last executing test programs: 4.446446826s ago: executing program 2 (id=31123): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000000)='cgroup\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='name', &(0x7f00000000c0)='\x00\x1f\"\f\x00\x00\"\x00\x04\x00\x00', 0x0) readv(r0, &(0x7f0000000200)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x1) 4.233789475s ago: executing program 2 (id=31125): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x70bd2b, 0x25dfdbf6, {0x0, 0x0, 0x0, r2, 0x28, 0x1922a}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_INTERVAL={0x8, 0x20, 0x9}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) 3.96452053s ago: executing program 2 (id=31128): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'rfc3686(ctr-aes-aesni)\x00'}, 0x58) syz_usb_connect(0x2, 0x2d, 0x0, 0x0) close(0x3) 3.128460305s ago: executing program 2 (id=31136): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 3.015854025s ago: executing program 0 (id=31138): setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9) 2.940376046s ago: executing program 0 (id=31140): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r0, &(0x7f00000029c0), 0x400006d, 0x20000004) shutdown(r1, 0x2) recvmmsg(r1, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/175, 0xaf}], 0x1}, 0x9}], 0x1, 0x0, 0x0) 2.647963509s ago: executing program 0 (id=31143): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000400)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x40085507, &(0x7f0000000080)) 1.748221127s ago: executing program 0 (id=31153): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) pselect6(0x1d, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r1, 0x0) 1.578107003s ago: executing program 0 (id=31158): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) eventfd2(0x2, 0x80001) 1.24546805s ago: executing program 4 (id=31162): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x9, &(0x7f00000001c0)=""/4120, &(0x7f0000000000)=0x1018) 1.153577878s ago: executing program 3 (id=31163): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x1, @mcast2, 0x1}}, {{0xa, 0x0, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}, 0xfffffffd}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) 1.080742301s ago: executing program 4 (id=31164): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) 1.053772451s ago: executing program 2 (id=31165): r0 = epoll_create1(0x80000) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/power/wakeup_count', 0x80800, 0x8) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xe000001a}) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000)) 993.181857ms ago: executing program 3 (id=31167): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x599681) 853.055941ms ago: executing program 1 (id=31168): ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000400)={0x2, 0x0, 0x20, 0x7, 0x184, &(0x7f0000000000)="420aa8f2048ad62fdbf9ced80c15f8d600f34892e8c8369cbe4887f88e57aa2a43d7d4c5e5783c60ec2e2db562cc4a2e26639658b88af81d9d6738e4a21a11731ffbbee7e6ad721539fdbfcc59dd0de072c63e7e659dbfc7b7e3c3e313824ab97873738074df35f3d811a459fbb0a23969e0fc329f6ebe65f59e5d74821655834925146d22a9ce5d0b970f06e372aa12935cc62f4706c7e41b695d61cf9285890a6cd940939df8827a0f44c5d4d350bb04fda850b367e6a952e77e2b767baf1519cde5dffdc8ca2d637fee4c6b73938de96c21e4f64afceddec1897a4c6495bd45594c3c09190f575a5055db52834a0991413f49c6a0f3a5164bddd1d1f424a5db8eb886beb508f7b9e8c2214f41b63121bc7ade51266454eb72f9adefcdaae62495ba8172ec45d17f7bb364de65625fc451aaa5d3857c1ab72d2e6ba0f0809a68138c553c636db1c3865add51e7fc7d6c6e511e1bbb39b2870a4bece43e85347044f9b2d9461c30628bf9eddfe52913630e6ad783a3f92d78aeb632dc6930a0e846d6297dfe604a67b3ac906a4fa0b2b7a95a75e4dff8dd9b51f06e9355dd35a0d8306ffe480d3977080cd012df7c6ed6ac0b70b80bd61fca175b2eaf4c15340a2c17efdccc4052de1199b28628242cd6fcebe96f845a6a3d30b70db962d6dea90b3719b30b5fb1c9644acd5c97d602cd178951a8c0cee480520e3dd3281154a7078d0991ac1d9e78d51d8a1684a06871a714f5485933a80ea2216dd1be297f9fcab19d639cdac295ad65450ed2891c2b707a308c170123c9144fce052fe2582276bbc8f05bb5cc5542bedf919847f3a373c329b9187a69f6e1482c440d343e88156055a8f2ea14ac55e25701dd158628b8d7e17a10e3db78e98388448a0f6deb38d44f50c003e55ca56418ff279857037e9f8fb3751cfdb19f974faa7cc2bfad7691402256f531db5a1d4a4ba0364ffcdf56960cbd0fc41c3bec1f525d98f4e14a2d8050eeffae316e7056df51857e14065eb65e9b3235f13c851cc9dcab6e51ea6a0d933ee265014c379a7f6474693b6f3b7e1f7bf07b1a26c51a60e220e16fa6581cefa14349f4c518e21024e415524f57407078557085f7019405c69ab936578712be13869627fdef8ce0644b12ebc1afa8e8608ab9831e27b1a9a38fcf7578ad844a9c6e5c741ff0a2515038739a62bf8269e401cc1833148fd4b63d22815bfa82dfc2103351b903986dfa3e56fa02f4b27c0c47d686a602d125acc3391be23a49cec0e162562b4e62eea7e9d4be95dea7d5cddaba138a1005087fc1006b90d4dcf22127e0840c7de936a6f92f2dff94acfc5c097c3b27460289d0d5a694f59230dc29ee724f1628cb047c71fc024b22b0234a1b775ce7a14cbf10f26ec5eb30dbb5bee599e99dccf06b698e6317ac604eec8b1c7db7f2bacaf05c9915"}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x8992, &(0x7f0000000380)={'gre0\x00', 0x0}) 845.030409ms ago: executing program 2 (id=31169): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) restart_syscall() 766.94941ms ago: executing program 3 (id=31170): openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x2adc0, 0x1c1}, 0x18) r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0) write$binfmt_register(r0, &(0x7f0000000040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x9, 0x3a, 'M', 0x3a, '^', 0x3a, './file0', 0x3a, [0x46]}, 0x2a) creat(&(0x7f0000000080)='./file0\x00', 0xc7) 736.697233ms ago: executing program 4 (id=31171): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000300)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/140, 0x8c}], 0x1, 0x0, 0x0) 669.90327ms ago: executing program 1 (id=31172): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) 567.653267ms ago: executing program 3 (id=31173): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="01000000080000000200000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="020000e001"], 0x48}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000) 567.096909ms ago: executing program 4 (id=31174): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f0000001740)={0x2020}, 0x2020) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x5, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x2, 0x1c00, 0xb, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x7, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0xba27, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0x2, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x3, 0x8, 0x8, 0x1, 0x1fc, 0xc5d, 0xffffffff]}}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 499.005885ms ago: executing program 1 (id=31175): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x50, r1, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x7ff, 0x5d}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}]]}, 0x50}}, 0x24044884) 373.093613ms ago: executing program 4 (id=31176): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0xfffffffe, @mcast2}, {0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @broadcast}}, r1}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x5}, {0xa, 0x0, 0x0, @loopback}, r1}}, 0x48) 363.158222ms ago: executing program 3 (id=31177): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@bridge_newvlan={0x18, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}}, 0x18}}, 0x0) 321.389487ms ago: executing program 1 (id=31178): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x88000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'\x00', 0x4212}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x9) ioctl$TUNSETLINK(r0, 0x400454cd, 0x301) 186.52929ms ago: executing program 4 (id=31179): mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x1e3, 0x0) r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 155.013685ms ago: executing program 1 (id=31180): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={r2, 0x2, 0x2, 0x4, 0x8, 0x2}, 0x14) 132.248473ms ago: executing program 3 (id=31181): r0 = add_key$keyring(&(0x7f0000000300), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000380)='asymmetric\x00', &(0x7f0000000cc0)=@chain) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000340)=@keyring={'key_or_keyring:', r0}) 122.569106ms ago: executing program 0 (id=31182): r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$setstatus(r0, 0x4, 0x2000) fcntl$setown(r0, 0x8, 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000001f80), r0) 0s ago: executing program 1 (id=31183): syz_open_dev$usbmon(&(0x7f00000005c0), 0x81, 0x80980) r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x0, 0x3}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0) kernel console output (not intermixed with test programs): valid bInterval 0, changing to 7 [ 1761.770099][ T5968] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1761.788790][ T5968] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 1761.802105][ T5968] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1761.826369][ T5968] usb 2-1: config 0 descriptor?? [ 1761.868339][ T5087] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 1761.927907][ T5044] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1761.935335][ T5044] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1762.266596][ T5968] sony 0003:054C:024B.0100: unexpected long global item [ 1762.293954][ T5968] sony 0003:054C:024B.0100: parse failed [ 1762.317466][ T5968] sony 0003:054C:024B.0100: probe with driver sony failed with error -22 [ 1762.480831][ T5968] usb 