4, 0x1, 0x6, 0x4, 0xac5, 0x9, 0x5, 0xcc, 0x1, 0x3, 0x7, 0xf1f7, 0x4, 0x7, 0xb5ad, 0x74c36f13, 0xc89, 0x2, 0xbf, 0x1, 0x3da, 0x0, 0xffff, 0x7, 0x5, 0x8, 0x4, 0x7, 0x2, 0x5, 0x6, 0x80, 0x0, 0x17, 0x81, 0x4, 0x3, 0xfffffff7, 0x7, 0x0, 0x80000000, 0xa9, 0x7, 0x0, 0x1, 0x4, 0x10001, 0x5b8e, 0x7fffffff, 0x97, 0xb, 0x7, 0x9, 0x3, 0x4, 0x8, 0x6, 0x4, 0x2, 0x4, 0x8000000, 0x0, 0xd8b4, 0x2, 0x2, 0xbbf2, 0x800, 0x5, 0x2, 0x8, 0x2, 0x5f, 0xfd9c, 0x3cfa, 0x1, 0x2, 0x7, 0x5a6, 0x8, 0x8, 0xfffffff1, 0x0, 0x669ccda, 0xff, 0x9, 0x71c5, 0x6, 0x7, 0xff, 0x6, 0x5, 0xe232, 0x40, 0xa, 0xb4f8, 0x8, 0x9, 0x3, 0xd38e, 0x1ff, 0x7, 0x54a8, 0xc, 0xfffffff8, 0x1, 0x4, 0x1, 0x3bd, 0x6, 0xffffffff, 0x7f, 0x4, 0x6, 0x1, 0x0, 0xd, 0xe35, 0x3aa03290, 0x2, 0x9, 0x0, 0x4, 0x5, 0x200, 0x9, 0x1, 0xe3, 0xa, 0x7fffffff, 0x7, 0x7, 0x5, 0x7, 0x1, 0x7, 0x8, 0x4, 0x0, 0x7b6, 0x0, 0x6, 0x2, 0xe0, 0x3, 0x8, 0x0, 0x3, 0xc, 0x1, 0x6, 0x0, 0xb, 0x3ff, 0x80000, 0x5, 0x4, 0x4, 0x7, 0x3, 0x1, 0x4f3aff91, 0x83, 0x7f, 0x800, 0x4, 0xfff, 0x4, 0x80000000, 0x8, 0x5, 0x6, 0x2, 0x1, 0x80000000, 0x976, 0xe3, 0x2ea31eba, 0xffffffff, 0x9, 0x2, 0x7, 0xfffffff8, 0x10, 0x9, 0x8000, 0x7, 0x0, 0x6, 0xffffffff, 0x6db, 0x0, 0x8, 0x2, 0x7, 0x2, 0x3, 0xf, 0x4, 0xe9c7, 0x2, 0x7f, 0x73, 0xd2, 0x5, 0x1, 0x2, 0x9, 0x101, 0xef, 0x649, 0x100, 0x8, 0x7ff, 0x10, 0x1, 0x9, 0x2, 0x6a, 0x3, 0x1, 0x100, 0x8, 0x1, 0x7, 0x9, 0x24, 0xfff, 0x3, 0x0, 0xf, 0x8, 0xcc, 0xfff, 0x22, 0x7, 0x10001, 0x7ff, 0xcf12, 0x9, 0x542, 0x10, 0x400, 0x8001, 0x5, 0x197, 0xeafa, 0x5, 0x64c, 0x0, 0x8, 0x1000, 0xd2, 0xff, 0xfffffffb, 0x2d, 0x3, 0x6, 0x8000, 0x7fffffff, 0x98c, 0x6, 0x4, 0x8, 0x2, 0x455, 0x2, 0x6, 0xcb5, 0x800, 0x981, 0x0, 0x5, 0x3621, 0x7fff, 0x9, 0x4, 0x7, 0x5, 0x3, 0x4, 0x0, 0xfc, 0x7, 0x1, 0x1, 0x5, 0x6ead, 0x7, 0x6, 0x360, 0x81, 0x2, 0x13400, 0xfff, 0x6, 0xfffffffc, 0x4, 0x800, 0x1, 0x7, 0x6, 0x1, 0x17e, 0x4, 0x9, 0x5, 0x1, 0x9, 0x1, 0xf15, 0x8, 0x401, 0x9, 0x401, 0x6, 0x1, 0x8001, 0x400, 0x5, 0x0, 0x2, 0x26b, 0x5, 0x7, 0xf, 0x8, 0x0, 0x9, 0x7fff, 0x9, 0x2, 0x1, 0x9, 0x3, 0xc9, 0x400, 0x5, 0x2, 0x1f, 0x2, 0xf, 0x40, 0x8, 0x6, 0x5, 0xcf, 0x8001, 0x30, 0x98, 0x2, 0x3b0, 0x2f9df6e1, 0x10, 0x401, 0xfffffffb, 0x6, 0xfffffffb, 0x6, 0x7, 0x47e1, 0x8, 0xfffffff9, 0x2, 0x10, 0x1, 0x5, 0x0, 0x8, 0xff, 0x0, 0x4, 0x682b, 0x82, 0x0, 0xfffffffe, 0x7, 0x8, 0x78c3, 0x2, 0x4d, 0xd95, 0x80e9, 0xd, 0x7e, 0x1, 0x3, 0x9, 0x10001, 0x3, 0x53, 0x1, 0x7, 0xfff, 0x2, 0xffffffba, 0x9, 0x3, 0x4, 0x8, 0x1, 0x523, 0x7, 0x7fff, 0xc, 0x6, 0x7, 0x1, 0x101, 0x7, 0x59aa284c, 0x3, 0x1, 0xd, 0xfffff800, 0x5, 0x46aa, 0x7, 0x5, 0x6, 0x1, 0x12, 0x9, 0x9, 0x5, 0x4, 0x4, 0x80, 0x4, 0x2, 0x8, 0x3ff, 0x9, 0x401, 0x3, 0x4, 0xd, 0x0, 0x0, 0x5ba, 0x204000, 0x3, 0x5, 0x9, 0xfffffff9, 0x1ff, 0x7fffffff, 0x3, 0x8, 0x6e5, 0x8, 0xa1, 0x3ff, 0x5, 0xbb22, 0xbe, 0x8, 0x1, 0x2, 0x3, 0x1a3b71d0, 0x6, 0xf, 0x5, 0xfffffffc, 0x3, 0x5, 0xdc4e, 0x80000001, 0x2, 0x7, 0x1, 0x4, 0x3, 0x10001, 0x2, 0xffffffff, 0x5, 0x401, 0x6, 0x0, 0x7, 0x3, 0x3, 0x4, 0xffffff26, 0x3, 0x4cd, 0x2, 0xffffffff, 0x8, 0x5, 0x70, 0x1, 0x1, 0x8, 0x8, 0x8, 0xc1b, 0x7fff, 0x2, 0x3, 0x100, 0x6b3, 0x132d, 0x894, 0x84e, 0x4, 0x5, 0x9, 0x6, 0x4, 0x86bf, 0x7, 0x6, 0x5339, 0x4, 0x81, 0xf, 0x2, 0xfffffffe, 0xb7da, 0x1, 0x2, 0x1, 0x3, 0x8, 0x8, 0x6, 0xfff, 0xffffffff, 0x7, 0x7, 0xffffffff, 0xf25, 0x400, 0xffff, 0x9, 0xffff, 0x7, 0x3, 0x4, 0x5, 0x101, 0x0, 0x1, 0x2, 0xfff, 0x3, 0x6, 0x4, 0x1, 0x2, 0x40, 0x69, 0x7, 0x9, 0x0, 0x70cecd6, 0x80, 0x80000000, 0x1, 0x115, 0x7, 0x8, 0x5, 0x7, 0x3, 0x200, 0x5, 0x40, 0x101, 0x1, 0x6, 0x2, 0x6, 0xef36, 0xa, 0x6, 0x834, 0x3, 0x1, 0x34c17020, 0xb63, 0x2, 0x80000000, 0x7, 0x1, 0x5, 0x7, 0x4, 0x4, 0x2, 0x9, 0x4, 0x1, 0x1, 0x2, 0xa, 0x0, 0x6, 0x80000000, 0x4, 0x7, 0x8001, 0x5, 0x0, 0x9, 0xfffffff7, 0x8, 0xfffffff6, 0x1, 0x8, 0x3, 0xe2c, 0x6, 0x9, 0x81, 0x9, 0x80000001, 0x7, 0x6, 0xb1, 0x7f, 0xfffffff9, 0xe, 0x4, 0x4, 0x1, 0x78000, 0x3, 0x3, 0x2, 0x0, 0x3, 0x3, 0xb915, 0x3, 0x8, 0x6, 0x6, 0x6, 0x0, 0x7, 0x4, 0x6, 0x1, 0x7, 0x0, 0x400, 0x2, 0x4, 0x5, 0x750, 0x6, 0x2, 0x7, 0x9, 0x400, 0x8, 0x5, 0x5256, 0x80000001, 0x1, 0x4, 0x8, 0x0, 0x6, 0xffffff7f, 0xff0, 0xf6, 0x3, 0xa, 0x4, 0x1, 0x4, 0xfffff220, 0x1, 0x8000, 0x2, 0x0, 0x7, 0x1, 0x8, 0x4, 0x7, 0x0, 0x3, 0x9, 0xf, 0x0, 0x3, 0x7, 0x2, 0x6, 0xbe, 0xfffffffc, 0x9, 0x1, 0xf5d4, 0xf9, 0x6, 0x3, 0x7ed6, 0x2, 0x7, 0xbb, 0x9, 0x9, 0x2a7, 0x0, 0x2, 0x4, 0x5, 0x8, 0x4, 0x0, 0x10, 0x6, 0xd, 0x3, 0x4, 0x1000, 0xffffffff, 0xe, 0xb6, 0x2, 0x8, 0x80, 0x4, 0xfffffffa, 0x9079, 0x9, 0xfffffff8, 0x3, 0x9c6, 0x80000001, 0xffff, 0x6f4, 0x7, 0x8, 0x8]}) 4.938612368s ago: executing program 2 (id=22724): r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x20203843, 0x2, [0x2, r3, 0x0, r3], [0x800], [], [0x8]}) 4.890980518s ago: executing program 2 (id=22726): socket(0x400000000010, 0x3, 0x0) io_uring_setup(0x6951, &(0x7f0000001280)={0x0, 0x6533, 0x400, 0x2, 0x1df}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r0 = syz_io_uring_setup(0x39, &(0x7f0000000580)={0x0, 0xaa9b, 0x13500, 0x0, 0xe2}, &(0x7f0000000240), &(0x7f0000001880)) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x21, &(0x7f0000000440), 0x1) 4.823647313s ago: executing program 2 (id=22728): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x41000, 0x41000, 0x8, 0x9, 0x3, 0xe4, 0x40, 0x2c, 0x0, 0x30, 0x19, 0xe0}, {0x41000, 0x3000, 0xe, 0x0, 0x40, 0x5, 0x7d, 0x8, 0x58, 0x3, 0x3, 0x1}, {0xdddd1000, 0x3000, 0xe, 0x5, 0x3, 0x7, 0xfe, 0x9, 0x1, 0xab, 0x5, 0x81}, {0x6000, 0x26000, 0x3, 0x5d, 0x4, 0x42, 0x9, 0xff, 0x6, 0x9, 0xe}, {0x0, 0x9000, 0xb, 0x1, 0x3, 0x7, 0xab, 0x7f, 0x7, 0x83, 0xf7, 0x83}, {0x1000, 0x80a0000, 0x9, 0xa0, 0xb1, 0x8, 0x1, 0x2, 0x80, 0xf, 0x1, 0xfd}, {0x3000, 0x2, 0x4, 0x5, 0x7, 0x2, 0xb, 0x0, 0x5, 0x81, 0xff, 0x70}, {0xd000, 0x1000, 0xe, 0x5, 0xf, 0x7, 0x1, 0x18, 0x2, 0x3, 0x7, 0x9}, {0xeeef0000, 0x30}, {0x10000, 0x86}, 0x80000031, 0x0, 0x8000000, 0x42024, 0xb, 0xf501, 0x3000, [0x6840000000000000, 0x3, 0x5e, 0xff]}) 4.667527993s ago: executing program 2 (id=22730): syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) 4.576443246s ago: executing program 2 (id=22731): r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f00000006c0)={&(0x7f0000000040)={0x2, 0x8, @private=0xa010101}, 0x10, &(0x7f0000000140)=[{&(0x7f00000000c0)="e0", 0x1}], 0x1}, 0xc000) sendmsg$inet(r0, &(0x7f0000000bc0)={&(0x7f0000000100)={0x2, 0x3ff, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000240)="ec", 0x1}], 0x1}, 0x400c040) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 4.31653576s ago: executing program 2 (id=22735): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-aes-aesni\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0x42, &(0x7f0000000100)=0x0) io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000040)='e', 0x1}]) 4.073884884s ago: executing program 34 (id=22735): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-aes-aesni\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0x42, &(0x7f0000000100)=0x0) io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000040)='e', 0x1}]) 3.958781326s ago: executing program 1 (id=22739): r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f000095f000/0x1000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, 0x0, 0x0}, 0x94) shmctl$SHM_LOCK(r0, 0xb) shmctl$SHM_UNLOCK(r0, 0xc) 3.826990073s ago: executing program 1 (id=22741): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0x1000, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x800}) io_uring_enter(r1, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0) 3.374148915s ago: executing program 1 (id=22745): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000080)={0x74, 0x0, 0xf1}) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000140)={0x79, 0x0, 0x4cd}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 3.068634826s ago: executing program 1 (id=22747): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$kcm(0x2, 0xa, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="13010000bd460e10490d1070900c010203010902120001000000000904000000d2", @ANYRES16=r0], 0x0) 2.873592204s ago: executing program 6 (id=22748): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000006340)={0x2020, 0x0, 0x0}, 0xfffffea7) write$FUSE_INIT(r0, &(0x7f0000002200)={0x50, 0x0, r1, {0x7, 0x27, 0x0, 0x1dd880, 0x0, 0x0, 0x0, 0x80}}, 0x50) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000002600)={{}, {}, [], {}, [{0x8, 0x4}], {}, {0x20, 0x6}}, 0x2c, 0x0) 2.202773798s ago: executing program 0 (id=22753): r0 = syz_open_dev$media(&(0x7f0000000300), 0x3, 0x80800) r1 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r1, 0xc0287c02, &(0x7f0000000400)={0x80000000, 0x0, &(0x7f0000000100)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r1, 0xc0287c02, &(0x7f0000000280)={r2, 0x0, &(0x7f0000000080)=[{{0x80000000, 0x0}}]}) ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, &(0x7f0000000340)={{0x80000000, r3, 0x3, [0x1, 0x9]}, {0x80000000, 0x0, 0x0, [0x6, 0x101]}, 0x0, [0x7e, 0x8]}) 2.134436695s ago: executing program 0 (id=22754): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000800)={'#! ', './file2', [{0x20, 'cgroup.controllers\x00'}, {0x20, '#! iO\xe6\x0e\xff\xaa\x92\x93\xbc\xbe\xbdlY\xcc_z\xf9\xa6{;\x80\xe8\xa3\x84\x9d\r\xee\x1a\xdd\xa8,?w8\x87O\a\xfe\xf1\x9c\xc7\x06z.\x87-\x1c\x02$\xa6\xa7\xfc\x0f\x01\x1fj\xf0Rd\x14ca&\xc1\xf5\x10`\xbc\x87\xbbt\xdc\x8c\x86\xbf\xa9P\x9f\b}\x94k\x82\xa5\xf2\xdaos\x00\xaf\xc0\xe4\xcb\xd9\x11t\x19\xe9\x81\xd6\x91A)\xe9\xb2P\xe8g\x96i\xc3\x90\xc9\x16\xd6\xfa\x1e\a\x13\t\xab\xd9\x8e\x1dn:_\xf5\xe3\\\xb3\xe7\xda\x05\xfa\xc6s2\xda\xbf\xa0V\nV\x10\x8e\xf3[\xceq\xa0\xc1\x17Z\x89Z\x1ffaD\xcb\x93~\xe9\x1c\xe0'}, {0x20, '/\xfb'}, {0x20, ',\x00'}, {0x20, 'netdevsim0\x00'}], 0xa, "332acac7ccf1c8178d07199e3726bfabd4617619928ac3087a1558578418f49d1fb5608f2a64a8a0a1"}, 0x104) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r1, 0x5410, &(0x7f0000000100)={0x2, {0x2, 0x0, 0x900, 0xfffd, 0x0, 0xf}}) 2.075715464s ago: executing program 0 (id=22755): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000009c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000440)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "fa32a328bb46f9b4ad66621684"}]}, 0x30}, 0x1, 0x0, 0x0, 0x40044}, 0x20000000) 1.9593888s ago: executing program 0 (id=22756): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f00000000c0)={@val={0x8, 0x800}, @val={0x7, 0x3, 0x3, 0x2, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0xc}, @broadcast}, {{0x8100, 0x88a8, 0x41424344, 0x41424344, 0x0, 0x0, 0x1, 0x20, 0x5}}}}, 0x36) 1.87734518s ago: executing program 6 (id=22757): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x4, 0x0, 0x0, 0x2) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000040)={'raw\x00', 0x2, [{}, {}]}, 0x48) 1.768040161s ago: executing program 3 (id=22758): setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f00000027c0)=[{{&(0x7f0000001080)={0xa, 0x4e22, 0x1, @private2={0xfc, 0x2, '\x00', 0x4}, 0x10001}, 0x1c, &(0x7f00000010c0)=[{&(0x7f00000011c0)="02", 0x1}], 0x1}}, {{&(0x7f0000001c80)={0xa, 0x4e23, 0x5b, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0xffff}, 0x1c, &(0x7f0000001cc0)=[{&(0x7f0000001d40)='c', 0x1}], 0x1}}], 0x2, 0x48040) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9) 1.588677958s ago: executing program 3 (id=22759): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0x8, r0) wait4(0x0, 0x0, 0x0, 0x0) 1.443101227s ago: executing program 3 (id=22760): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) pselect6(0x40, &(0x7f0000000180)={0x0, 0x0, 0x12, 0x2, 0x6, 0x9, 0x40, 0x8000}, 0x0, &(0x7f0000000240)={0x1f, 0x112, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000004}, 0x0, 0x0) 1.40146427s ago: executing program 1 (id=22761): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000004e80), 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r0, &(0x7f0000004f40)={0x0, 0x0, &(0x7f0000004f00)={&(0x7f0000004ec0)={0x1c, r3, 0x1, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20008004}, 0x40d0) 1.292895525s ago: executing program 0 (id=22762): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xc010}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp=r2}]}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1.085774288s ago: executing program 1 (id=22763): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000f2d07c40501d89601dd0000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000400)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_clone(0xc100080, 0x0, 0x0, &(0x7f0000000400), 0x0, 0x0) 998.439419ms ago: executing program 0 (id=22764): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1202, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000600)=0x2) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="80fd"], 0x9) 344.789768ms ago: executing program 3 (id=22765): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x81, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000180)={0xc0, 0x0, 0x8000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000f47000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r2, 0x40000) 123.347663ms ago: executing program 3 (id=22766): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000140)=r0, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x2}, {}, 0x7, 0x2000000}}, 0xb8}}, 0x0) 0s ago: executing program 3 (id=22767): sigaltstack(&(0x7f0000000000)={&(0x7f0000000040)=""/4072, 0x100000000, 0xfe8}, 0x0) syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0x852ac000) syz_clone(0xe200, 0x0, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): nt_callback - 0 bytes [ 1173.487099][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1173.493802][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1173.500437][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1173.507052][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1173.509280][T15662] usb 4-1: USB disconnect, device number 37 [ 1173.513137][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1174.543193][T32084] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1174.680862][T32084] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1174.871382][T32084] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1174.881115][T20232] loop8: detected capacity change from 0 to 8 [ 1174.889134][T20232] Dev loop8: unable to read RDB block 8 [ 1174.895325][T20232] loop8: unable to read partition table [ 1174.905559][T20232] loop8: partition table beyond EOD, truncated [ 1174.935787][T20232] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1175.050606][T32084] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1175.129198][T15662] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1175.227201][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1175.242071][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1175.255406][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1175.265507][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1175.274424][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1175.317541][T15662] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1175.353556][T15662] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1175.429760][T15662] usb 3-1: config 0 descriptor?? [ 1175.479916][T15662] cp210x 3-1:0.0: cp210x converter detected [ 1175.571802][ T5928] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1175.581888][T32084] bridge_slave_1: left allmulticast mode [ 1175.590313][T32084] bridge_slave_1: left promiscuous mode [ 1175.598044][T32084] bridge0: port 2(bridge_slave_1) entered disabled state [ 1175.609219][T32084] bridge_slave_0: left allmulticast mode [ 1175.615106][T32084] bridge0: port 1(bridge_slave_0) entered disabled state [ 1175.644913][ T1149] tipc: Subscription rejected, illegal request [ 1175.656305][ T2962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1175.664718][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1175.735777][ T5928] usb 1-1: Using ep0 maxpacket: 32 [ 1175.780971][ T5928] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 1175.800096][ T5928] usb 1-1: config 0 has no interface number 0 [ 1175.810201][ T5928] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1175.840850][ T5928] usb 1-1: config 0 interface 85 has no altsetting 0 [ 1175.852498][ T5928] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1175.872000][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1175.901221][T15662] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1175.911813][ T5928] usb 1-1: Product: syz [ 1175.916304][ T5928] usb 1-1: Manufacturer: syz [ 1175.920922][ T5928] usb 1-1: SerialNumber: syz [ 1175.936377][T15662] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1175.956342][ T5928] usb 1-1: config 0 descriptor?? [ 1176.162029][ T51] usb 3-1: USB disconnect, device number 19 [ 1176.186716][ T51] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1176.212948][ T51] cp210x 3-1:0.0: device disconnected [ 