2-1: USB disconnect, device number 79 [ 1762.544781][ T5127] netlink: 4 bytes leftover after parsing attributes in process `syz.0.28406'. [ 1762.572950][T26994] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffb9 [ 1762.609184][T26994] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -71 [ 1762.652655][T26994] usb 4-1: USB disconnect, device number 81 [ 1763.116045][ T5155] netlink: 44 bytes leftover after parsing attributes in process `syz.0.28416'. [ 1764.923793][ T5254] netlink: 'syz.3.28451': attribute type 49 has an invalid length. [ 1765.081384][ T5263] bridge0: port 3(vlan2) entered blocking state [ 1765.096265][ T5263] bridge0: port 3(vlan2) entered disabled state [ 1765.112858][ T5263] vlan2: entered allmulticast mode [ 1765.126207][ T5263] bridge0: entered allmulticast mode [ 1765.138778][ T5263] vlan2: left allmulticast mode [ 1765.155705][ T5263] bridge0: left allmulticast mode [ 1765.760064][ T5295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.28464'. [ 1766.208701][ T5319] loop6: detected capacity change from 0 to 524287999 [ 1766.221571][ T5319] buffer_io_error: 29 callbacks suppressed [ 1766.221590][ T5319] Buffer I/O error on dev loop6, logical block 0, async page read [ 1766.255616][ T5319] Buffer I/O error on dev loop6, logical block 0, async page read [ 1766.264517][ T5319] Buffer I/O error on dev loop6, logical block 0, async page read [ 1766.284777][ T5319] Buffer I/O error on dev loop6, logical block 0, async page read [ 1766.322909][ T5319] Buffer I/O error on dev loop6, logical block 0, async page read [ 1766.334373][ T30] audit: type=1326 audit(1753863853.538:7089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.28478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1766.357949][ T5319] Buffer I/O error on dev loop6, logical block 0, async page read [ 1766.380455][ T5319] Buffer I/O error on dev loop6, logical block 0, async page read [ 1766.398195][ T30] audit: type=1326 audit(1753863853.548:7090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.28478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1766.427190][ T5319] Buffer I/O error on dev loop6, logical block 0, async page read [ 1766.445692][ T5319] ldm_validate_partition_table(): Disk read failed. [ 1766.453171][ T5319] Buffer I/O error on dev loop6, logical block 0, async page read [ 1766.464952][ T5319] Buffer I/O error on dev loop6, logical block 0, async page read [ 1766.473533][ T30] audit: type=1326 audit(1753863853.548:7091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.28478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1766.505559][ T5319] Dev loop6: unable to read RDB block 0 [ 1766.516873][ T5319] loop6: unable to read partition table [ 1766.543030][ T5319] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1766.566021][ T30] audit: type=1326 audit(1753863853.548:7092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.28478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1766.593157][ T30] audit: type=1326 audit(1753863853.558:7093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.28478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=428 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1766.683864][ T30] audit: type=1326 audit(1753863853.558:7094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.28478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1766.767373][ T30] audit: type=1326 audit(1753863853.558:7095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.28478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1766.862548][ T30] audit: type=1326 audit(1753863853.568:7096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.28478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=429 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1766.927664][ T30] audit: type=1326 audit(1753863853.568:7097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.28478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1766.976360][ T30] audit: type=1326 audit(1753863853.568:7098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.28478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1767.455675][ T5390] netlink: 'syz.3.28499': attribute type 1 has an invalid length. [ 1767.464062][ T5390] netlink: 'syz.3.28499': attribute type 2 has an invalid length. [ 1767.475242][ T5390] netlink: 'syz.3.28499': attribute type 1 has an invalid length. [ 1767.484727][ T5390] netlink: 'syz.3.28499': attribute type 2 has an invalid length. [ 1767.804039][ T5403] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1768.099078][ T5968] usb 3-1: new full-speed USB device number 81 using dummy_hcd [ 1768.270228][ T5968] usb 3-1: config 4 has an invalid interface number: 44 but max is 0 [ 1768.278769][ T5968] usb 3-1: config 4 has no interface number 0 [ 1768.284964][ T5968] usb 3-1: config 4 interface 44 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 1768.299291][ T5968] usb 3-1: New USB device found, idVendor=1044, idProduct=7001, bcdDevice= 5.20 [ 1768.308748][ T5968] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1768.316866][ T5968] usb 3-1: Product: syz [ 1768.321826][ T5968] usb 3-1: Manufacturer: syz [ 1768.326547][ T5968] usb 3-1: SerialNumber: syz [ 1768.636306][ T5424] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1768.758836][ T5968] dvb-usb: found a 'Gigabyte U7000' in warm state. [ 1768.780792][ T5968] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 1768.798617][ T5968] dvbdev: DVB: registering new adapter (Gigabyte U7000) [ 1768.816114][ T5968] usb 3-1: media controller created [ 1768.844902][ T5968] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1768.911300][ T5968] DVB: Unable to find symbol dib7000p_attach() [ 1768.918807][ T5968] dvb-usb: no frontend was attached by 'Gigabyte U7000' [ 1769.010054][ T5968] rc_core: IR keymap rc-dib0700-rc5 not found [ 1769.026691][ T5968] Registered IR keymap rc-empty [ 1769.037116][ T5968] dvb-usb: could not initialize remote control. [ 1769.046952][ T5968] dvb-usb: Gigabyte U7000 successfully initialized and connected. [ 1769.068661][ T5968] dib0700: There's no endpoint for remote controller [ 1769.122122][ T5444] netlink: 16 bytes leftover after parsing attributes in process `syz.1.28517'. [ 1769.276795][ T5968] usb 3-1: USB disconnect, device number 81 [ 1769.341416][ T5968] dvb-usb: Gigabyte U7000 successfully deinitialized and disconnected. [ 1770.065937][ T5514] netlink: 748 bytes leftover after parsing attributes in process `syz.2.28531'. [ 1770.082858][ T5514] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1770.571568][ T5532] netlink: 'syz.3.28535': attribute type 10 has an invalid length. [ 1770.663862][ T5532] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1770.858780][ T5542] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.28538'. [ 1771.013009][ T5548] team0: Device gtp0 is of different type [ 1771.567872][T26996] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 1771.693548][ T5618] tun0: tun_chr_ioctl cmd 1074025677 [ 1771.700136][ T5618] tun0: linktype set to 1 [ 1771.730017][T26996] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1771.753182][T26996] usb 2-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 1771.774707][T26996] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1771.824944][T26996] usb 2-1: config 0 descriptor?? [ 1771.865093][T26996] keyspan 2-1:0.0: Keyspan 2 port adapter converter detected [ 1771.895786][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 87 [ 1771.912461][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 7 [ 1771.943267][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 81 [ 1771.974767][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 82 [ 1771.997465][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 1 [ 1772.009508][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 2 [ 1772.018349][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 85 [ 1772.019926][ T5630] input: syz0 as /devices/virtual/input/input180 [ 1772.032954][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 5 [ 1772.048377][T26996] usb 2-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 1772.088416][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 83 [ 1772.096228][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 84 [ 1772.140348][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 3 [ 1772.154636][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 4 [ 1772.163971][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 86 [ 1772.173599][T26996] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 6 [ 1772.190488][T26996] usb 2-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 1772.239925][T26996] usb 2-1: USB disconnect, device number 80 [ 1772.261921][T26996] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 1772.304455][T26996] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 1772.335268][T26996] keyspan 2-1:0.0: device disconnected [ 1774.951343][ T5777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.28591'. [ 1775.487809][T26980] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1775.669258][T26980] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 1775.678223][T26980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1775.718246][T26980] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1775.727556][T26980] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1775.736375][T26980] usb 3-1: Manufacturer: syz [ 1775.778085][T26980] usb 3-1: config 0 descriptor?? [ 1775.948124][T26980] rc_core: IR keymap rc-hauppauge not found [ 1775.964382][T26980] Registered