1176.404416][T20250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1176.421443][T20250] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1176.638117][ T5928] appletouch 1-1:0.85: Geyser mode initialized. [ 1176.652114][ T5928] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input227 [ 1176.810795][T32084] bond1 (unregistering): Released all slaves [ 1176.822558][T32084] bond2 (unregistering): Released all slaves [ 1176.834522][T32084] bond3 (unregistering): Released all slaves [ 1176.882798][ T5928] usb 1-1: USB disconnect, device number 5 [ 1176.922705][ T5928] appletouch 1-1:0.85: input: appletouch disconnected [ 1176.976551][ T51] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1177.073995][T32084] bond4 (unregistering): Released all slaves [ 1177.087571][T32084] bond0 (unregistering): Released all slaves [ 1177.168053][ T51] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1177.185819][ T51] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1177.227737][ T51] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1177.254444][T32084] : left promiscuous mode [ 1177.286870][ T51] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1177.317599][ T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1177.343103][ T51] usb 3-1: Product: syz [ 1177.343204][ T5838] Bluetooth: hci3: command tx timeout [ 1177.372734][T32084] tipc: Disabling bearer [ 1177.406169][ T51] usb 3-1: Manufacturer: syz [ 1177.410849][ T51] usb 3-1: SerialNumber: syz [ 1177.498114][T32084] tipc: Disabling bearer [ 1177.512762][T32084] tipc: Left network mode [ 1177.592032][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.619647][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.656198][ T51] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1177.755704][T15662] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1177.852483][ T51] usb 3-1: USB disconnect, device number 20 [ 1177.898236][ T51] usblp0: removed [ 1177.945671][T15662] usb 4-1: Using ep0 maxpacket: 32 [ 1177.952820][T15662] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 1177.966239][T15662] usb 4-1: config 0 has no interface number 0 [ 1177.984885][T15662] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1178.004790][T15662] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1178.037548][T15662] usb 4-1: Product: syz [ 1178.041816][T15662] usb 4-1: Manufacturer: syz [ 1178.056771][T15662] usb 4-1: SerialNumber: syz [ 1178.068140][ T5919] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1178.106787][T15662] usb 4-1: config 0 descriptor?? [ 1178.138507][T20251] chnl_net:caif_netlink_parms(): no params data found [ 1178.149761][T15662] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1178.259771][ T5919] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1178.287992][ T5919] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1178.321067][ T5919] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1178.350856][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1178.368743][T15662] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1178.387097][ T5919] usb 2-1: SerialNumber: syz [ 1178.418495][T15662] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1178.609302][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - port change to invalid port: 111 [ 1178.642951][ T5919] usb 2-1: 0:2 : does not exist [ 1178.721846][ T5919] usb 2-1: USB disconnect, device number 23 [ 1178.812313][T25256] udevd[25256]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1178.823359][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1178.866134][T15662] usb 4-1: USB disconnect, device number 38 [ 1178.908809][T15662] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1178.972248][T15662] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1178.985879][T20251] bridge0: port 1(bridge_slave_0) entered blocking state [ 1178.993702][T20251] bridge0: port 1(bridge_slave_0) entered disabled state [ 1179.007733][T20251] bridge_slave_0: entered allmulticast mode [ 1179.011682][T15662] quatech2 4-1:0.51: device disconnected [ 1179.039553][T20251] bridge_slave_0: entered promiscuous mode [ 1179.073224][T20251] bridge0: port 2(bridge_slave_1) entered blocking state [ 1179.101681][T20251] bridge0: port 2(bridge_slave_1) entered disabled state [ 1179.123258][T20251] bridge_slave_1: entered allmulticast mode [ 1179.144138][T20251] bridge_slave_1: entered promiscuous mode [ 1179.357748][T20251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1179.399847][T20251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1179.419338][ T5838] Bluetooth: hci3: command tx timeout [ 1179.915945][T20345] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1179.942721][T20251] team0: Port device team_slave_0 added [ 1179.972538][T20251] team0: Port device team_slave_1 added [ 1180.208352][T32084] hsr_slave_0: left promiscuous mode [ 1180.275850][T32084] 0: left promiscuous mode [ 1180.281277][T32084] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1180.312929][T20356] sctp: [Deprecated]: syz.2.21672 (pid 20356) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1180.312929][T20356] Use struct sctp_sack_info instead [ 1180.339812][T32084] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1180.776864][ T3479] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1180.999734][T32084] team0 (unregistering): Port device team_slave_1 removed [ 1181.060213][T32084] team0 (unregistering): Port device team_slave_0 removed [ 1181.424186][ T2962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1181.433086][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1181.471406][T32084] team0 (unregistering): Port device dummy0 removed [ 1181.506840][ T5928] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1181.512219][ T5838] Bluetooth: hci3: command tx timeout [ 1181.694533][T20251] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1181.701900][T20251] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1181.728860][T20251] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1181.731601][ T5928] usb 4-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 1181.750130][ T5928] usb 4-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 1181.761899][ T5928] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1181.775935][ T5928] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 1181.785313][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1181.793777][ T5928] usb 4-1: Product: syz [ 1181.806293][T20365] macvtap1: entered promiscuous mode [ 1181.811898][T20365] macvtap1: entered allmulticast mode [ 1181.817919][ T5928] usb 4-1: Manufacturer: syz [ 1181.828055][T20365] veth1_vlan: entered allmulticast mode [ 1181.833735][ T5928] usb 4-1: SerialNumber: syz [ 1181.844343][T20372] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1181.857916][T20372] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1181.878307][T20368] macvtap2: entered promiscuous mode [ 1181.884034][T20368] macvtap2: entered allmulticast mode [ 1181.898306][T20251] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1181.905701][T20251] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1181.932026][T20251] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1182.099211][T20251] hsr_slave_0: entered promiscuous mode [ 1182.106788][T15662] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1182.117835][T20251] hsr_slave_1: entered promiscuous mode [ 1182.124654][T20251] debugfs: 'hsr0' already exists in 'hsr' [ 1182.132019][T20251] Cannot create hsr debugfs directory [ 1182.253037][T32084] IPVS: stop unused estimator thread 0... [ 1182.266146][T15662] usb 1-1: Using ep0 maxpacket: 8 [ 1182.289001][T15662] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1182.316826][T15662] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1182.364751][T15662] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1182.398375][T15662] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1182.445943][T15662] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1182.475868][T15662] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1182.703233][T15662] usb 1-1: GET_CAPABILITIES returned 0 [ 1182.722031][T15662] usbtmc 1-1:16.0: can't read capabilities [ 1182.748511][T20251] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1182.800598][T20251] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1182.832327][T20251] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1182.872826][T20251] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1182.918867][ T5928] (unnamed net_device) (uninitialized): Assigned a random MAC address: 5e:3f:f1:d9:cd:53 [ 1182.946308][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1182.955469][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1182.964670][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1182.964777][ T5928] rtl8150 4-1:1.0: eth5: rtl8150 is detected [ 1182.973868][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.051191][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.060343][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.066284][ T5928] usb 4-1: USB disconnect, device number 39 [ 1183.069451][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.084914][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.103826][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.113181][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.122388][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.131598][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.181364][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.190609][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.199833][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.208998][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1183.261828][ T51] usb 1-1: USB disconnect, device number 6 [ 1183.347201][T20251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1183.382720][T20251] 8021q: adding VLAN 0 to HW filter on device team0 [ 1183.398917][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1183.406129][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1183.463514][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 1183.470904][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1183.576762][ T5838] Bluetooth: hci3: command tx timeout [ 1183.674185][T20251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1183.764717][T20414] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21686'. [ 1183.809976][T20251] veth0_vlan: entered promiscuous mode [ 1183.878197][T20251] veth1_vlan: entered promiscuous mode [ 1183.943919][T20421] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa [ 1184.028942][T20251] veth0_macvtap: entered promiscuous mode [ 1184.046007][T20251] veth1_macvtap: entered promiscuous mode [ 1184.092442][T20251] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1184.145300][T20251] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1184.196267][ T5928] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1184.205521][ T1149] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1184.218501][ T1149] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1184.255127][T20435] syzkaller1: entered promiscuous mode [ 1184.261158][T20435] syzkaller1: entered allmulticast mode [ 1184.273462][ T1149] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1184.334612][ T1149] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1184.370174][ T5928] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD4, changing to 0x84 [ 1184.433073][ T5928] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 51544, setting to 1024 [ 1184.462935][ T5928] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1024 [ 1184.505513][ T5928] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1184.531054][T32084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1184.539021][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1184.539049][ T5928] usb 3-1: Product: syz [ 1184.539064][ T5928] usb 3-1: Manufacturer: syz [ 1184.539078][ T5928] usb 3-1: SerialNumber: syz [ 1184.554158][ T5928] usb 3-1: config 0 descriptor?? [ 1184.595694][T32084] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1184.603354][T20424] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1184.678142][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1184.702214][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1184.852335][T20424] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1185.164895][ T51] usb 3-1: USB disconnect, device number 21 [ 1185.235986][ T5927] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 1185.419887][ T5927] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1185.465676][ T5927] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1185.505725][ T5927] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1185.515330][ T5927] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1185.617862][ T51] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1185.675875][ T5928] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1185.755021][ T5927] usb 6-1: usb_control_msg returned -32 [ 1185.775749][ T51] usb 4-1: Using ep0 maxpacket: 8 [ 1185.785850][ T5927] usbtmc 6-1:16.0: can't read capabilities [ 1185.796845][ T51] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1185.836074][ T51] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1185.858670][ T51] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1185.892120][ T5928] usb 1-1: Using ep0 maxpacket: 8 [ 1185.901222][ T51] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1185.920133][ T5928] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1185.935820][ T51] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1185.939464][ T5928] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1185.961468][ T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1185.976718][ T5928] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1185.992628][ T5928] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1186.029138][ T5928] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1186.070183][ T5928] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1186.080915][ T5928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1186.211982][ T51] usb 4-1: GET_CAPABILITIES returned 0 [ 1186.229389][ T51] usbtmc 4-1:16.0: can't read capabilities [ 1186.303788][ T5928] usb 1-1: usb_control_msg returned -32 [ 1186.320646][ T5928] usbtmc 1-1:16.0: can't read capabilities [ 1186.372061][T20489] macvlan2: entered promiscuous mode [ 1186.387417][T20489] batman_adv: batadv0: Adding interface: macvlan2 [ 1186.394157][T20489] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1186.430526][T20489] batman_adv: batadv0: Not using interface macvlan2 (retrying later): interface not active [ 1186.448225][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.457362][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.466483][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.475656][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.484737][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.497767][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.507013][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.516310][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.525421][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.536149][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.536535][T15732] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1186.545360][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.567010][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.576257][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.585372][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.594585][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.623382][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1186.635449][T20496] netlink: 24 bytes leftover after parsing attributes in process `syz.1.21713'. [ 1186.647627][ T51] usb 4-1: USB disconnect, device number 40 [ 1186.690026][T20499] usbtmc 6-1:16.0: usb_control_msg returned -32 [ 1186.746978][ T977] usb 6-1: USB disconnect, device number 2 [ 1186.972603][ T30] audit: type=1326 audit(1768232919.926:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20513 comm="syz.2.21721" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5a98b8f749 code=0x0 [ 1187.023948][ T30] audit: type=1326 audit(1768232919.976:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20513 comm="syz.2.21721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a98b8f749 code=0x7ffc0000 [ 1187.047206][ T51] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1187.055137][ T30] audit: type=1326 audit(1768232919.976:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20513 comm="syz.2.21721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a98b8f749 code=0x7ffc0000 [ 1187.079689][ T30] audit: type=1326 audit(1768232920.006:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20513 comm="syz.2.21721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5a98bc2005 code=0x7ffc0000 [ 1187.104283][ T30] audit: type=1326 audit(1768232920.006:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20513 comm="syz.2.21721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5a98bc2005 code=0x7ffc0000 [ 1187.129169][ T30] audit: type=1326 audit(1768232920.006:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20513 comm="syz.2.21721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5a98bc2005 code=0x7ffc0000 [ 1187.153099][ T30] audit: type=1326 audit(1768232920.006:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20513 comm="syz.2.21721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5a98bc2005 code=0x7ffc0000 [ 1187.176297][ T30] audit: type=1326 audit(1768232920.006:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20513 comm="syz.2.21721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5a98bc2005 code=0x7ffc0000 [ 1187.201012][ T2991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1187.209440][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1187.219362][ T30] audit: type=1326 audit(1768232920.006:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20513 comm="syz.2.21721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5a98bc2005 code=0x7ffc0000 [ 1187.244582][ T30] audit: type=1326 audit(1768232920.006:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20513 comm="syz.2.21721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5a98bc2005 code=0x7ffc0000 [ 1187.270887][ T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1187.294547][ T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1187.319325][ T51] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1187.335214][ T51] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1187.344824][ T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1187.354082][T20518] loop7: detected capacity change from 0 to 1 [ 1187.363201][ T51] usb 2-1: config 0 descriptor?? [ 1187.408633][T25256] Dev loop7: unable to read RDB block 1 [ 1187.414740][T25256] loop7: unable to read partition table [ 1187.422529][T25256] loop7: partition table beyond EOD, truncated [ 1187.431407][T20518] Dev loop7: unable to read RDB block 1 [ 1187.441595][T20518] loop7: unable to read partition table [ 1187.447868][T20518] loop7: partition table beyond EOD, truncated [ 1187.460031][T20518] loop_reread_partitions: partition scan of loop7 (ݷU@:B${Wɴ) failed (rc=-5) [ 1187.826876][ T51] plantronics 0003:047F:FFFF.00DC: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1188.447945][ T977] usb 1-1: USB disconnect, device number 7 [ 1188.847681][ T977] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1189.018013][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1189.042555][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1189.063806][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1189.092295][ T977] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 1189.105829][ T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1189.120084][ T977] usb 1-1: Product: syz [ 1189.124706][ T977] usb 1-1: Manufacturer: syz [ 1189.136156][ C1] plantronics 0003:047F:FFFF.00DC: usb_submit_urb(ctrl) failed: -1 [ 1189.140469][ T977] usb 1-1: SerialNumber: syz [ 1189.192044][ T977] usb 1-1: config 0 descriptor?? [ 1189.281483][T20569] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1189.433015][ T977] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux1 [ 1189.483194][T20578] sock: sock_set_timeout: `syz.2.21746' (pid 20578) tries to set negative timeout [ 1189.605741][ T977] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1189.717440][ T9] usb 1-1: USB disconnect, device number 8 [ 1189.766326][ T977] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1189.778165][ T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1189.804500][ T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1189.831100][ T977] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1189.841774][ T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1189.851719][ T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1189.863987][ T977] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1189.872466][ T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1189.883611][ T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1189.897480][ T977] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1189.907656][ T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1189.917470][T15662] usb 2-1: USB disconnect, device number 24 [ 1189.926279][ T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1189.945384][ T977] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1189.955085][ T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1189.970268][ T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1189.987503][ T977] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1189.995990][ T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1190.005483][ T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1190.019142][ T977] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1190.034335][ T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1190.066894][ T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1190.079463][ T977] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1190.089984][ T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1190.099783][ T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1190.112978][ T977] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1190.147964][ T977] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1190.182846][ T977] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1190.225555][ T977] usb 4-1: Product: syz [ 1190.248723][ T977] usb 4-1: Manufacturer: syz [ 1190.269587][ T977] usb 4-1: SerialNumber: syz [ 1190.302812][ T977] usb 4-1: config 0 descriptor?? [ 1190.324283][ T977] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 1190.446584][T20602] syzkaller1: entered promiscuous mode [ 1190.469384][T20602] syzkaller1: entered allmulticast mode [ 1190.603467][ C0] usb 4-1: yurex_control_callback - control failed: -2 [ 1190.725833][ T977] usb 4-1: USB disconnect, device number 41 [ 1190.756283][ T977] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 1191.547615][T20634] netlink: 172 bytes leftover after parsing attributes in process `syz.1.21768'. [ 1191.621702][T20638] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21770'. [ 1191.657106][T15466] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1191.736055][T20642] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 1192.075810][T12349] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 1192.227756][T12349] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 1192.241207][T12349] usb 3-1: config 0 has no interface number 0 [ 1192.249339][T12349] usb 3-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 1192.261948][T12349] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1192.275804][T15023] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1192.288225][T12349] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1192.304039][T12349] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1192.315003][T12349] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1192.328213][T12349] usb 3-1: Product: syz [ 1192.332426][T12349] usb 3-1: SerialNumber: syz [ 1192.352058][T12349] usb 3-1: config 0 descriptor?? [ 1192.362694][T12349] cm109 3-1:0.8: invalid payload size 0, expected 4 [ 1192.372381][T12349] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input228 [ 1192.434547][T15023] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1192.471101][T15023] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1192.486138][T15023] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1192.517878][T15023] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1192.528153][T15023] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1192.543593][T15023] usb 4-1: config 0 descriptor?? [ 1192.573733][T15466] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1192.647385][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 1192.788939][T15466] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1192.937408][ T3532] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1192.937627][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1192.956567][T15466] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1193.028594][T15023] hid_parser_main: 4 callbacks suppressed [ 1193.028618][T15023] plantronics 0003:047F:FFFF.00DD: unknown main item tag 0x0 [ 1193.051309][T15023] plantronics 0003:047F:FFFF.00DD: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1193.146203][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1193.172942][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1193.175369][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1193.180160][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1193.181879][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1193.191537][T15466] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1193.338861][T15662] usb 4-1: USB disconnect, device number 42 [ 1193.602689][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1193.610120][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1193.617331][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1193.624774][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1193.632030][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1193.639273][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1193.646448][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1193.655048][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1193.662438][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1193.669630][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1193.685217][ T5927] usb 3-1: USB disconnect, device number 22 [ 1193.691264][ C1] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1193.735993][T15466] bridge_slave_1: left allmulticast mode [ 1193.754013][ T5927] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1193.762509][T15466] bridge_slave_1: left promiscuous mode [ 1193.777279][T15466] bridge0: port 2(bridge_slave_1) entered disabled state [ 1193.807160][T15466] bridge_slave_0: left allmulticast mode [ 1193.822053][T15466] bridge_slave_0: left promiscuous mode [ 1193.829890][T15466] bridge0: port 1(bridge_slave_0) entered disabled state [ 1194.155939][T15662] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 1194.266284][T15023] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 1194.332526][T15662] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1194.357166][T15662] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1194.379137][T15662] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1194.413800][T15662] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1194.434096][T15662] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1194.448312][T20701] input: syz0 as /devices/virtual/input/input229 [ 1194.471046][T15662] usb 1-1: config 0 descriptor?? [ 1194.504285][T15023] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1194.526002][T15023] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1194.560722][T15023] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1194.593501][T15023] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1194.638724][T15023] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1194.659855][T15023] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1194.671752][T15023] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1194.687916][T15023] usb 4-1: Product: syz [ 1194.692388][T15023] usb 4-1: Manufacturer: syz [ 1194.705713][T20708] netlink: 'syz.2.21796': attribute type 10 has an invalid length. [ 1194.731412][T15023] cdc_wdm 4-1:1.0: skipping garbage [ 1194.763184][T15023] cdc_wdm 4-1:1.0: skipping garbage [ 1194.770816][T20710] netlink: 'syz.2.21796': attribute type 10 has an invalid length. [ 1194.790835][T15023] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 1194.800046][T15023] cdc_wdm 4-1:1.0: Unknown control protocol [ 1194.966221][T15662] plantronics 0003:047F:FFFF.00DE: unknown main item tag 0x0 [ 1194.978712][T15662] plantronics 0003:047F:FFFF.00DE: unknown main item tag 0x0 [ 1194.987190][T15662] plantronics 0003:047F:FFFF.00DE: unknown main item tag 0x0 [ 1194.998605][T15662] plantronics 0003:047F:FFFF.00DE: unknown main item tag 0x0 [ 1195.006280][T15662] plantronics 0003:047F:FFFF.00DE: unknown main item tag 0x0 [ 1195.016448][T12349] usb 4-1: USB disconnect, device number 43 [ 1195.030456][T15662] plantronics 0003:047F:FFFF.00DE: unknown main item tag 0x0 [ 1195.059187][T15662] plantronics 0003:047F:FFFF.00DE: unknown main item tag 0x0 [ 1195.068753][T15662] plantronics 0003:047F:FFFF.00DE: unknown main item tag 0x0 [ 1195.076458][T15662] plantronics 0003:047F:FFFF.00DE: unknown main item tag 0x0 [ 1195.135274][T15662] plantronics 0003:047F:FFFF.00DE: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1195.230522][T15662] usb 1-1: USB disconnect, device number 9 [ 1195.254876][T15466] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1195.267779][ T5841] Bluetooth: hci3: command tx timeout [ 1195.282026][T15466] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1195.302179][T15466] bond0 (unregistering): Released all slaves [ 1195.330706][T20708] team0: Port device dummy0 added [ 1195.344761][T20710] team0: Port device dummy0 removed [ 1195.354585][T20710] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1195.365060][T20716] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.21797'. [ 1195.824595][T20672] chnl_net:caif_netlink_parms(): no params data found [ 1195.896221][T15662] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 1195.914755][T15466] hsr_slave_0: left promiscuous mode [ 1195.929553][T15466] hsr_slave_1: left promiscuous mode [ 1195.943352][T15466] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1195.963287][T15466] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1195.983994][T15466] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1196.008247][T15466] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1196.056255][T15662] usb 4-1: Using ep0 maxpacket: 8 [ 1196.069375][T15662] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1196.095958][ T51] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 1196.114777][T15662] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1196.128931][T15466] veth1_macvtap: left promiscuous mode [ 1196.134916][T15466] veth0_macvtap: left promiscuous mode [ 1196.145682][T15662] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1196.156075][T15466] veth1_vlan: left promiscuous mode [ 1196.161432][T15466] veth0_vlan: left promiscuous mode [ 1196.167017][T15662] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1196.181763][T15662] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1196.191719][T15662] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1196.285954][ T51] usb 1-1: Using ep0 maxpacket: 32 [ 1196.302195][ T51] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1196.349305][ T51] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1196.362920][ T51] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1196.392967][ T51] usb 1-1: Product: syz [ 1196.399098][ T51] usb 1-1: Manufacturer: syz [ 1196.403948][ T51] usb 1-1: SerialNumber: syz [ 1196.420511][ T51] usb 1-1: config 0 descriptor?? [ 1196.427807][T20736] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1196.460411][T15662] usb 4-1: usb_control_msg returned -32 [ 1196.461101][ T51] hub 1-1:0.0: bad descriptor, ignoring hub [ 1196.473259][ T51] hub 1-1:0.0: probe with driver hub failed with error -5 [ 1196.476768][T15662] usbtmc 4-1:16.0: can't read capabilities [ 1196.813107][T15662] usb 1-1: USB disconnect, device number 10 [ 1197.115138][T15466] team0 (unregistering): Port device team_slave_1 removed [ 1197.183136][T15466] team0 (unregistering): Port device team_slave_0 removed [ 1197.337235][ T5841] Bluetooth: hci3: command tx timeout [ 1197.427174][T32084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1198.058399][T32084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1198.066763][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1198.534160][T20672] bridge0: port 1(bridge_slave_0) entered blocking state [ 1198.544369][T20672] bridge0: port 1(bridge_slave_0) entered disabled state [ 1198.552155][T20672] bridge_slave_0: entered allmulticast mode [ 1198.572184][T20672] bridge_slave_0: entered promiscuous mode [ 1198.593160][T20672] bridge0: port 2(bridge_slave_1) entered blocking state [ 1198.626579][T20672] bridge0: port 2(bridge_slave_1) entered disabled state [ 1198.633837][T20672] bridge_slave_1: entered allmulticast mode [ 1198.687635][T20672] bridge_slave_1: entered promiscuous mode [ 1198.716766][ T9] usb 4-1: USB disconnect, device number 44 [ 