IR keymap rc-empty [ 1775.975196][T26980] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 1776.008269][T26980] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input181 [ 1776.276986][ T5821] rc rc0: two consecutive events of type space [ 1776.478354][T13967] usb 3-1: USB disconnect, device number 82 [ 1777.827883][ T5968] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 1777.988773][ T5968] usb 4-1: Using ep0 maxpacket: 16 [ 1778.002340][ T5968] usb 4-1: config 0 has no interfaces? [ 1778.020201][ T5968] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1778.048487][ T5968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1778.081518][ T5968] usb 4-1: config 0 descriptor?? [ 1778.139628][ T5943] netlink: 'syz.4.28618': attribute type 9 has an invalid length. [ 1778.183756][ T5943] macvlan4: entered promiscuous mode [ 1778.212172][ T5943] bond0: entered promiscuous mode [ 1778.229767][ T5943] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 1778.299032][ T5907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1778.325372][ T5907] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1778.355129][ T5968] usb 4-1: USB disconnect, device number 82 [ 1778.817686][ T5968] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 1778.993109][ T5968] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1779.027751][ T5968] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1779.188604][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1779.195318][ T5968] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice= 0.00 [ 1779.212885][ T5968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1779.249661][ T5968] usb 4-1: config 0 descriptor?? [ 1779.282905][ T5968] yurex 4-1:0.0: Could not submitting URB [ 1779.311557][ T5968] yurex 4-1:0.0: probe with driver yurex failed with error -5 [ 1779.459222][ T6011] 8021q: adding VLAN 0 to HW filter on device bond11 [ 1779.469360][ T6011] bond11: entered promiscuous mode [ 1779.480251][ T6011] bond0: (slave bond11): Enslaving as an active interface with an up link [ 1779.502641][ T5968] usbhid 4-1:0.0: can't add hid device: -71 [ 1779.515751][ T5968] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1779.558536][ T5968] usb 4-1: USB disconnect, device number 83 [ 1780.178294][ T6076] netlink: 'syz.4.28645': attribute type 10 has an invalid length. [ 1780.199583][ T6076] syz_tun: entered promiscuous mode [ 1780.570116][ T6093] loop6: detected capacity change from 0 to 63 [ 1780.577188][ T6093] buffer_io_error: 7 callbacks suppressed [ 1780.577206][ T6093] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.663819][ T6097] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1780.708005][ T6097] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 1780.723093][ T6097] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 1780.781215][ T6097] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 1780.818048][ T6097] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 1780.847557][ T6097] Buffer I/O error on dev loop6, logical block 5, lost async page write [ 1780.878024][ T6097] Buffer I/O error on dev loop6, logical block 6, lost async page write [ 1780.930942][ T5213] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.968114][ T5213] Buffer I/O error on dev loop6, logical block 0, async page read [ 1781.006199][ T5213] ldm_validate_partition_table(): Disk read failed. [ 1781.028097][ T5213] Dev loop6: unable to read RDB block 0 [ 1781.048037][ T5213] loop6: unable to read partition table [ 1781.092813][ T6104] netlink: 24 bytes leftover after parsing attributes in process `syz.1.28654'. [ 1782.804384][ T6161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.28676'. [ 1783.035129][ T6183] netlink: 24 bytes leftover after parsing attributes in process `syz.4.28682'. [ 1783.127749][ T5968] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 1783.267864][T26980] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 1783.282287][ T5968] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1783.303320][ T5968] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1783.309802][ T6190] netlink: 16 bytes leftover after parsing attributes in process `syz.4.28685'. [ 1783.315677][ T5968] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1783.334528][ T5968] usb 2-1: Product: syz [ 1783.339242][ T5968] usb 2-1: Manufacturer: syz [ 1783.344017][ T5968] usb 2-1: SerialNumber: syz [ 1783.419907][T26980] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1783.437991][T26980] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1783.475249][T26980] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1783.488525][T26980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1783.506858][T26980] usb 4-1: Product: syz [ 1783.516164][T26980] usb 4-1: Manufacturer: syz [ 1783.526795][T26980] usb 4-1: SerialNumber: syz [ 1783.595747][ T5968] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 81 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1783.751618][ T6178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1783.774246][ T6178] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1783.803352][T26980] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 1783.827117][T13967] usb 2-1: USB disconnect, device number 81 [ 1783.852039][T26980] usb 4-1: USB disconnect, device number 84 [ 1783.855145][T13967] usblp0: removed [ 1783.942891][ T6238] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 1784.018435][ T5968] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 1784.168910][ T5968] usb 3-1: Using ep0 maxpacket: 8 [ 1784.175775][ T5968] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 1784.187294][ T5968] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 1784.196580][ T5968] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 1784.205339][ T5968] usb 3-1: Product: syz [ 1784.209738][ T5968] usb 3-1: Manufacturer: syz [ 1784.214367][ T5968] usb 3-1: SerialNumber: syz [ 1784.348454][T26980] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 1784.426233][ T5968] usb 3-1: Handspring Visor / Palm OS: No valid connect info available [ 1784.435801][ T5968] usb 3-1: Handspring Visor / Palm OS: port 79, is for unknown use [ 1784.455149][ T5968] usb 3-1: Handspring Visor / Palm OS: port 0, is for Debugger use [ 1784.463436][ T5968] usb 3-1: Handspring Visor / Palm OS: Number of ports: 2 [ 1784.497878][T26980] usb 4-1: Using ep0 maxpacket: 8 [ 1784.510801][T26980] usb 4-1: config index 0 descriptor too short (expected 301, got 72) [ 1784.519894][T26980] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1784.530760][T26980] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1784.541406][T26980] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1784.554099][T26980] usb 4-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1784.565408][T26980] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1784.577022][T26980] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1784.588178][T26980] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1784.597303][T26980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1784.620707][T26980] usbtmc 4-1:16.0: bulk endpoints not found [ 1784.636350][ T5968] usb 3-1: palm_os_3_probe - error -71 getting bytes available request [ 1784.654064][ T5968] visor 3-1:1.0: Handspring Visor / Palm OS converter detected [ 1784.684110][ T5968] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 1784.704980][ T5968] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 1784.725379][ T5968] usb 3-1: USB disconnect, device number 83 [ 1784.747057][ T5968] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 1784.771258][ T5968] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 1784.782645][ T5968] visor 3-1:1.0: device disconnected [ 1784.840094][T26980] usb 4-1: USB disconnect, device number 85 [ 1786.018786][ T6329] netlink: 4 bytes leftover after parsing attributes in process `syz.4.28716'. [ 1786.050713][ T6329] netlink: 4 bytes leftover after parsing attributes in process `syz.4.28716'. [ 1788.951513][ T6430] netlink: 12 bytes leftover after parsing attributes in process `syz.4.28751'. [ 1788.974704][ T6430] netlink: 9 bytes leftover after parsing attributes in process `syz.4.28751'. [ 1790.377509][ T6493] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.28778'. [ 1791.796757][ T6550] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 1791.818936][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.825423][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1792.036560][ T6556] netlink: 'syz.3.28806': attribute type 8 has an invalid length. [ 1792.236859][ T6565] netem: change failed [ 1792.352260][ T6569] tmpfs: Unknown parameter 'fd' [ 1795.422516][ T6671] netlink: 4 bytes leftover after parsing attributes in process `syz.0.28851'. [ 1795.679390][ T6679] sctp: [Deprecated]: syz.0.28855 (pid 6679) Use of int in maxseg socket option. [ 1795.679390][ T6679] Use struct sctp_assoc_value instead [ 1796.823012][ T6724] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 1796.863825][ T6725] bridge0: entered promiscuous mode [ 1796.892221][ T6725] macvlan2: entered promiscuous mode [ 1797.444432][ T6754] program syz.4.28884 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1797.758170][ T5848] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 1797.921115][ T5848] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1797.945526][ T5848] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1797.973012][ T5848] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1797.990280][ T5848] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1798.008169][ T5848] usb 2-1: SerialNumber: syz [ 1798.260639][ T5848] usb 2-1: 0:2 : does not exist [ 1798.305281][ T5848] usb 2-1: USB disconnect, device number 82 [ 1798.372917][T27428] udevd[27428]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1798.546559][ T6819] ALSA: mixer_oss: invalid index 40000 [ 1799.052079][ T6843] netlink: 4 bytes leftover after parsing attributes in process `syz.1.28910'. [ 1799.484651][ T6870] sch_fq: defrate 64 ignored. [ 1799.506666][ T6871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.28921'. [ 1799.581552][ T6872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1799.596269][ T6872] team0: Port device batadv0 added [ 1800.183216][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1800.721308][ T6924] netlink: 'syz.2.28943': attribute type 44 has an invalid length. [ 1800.857385][ T6934] netlink: 'syz.2.28946': attribute type 12 has an invalid length. [ 1801.025852][ T6938] erspan0: entered promiscuous mode [ 1801.449238][ T6951] netlink: 40 bytes leftover after parsing attributes in process `syz.2.28953'. [ 1802.733988][ T6995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.28970'. [ 1803.214727][ T7017] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 1803.228346][ T7017] syzkaller1: linktype set to 773 [ 1803.616130][ T7036] netlink: 44 bytes leftover after parsing attributes in process `syz.4.28985'. [ 1803.636083][ T7036] netlink: 43 bytes leftover after parsing attributes in process `syz.4.28985'. [ 1803.661042][ T7036] netlink: 'syz.4.28985': attribute type 5 has an invalid length. [ 1803.670994][ T7036] netlink: 43 bytes leftover after parsing attributes in process `syz.4.28985'. [ 1803.972954][ T7044] netlink: 28 bytes leftover after parsing attributes in process `syz.4.28990'. [ 1804.201870][ T7058] netlink: 8 bytes leftover after parsing attributes in process `syz.2.28994'. [ 1804.359113][ T7050] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1804.365850][ T7050] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1804.396732][ T7065] netlink: 'syz.2.28998': attribute type 1 has an invalid length. [ 1804.423464][ T7050] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1804.432099][ T7065] netlink: 'syz.2.28998': attribute type 2 has an invalid length. [ 1804.460835][ T7065] netlink: 'syz.2.28998': attribute type 1 has an invalid length. [ 1804.478949][ T7065] netlink: 1156 bytes leftover after parsing attributes in process `syz.2.28998'. [ 1804.490356][ T7070] wireguard0: entered promiscuous mode [ 1804.496932][ T7070] wireguard0: entered allmulticast mode [ 1804.868182][T26980] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 1805.042918][T26980] usb 3-1: Using ep0 maxpacket: 32 [ 1805.059564][T26980] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1805.080932][T26980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1805.112956][T26980] usb 3-1: config 0 descriptor?? [ 1805.339726][T26980] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1805.370585][T26980] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1805.380253][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1805.380271][ T30] audit: type=1326 audit(1753863892.578:7100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.0.29012" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.390774][T26980] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1805.467431][ T30] audit: type=1326 audit(1753863892.578:7101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.0.29012" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.468533][T26980] usb 3-1: media controller created [ 1805.562262][ T30] audit: type=1326 audit(1753863892.578:7102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.0.29012" exe="/root/syz-executor" sig=0 arch=40000003 syscall=96 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.584296][ C0] vkms_vblank_simulate: vblank timer overrun [ 1805.618428][T26980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1805.647657][ T30] audit: type=1326 audit(1753863892.578:7103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.0.29012" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.649973][ T7120] netlink: 'syz.0.29015': attribute type 15 has an invalid length. [ 1805.669859][ C0] vkms_vblank_simulate: vblank timer overrun [ 1805.695454][ T30] audit: type=1326 audit(1753863892.578:7104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.0.29012" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.717623][ C0] vkms_vblank_simulate: vblank timer overrun [ 1805.751114][T26980] az6027: usb out operation failed. (-71) [ 1805.766336][T26980] az6027: usb out operation failed. (-71) [ 1805.782910][T26980] stb0899_attach: Driver disabled by Kconfig [ 1805.793051][T26980] az6027: no front-end attached [ 1805.793051][T26980] [ 1805.811292][T26980] az6027: usb out operation failed. (-71) [ 1805.819262][T26980] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1805.829666][T26980] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input182 [ 1805.861866][T26980] dvb-usb: schedule remote query interval to 400 msecs. [ 1805.890876][T26980] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1805.942847][T26980] usb 3-1: USB disconnect, device number 84 [ 1806.130331][T26980] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1806.278175][ T3583] Bluetooth: hci1: command 0x0405 tx timeout [ 1807.318043][ T7172] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1808.555139][ T7224] netlink: 136784 bytes leftover after parsing attributes in process `syz.2.29049'. [ 1808.603917][ T7224] netlink: zone id is out of range [ 1808.609413][ T7224] netlink: zone id is out of range [ 1808.628766][ T7224] netlink: zone id is out of range [ 1808.647995][ T7224] netlink: zone id is out of range [ 1808.664190][ T7224] netlink: zone id is out of range [ 1808.677046][ T7224] netlink: zone id is out of range [ 1808.692166][ T7224] netlink: zone id is out of range [ 1808.708737][ T7224] netlink: zone id is out of range [ 1808.724171][ T7224] netlink: zone id is out of range [ 1808.736308][ T7224] netlink: zone id is out of range [ 1809.319925][T24857] Bluetooth: hci1: command 0x0405 tx timeout [ 1809.696594][ T7268] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1809.877339][ T7282] netlink: 16 bytes leftover after parsing attributes in process `syz.1.29072'. [ 1809.930265][ T7282] netlink: 16 bytes leftover after parsing attributes in process `syz.1.29072'. [ 1810.188566][ T7292] wireguard0: entered promiscuous mode [ 1810.194334][ T7292] wireguard0: entered allmulticast mode [ 1810.767884][T26980] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 1810.971007][T26980] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 1810.989601][T26980] usb 2-1: New USB device strings: Mfr=1, Product=9, SerialNumber=3 [ 1811.008274][T26980] usb 2-1: Product: syz [ 1811.018033][T26980] usb 2-1: Manufacturer: syz [ 1811.026712][T26980] usb 2-1: SerialNumber: syz [ 1811.055848][T26980] usb 2-1: config 0 descriptor?? [ 1811.081034][T26980] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 1811.156942][ T7338] wireguard0: entered promiscuous mode [ 1811.178579][ T7338] wireguard0: entered allmulticast mode [ 1811.638471][T24857] Bluetooth: hci1: command 0x0405 tx timeout [ 1811.918094][T13967] usb 2-1: USB disconnect, device number 83 [ 1812.001728][ T7388] netlink: 12 bytes leftover after parsing attributes in process `syz.2.29107'. [ 1812.287879][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1812.324966][ T30] audit: type=1326 audit(1753863899.528:7105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7403 comm="syz.4.29114" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f25539 code=0x0 [ 1812.450059][ T7410] sctp: [Deprecated]: syz.0.29117 (pid 7410) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1812.450059][ T7410] Use struct sctp_sack_info instead [ 1812.667860][T13967] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 1812.830645][T13967] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1812.848799][T13967] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1812.864666][T13967] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1812.888396][T13967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1812.896477][T13967] usb 3-1: SerialNumber: syz [ 1813.047942][ T5848] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 1813.143516][T13967] usb 3-1: 0:2 : does not exist [ 1813.184951][T13967] usb 3-1: USB disconnect, device number 85 [ 1813.218368][ T5848] usb 4-1: Using ep0 maxpacket: 8 [ 1813.250107][ T5848] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 1813.263846][T27428] udevd[27428]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1813.290468][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1813.333365][ T5848] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1813.374167][ T5848] pvrusb2: ********** [ 1813.390616][ T5848] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1813.413423][ T5848] pvrusb2: Important functionality might not be entirely working. [ 1813.422338][ T5848] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1813.434857][ T5848] pvrusb2: ********** [ 1813.530086][ T2343] pvrusb2: Invalid write control endpoint [ 1813.701973][ T2343] pvrusb2: Invalid write control endpoint [ 1813.718507][T24857] Bluetooth: hci1: command 0x0405 tx timeout [ 1813.727715][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 1813.747371][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 1813.767633][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 1813.788554][ T2343] pvrusb2: Device being rendered inoperable [ 1813.798678][ T7428] pvrusb2: Attempted to execute control transfer when device not ok [ 1813.835346][T13967] usb 4-1: USB disconnect, device number 86 [ 1813.837661][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 1813.878642][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d) [ 1813.887227][ T2343] pvrusb2: Attached sub-driver cx25840 [ 1813.919492][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1813.941099][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1814.100946][ T7510] loop6: detected capacity change from 0 to 524287999 [ 1814.217916][T26994] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 1814.391916][T26994] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1814.408065][T26994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1814.424940][T26994] usb 3-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 1814.437421][T26994] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1814.457152][T26994] usb 3-1: Product: syz [ 1814.475381][T26994] usb 3-1: Manufacturer: syz [ 1814.481366][T26994] usb 3-1: SerialNumber: syz [ 1814.492974][T26994] usb 3-1: config 0 descriptor?? [ 1814.512716][T26994] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 1814.536518][T26994] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1814.565670][T26994] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 1814.590477][T26994] usb 3-1: media controller created [ 1814.642132][T26994] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1814.742053][ T30] audit: type=1326 audit(1753863901.948:7106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7541 comm="syz.1.29146" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x0 [ 1814.745588][T26994] DVB: Unable to find symbol tda10046_attach() [ 1814.803489][T26994] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 1814.818938][T26994] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 1815.434503][T26994] dvb_usb_m920x 3-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 1815.460917][T26994] usb 3-1: USB disconnect, device number 86 [ 1815.720683][ T7580] vimc link validate: Scaler:src:16x16 (0x33424752, 0, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x38415262, 3, 0, 0, 0) [ 1815.798202][T24857] Bluetooth: hci1: command 0x0405 tx timeout [ 1817.016296][ T7648] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29185'. [ 1817.120743][T13967] usb 4-1: new full-speed USB device number 87 using dummy_hcd [ 1817.168498][T26996] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1817.280220][T13967] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1817.294322][T13967] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1817.306141][T13967] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1817.319662][T13967] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1817.334580][T13967] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1817.344992][T13967] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1817.353719][T13967] usb 4-1: Manufacturer: syz [ 1817.360943][T26996] usb 2-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 1817.364245][T13967] usb 4-1: config 0 descriptor?? [ 1817.384011][T26996] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1817.396108][T26996] usb 2-1: Product: syz [ 1817.402682][T26996] usb 2-1: Manufacturer: syz [ 1817.407346][T26996] usb 2-1: SerialNumber: syz [ 1817.420200][T26996] usb 2-1: config 0 descriptor?? [ 1817.707838][T13967] rc_core: IR keymap rc-hauppauge not found [ 1817.722357][T13967] Registered IR keymap rc-empty [ 1817.728431][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1817.758606][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1817.780789][T13967] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 1817.819305][T13967] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input183 [ 1817.843308][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1817.888092][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1817.917894][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1817.938504][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1817.957925][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1817.988925][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1818.008121][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1818.028558][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1818.047864][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1818.078200][T13967] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1818.110189][T13967] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1818.141015][T13967] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1818.197850][T13967] usb 4-1: USB disconnect, device number 87 [ 1818.249085][T26996] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1818.299027][T26996] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 1818.328293][T26996] asix 2-1:0.0: probe with driver asix failed with error -71 [ 1818.392612][T26996] usb 2-1: USB disconnect, device number 84 [ 1818.772814][ T7730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.29204'. [ 1820.347226][ T7793] tun0: tun_chr_ioctl cmd 1074025675 [ 1820.367998][ T7793] tun0: persist disabled [ 1821.503610][ T7837] sctp: [Deprecated]: syz.2.29243 (pid 7837) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1821.503610][ T7837] Use struct sctp_sack_info instead [ 1821.798370][ T7855] netlink: 8 bytes leftover after parsing attributes in process `syz.1.29252'. [ 1821.817294][ T7857] netlink: 'syz.3.29253': attribute type 11 has an invalid length. [ 1821.843393][ T7857] netlink: 36 bytes leftover after parsing attributes in process `syz.3.29253'. [ 1823.828979][ T30] audit: type=1326 audit(1753863911.028:7107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.1.29287" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1823.851186][ C0] vkms_vblank_simulate: vblank timer overrun [ 1823.859235][ T7933] loop4: detected capacity change from 0 to 524255232 [ 1823.920936][ T30] audit: type=1326 audit(1753863911.028:7108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.1.29287" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1823.998696][ T7933] loop4: detected capacity change from 524255232 to 524287936 [ 1824.051653][ T30] audit: type=1326 audit(1753863911.028:7109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.1.29287" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1824.129567][ T30] audit: type=1326 audit(1753863911.028:7110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.1.29287" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1824.151707][ C0] vkms_vblank_simulate: vblank timer overrun [ 1824.201596][ T30] audit: type=1326 audit(1753863911.028:7111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.1.29287" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1824.457536][ T30] audit: type=1326 audit(1753863911.028:7112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.1.29287" exe="/root/syz-executor" sig=0 arch=40000003 syscall=434 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1824.489126][ T30] audit: type=1326 audit(1753863911.028:7113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.1.29287" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1824.590724][ T30] audit: type=1326 audit(1753863911.028:7114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.1.29287" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1824.665682][ T30] audit: type=1326 audit(1753863911.028:7115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.1.29287" exe="/root/syz-executor" sig=0 arch=40000003 syscall=440 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1824.689461][ T30] audit: type=1326 audit(1753863911.028:7116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.1.29287" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1825.250603][T13967] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 1825.415464][T13967] usb 3-1: Using ep0 maxpacket: 8 [ 1825.427813][T13967] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 1825.453574][T13967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1825.500629][T13967] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1825.522473][T13967] pvrusb2: ********** [ 1825.526592][T13967] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1825.563303][T13967] pvrusb2: Important functionality might not be entirely working. [ 1825.573478][T13967] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1825.633526][T13967] pvrusb2: ********** [ 1825.723589][ T2343] pvrusb2: Invalid write control endpoint [ 1825.820737][ T8016] delete_channel: no stack [ 1825.846609][ T2343] pvrusb2: Invalid write control endpoint [ 1825.863500][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 1825.883103][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 1825.909889][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 1825.925252][ T2343] pvrusb2: Device being rendered inoperable [ 1825.932300][ T2343] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 1825.939977][ T2343] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d) [ 1825.972885][T13967] usb 3-1: USB disconnect, device number 87 [ 1826.001381][ T2343] pvrusb2: Attached sub-driver cx25840 [ 1826.006918][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1826.034750][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1826.500314][T26996] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 1826.668139][T26996] usb 2-1: Using ep0 maxpacket: 32 [ 1826.675563][T26996] usb 2-1: config 0 has an invalid interface number: 219 but max is 