1198.934222][T20672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1199.028751][T20672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1199.311157][T20672] team0: Port device team_slave_0 added [ 1199.413914][T20672] team0: Port device team_slave_1 added [ 1199.425809][ T5841] Bluetooth: hci3: command tx timeout [ 1200.069347][T20672] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1200.089229][T20672] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1200.152380][T20672] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1200.207720][T20672] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1200.214683][T20672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1200.283230][T20672] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1200.446529][ T51] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 1200.493334][T20672] hsr_slave_0: entered promiscuous mode [ 1200.528324][T20672] hsr_slave_1: entered promiscuous mode [ 1200.534715][T20672] debugfs: 'hsr0' already exists in 'hsr' [ 1200.561426][T20672] Cannot create hsr debugfs directory [ 1200.612826][ T51] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1200.632763][ T51] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1200.659507][ T51] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1200.698412][ T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1200.955860][ T51] usb 1-1: usb_control_msg returned -32 [ 1200.961502][ T51] usbtmc 1-1:16.0: can't read capabilities [ 1201.283795][T20672] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1201.338994][T20672] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1201.405389][T20672] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1201.491738][T20672] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1201.499271][ T5841] Bluetooth: hci3: command tx timeout [ 1201.933779][T20672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1202.032449][T20672] 8021q: adding VLAN 0 to HW filter on device team0 [ 1202.078367][T15466] bridge0: port 1(bridge_slave_0) entered blocking state [ 1202.085627][T15466] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1202.155138][T32084] bridge0: port 2(bridge_slave_1) entered blocking state [ 1202.162489][T32084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1202.403591][T20909] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1202.538016][T20672] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1202.551118][T32084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1202.593412][T20913] netlink: 88 bytes leftover after parsing attributes in process `syz.3.21848'. [ 1202.633111][T20913] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21848'. [ 1202.704222][T20672] veth0_vlan: entered promiscuous mode [ 1202.763035][T20672] veth1_vlan: entered promiscuous mode [ 1202.933762][T20672] veth0_macvtap: entered promiscuous mode [ 1202.982892][T20672] veth1_macvtap: entered promiscuous mode [ 1203.062712][T20672] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1203.114715][T20672] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1203.146918][T15466] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.188534][T15466] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.226790][T15466] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.248106][ T51] usb 1-1: USB disconnect, device number 11 [ 1203.304235][T15466] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.393166][ T5919] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 1203.554734][ T3532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1203.582056][ T3532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1203.615739][ T5919] usb 4-1: Using ep0 maxpacket: 8 [ 1203.638132][ T5919] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1203.671480][ T5919] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1203.707685][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1203.721796][T20952] netlink: 'syz.0.21860': attribute type 1 has an invalid length. [ 1203.725884][ T5919] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1203.741314][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1203.762006][ T5919] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1203.785648][ T5919] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1203.816472][ T5919] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1203.820441][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1203.834561][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1203.835629][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1203.865174][T20952] bond2: entered promiscuous mode [ 1203.890344][T20952] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1203.988633][T20954] bond2: (slave bridge1): making interface the new active one [ 1204.008256][T20954] bridge1: entered promiscuous mode [ 1204.029460][T20954] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 1204.098896][ T5919] usb 4-1: GET_CAPABILITIES returned 0 [ 1204.119087][ T5919] usbtmc 4-1:16.0: can't read capabilities [ 1204.370060][ T5919] usb 4-1: USB disconnect, device number 45 [ 1205.363906][T21000] input: syz0 as /devices/virtual/input/input230 [ 1206.485733][ T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1206.540669][T21043] loop9: detected capacity change from 0 to 7 [ 1206.578538][T21043] Dev loop9: unable to read RDB block 7 [ 1206.596298][T21043] loop9: AHDI p1 p2 [ 1206.600261][T21043] loop9: partition table partially beyond EOD, truncated [ 1206.640995][T21043] loop9: p1 size 4227858431 extends beyond EOD, truncated [ 1206.670984][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 1206.708637][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1206.739980][ T9] usb 3-1: New USB device found, idVendor=0dfc, idProduct=0101, bcdDevice= 0.00 [ 1206.787745][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1206.800719][T25256] udevd[25256]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory [ 1206.829960][ T9] usb 3-1: config 0 descriptor?? [ 1207.040997][T21055] syzkaller1: entered promiscuous mode [ 1207.064244][T21055] syzkaller1: entered allmulticast mode [ 1207.322314][ T9] hid-generic 0003:0DFC:0101.00DF: unknown main item tag 0x0 [ 1207.345404][ T9] hid-generic 0003:0DFC:0101.00DF: unknown main item tag 0x0 [ 1207.371124][ T30] kauditd_printk_skb: 321 callbacks suppressed [ 1207.371142][ T30] audit: type=1326 audit(1768232940.326:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21062 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5275d8f749 code=0x7ffc0000 [ 1207.375782][ T9] hid-generic 0003:0DFC:0101.00DF: unknown main item tag 0x0 [ 1207.399352][ T30] audit: type=1326 audit(1768232940.326:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21062 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f5275d8f749 code=0x7ffc0000 [ 1207.400395][ T30] audit: type=1326 audit(1768232940.326:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21062 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5275d8f749 code=0x7ffc0000 [ 1207.535703][ T9] hid-generic 0003:0DFC:0101.00DF: unknown main item tag 0x0 [ 1207.543244][ T9] hid-generic 0003:0DFC:0101.00DF: unknown main item tag 0x0 [ 1207.614591][ T9] hid-generic 0003:0DFC:0101.00DF: unknown main item tag 0x0 [ 1207.637171][ T9] hid-generic 0003:0DFC:0101.00DF: unknown main item tag 0x0 [ 1207.644841][ T9] hid-generic 0003:0DFC:0101.00DF: unknown main item tag 0x0 [ 1207.663026][ T9] hid-generic 0003:0DFC:0101.00DF: unknown main item tag 0x0 [ 1207.683266][ T9] hid-generic 0003:0DFC:0101.00DF: unknown main item tag 0x0 [ 1207.748995][ T9] hid-generic 0003:0DFC:0101.00DF: hidraw0: USB HID v0.00 Device [HID 0dfc:0101] on usb-dummy_hcd.2-1/input0 [ 1207.766057][ T9] usb 3-1: USB disconnect, device number 23 [ 1207.845840][T12349] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1207.892147][T21077] fido_id[21077]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1208.006045][T12349] usb 1-1: Using ep0 maxpacket: 16 [ 1208.018449][T12349] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1208.036188][T12349] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1208.059441][T12349] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1208.084540][T12349] usb 1-1: config 0 descriptor?? [ 1208.297019][ T1149] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1208.545989][T12349] mcp2221 0003:04D8:00DD.00E0: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 1208.744528][T12349] usb 1-1: USB disconnect, device number 12 [ 1208.778191][T21105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21900'. [ 1208.806518][T21105] netlink: 'syz.1.21900': attribute type 30 has an invalid length. [ 1208.877299][T21105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21900'. [ 1208.895737][T21105] netlink: 'syz.1.21900': attribute type 30 has an invalid length. [ 1209.074945][T21117] loop4: detected capacity change from 0 to 524287936 [ 1209.592239][ T2991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1209.600696][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1210.084928][ T30] audit: type=1326 audit(1768232943.036:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21164 comm="syz.3.21928" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f64b7d8f749 code=0x0 [ 1211.350780][T21223] netlink: 20 bytes leftover after parsing attributes in process `syz.3.21951'. [ 1211.455738][ T845] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 1211.615725][ T845] usb 1-1: Using ep0 maxpacket: 16 [ 1211.625535][ T845] usb 1-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 1211.636532][ T845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1211.644609][ T845] usb 1-1: Product: syz [ 1211.649824][ T845] usb 1-1: Manufacturer: syz [ 1211.654523][ T845] usb 1-1: SerialNumber: syz [ 1211.662498][ T845] usb 1-1: config 0 descriptor?? [ 1211.671614][ T845] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 1211.845949][T15023] usb 3-1: new low-speed USB device number 24 using dummy_hcd [ 1211.874340][ T845] gp8psk: usb in 128 operation failed. [ 1211.885821][ T845] gp8psk: usb in 137 operation failed. [ 1211.891907][ T845] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1211.903222][ T845] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 1211.913753][ T845] usb 1-1: media controller created [ 1211.946866][ T845] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1212.008066][T15023] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1212.045838][T15023] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1212.062401][ T845] gp8psk_fe: Frontend revision 1 attached [ 1212.078702][T15023] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1212.092130][ T845] usb 1-1: DVB: registering adapter 2 frontend 0 (Genpix DVB-S)... [ 1212.121285][ T845] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 1212.141353][T15023] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1212.198087][T15023] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1212.232635][T15023] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1212.275844][T15023] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1212.312560][T15023] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1212.339146][ T845] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 1212.350661][T15023] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1212.362372][ T845] gp8psk: found Genpix USB device pID = 201 (hex) [ 1212.369955][T15023] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1212.414711][T15023] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1212.430178][T15023] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1212.449092][T15023] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1212.461597][T15023] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1212.478651][T15023] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1212.507238][ T30] audit: type=1326 audit(1768232945.456:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21249 comm="syz.3.21962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64b7d8f749 code=0x7ffc0000 [ 1212.547635][T15023] usb 3-1: string descriptor 0 read error: -22 [ 1212.580288][ T30] audit: type=1326 audit(1768232945.456:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21249 comm="syz.3.21962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64b7d8f749 code=0x7ffc0000 [ 1212.581928][T15023] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1212.603955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 1212.639934][ T845] usb 1-1: USB disconnect, device number 13 [ 1212.678021][T15023] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1212.715951][ T30] audit: type=1326 audit(1768232945.456:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21249 comm="syz.3.21962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64b7d2b829 code=0x7ffc0000 [ 1212.740629][ T30] audit: type=1326 audit(1768232945.456:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21249 comm="syz.3.21962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64b7d2b829 code=0x7ffc0000 [ 1212.765752][ T30] audit: type=1326 audit(1768232945.456:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21249 comm="syz.3.21962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64b7d2b829 code=0x7ffc0000 [ 1212.816398][T15023] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1212.851748][ T845] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 1212.900338][ T30] audit: type=1326 audit(1768232945.456:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21249 comm="syz.3.21962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64b7d2b829 code=0x7ffc0000 [ 1212.990056][ T30] audit: type=1326 audit(1768232945.456:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21249 comm="syz.3.21962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64b7d2b829 code=0x7ffc0000 [ 1213.026083][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1213.035871][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 1213.054644][ T9] usb 3-1: USB disconnect, device number 24 [ 1213.063803][ T30] audit: type=1326 audit(1768232945.456:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21249 comm="syz.3.21962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64b7d2b829 code=0x7ffc0000 [ 1213.163960][ T30] audit: type=1326 audit(1768232945.456:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21249 comm="syz.3.21962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64b7d8f749 code=0x7ffc0000 [ 1213.196113][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1213.254396][T21259] Invalid argument reading file caps for ./file0 [ 1213.271164][ T30] audit: type=1326 audit(1768232945.456:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21249 comm="syz.3.21962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64b7d2b829 code=0x7ffc0000 [ 1213.313066][T21235] adutux: No device or device unplugged -19 [ 1213.355204][T21257] syzkaller1: entered promiscuous mode [ 1213.365717][T21257] syzkaller1: entered allmulticast mode [ 1213.608919][T21270] loop7: detected capacity change from 0 to 7 [ 1213.646542][T21270] Dev loop7: unable to read RDB block 7 [ 1213.652198][T21270] loop7: AHDI p1 p2 p3 [ 1213.667571][T21270] loop7: partition table partially beyond EOD, truncated [ 1213.674917][T21270] loop7: p1 start 1702000233 is beyond EOD, truncated [ 1213.697071][T21270] loop7: p2 size 10240 extends beyond EOD, truncated [ 1213.820610][T25256] udevd[25256]: inotify_add_watch(7, /dev/loop7p2, 10) failed: No such file or directory [ 1214.067289][ T3532] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1214.543981][ T3532] tipc: Subscription rejected, illegal request [ 1214.710009][T21312] input: syz0 as /devices/virtual/input/input231 [ 1215.015875][ T5927] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1215.185654][ T5927] usb 2-1: Using ep0 maxpacket: 16 [ 1215.194900][ T5927] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1215.224038][ T5927] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1215.261484][ T5927] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1215.293065][ T5927] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1215.312064][ T5927] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1215.321632][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1215.330158][ T5927] usb 2-1: SerialNumber: syz [ 1215.340526][T32084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1215.344056][ T5927] hub 2-1:1.0: bad descriptor, ignoring hub [ 1215.349123][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1215.355274][ T5927] hub 2-1:1.0: probe with driver hub failed with error -5 [ 1215.374206][ T5927] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 1215.566026][ T9] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 1215.725709][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1215.733097][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1215.747187][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1215.759204][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1215.771630][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1215.782801][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1215.801108][ T9] usb 4-1: config 0 descriptor?? [ 1215.808540][T21331] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1215.820719][ T9] hub 4-1:0.0: USB hub found [ 1216.023186][ T9] hub 4-1:0.0: 1 port detected [ 1216.877550][ T9] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 1216.895109][ T845] usb 4-1: USB disconnect, device number 46 [ 1217.666630][ T845] hid_parser_main: 1221 callbacks suppressed [ 1217.666658][ T845] hid-generic 0000:0000:0000.00E1: unknown main item tag 0x0 [ 1217.702874][ T9] usb 2-1: USB disconnect, device number 25 [ 1217.733022][ T845] hid-generic 0000:0000:0000.00E1: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1218.769377][T21437] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.22040'. [ 1219.176466][ T3532] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1219.470294][T21467] input: syz0 as /devices/virtual/input/input232 [ 1220.376545][T21500] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.22063'. [ 1221.097909][ T2991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1221.106489][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1221.185896][ T5927] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 1221.365712][ T5927] usb 1-1: Using ep0 maxpacket: 8 [ 1221.387336][ T5927] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1221.433054][ T5927] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1221.482553][ T5927] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1221.513855][ T5927] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1221.554692][ T5927] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1221.588957][ T5927] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1221.606282][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1221.685783][ T5919] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 1221.874819][ T5919] usb 3-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1221.918962][ T5919] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1221.964577][ T5919] usb 3-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1221.991591][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1222.001764][ T5919] usb 3-1: Product: syz [ 1222.006332][ T5919] usb 3-1: Manufacturer: syz [ 1222.011349][ T5919] usb 3-1: SerialNumber: syz [ 1222.026352][ T5919] usb 3-1: config 0 descriptor?? [ 1222.040972][ T5919] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1222.426837][T21581] usbtmc 1-1:16.0: simple usb_control_msg returned 0 [ 1222.636875][T12349] usb 1-1: USB disconnect, device number 14 [ 1222.893618][T12349] usb 3-1: USB disconnect, device number 25 [ 1224.420586][T21654] loop6: detected capacity change from 0 to 1024 [ 1224.432508][T21654] buffer_io_error: 27 callbacks suppressed [ 1224.432527][T21654] Buffer I/O error on dev loop6, logical block 0, async page read [ 1224.450773][T21654] Buffer I/O error on dev loop6, logical block 0, async page read [ 1224.471029][T21654] Buffer I/O error on dev loop6, logical block 0, async page read [ 1224.497062][T21654] Buffer I/O error on dev loop6, logical block 0, async page read [ 1224.510656][T21654] Buffer I/O error on dev loop6, logical block 0, async page read [ 1224.518848][T21654] Buffer I/O error on dev loop6, logical block 0, async page read [ 1224.527011][T21654] Buffer I/O error on dev loop6, logical block 0, async page read [ 1224.535004][T21654] Buffer I/O error on dev loop6, logical block 0, async page read [ 1224.544348][T21654] ldm_validate_partition_table(): Disk read failed. [ 1224.552181][T21654] Buffer I/O error on dev loop6, logical block 0, async page read [ 1224.584983][T21654] Buffer I/O error on dev loop6, logical block 0, async page read [ 1224.622842][T21654] Dev loop6: unable to read RDB block 0 [ 1224.641436][T21654] loop6: unable to read partition table [ 1224.669193][T21654] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1224.909210][T21670] netlink: 72 bytes leftover after parsing attributes in process `syz.0.22118'. [ 1224.936646][ T2991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1225.088228][T12349] hid-generic 0003:0004:0000.00E2: unknown main item tag 0x0 [ 1225.102985][T12349] hid-generic 0003:0004:0000.00E2: unknown main item tag 0x0 [ 1225.113017][T12349] hid-generic 0003:0004:0000.00E2: unknown main item tag 0x0 [ 1225.132583][T12349] hid-generic 0003:0004:0000.00E2: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 1225.234998][T21686] fido_id[21686]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1225.945777][ T845] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1226.071444][T21721] netlink: 48 bytes leftover after parsing attributes in process `syz.1.22134'. [ 1226.125706][ T845] usb 3-1: Using ep0 maxpacket: 32 [ 1226.150872][ T845] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 1226.211674][ T845] usb 3-1: config 0 has no interface number 0 [ 1226.252231][ T845] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1226.305665][ T845] usb 3-1: config 0 interface 85 has no altsetting 0 [ 1226.349272][ T845] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1226.375989][ T845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1226.398164][ T845] usb 3-1: Product: syz [ 1226.402386][ T845] usb 3-1: Manufacturer: syz [ 1226.445286][ T845] usb 3-1: SerialNumber: syz [ 1226.478422][ T845] usb 3-1: config 0 descriptor?? [ 1226.857325][ T2991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1226.865912][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1226.898879][T21711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1226.916719][T21711] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1227.128851][ T845] appletouch 3-1:0.85: Geyser mode initialized. [ 1227.164273][ T845] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input233 [ 1227.418443][ T9] usb 3-1: USB disconnect, device number 26 [ 1227.547815][ T9] appletouch 3-1:0.85: input: appletouch disconnected [ 1227.757953][ T845] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 1227.926026][ T845] usb 1-1: Using ep0 maxpacket: 16 [ 1227.939596][ T845] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 1227.966205][ T845] usb 1-1: config 0 has no interface number 0 [ 1227.979617][ T845] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1227.997525][ T845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1228.006781][T21788] netlink: 207952 bytes leftover after parsing attributes in process `syz.2.22161'. [ 1228.017569][ T845] usb 1-1: Product: syz [ 1228.021783][ T845] usb 1-1: Manufacturer: syz [ 1228.035847][ T845] usb 1-1: SerialNumber: syz [ 1228.079490][ T845] usb 1-1: config 0 descriptor?? [ 1228.099844][ T845] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 1228.205071][ T30] kauditd_printk_skb: 193 callbacks suppressed [ 1228.205089][ T30] audit: type=1326 audit(1768232961.156:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21791 comm="syz.2.22163" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5a98b8f749 code=0x0 [ 1229.105121][ T845] gspca_spca1528: reg_w err -71 [ 1229.110185][ T9] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 1229.118154][ T845] spca1528 1-1:0.1: probe with driver spca1528 failed with error -71 [ 1229.132014][ T845] usb 1-1: USB disconnect, device number 15 [ 1229.277531][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1229.287974][T15023] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1229.297011][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1229.310971][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1229.320766][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1229.465822][T15023] usb 3-1: Using ep0 maxpacket: 8 [ 1229.472569][T15023] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1229.482942][T15023] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x11, changing to 0x1 [ 1229.494788][T15023] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 64 [ 1229.507807][T15023] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1229.517210][T15023] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1229.525325][T15023] usb 3-1: Product: syz [ 1229.529627][T15023] usb 3-1: Manufacturer: syz [ 1229.534279][T15023] usb 3-1: SerialNumber: syz [ 1229.543550][ T9] usb 2-1: usb_control_msg returned -32 [ 1229.543587][T21824] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 1229.552919][ T9] usbtmc 2-1:16.0: can't read capabilities [ 1230.585287][T15023] cdc_ncm 3-1:1.0: bind() failure [ 1230.667147][T15023] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 1230.695464][T15023] usb 3-1: USB disconnect, device number 27 [ 1230.714492][T15732] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1231.731899][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880592a9400: rx timeout, send abort [ 1231.744546][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880592a9400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 1231.794964][T21873] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1231.827585][ T9] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 1231.845746][T15023] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1231.879833][T30270] usb 2-1: USB disconnect, device number 26 [ 1231.985869][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1231.992917][ T9] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40 [ 1232.008670][T15023] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1232.024898][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1232.036025][T15023] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1232.049736][ T9] usb 4-1: config 0 descriptor?? [ 1232.065657][T15023] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 1232.102477][T15023] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1232.119484][T15023] usb 3-1: config 0 descriptor?? [ 1232.126105][ T5927] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 1232.293374][ T9] dvb-usb: found a 'Elgato EyeTV DTT' in warm state. [ 1232.293485][T21890] netlink: 8 bytes leftover after parsing attributes in process `syz.6.22206'. [ 1232.317178][T21891] netlink: 'syz.1.22207': attribute type 1 has an invalid length. [ 1232.323041][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1232.335333][T21891] netlink: 'syz.1.22207': attribute type 2 has an invalid length. [ 1232.348420][ T5927] usb 1-1: config 4 has an invalid interface number: 28 but max is 0 [ 1232.349048][ T9] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT) [ 1232.365231][ T5927] usb 1-1: config 4 has no interface number 0 [ 1232.366316][ T9] usb 4-1: media controller created [ 1232.374518][T21891] netlink: 'syz.1.22207': attribute type 1 has an invalid length. [ 1232.393113][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1232.396200][T21891] netlink: 'syz.1.22207': attribute type 3 has an invalid length. [ 1232.427763][ T5927] usb 1-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 1232.438990][ T5927] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1232.459108][ T5927] usb 1-1: Product: syz [ 1232.463359][ T5927] usb 1-1: Manufacturer: syz [ 1232.516569][ T5927] usb 1-1: SerialNumber: syz [ 1232.542710][ T5927] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:4.28/input/input234 [ 1232.579989][ T9] DVB: Unable to find symbol dib7000p_attach() [ 1232.599432][ T9] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT' [ 1232.618712][ T3532] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1232.627145][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1232.727976][ T9] rc_core: IR keymap rc-dib0700-rc5 not found [ 1232.742155][ T5189] bcm5974 1-1:4.28: could not read from device [ 1232.758050][ T9] Registered IR keymap rc-empty [ 1232.764713][ T9] dvb-usb: could not initialize remote control. [ 1232.774363][ T9] dvb-usb: Elgato EyeTV DTT successfully initialized and connected. [ 1232.784449][ T5189] bcm5974 1-1:4.28: could not read from device [ 1232.800698][ T5927] usb 1-1: USB disconnect, device number 16 [ 1232.829234][ T9] usb 4-1: USB disconnect, device number 47 [ 1232.926301][ T9] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected. [ 1232.974355][T15023] hid-led 0003:27B8:01ED.00E3: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.2-1/input0 [ 1233.000692][T12349] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1233.022766][T15023] hid-led 0003:27B8:01ED.00E3: ThingM blink(1) v1 initialized [ 1233.197077][T12349] usb 2-1: Using ep0 maxpacket: 8 [ 1233.205743][T12349] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 1233.221113][T12349] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 1233.231748][ T51] usb 3-1: USB disconnect, device number 28 [ 1233.238512][T12349] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1233.261972][T12349] usb 2-1: config 250 has no interface number 0 [ 1233.285761][T12349] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1233.316986][T12349] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1233.331069][T12349] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1233.350901][T12349] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1233.380633][T12349] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1233.395538][T12349] usb 2-1: config 250 interface 228 has no altsetting 0 [ 1233.404454][T12349] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1233.418278][T12349] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1233.426787][T12349] usb 2-1: Product: syz [ 1233.431663][T12349] usb 2-1: SerialNumber: syz [ 1233.444832][T12349] hub 2-1:250.228: bad descriptor, ignoring hub [ 1233.451413][T12349] hub 2-1:250.228: probe with driver hub failed with error -5 [ 1233.605828][ T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 1233.648323][T12349] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 27 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1233.758700][T21925] netlink: 'syz.3.22221': attribute type 4 has an invalid length. [ 1233.778070][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 1233.796889][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1233.820335][ T9] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1233.850122][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1233.861464][T12349] usb 2-1: reset high-speed USB device number 27 using dummy_hcd [ 1233.878079][ T9] usb 1-1: Product: syz [ 1233.888194][ T9] usb 1-1: Manufacturer: syz [ 1233.905778][ T9] usb 1-1: SerialNumber: syz [ 1233.924876][ T9] usb 1-1: config 0 descriptor?? [ 1234.312732][T21938] xt_hashlimit: size too large, truncated to 1048576 [ 1234.359216][ T9] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 1234.555034][T21945] netlink: 12 bytes leftover after parsing attributes in process `syz.3.22230'. [ 1234.566288][ T51] usb 2-1: USB disconnect, device number 27 [ 1234.582756][ T51] usblp0: removed [ 1235.006813][T15023] usb 1-1: USB disconnect, device number 17 [ 1235.028093][T21957] input: syz0 as /devices/virtual/input/input236 [ 1235.180743][ T30] audit: type=1326 audit(1768232968.136:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21961 comm="syz.3.22235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64b7d8f749 code=0x7ffc0000 [ 1235.231847][ T30] audit: type=1326 audit(1768232968.136:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21961 comm="syz.3.22235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64b7d8f749 code=0x7ffc0000 [ 1235.261758][ T30] audit: type=1326 audit(1768232968.136:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21961 comm="syz.3.22235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f64b7d8f749 code=0x7ffc0000 [ 1235.337950][ T30] audit: type=1326 audit(1768232968.166:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21961 comm="syz.3.22235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64b7d8f749 code=0x7ffc0000 [ 1235.367753][ T30] audit: type=1326 audit(1768232968.176:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21961 comm="syz.3.22235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64b7d8f749 code=0x7ffc0000 [ 1235.399699][ T30] audit: type=1326 audit(1768232968.186:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21961 comm="syz.3.22235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f64b7d8f749 code=0x7ffc0000 [ 1235.424293][ T30] audit: type=1326 audit(1768232968.186:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21961 comm="syz.3.22235" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f64b7d8f749 code=0x0 [ 1235.575331][T21977] pim6reg1: entered promiscuous mode [ 1235.583353][T21977] pim6reg1: entered allmulticast mode [ 1235.871146][T21994] syzkaller1: entered promiscuous mode [ 1235.884205][T21994] syzkaller1: entered allmulticast mode [ 1236.225734][T15023] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1236.419763][T15023] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1236.478930][T22018] netlink: 