0 [ 1826.700908][T26996] usb 2-1: config 0 has no interface number 0 [ 1826.707340][T26996] usb 2-1: config 0 interface 219 has no altsetting 0 [ 1826.728427][T26996] usb 2-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice=30.46 [ 1826.743754][T26996] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1826.755340][T26996] usb 2-1: config 0 descriptor?? [ 1827.007691][T26996] usb 2-1: string descriptor 0 read error: -71 [ 1827.059663][T26996] usb 2-1: USB disconnect, device number 85 [ 1828.043625][ T8149] batman_adv: batadv0: Adding interface: dummy0 [ 1828.087192][ T8149] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1828.207739][ T8149] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 1830.039140][ T8230] netlink: 212336 bytes leftover after parsing attributes in process `syz.1.29362'. [ 1833.298813][ T8378] ptrace attach of "./syz-executor exec"[8379] was attempted by "./syz-executor exec"[8378] [ 1833.454657][ T8381] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29420'. [ 1833.476210][ T8381] netlink: 104 bytes leftover after parsing attributes in process `syz.1.29420'. [ 1833.489770][ T8381] netlink: 104 bytes leftover after parsing attributes in process `syz.1.29420'. [ 1836.444405][ T8471] netlink: 36 bytes leftover after parsing attributes in process `syz.4.29451'. [ 1837.749409][ T8533] netlink: 52 bytes leftover after parsing attributes in process `syz.1.29473'. [ 1837.892957][ T5915] kworker/1:4 (5915) used greatest stack depth: 15848 bytes left [ 1840.026196][ T8619] IPv6: NLM_F_CREATE should be specified when creating new route [ 1840.118771][ T8623] net_ratelimit: 4052 callbacks suppressed [ 1840.118793][ T8623] openvswitch: netlink: Tunnel attr 2 has unexpected len 0 expected 4 [ 1840.166200][ T8625] binder: 8624:8625 ioctl 541b 0 returned -22 [ 1841.514088][ T8714] team0: Device gtp0 is of different type [ 1841.604344][ T8722] hsr0: entered promiscuous mode [ 1842.167735][ T8753] input: syz1 as /devices/virtual/input/input184 [ 1842.515051][ T8787] loop6: detected capacity change from 0 to 63 [ 1842.538411][ T8787] buffer_io_error: 14 callbacks suppressed [ 1842.538430][ T8787] Buffer I/O error on dev loop6, logical block 0, async page read [ 1842.578877][ T8787] Buffer I/O error on dev loop6, logical block 0, async page read [ 1842.610188][ T8787] Buffer I/O error on dev loop6, logical block 0, async page read [ 1842.628663][ T8787] Buffer I/O error on dev loop6, logical block 0, async page read [ 1842.648069][ T8787] Buffer I/O error on dev loop6, logical block 0, async page read [ 1842.678732][ T8787] Buffer I/O error on dev loop6, logical block 0, async page read [ 1842.707975][ T8787] Buffer I/O error on dev loop6, logical block 0, async page read [ 1842.738231][ T8787] Buffer I/O error on dev loop6, logical block 0, async page read [ 1842.758133][ T8787] ldm_validate_partition_table(): Disk read failed. [ 1842.797830][ T8787] Buffer I/O error on dev loop6, logical block 0, async page read [ 1842.806128][ T8787] Buffer I/O error on dev loop6, logical block 0, async page read [ 1842.836688][ T8787] Dev loop6: unable to read RDB block 0 [ 1842.855388][ T8787] loop6: unable to read partition table [ 1842.878190][ T8787] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 1842.989883][ T5213] ldm_validate_partition_table(): Disk read failed. [ 1842.997010][ T5213] Dev loop6: unable to read RDB block 0 [ 1843.044587][ T5213] loop6: unable to read partition table [ 1843.232087][ T8805] tmpfs: Unknown parameter '‹˜žôø®¹çr%ÞÒ´\wÓ R(4æÀ;¯«a;‘ [ 1843.232087][ T8805] ž MU¶ÁgÊ6••&x@2<›5Ê„ëæ2TþóñÌ­Z5üÀwìšVý•þU„Í]©´±¡TΞ®m¼ÎùšÜçPåZ¼ª<M;€ëžxY9]gÅž‚‹ônñÛÆìæ;O‡‘Ûó훌u [ 1843.232087][ T8805] ~^à>Ƥùηr&­öœãàDòq.;ÙÂ쀯<2³A‡¦úU' [ 1844.018371][T26996] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 1844.199121][T26996] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 1844.213907][T26996] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1844.231386][T26996] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1844.249185][T26996] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1844.257247][T26996] usb 3-1: Manufacturer: syz [ 1844.296244][T26996] usb 3-1: config 0 descriptor?? [ 1844.477880][T26996] rc_core: IR keymap rc-hauppauge not found [ 1844.483859][T26996] Registered IR keymap rc-empty [ 1844.494147][T26996] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 1844.550307][T26996] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input185 [ 1844.579362][ C1] igorplugusb 3-1:0.0: Error: urb status = -32 [ 1844.612046][T26996] usb 3-1: USB disconnect, device number 88 [ 1845.399141][ T8914] netlink: 156 bytes leftover after parsing attributes in process `syz.4.29572'. [ 1845.747962][T26980] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 1845.938405][T26980] usb 4-1: Using ep0 maxpacket: 16 [ 1845.956018][T26980] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1845.985054][T26980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1846.006638][T26980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1846.032940][T26980] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1846.068145][T26980] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1846.086443][T26980] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1846.108847][T26980] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1846.116915][T26980] usb 4-1: Manufacturer: syz [ 1846.134294][T26980] usb 4-1: config 0 descriptor?? [ 1846.167838][ T5848] usb 2-1: new full-speed USB device number 86 using dummy_hcd [ 1846.330790][ T5848] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1846.341832][ T5848] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1846.353814][ T5848] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1846.370952][ T5848] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1846.387277][ T5848] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1846.402111][ T5848] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1846.410560][ T5848] usb 2-1: Manufacturer: syz [ 1846.423624][ T5848] usb 2-1: config 0 descriptor?? [ 1846.508060][T26980] rc_core: IR keymap rc-hauppauge not found [ 1846.514043][T26980] Registered IR keymap rc-empty [ 1846.519660][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.538184][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.559230][T26980] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 1846.576056][T26980] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input186 [ 1846.599806][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.617858][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.638943][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.658647][ T8938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1846.659789][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.686850][ T8938] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1846.721633][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.771249][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.808054][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.848205][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.868543][ T5848] rc_core: IR keymap rc-hauppauge not found [ 1846.877936][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.897205][ T5848] Registered IR keymap rc-empty [ 1846.909272][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.916286][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1846.948975][T26980] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1846.967933][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1846.980565][T26980] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 90 [ 1847.008930][ T5848] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc1 [ 1847.015364][T26980] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1847.042359][ T5848] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc1/input187 [ 1847.076323][T26980] usb 4-1: USB disconnect, device number 88 [ 1847.157074][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1847.211149][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1847.238421][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1847.258887][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1847.277734][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1847.297976][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1847.329561][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1847.358105][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1847.390318][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1847.417865][ T5848] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1847.455532][ T5848] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1847.465516][ T5848] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1847.482563][ T5848] usb 2-1: USB disconnect, device number 86 [ 1847.621395][ T9033] vivid-008: disconnect [ 1847.626593][ T9030] vivid-008: reconnect [ 1848.278461][ T9055] loop2: detected capacity change from 0 to 7 [ 1848.296734][ T9055] Dev loop2: unable to read RDB block 7 [ 1848.304715][ T9055] loop2: unable to read partition table [ 1848.314425][ T9055] loop2: partition table beyond EOD, truncated [ 1848.331092][ T9055] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1849.008111][T26996] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1849.173657][T26996] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1849.184363][T26996] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 1849.218864][T26996] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1849.250511][T26996] usb 2-1: config 0 descriptor?? [ 