36 bytes leftover after parsing attributes in process `syz.3.22251'. [ 1236.479649][T15023] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1236.545682][T15023] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1236.608274][T15023] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1236.621411][ T51] hid-generic 0000:0000:0000.00E4: unknown main item tag 0x0 [ 1236.657215][T15023] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1236.658570][ T51] hid-generic 0000:0000:0000.00E4: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1236.708313][T15023] usb 3-1: config 0 descriptor?? [ 1237.190180][T15023] plantronics 0003:047F:FFFF.00E5: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1237.483701][ T51] usb 3-1: USB disconnect, device number 29 [ 1237.967249][ T51] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 1238.205613][ T51] usb 1-1: Using ep0 maxpacket: 32 [ 1238.231173][ T51] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1238.252569][ T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1238.317095][ T51] usb 1-1: config 0 descriptor?? [ 1238.567400][ T51] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1238.578585][ T51] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1238.589562][ T51] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1238.615861][ T51] usb 1-1: media controller created [ 1238.651712][ T51] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1238.769469][ T51] az6027: usb out operation failed. (-71) [ 1238.783131][ T51] az6027: usb out operation failed. (-71) [ 1238.795980][ T51] stb0899_attach: Driver disabled by Kconfig [ 1238.804307][ T51] az6027: no front-end attached [ 1238.804307][ T51] [ 1238.817245][ T51] az6027: usb out operation failed. (-71) [ 1238.825412][ T51] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1238.865116][ T51] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input237 [ 1238.928587][ T51] dvb-usb: schedule remote query interval to 400 msecs. [ 1238.947627][ T51] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1238.986094][ T51] usb 1-1: USB disconnect, device number 18 [ 1239.020102][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.026652][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.093401][ T51] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1239.705848][T22109] syzkaller1: entered promiscuous mode [ 1239.713184][T22109] syzkaller1: entered allmulticast mode [ 1240.424523][T22136] netlink: 7060 bytes leftover after parsing attributes in process `syz.0.22299'. [ 1240.650405][T22143] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.22301'. [ 1241.406237][ T51] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 1241.576243][ T51] usb 4-1: Using ep0 maxpacket: 32 [ 1241.589812][ T51] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1241.625678][ T51] usb 4-1: config 0 has no interface number 0 [ 1241.625686][T30270] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1241.686267][ T51] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 1241.728495][ T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1241.752735][ T51] usb 4-1: Product: syz [ 1241.765618][ T51] usb 4-1: Manufacturer: syz [ 1241.775757][T30270] usb 3-1: Using ep0 maxpacket: 16 [ 1241.788812][ T51] usb 4-1: SerialNumber: syz [ 1241.789268][T30270] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1241.815261][ T51] usb 4-1: config 0 descriptor?? [ 1241.817634][T30270] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1241.847017][T30270] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1241.848411][ T51] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 1241.868049][T30270] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1241.877977][ T51] usb 4-1: selecting invalid altsetting 1 [ 1241.887194][ T51] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 1241.901776][T30270] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1241.911291][T22183] netlink: 8 bytes leftover after parsing attributes in process `syz.0.22317'. [ 1241.927353][T30270] usb 3-1: Product: syz [ 1241.931559][T30270] usb 3-1: Manufacturer: syz [ 1241.937241][ T51] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1241.965633][T30270] usb 3-1: SerialNumber: syz [ 1241.968982][ T51] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 1241.992173][ T51] usb 4-1: media controller created [ 1242.020443][ T51] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1242.096852][ T51] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 1242.120111][ T51] zl10353_read_register: readreg error (reg=127, ret==-71) [ 1242.136527][ T51] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 1242.235797][T22189] input: syz0 as /devices/virtual/input/input238 [ 1242.289281][ T51] usb 4-1: USB disconnect, device number 48 [ 1242.315681][T12349] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 1242.411883][T30270] usb 3-1: 0:2 : does not exist [ 1242.438301][T22196] kvm: user requested TSC rate below hardware speed [ 1242.478473][T12349] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1242.490218][T12349] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1242.503015][T12349] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1242.525609][T12349] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1242.546365][T12349] usb 1-1: config 0 descriptor?? [ 1242.589858][T12349] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1242.602291][T12349] dvb-usb: bulk message failed: -22 (3/0) [ 1242.619295][T12349] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1242.629433][T12349] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1242.642773][T12349] usb 1-1: media controller created [ 1242.651532][T12349] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1242.693105][T12349] dvb-usb: bulk message failed: -22 (6/0) [ 1242.714353][T12349] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1242.737554][T12349] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input239 [ 1242.767880][T12349] dvb-usb: schedule remote query interval to 150 msecs. [ 1242.792825][T12349] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1242.945815][T12349] dvb-usb: bulk message failed: -22 (1/0) [ 1242.957932][T12349] dvb-usb: error while querying for an remote control event. [ 1242.993155][T12349] usb 1-1: USB disconnect, device number 19 [ 1243.005720][T15023] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1243.030382][T30270] usb 3-1: 1:0: failed to get current value for ch 0 (-22) [ 1243.049855][T12349] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1243.087798][T30270] usb 3-1: USB disconnect, device number 30 [ 1243.132285][T25256] udevd[25256]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1243.185875][T15023] usb 2-1: Using ep0 maxpacket: 8 [ 1243.196247][T15023] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1243.212115][T15023] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1243.222539][T15023] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1243.240246][T15023] usb 2-1: config 0 descriptor?? [ 1243.653813][T15023] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1243.758745][T22220] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22333'. [ 1243.866396][T22226] netlink: 'syz.2.22337': attribute type 29 has an invalid length. [ 1243.884217][T22226] netlink: 'syz.2.22337': attribute type 29 has an invalid length. [ 1243.887267][T15023] usb 2-1: USB disconnect, device number 28 [ 1243.897368][T22226] netlink: 500 bytes leftover after parsing attributes in process `syz.2.22337'. [ 1244.115672][T12349] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 1244.215887][T15023] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1244.281369][T12349] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 1244.294153][T12349] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1244.309921][T12349] usb 4-1: config 0 descriptor?? [ 1244.323064][T12349] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 1244.365677][T15023] usb 3-1: Using ep0 maxpacket: 8 [ 1244.374672][T15023] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 1244.383956][T15023] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1244.399195][T15023] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1244.409354][T22244] netlink: 16 bytes leftover after parsing attributes in process `syz.0.22344'. [ 1244.418886][T15023] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1244.442430][T15023] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1244.461875][T15023] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1244.484329][T15023] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1244.722507][T15023] usb 3-1: GET_CAPABILITIES returned 0 [ 1244.728945][T15023] usbtmc 3-1:16.0: can't read capabilities [ 1244.729310][T12349] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 1244.993188][T22233] usbtmc 3-1:16.0: INITIATE_CLEAR returned 0 [ 1245.035697][T15023] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 1245.202518][ T845] usb 3-1: USB disconnect, device number 31 [ 1245.213660][T15023] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 1245.224825][T15023] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1245.244579][T15023] usb 2-1: Product: syz [ 1245.253512][T15023] usb 2-1: Manufacturer: syz [ 1245.268200][T15023] usb 2-1: SerialNumber: syz [ 1245.337581][T12349] gspca_cpia1: usb_control_msg 05, error -71 [ 1245.352164][T12349] cpia1 4-1:0.0: unexpected systemstate: 00 [ 1245.376459][T12349] usb 4-1: USB disconnect, device number 49 [ 1245.585257][T15023] rtl8150 2-1:1.0: couldn't reset the device [ 1245.592308][T15023] rtl8150 2-1:1.0: probe with driver rtl8150 failed with error -5 [ 1245.609992][T15023] usb 2-1: USB disconnect, device number 29 [ 1246.826100][T15023] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1247.006379][T15023] usb 2-1: Using ep0 maxpacket: 8 [ 1247.015131][T15023] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1247.028888][T15023] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1247.049097][T15023] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1247.050179][ T30] audit: type=1326 audit(1768232980.006:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22309 comm="syz.0.22372" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5275d8f749 code=0x0 [ 1247.081327][T15023] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1247.101958][T15023] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1247.127971][T15023] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1247.147233][T15023] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1247.375129][T15023] usb 2-1: usb_control_msg returned -32 [ 1247.395868][T15023] usbtmc 2-1:16.0: can't read capabilities [ 1247.755848][T22336] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 1247.773128][T15023] usb 2-1: USB disconnect, device number 30 [ 1249.815696][ T845] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1249.985705][ T845] usb 3-1: Using ep0 maxpacket: 8 [ 1249.996504][ T845] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1250.015884][ T845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1250.024049][ T845] usb 3-1: Product: syz [ 1250.036207][T30270] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1250.062584][ T845] usb 3-1: Manufacturer: syz [ 1250.071065][ T845] usb 3-1: SerialNumber: syz [ 1250.089066][ T845] usb 3-1: config 0 descriptor?? [ 1250.108065][ T845] gspca_main: se401-2.14.0 probing 047d:5003 [ 1250.218074][T30270] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 1250.235893][T30270] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1250.265767][T30270] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1250.285695][T30270] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1250.315887][T30270] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1250.345726][T30270] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1250.354923][T30270] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1250.407142][T30270] usb 2-1: config 0 descriptor?? [ 1250.412859][T22393] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 1250.508194][ T845] gspca_se401: ExtraFeatures: 79 [ 1250.513210][ T845] gspca_se401: Frame size: 0x0 1/16th janggu [ 1250.719684][ T845] input: se401 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input240 [ 1250.796640][ T845] usb 3-1: USB disconnect, device number 32 [ 1250.866321][T30270] plantronics 0003:047F:FFFF.00E6: reserved main item tag 0xd [ 1250.912791][T30270] plantronics 0003:047F:FFFF.00E6: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1251.138571][ T845] usb 2-1: USB disconnect, device number 31 [ 1251.412623][T22407] : renamed from vlan0 (while UP) [ 1251.693453][T22426] input: syz1 as /devices/virtual/input/input242 [ 1252.848449][T12349] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 1253.025672][T12349] usb 4-1: Using ep0 maxpacket: 16 [ 1253.042539][T12349] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1253.066702][T12349] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1253.089400][T12349] usb 4-1: config 0 descriptor?? [ 1253.117582][T12349] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1253.203309][ T30] audit: type=1800 audit(1768232986.156:1320): pid=22477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.22436" name="SYSV00000000" dev="hugetlbfs" ino=6 res=0 errno=0 [ 1253.367559][T22487] batadv_slave_1: entered promiscuous mode [ 1253.388845][T22485] batadv_slave_1: left promiscuous mode [ 1253.556032][ T845] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1253.571696][T22499] netlink: 16 bytes leftover after parsing attributes in process `syz.1.22447'. [ 1253.583735][T22499] netlink: 16 bytes leftover after parsing attributes in process `syz.1.22447'. [ 1253.718806][ T845] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1253.730557][ T845] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1253.744775][ T845] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 1253.754182][ T845] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1253.776926][ T845] usb 3-1: config 0 descriptor?? [ 1253.923130][T22506] netlink: 28 bytes leftover after parsing attributes in process `syz.1.22450'. [ 1253.934363][T22506] netlink: 'syz.1.22450': attribute type 7 has an invalid length. [ 1253.943979][T22506] netlink: 'syz.1.22450': attribute type 8 has an invalid length. [ 1253.952383][T22506] netlink: 4 bytes leftover after parsing attributes in process `syz.1.22450'. [ 1254.135264][T12349] usb 4-1: USB disconnect, device number 50 [ 1254.222592][ T845] hid-steam 0003:28DE:1142.00E7: unknown main item tag 0x0 [ 1254.253414][ T845] hid-steam 0003:28DE:1142.00E7: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0 [ 1254.332691][ T845] hid-steam 0003:28DE:1142.00E7: Steam wireless receiver connected [ 1254.358670][ T845] hid-steam 0003:28DE:1142.00E7: No HID_FEATURE_REPORT submitted - nothing to read [ 1254.390877][ T845] hid-steam 0003:28DE:1142.00E8: unknown main item tag 0x0 [ 1254.462936][ T845] hid-steam 0003:28DE:1142.00E8: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0 [ 1254.522106][T22512] IPVS: You probably need to specify IP address on multicast interface. [ 1254.538298][T22512] IPVS: Error connecting to the multicast addr [ 1254.892944][T12349] usb 3-1: USB disconnect, device number 33 [ 1254.944350][T12349] hid-steam 0003:28DE:1142.00E7: Steam wireless receiver disconnected [ 1255.108119][ T845] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 1255.209245][T22547] netlink: 212336 bytes leftover after parsing attributes in process `syz.3.22467'. [ 1255.275760][ T845] usb 2-1: Using ep0 maxpacket: 16 [ 1255.282914][ T845] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 1255.292128][ T845] usb 2-1: config 0 has no interface number 0 [ 1255.299447][ T845] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1255.309651][ T845] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1255.320158][ T845] usb 2-1: config 0 interface 41 has no altsetting 0 [ 1255.329866][ T845] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 1255.343318][ T845] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1255.355396][ T845] usb 2-1: Product: syz [ 1255.360341][ T845] usb 2-1: Manufacturer: syz [ 1255.365127][ T845] usb 2-1: SerialNumber: syz [ 1255.378584][ T845] usb 2-1: config 0 descriptor?? [ 1255.384551][T22534] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1255.392170][T22534] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1255.419361][T22552] binder: 22551:22552 ioctl c0306201 200000000540 returned -14 [ 1255.645204][T22534] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1255.664737][T22534] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1256.040139][T22571] batadv_slave_0: entered promiscuous mode [ 1256.068209][T22570] batadv_slave_0: left promiscuous mode [ 1256.101114][ T845] Error reading MAC address [ 1256.111217][T22534] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1256.131201][T22534] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1256.350184][ T845] sr9700 2-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address [ 1256.366346][ T845] usb 2-1: USB disconnect, device number 32 [ 1257.226054][T12349] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 1257.259612][ T30] audit: type=1326 audit(1768232990.216:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22607 comm="syz.2.22494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a98b8f749 code=0x7ffc0000 [ 1257.283502][ T30] audit: type=1326 audit(1768232990.246:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22607 comm="syz.2.22494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a98b8f749 code=0x7ffc0000 [ 1257.326166][ T30] audit: type=1326 audit(1768232990.266:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22607 comm="syz.2.22494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f5a98b8f749 code=0x7ffc0000 [ 1257.362338][ T30] audit: type=1326 audit(1768232990.266:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22607 comm="syz.2.22494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a98b8f749 code=0x7ffc0000 [ 1257.393993][ T30] audit: type=1326 audit(1768232990.266:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22607 comm="syz.2.22494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a98b8f749 code=0x7ffc0000 [ 1257.416855][T12349] usb 2-1: Using ep0 maxpacket: 8 [ 1257.455509][T12349] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1257.485099][T12349] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1257.503271][T12349] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1257.521798][ T30] audit: type=1326 audit(1768232990.266:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22607 comm="syz.2.22494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f5a98b8f749 code=0x7ffc0000 [ 1257.549944][T12349] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1257.581064][T12349] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1257.606830][ T30] audit: type=1326 audit(1768232990.376:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22607 comm="syz.2.22494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a98b8f749 code=0x7ffc0000 [ 1257.645660][T12349] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1257.656615][T12349] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1257.666391][ T30] audit: type=1326 audit(1768232990.376:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22607 comm="syz.2.22494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a98b8f749 code=0x7ffc0000 [ 1257.903550][T12349] usb 2-1: usb_control_msg returned -32 [ 1257.914161][T12349] usbtmc 2-1:16.0: can't read capabilities [ 1258.260155][T22642] usbtmc 2-1:16.0: INITIATE_ABORT_BULK_OUT returned 0 [ 1258.462265][ T845] usb 2-1: USB disconnect, device number 33 [ 1259.146169][T12349] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1259.307254][T12349] usb 3-1: Using ep0 maxpacket: 8 [ 1259.327066][T12349] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 1259.348289][T12349] usb 3-1: config 179 has no interface number 0 [ 1259.354654][T12349] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1259.385265][T12349] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1259.413873][T12349] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1259.429563][T12349] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 1259.441963][T12349] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1259.456637][T12349] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1259.469887][T12349] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1259.491125][T22655] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1259.704167][T22690] syzkaller1: entered promiscuous mode [ 1259.709974][T22690] syzkaller1: entered allmulticast mode [ 1259.795514][T12349] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input243 [ 1259.815830][T30270] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 1259.976089][T30270] usb 2-1: Using ep0 maxpacket: 32 [ 1259.993882][T30270] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1260.018053][ T845] usb 3-1: USB disconnect, device number 34 [ 1260.018093][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1260.033043][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1260.033567][T30270] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1260.059240][T22695] netlink: 136 bytes leftover after parsing attributes in process `syz.0.22531'. [ 1260.072509][T30270] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1260.098161][T22695] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1260.119502][T30270] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 1260.147299][T30270] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1260.169810][T30270] usb 2-1: config 0 descriptor?? [ 1260.646555][T30270] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.00E9/input/input244 [ 1260.752606][T30270] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.00E9/input/input245 [ 1260.835129][T30270] kye 0003:0458:5011.00E9: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0 [ 1260.907813][T30270] usb 2-1: USB disconnect, device number 34 [ 1261.002735][T22721] fido_id[22721]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 1261.701633][T22737] netlink: 28 bytes leftover after parsing attributes in process `syz.6.22548'. [ 1262.003788][T22741] netlink: 'syz.6.22550': attribute type 1 has an invalid length. [ 1262.059925][T22741] netlink: 'syz.6.22550': attribute type 2 has an invalid length. [ 1262.428815][T22754] kAFS: unable to lookup cell ' [ 1262.428815][T22754] $)-.ײfYǝa2s [ 1262.428815][T22754] ' [ 1263.261658][T30270] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 1263.437493][T30270] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1263.448096][T30270] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1263.460424][T30270] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1263.473238][T30270] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 1263.490051][T30270] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 1263.504178][T30270] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1263.523215][T30270] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1263.534385][T30270] usb 2-1: Product: syz [ 1263.538903][T30270] usb 2-1: Manufacturer: syz [ 1263.552908][T30270] cdc_wdm 2-1:1.0: skipping garbage [ 1263.555713][T12349] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 1263.558886][T30270] cdc_wdm 2-1:1.0: skipping garbage [ 1263.572803][T30270] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 1263.579126][T30270] cdc_wdm 2-1:1.0: Unknown control protocol [ 1263.716902][T12349] usb 1-1: Using ep0 maxpacket: 16 [ 1263.739255][T12349] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1263.750570][T12349] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1263.761041][T12349] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1263.772657][T12349] usb 1-1: config 0 descriptor?? [ 1264.197670][T12349] mcp2221 0003:04D8:00DD.00EA: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 1264.421693][ T5927] usb 1-1: USB disconnect, device number 20 [ 1264.575149][T12349] usb 2-1: USB disconnect, device number 35 [ 1264.851124][T22815] delete_channel: no stack [ 1265.804900][T22868] netlink: 'syz.1.22605': attribute type 17 has an invalid length. [ 1265.813942][T22868] netlink: 4 bytes leftover after parsing attributes in process `syz.1.22605'. [ 1265.823868][T22868] netlink: 28 bytes leftover after parsing attributes in process `syz.1.22605'. [ 1265.855868][T30270] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 1265.912474][ T30] audit: type=1326 audit(1768232998.866:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22871 comm="syz.1.22608" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f83d298f749 code=0x0 [ 1266.028124][T30270] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1266.039328][T30270] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1266.050128][T30270] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1266.063213][T30270] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1266.072348][T30270] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1266.082112][T30270] usb 1-1: config 0 descriptor?? [ 1266.264384][T22876] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 1266.280157][ T845] IPVS: starting estimator thread 0... [ 1266.405858][T22878] IPVS: using max 34 ests per chain, 81600 per kthread [ 1266.525282][T30270] plantronics 0003:047F:FFFF.00EB: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1266.792448][T30270] usb 1-1: USB disconnect, device number 21 [ 1266.858582][T22894] tap0: tun_chr_ioctl cmd 1074025677 [ 1266.864458][T22894] tap0: linktype set to 774 [ 1266.872483][T22894] tap0: tun_chr_ioctl cmd 1074025672 [ 1266.879729][T22894] tap0: ignored: set checksum enabled [ 1267.720829][T22927] vlan2: entered allmulticast mode [ 1267.727863][T22927] bridge0: port 3(vlan2) entered blocking state [ 1267.734735][T22927] bridge0: port 3(vlan2) entered disabled state [ 1267.746058][T22927] vlan2: entered promiscuous mode [ 1267.786107][T30270] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1267.985837][T30270] usb 1-1: Using ep0 maxpacket: 16 [ 1267.999616][T30270] usb 1-1: New USB device found, idVendor=05ac, idProduct=0241, bcdDevice= 0.00 [ 1268.026331][T30270] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1268.045496][T30270] usb 1-1: config 0 descriptor?? [ 1268.062961][T30270] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input247 [ 1268.481406][ T5189] bcm5974 1-1:0.0: could not read from device [ 1268.522298][ T5189] bcm5974 1-1:0.0: could not read from device [ 1268.544714][T30270] usb 1-1: USB disconnect, device number 22 [ 1268.795884][T15023] usb 4-1: new full-speed USB device number 51 using dummy_hcd [ 1268.957667][T15023] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1268.976882][T15023] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1269.000852][T15023] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1269.021440][T15023] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1269.039649][T15023] usb 4-1: config 0 descriptor?? [ 1269.055265][T15023] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1269.067054][T15023] dvb-usb: bulk message failed: -22 (3/0) [ 1269.078383][T15023] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1269.095015][T15023] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1269.104514][T15023] usb 4-1: media controller created [ 1269.111901][T15023] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1269.133091][T15023] dvb-usb: bulk message failed: -22 (6/0) [ 1269.142453][T15023] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1269.156218][T15023] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input248 [ 1269.171649][T15023] dvb-usb: schedule remote query interval to 150 msecs. [ 1269.179276][T30270] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 1269.187800][T22969] netlink: 12 bytes leftover after parsing attributes in process `syz.2.22649'. [ 1269.199123][T15023] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1269.280100][T15023] usb 4-1: USB disconnect, device number 51 [ 1269.312031][T15023] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1269.319120][ T51] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 1269.355730][T30270] usb 1-1: Using ep0 maxpacket: 32 [ 1269.363419][T30270] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 1269.372841][T30270] usb 1-1: config 0 has no interface number 0 [ 1269.379088][T30270] usb 1-1: config 0 interface 12 has no altsetting 0 [ 1269.388093][T30270] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1269.397468][T30270] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1269.405521][T30270] usb 1-1: Product: syz [ 1269.409763][T30270] usb 1-1: Manufacturer: syz [ 1269.414377][T30270] usb 1-1: SerialNumber: syz [ 1269.423755][T30270] usb 1-1: config 0 descriptor?? [ 1269.475672][ T51] usb 2-1: Using ep0 maxpacket: 32 [ 1269.488722][ T51] usb 2-1: config 0 has an invalid interface number: 151 but max is 0 [ 1269.510263][ T51] usb 2-1: config 0 has no interface number 0 [ 1269.520225][ T51] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 1269.532318][ T51] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1269.540935][ T51] usb 2-1: Product: syz [ 1269.545210][ T51] usb 2-1: Manufacturer: syz [ 1269.551434][ T51] usb 2-1: SerialNumber: syz [ 1269.578314][ T51] usb 2-1: config 0 descriptor?? [ 1269.792348][ T51] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1269.822862][ T51] usb 2-1: USB disconnect, device number 36 [ 1269.879335][T25132] udevd[25132]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1270.205658][T12349] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 1270.357057][T12349] usb 4-1: Using ep0 maxpacket: 16 [ 1270.377535][T12349] usb 4-1: config 4 has an invalid interface number: 51 but max is 0 [ 1270.390323][T12349] usb 4-1: config 4 has no interface number 0 [ 1270.401249][T12349] usb 4-1: config 4 interface 51 has no altsetting 0 [ 1270.411807][T12349] usb 4-1: New USB device found, idVendor=0409, idProduct=0063, bcdDevice=83.4b [ 1270.421226][T12349] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1270.443396][T12349] usb 4-1: Product: syz [ 1270.446021][T30270] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 1270.456185][T12349] usb 4-1: Manufacturer: syz [ 1270.458439][T30270] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 1270.464638][T12349] usb 4-1: SerialNumber: syz [ 1270.474740][T30270] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1270.488327][T12349] upd78f0730 4-1:4.51: upd78f0730 converter detected [ 1270.489988][T30270] f81534 1-1:0.12: probe with driver f81534 failed with error -71 [ 1270.502663][T12349] usb 4-1: upd78f0730 converter now attached to ttyUSB0 [ 1270.513921][T30270] usb 1-1: USB disconnect, device number 23 [ 1270.705515][ T51] usb 4-1: USB disconnect, device number 52 [ 1270.712026][T12349] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 1270.731905][ T51] upd78f0730 ttyUSB0: upd78f0730 converter now disconnected from ttyUSB0 [ 1270.742926][ T51] upd78f0730 4-1:4.51: device disconnected [ 1270.875794][T12349] usb 2-1: Using ep0 maxpacket: 8 [ 1270.888526][T12349] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1270.899745][T12349] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1270.918622][T12349] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 1270.945629][T12349] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1270.966040][T12349] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1270.988706][T12349] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1271.000439][T12349] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1271.229360][T12349] usb 2-1: GET_CAPABILITIES returned 0 [ 1271.234904][T12349] usbtmc 2-1:16.0: can't read capabilities [ 1271.482727][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1271.508568][ T845] usb 2-1: USB disconnect, device number 37 [ 1272.645907][T12349] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1272.815938][T12349] usb 4-1: Using ep0 maxpacket: 8 [ 1272.833019][T12349] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1272.873071][T12349] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1272.906965][T12349] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1272.938292][T12349] usb 4-1: config 0 descriptor?? [ 1273.191165][T12349] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1273.272037][T23086] bond0: entered promiscuous mode [ 1273.284946][T23086] bond_slave_0: entered promiscuous mode [ 1273.299998][T23086] bond_slave_1: entered promiscuous mode [ 1273.319006][T23086] batadv0: entered promiscuous mode [ 1273.325218][T23086] debugfs: 'hsr1' already exists in 'hsr' [ 1273.333835][T23086] Cannot create hsr debugfs directory [ 1273.341855][T23086] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 1273.355704][T23086] bond0: left promiscuous mode [ 1273.360640][T23086] bond_slave_0: left promiscuous mode [ 1273.366864][T23086] bond_slave_1: left promiscuous mode [ 1273.376783][T23086] batadv0: left promiscuous mode [ 1273.752252][ T845] usb 4-1: USB disconnect, device number 53 [ 1274.029758][T23108] loop3: detected capacity change from 0 to 7 [ 1274.041632][T23108] Dev loop3: unable to read RDB block 7 [ 1274.057232][T23108] loop3: unable to read partition table [ 1274.069246][T23108] loop3: partition table beyond EOD, truncated [ 1274.087134][T23108] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 1275.083522][T23132] netlink: 8 bytes leftover after parsing attributes in process `syz.1.22715'. [ 1275.093780][T23132] netlink: 'syz.1.22715': attribute type 5 has an invalid length. [ 1275.103941][T23132] netlink: 28 bytes leftover after