1849.581151][ T9106] @: renamed from vlan0 (while UP) [ 1850.071999][T26996] video4linux radio48: keene_cmd_main failed (-71) [ 1850.097942][T26996] radio-keene 2-1:0.0: V4L2 device registered as radio48 [ 1850.132202][T26996] usb 2-1: USB disconnect, device number 87 [ 1850.150306][ T9130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29625'. [ 1850.755360][ T9158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.29635'. [ 1852.233348][ T9234] binder: binder_mmap: 9233 80000000-80003000 bad vm_flags failed -1 [ 1852.397881][T26996] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 1852.569591][T26996] usb 3-1: Using ep0 maxpacket: 16 [ 1852.582099][T26996] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1852.597926][T26996] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1852.611126][T26996] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1852.630252][T26996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1852.645928][T26996] usb 3-1: Product: syz [ 1852.653770][T26996] usb 3-1: Manufacturer: syz [ 1852.662508][T26996] usb 3-1: SerialNumber: syz [ 1852.887452][T26996] usb 3-1: 0:2 : does not exist [ 1852.925336][T26996] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 1852.988255][T26996] usb 3-1: USB disconnect, device number 89 [ 1853.092782][T27428] udevd[27428]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1853.242631][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.249844][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1853.368046][T26980] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 1853.551857][T26980] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1853.561486][T26980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1853.573060][T26980] usb 2-1: config 0 descriptor?? [ 1853.584963][T26980] cp210x 2-1:0.0: cp210x converter detected [ 1853.648442][T26996] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1853.718019][T13967] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 1853.829655][T26996] usb 4-1: config 0 has no interfaces? [ 1853.836778][T26996] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1853.846098][T26996] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1853.854230][T26996] usb 4-1: Product: syz [ 1853.858875][T26996] usb 4-1: Manufacturer: syz [ 1853.866097][T26996] usb 4-1: config 0 descriptor?? [ 1853.868390][T13967] usb 3-1: Using ep0 maxpacket: 8 [ 1853.886853][T13967] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1853.898966][T13967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1853.913049][T13967] usb 3-1: config 0 descriptor?? [ 1853.987228][T26980] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1854.006632][T26980] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1854.086758][ T9294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1854.096496][ T9294] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1854.111751][T26980] usb 4-1: USB disconnect, device number 89 [ 1854.138569][T13967] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 1854.212744][T26996] usb 2-1: USB disconnect, device number 88 [ 1854.226989][T26996] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1854.253377][T26996] cp210x 2-1:0.0: device disconnected [ 1854.747420][T13967] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1854.779164][T13967] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9 [ 1854.827920][T13967] asix 3-1:0.0: probe with driver asix failed with error -71 [ 1854.856082][T13967] usb 3-1: USB disconnect, device number 90 [ 1855.305329][ T9387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.29690'. [ 1855.733469][ T9410] tun0: tun_chr_ioctl cmd 2147767521 [ 1855.838383][T26996] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 1856.020156][T26996] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 1856.039804][T26996] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1856.079200][T26996] usb 3-1: config 0 descriptor?? [ 1856.110624][T26996] gspca_main: spca508-2.14.0 probing 8086:0110 [ 1856.167397][ T9439] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1856.292429][T26996] gspca_spca508: reg_read err -32 [ 1856.304056][T26996] gspca_spca508: reg_read err -32 [ 1856.398573][ T9449] ªªªªª2q>wvÓÄÂ: renamed from lo (while UP) [ 1856.461796][ T9448] tap0: tun_chr_ioctl cmd 1074025673 [ 1856.517408][T26996] gspca_spca508: reg_read err -71 [ 1856.527988][T26996] gspca_spca508: reg_read err -71 [ 1856.539173][T26996] gspca_spca508: reg write: error -71 [ 1856.544677][T26996] spca508 3-1:0.0: probe with driver spca508 failed with error -71 [ 1856.576606][T26996] usb 3-1: USB disconnect, device number 91 [ 1856.719302][ T9469] netlink: 36 bytes leftover after parsing attributes in process `syz.0.29713'. [ 1857.923339][ T9518] netlink: 8 bytes leftover after parsing attributes in process `syz.3.29731'. [ 1858.097948][ T5848] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 1858.273944][ T5848] usb 3-1: Using ep0 maxpacket: 32 [ 1858.291264][ T5848] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 1858.305142][ T5848] usb 3-1: config 0 has no interface number 0 [ 1858.315588][ T5848] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1858.317867][ T9535] input: syz1 as /devices/virtual/input/input188 [ 1858.342687][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1858.371469][ T5848] usb 3-1: Product: syz [ 1858.384797][ T5848] usb 3-1: Manufacturer: syz [ 1858.404122][ T5848] usb 3-1: SerialNumber: syz [ 1858.424804][ T5848] usb 3-1: config 0 descriptor?? [ 1858.445202][ T5848] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1858.594975][ T9547] xt_CT: No such helper "snmp" [ 1858.625033][ T9551] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29742'. [ 1858.655649][ T5848] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1858.676941][ T9551] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29742'. [ 1858.703347][ T5848] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1858.930938][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - port change to invalid port: 48 [ 1859.147018][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1859.155851][ T5848] usb 3-1: USB disconnect, device number 92 [ 1859.184024][ T5848] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1859.239313][ T5848] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1859.295001][ T5848] quatech2 3-1:0.51: device disconnected [ 1859.572294][ T9607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.29756'. [ 1859.908058][ T9622] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29763'. [ 1861.919978][ T9703] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4. [ 1862.613700][ T9723] : renamed from bond0 [ 1863.217781][ T9741] random: crng reseeded on system resumption [ 1864.945845][ T9801] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29830'. [ 1864.980706][ T9801] netlink: 277 bytes leftover after parsing attributes in process `syz.3.29830'. [ 1865.009323][ T9801] netlink: 277 bytes leftover after parsing attributes in process `syz.3.29830'. [ 1866.055256][ T9852] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29850'. [ 1866.798294][T26994] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 1866.823662][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1866.823680][ T30] audit: type=1326 audit(1753863954.028:7118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.4.29860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1866.873691][ T30] audit: type=1326 audit(1753863954.028:7119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.4.29860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1866.902652][ T30] audit: type=1326 audit(1753863954.028:7120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.4.29860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1866.930177][ T30] audit: type=1326 audit(1753863954.038:7121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.4.29860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1866.957455][ T30] audit: type=1326 audit(1753863954.038:7122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.4.29860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1866.999418][T26994] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1867.029378][T26994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1867.038838][T26994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1867.053036][ T30] audit: type=1326 audit(1753863954.038:7123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.4.29860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1867.076431][T26994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1867.083394][ T30] audit: type=1326 audit(1753863954.038:7124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.4.29860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1867.118718][ T30] audit: type=1326 audit(1753863954.038:7125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.4.29860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1867.120205][T26994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1867.168321][ T30] audit: type=1326 audit(1753863954.038:7126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.4.29860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=178 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1867.202075][T26994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1867.206401][ T30] audit: type=1326 