parsing attributes in process `syz.1.22715'. [ 1275.118878][T23132] geneve0: entered promiscuous mode [ 1275.124250][T23132] geneve0: entered allmulticast mode [ 1275.392513][T23151] syzkaller1: entered promiscuous mode [ 1275.400419][T23151] syzkaller1: entered allmulticast mode [ 1276.171185][ T1149] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1276.415282][ T1149] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1276.498071][ T30] audit: type=1800 audit(1768233009.456:1330): pid=23181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.22739" name="SYSV00000000" dev="tmpfs" ino=7 res=0 errno=0 [ 1276.571498][ T1149] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1276.576604][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1276.596919][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1276.606239][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1276.614309][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1276.622514][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1276.812605][ T1149] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1277.346835][ T1149] bridge_slave_0: left allmulticast mode [ 1277.358708][ T1149] bridge_slave_0: left promiscuous mode [ 1277.364659][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 1277.575810][T30270] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 1277.680517][T23207] IPVS: set_ctl: invalid protocol: 255 224.0.0.2:20000 [ 1277.736674][T30270] usb 2-1: Using ep0 maxpacket: 16 [ 1277.790938][T30270] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 1277.801913][T30270] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1277.811178][T30270] usb 2-1: Product: syz [ 1277.827040][T30270] usb 2-1: Manufacturer: syz [ 1277.832263][T30270] usb 2-1: SerialNumber: syz [ 1277.866270][T30270] usb 2-1: config 0 descriptor?? [ 1277.887872][T30270] ums-onetouch 2-1:0.0: USB Mass Storage device detected [ 1278.124663][T12349] usb 2-1: USB disconnect, device number 39 [ 1278.281059][ T1149] batman_adv: batadv0: Removing interface: macvlan2 [ 1278.309484][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1278.339217][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1278.356507][ T1149] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 1278.369156][ T1149] bond0 (unregistering): Released all slaves [ 1278.697257][ T5838] Bluetooth: hci0: command tx timeout [ 1278.786322][T23225] syzkaller1: entered promiscuous mode [ 1278.796091][T23225] syzkaller1: entered allmulticast mode [ 1279.048168][T12349] hid-generic 0000:0000:0000.00EC: unknown main item tag 0x0 [ 1279.094038][T12349] hid-generic 0000:0000:0000.00EC: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1279.266664][T23188] chnl_net:caif_netlink_parms(): no params data found [ 1279.488026][ T1149] hsr_slave_0: left promiscuous mode [ 1279.508660][ T1149] hsr_slave_1: left promiscuous mode [ 1279.514954][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1279.523420][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1279.532616][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1279.540578][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1279.567799][ T1149] veth1_vlan: left allmulticast mode [ 1279.573531][ T1149] veth1_macvtap: left promiscuous mode [ 1279.579361][ T1149] veth0_macvtap: left promiscuous mode [ 1279.585103][ T1149] veth1_vlan: left promiscuous mode [ 1279.590600][ T1149] veth0_vlan: left promiscuous mode [ 1279.605799][T12349] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1279.803319][T12349] usb 2-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 1279.813248][T12349] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1279.829188][T12349] usb 2-1: config 0 descriptor?? [ 1280.259311][T12349] hackrf 2-1:0.0: Board ID: 00 [ 1280.264238][T12349] hackrf 2-1:0.0: Firmware version: [ 1280.315093][T12349] hackrf 2-1:0.0: Registered as swradio24 [ 1280.345971][T12349] videodev: could not get a free minor [ 1280.351568][T12349] hackrf 2-1:0.0: Failed to register as video device (-23) [ 1280.380356][T12349] hackrf 2-1:0.0: probe with driver hackrf failed with error -23 [ 1280.396394][T23269] ================================================================== [ 1280.404574][T23269] BUG: KASAN: slab-use-after-free in __video_do_ioctl+0x47f/0xc10 [ 1280.412395][T23269] Read of size 8 at addr ffff88808419c5c8 by task v4l_id/23269 [ 1280.420121][T23269] [ 1280.422443][T23269] CPU: 0 UID: 0 PID: 23269 Comm: v4l_id Tainted: G L syzkaller #0 PREEMPT(full) [ 1280.422463][T23269] Tainted: [L]=SOFTLOCKUP [ 1280.422469][T23269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1280.422478][T23269] Call Trace: [ 1280.422488][T23269] [ 1280.422496][T23269] dump_stack_lvl+0xe8/0x150 [ 1280.422519][T23269] print_report+0xca/0x240 [ 1280.422534][T23269] ? __video_do_ioctl+0x47f/0xc10 [ 1280.422548][T23269] kasan_report+0x118/0x150 [ 1280.422566][T23269] ? __video_do_ioctl+0x47f/0xc10 [ 1280.422581][T23269] kasan_check_range+0x2b0/0x2c0 [ 1280.422598][T23269] __video_do_ioctl+0x47f/0xc10 [ 1280.422614][T23269] ? __pfx___video_do_ioctl+0x10/0x10 [ 1280.422626][T23269] ? do_vfs_ioctl+0xbe8/0x1430 [ 1280.422640][T23269] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1280.422654][T23269] video_usercopy+0x82a/0x13f0 [ 1280.422670][T23269] ? __pfx___video_do_ioctl+0x10/0x10 [ 1280.422684][T23269] ? __pfx_video_usercopy+0x10/0x10 [ 1280.422701][T23269] ? __pfx_do_sys_openat2+0x10/0x10 [ 1280.422718][T23269] ? exc_page_fault+0x71/0xd0 [ 1280.422734][T23269] v4l2_ioctl+0x18d/0x1e0 [ 1280.422747][T23269] ? __pfx_v4l2_ioctl+0x10/0x10 [ 1280.422759][T23269] __se_sys_ioctl+0xfc/0x170 [ 1280.422784][T23269] do_syscall_64+0xec/0xf80 [ 1280.422800][T23269] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1280.422814][T23269] ? trace_irq_disable+0x37/0x100 [ 1280.422832][T23269] ? clear_bhb_loop+0x60/0xb0 [ 1280.422847][T23269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1280.422861][T23269] RIP: 0033:0x7f6887d1d378 [ 1280.422876][T23269] Code: 00 00 48 8d 44 24 08 48 89 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 b8 10 00 00 00 c7 44 24 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 07 89 d0 c3 0f 1f 40 00 48 8b 15 49 3a 0d [ 1280.422888][T23269] RSP: 002b:00007fffd3d8de28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1280.422904][T23269] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f6887d1d378 [ 1280.422915][T23269] RDX: 00007fffd3d8de30 RSI: 0000000080685600 RDI: 0000000000000003 [ 1280.422925][T23269] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 1280.422933][T23269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1280.422942][T23269] R13: 00007fffd3d8dfe0 R14: 00007f68885a1000 R15: 00005583d3b834d8 [ 1280.422958][T23269] [ 1280.422963][T23269] [ 1280.645622][T23269] Allocated by task 12349: [ 1280.650023][T23269] kasan_save_track+0x3e/0x80 [ 1280.654684][T23269] __kasan_kmalloc+0x93/0xb0 [ 1280.659436][T23269] __kmalloc_cache_noprof+0x3e2/0x700 [ 1280.664794][T23269] hackrf_probe+0xda/0x1390 [ 1280.669282][T23269] usb_probe_interface+0x668/0xc90 [ 1280.674389][T23269] really_probe+0x26d/0xad0 [ 1280.678899][T23269] __driver_probe_device+0x18c/0x320 [ 1280.684354][T23269] driver_probe_device+0x4f/0x240 [ 1280.689381][T23269] __device_attach_driver+0x279/0x430 [ 1280.694751][T23269] bus_for_each_drv+0x251/0x2e0 [ 1280.699595][T23269] __device_attach+0x2b8/0x430 [ 1280.704347][T23269] device_initial_probe+0xa1/0xd0 [ 1280.709363][T23269] bus_probe_device+0x12a/0x220 [ 1280.714406][T23269] device_add+0x7b6/0xb80 [ 1280.719054][T23269] usb_set_configuration+0x1a87/0x2110 [ 1280.724628][T23269] usb_generic_driver_probe+0x8d/0x150 [ 1280.730079][T23269] usb_probe_device+0x1c4/0x3c0 [ 1280.734930][T23269] really_probe+0x26d/0xad0 [ 1280.739421][T23269] __driver_probe_device+0x18c/0x320 [ 1280.744692][T23269] driver_probe_device+0x4f/0x240 [ 1280.749702][T23269] __device_attach_driver+0x279/0x430 [ 1280.755061][T23269] bus_for_each_drv+0x251/0x2e0 [ 1280.759896][T23269] __device_attach+0x2b8/0x430 [ 1280.764653][T23269] device_initial_probe+0xa1/0xd0 [ 1280.769667][T23269] bus_probe_device+0x12a/0x220 [ 1280.774591][T23269] device_add+0x7b6/0xb80 [ 1280.778902][T23269] usb_new_device+0xa39/0x1720 [ 1280.783734][T23269] hub_event+0x29b1/0x4ef0 [ 1280.788133][T23269] process_scheduled_works+0xad1/0x1770 [ 1280.793662][T23269] worker_thread+0x8a0/0xda0 [ 1280.798240][T23269] kthread+0x711/0x8a0 [ 1280.802296][T23269] ret_from_fork+0x510/0xa50 [ 1280.806957][T23269] ret_from_fork_asm+0x1a/0x30 [ 1280.811981][T23269] [ 1280.814289][T23269] Freed by task 12349: [ 1280.818334][T23269] kasan_save_track+0x3e/0x80 [ 1280.822999][T23269] kasan_save_free_info+0x46/0x50 [ 1280.828044][T23269] __kasan_slab_free+0x5c/0x80 [ 1280.833059][T23269] kfree+0x1c0/0x660 [ 1280.836954][T23269] hackrf_probe+0xd98/0x1390 [ 1280.841530][T23269] usb_probe_interface+0x668/0xc90 [ 1280.846628][T23269] really_probe+0x26d/0xad0 [ 1280.851111][T23269] __driver_probe_device+0x18c/0x320 [ 1280.856554][T23269] driver_probe_device+0x4f/0x240 [ 1280.861736][T23269] __device_attach_driver+0x279/0x430 [ 1280.867190][T23269] bus_for_each_drv+0x251/0x2e0 [ 1280.872421][T23269] __device_attach+0x2b8/0x430 [ 1280.877186][T23269] device_initial_probe+0xa1/0xd0 [ 1280.882222][T23269] bus_probe_device+0x12a/0x220 [ 1280.887082][T23269] device_add+0x7b6/0xb80 [ 1280.891407][T23269] usb_set_configuration+0x1a87/0x2110 [ 1280.896948][T23269] usb_generic_driver_probe+0x8d/0x150 [ 1280.902502][T23269] usb_probe_device+0x1c4/0x3c0 [ 1280.907372][T23269] really_probe+0x26d/0xad0 [ 1280.911897][T23269] __driver_probe_device+0x18c/0x320 [ 1280.917219][T23269] driver_probe_device+0x4f/0x240 [ 1280.922251][T23269] __device_attach_driver+0x279/0x430 [ 1280.927620][T23269] bus_for_each_drv+0x251/0x2e0 [ 1280.932467][T23269] __device_attach+0x2b8/0x430 [ 1280.937235][T23269] device_initial_probe+0xa1/0xd0 [ 1280.942242][T23269] bus_probe_device+0x12a/0x220 [ 1280.947079][T23269] device_add+0x7b6/0xb80 [ 1280.951397][T23269] usb_new_device+0xa39/0x1720 [ 1280.956143][T23269] hub_event+0x29b1/0x4ef0 [ 1280.960545][T23269] process_scheduled_works+0xad1/0x1770 [ 1280.966160][T23269] worker_thread+0x8a0/0xda0 [ 1280.970759][T23269] kthread+0x711/0x8a0 [ 1280.974847][T23269] ret_from_fork+0x510/0xa50 [ 1280.979450][T23269] ret_from_fork_asm+0x1a/0x30 [ 1280.984264][T23269] [ 1280.986676][T23269] The buggy address belongs to the object at ffff88808419c000 [ 1280.986676][T23269] which belongs to the cache kmalloc-8k of size 8192 [ 1281.000726][T23269] The buggy address is located 1480 bytes inside of [ 1281.000726][T23269] freed 8192-byte region [ffff88808419c000, ffff88808419e000) [ 1281.014991][T23269] [ 1281.017576][T23269] The buggy address belongs to the physical page: [ 1281.024263][T23269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x84198 [ 1281.033019][T23269] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1281.041501][T23269] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1281.049044][T23269] page_type: f5(slab) [ 1281.053031][T23269] raw: 00fff00000000040 ffff88813ffa7280 dead000000000122 0000000000000000 [ 1281.061618][T23269] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 1281.070387][T23269] head: 00fff00000000040 ffff88813ffa7280 dead000000000122 0000000000000000 [ 1281.079243][T23269] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 1281.087921][T23269] head: 00fff00000000003 ffffea0002106601 00000000ffffffff 00000000ffffffff [ 1281.096600][T23269] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1281.105265][T23269] page dumped because: kasan: bad access detected [ 1281.111688][T23269] page_owner tracks the page as allocated [ 1281.117400][T23269] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 23262, tgid 23245 (syz.3.22760), ts 1279483459495, free_ts 1279465303059 [ 1281.139291][T23269] post_alloc_hook+0x234/0x290 [ 1281.144134][T23269] get_page_from_freelist+0x24e0/0x2580 [ 1281.149669][T23269] __alloc_frozen_pages_noprof+0x181/0x370 [ 1281.155496][T23269] alloc_pages_mpol+0x232/0x4a0 [ 1281.160510][T23269] allocate_slab+0x86/0x3b0 [ 1281.165002][T23269] ___slab_alloc+0xe53/0x1820 [ 1281.169754][T23269] __slab_alloc+0x65/0x100 [ 1281.174242][T23269] __kmalloc_cache_noprof+0x41e/0x700 [ 1281.179622][T23269] uhid_queue_event+0x56/0x280 [ 1281.184392][T23269] hid_hw_open+0xe9/0x1f0 [ 1281.188722][T23269] hidraw_open+0x295/0x8b0 [ 1281.193297][T23269] chrdev_open+0x4cc/0x5e0 [ 1281.197700][T23269] do_dentry_open+0x7ce/0x1420 [ 1281.202629][T23269] vfs_open+0x3b/0x340 [ 1281.206732][T23269] path_openat+0x340e/0x3dd0 [ 1281.211321][T23269] do_filp_open+0x1fa/0x410 [ 1281.215900][T23269] page last free pid 23259 tgid 23259 stack trace: [ 1281.222383][T23269] __free_frozen_pages+0xbc8/0xd30 [ 1281.227581][T23269] __put_partials+0x146/0x170 [ 1281.232244][T23269] __slab_free+0x294/0x320 [ 1281.236663][T23269] qlist_free_all+0x97/0x100 [ 1281.241330][T23269] kasan_quarantine_reduce+0x148/0x160 [ 1281.246770][T23269] __kasan_slab_alloc+0x22/0x80 [ 1281.251606][T23269] kmem_cache_alloc_noprof+0x37d/0x710 [ 1281.257145][T23269] getname_flags+0xb8/0x540 [ 1281.261635][T23269] do_sys_openat2+0xbc/0x200 [ 1281.266222][T23269] __x64_sys_openat+0x138/0x170 [ 1281.271254][T23269] do_syscall_64+0xec/0xf80 [ 1281.275757][T23269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1281.281663][T23269] [ 1281.283975][T23269] Memory state around the buggy address: [ 1281.289689][T23269] ffff88808419c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1281.297827][T23269] ffff88808419c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1281.305903][T23269] >ffff88808419c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1281.313968][T23269] ^ [ 1281.320368][T23269] ffff88808419c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1281.328416][T23269] ffff88808419c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1281.336573][T23269] ================================================================== [ 1281.393796][ T5838] Bluetooth: hci0: command tx timeout [ 1281.407240][T23269] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1281.414479][T23269] CPU: 0 UID: 0 PID: 23269 Comm: v4l_id Tainted: G L syzkaller #0 PREEMPT(full) [ 1281.425161][T23269] Tainted: [L]=SOFTLOCKUP [ 1281.429474][T23269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1281.439636][T23269] Call Trace: [ 1281.444092][T23269] [ 1281.447014][T23269] vpanic+0x1e0/0x670 [ 1281.451170][T23269] panic+0xb9/0xc0 [ 1281.454973][T23269] ? __pfx_panic+0x10/0x10 [ 1281.459471][T23269] ? preempt_schedule_thunk+0x16/0x30 [ 1281.464829][T23269] ? preempt_schedule_thunk+0x16/0x30 [ 1281.470187][T23269] ? __video_do_ioctl+0x47f/0xc10 [ 1281.475221][T23269] check_panic_on_warn+0x89/0xb0 [ 1281.480149][T23269] ? __video_do_ioctl+0x47f/0xc10 [ 1281.485161][T23269] end_report+0x6f/0x140 [ 1281.489391][T23269] kasan_report+0x129/0x150 [ 1281.493887][T23269] ? __video_do_ioctl+0x47f/0xc10 [ 1281.498898][T23269] kasan_check_range+0x2b0/0x2c0 [ 1281.503823][T23269] __video_do_ioctl+0x47f/0xc10 [ 1281.508748][T23269] ? __pfx___video_do_ioctl+0x10/0x10 [ 1281.514190][T23269] ? do_vfs_ioctl+0xbe8/0x1430 [ 1281.518943][T23269] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1281.523956][T23269] video_usercopy+0x82a/0x13f0 [ 1281.528710][T23269] ? __pfx___video_do_ioctl+0x10/0x10 [ 1281.534067][T23269] ? __pfx_video_usercopy+0x10/0x10 [ 1281.539322][T23269] ? __pfx_do_sys_openat2+0x10/0x10 [ 1281.544523][T23269] ? exc_page_fault+0x71/0xd0 [ 1281.549199][T23269] v4l2_ioctl+0x18d/0x1e0 [ 1281.553536][T23269] ? __pfx_v4l2_ioctl+0x10/0x10 [ 1281.558385][T23269] __se_sys_ioctl+0xfc/0x170 [ 1281.562980][T23269] do_syscall_64+0xec/0xf80 [ 1281.567477][T23269] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1281.573554][T23269] ? trace_irq_disable+0x37/0x100 [ 1281.578602][T23269] ? clear_bhb_loop+0x60/0xb0 [ 1281.583289][T23269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1281.589175][T23269] RIP: 0033:0x7f6887d1d378 [ 1281.593597][T23269] Code: 00 00 48 8d 44 24 08 48 89 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 b8 10 00 00 00 c7 44 24 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 07 89 d0 c3 0f 1f 40 00 48 8b 15 49 3a 0d [ 1281.613223][T23269] RSP: 002b:00007fffd3d8de28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1281.621641][T23269] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f6887d1d378 [ 1281.629619][T23269] RDX: 00007fffd3d8de30 RSI: 0000000080685600 RDI: 0000000000000003 [ 1281.637600][T23269] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 1281.645569][T23269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1281.653531][T23269] R13: 00007fffd3d8dfe0 R14: 00007f68885a1000 R15: 00005583d3b834d8 [ 1281.661602][T23269] [ 1281.665079][T23269] Kernel Offset: disabled [ 1281.669404][T23269] Rebooting in 86400 seconds..