audit(1753863954.038:7127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.4.29860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1867.225418][T26994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1867.275085][T26994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1867.284384][T26994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1867.300768][T26994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1867.315246][T26994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1867.324795][T26994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1867.343278][T26994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1867.358981][T26994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1867.368901][T26994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1867.394329][T26994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1867.408444][T26994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1867.418175][T26994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1867.437120][T26994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1867.458499][T26994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1867.469781][T26994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1867.500679][T26994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1867.520687][T26994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1867.537444][T26994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1867.557476][T26994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1867.575507][T26994] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1867.589263][T26994] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1867.598046][T26994] usb 3-1: Product: syz [ 1867.602248][T26994] usb 3-1: Manufacturer: syz [ 1867.606890][T26994] usb 3-1: SerialNumber: syz [ 1867.652682][T26994] usb 3-1: config 0 descriptor?? [ 1867.683723][T26994] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 1868.057390][ T9912] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29869'. [ 1868.092012][ C1] usb 3-1: yurex_control_callback - control failed: -71 [ 1868.109613][T26994] usb 3-1: USB disconnect, device number 93 [ 1868.139037][T26994] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 1868.543145][ T9942] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 1869.214748][ T9972] loop9: detected capacity change from 0 to 3 [ 1869.244129][ T9972] Dev loop9: unable to read RDB block 3 [ 1869.252978][ T9972] loop9: unable to read partition table [ 1869.269217][ T9972] loop9: partition table beyond EOD, truncated [ 1869.297223][ T9972] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1869.771357][ T9989] xt_CT: No such helper "snmp" [ 1870.358322][ T5968] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 1870.509585][ T5968] usb 3-1: Using ep0 maxpacket: 16 [ 1870.520593][ T5968] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1870.560720][ T5968] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1870.588506][ T5968] usb 3-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 1870.615484][ T5968] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1870.663407][ T5968] usb 3-1: config 0 descriptor?? [ 1870.973334][T10036] netlink: 27 bytes leftover after parsing attributes in process `syz.3.29909'. [ 1871.139048][ T5968] ntrig 0003:1B96:0008.0101: unknown main item tag 0x0 [ 1871.188631][ T5968] ntrig 0003:1B96:0008.0101: unknown main item tag 0x0 [ 1871.220117][ T5968] ntrig 0003:1B96:0008.0101: unknown main item tag 0x0 [ 1871.235019][ T5968] ntrig 0003:1B96:0008.0101: unknown main item tag 0x0 [ 1871.250227][ T5968] ntrig 0003:1B96:0008.0101: unknown main item tag 0x0 [ 1871.283304][ T5968] ntrig 0003:1B96:0008.0101: unknown main item tag 0x0 [ 1871.303558][ T5968] ntrig 0003:1B96:0008.0101: unknown main item tag 0x0 [ 1871.348478][ T5968] ntrig 0003:1B96:0008.0101: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.2-1/input0 [ 1871.373952][ T5968] ntrig 0003:1B96:0008.0101: Firmware version: 0.0.0.0.0 (0000 0000) [ 1871.591812][ T5968] usb 3-1: USB disconnect, device number 94 [ 1872.178914][T10087] netlink: 204 bytes leftover after parsing attributes in process `syz.0.29922'. [ 1872.306679][T10090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29923'. [ 1872.891703][T10126] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29938'. [ 1872.927486][ T5968] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1872.945512][T10126] netlink: 104 bytes leftover after parsing attributes in process `syz.4.29938'. [ 1872.971131][T10119] 8021q: adding VLAN 0 to HW filter on device team0 [ 1872.982882][T10126] netlink: 104 bytes leftover after parsing attributes in process `syz.4.29938'. [ 1873.043886][T10119] batman_adv: batadv0: Interface activated: dummy0 [ 1873.059379][T10119] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1873.138653][ T5848] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1873.192932][T10122] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1873.228679][ T5968] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 1873.388721][ T5968] usb 3-1: Using ep0 maxpacket: 16 [ 1873.401189][ T5968] usb 3-1: config 0 has an invalid interface number: 251 but max is 0 [ 1873.414155][ T5968] usb 3-1: config 0 has no interface number 0 [ 1873.424526][ T5968] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 1873.441315][ T5968] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 1873.457808][ T5968] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 1873.482237][ T5968] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1873.507953][ T5968] usb 3-1: Product: syz [ 1873.512187][ T5968] usb 3-1: Manufacturer: syz [ 1873.516843][ T5968] usb 3-1: SerialNumber: syz [ 1873.556739][ T5968] usb 3-1: config 0 descriptor?? [ 1873.576968][T10129] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1873.627949][T10129] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1873.862705][T10129] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1873.902018][T10129] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1873.979209][T10175] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29954'. [ 1874.118042][ T5848] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1874.529189][ T5968] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1874.557614][ T5968] asix 3-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 1874.594783][ T5968] asix 3-1:0.251: probe with driver asix failed with error -71 [ 1874.761232][ T5968] usb 3-1: USB disconnect, device number 95 [ 1875.353244][T10232] program syz.1.29976 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1875.442061][T10243] program syz.1.29976 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1875.458139][T10241] usb usb8: usbfs: process 10241 (syz.2.29978) did not claim interface 0 before use [ 1875.998211][T26980] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 1876.181583][T26980] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 1876.199066][T26980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1876.219289][T26980] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1876.238957][T26980] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1876.247048][T26980] usb 3-1: Manufacturer: syz [ 1876.270180][T26980] usb 3-1: config 0 descriptor?? [ 1876.437835][T26980] rc_core: IR keymap rc-hauppauge not found [ 1876.443952][T26980] Registered IR keymap rc-empty [ 1876.460794][T26980] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 1876.500546][T26980] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input189 [ 1876.522417][ C1] igorplugusb 3-1:0.0: Error: urb status = -32 [ 1876.538879][T26980] usb 3-1: USB disconnect, device number 96 [ 1876.970270][T10306] sctp: [Deprecated]: syz.3.29996 (pid 10306) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1876.970270][T10306] Use struct sctp_sack_info instead [ 1877.377973][T26996] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1877.492173][T10326] ip6gretap0: entered promiscuous mode [ 1877.540872][T10326] ip6gretap0: left promiscuous mode [ 1877.848014][T26996] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1878.644121][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 1878.644140][ T30] audit: type=1326 audit(1753863965.848:7131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10377 comm="syz.2.30021" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1878.730060][ T30] audit: type=1326 audit(1753863965.898:7132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10377 comm="syz.2.30021" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1878.802558][ T30] audit: type=1326 audit(1753863965.898:7133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10377 comm="syz.2.30021" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1878.858234][ T30] audit: type=1326 audit(1753863965.898:7134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10377 comm="syz.2.30021" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1878.885488][ T30] audit: type=1326 audit(1753863965.898:7135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10377 comm="syz.2.30021" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1878.920752][ T30] audit: type=1326 audit(1753863965.898:7136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10377 comm="syz.2.30021" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1878.951133][ T30] audit: type=1326 audit(1753863965.898:7137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10377 comm="syz.2.30021" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1878.990017][ T30] audit: type=1326 audit(1753863965.908:7138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10377 comm="syz.2.30021" exe="/root/syz-executor" sig=0 arch=40000003 syscall=153 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1879.019866][ T30] audit: type=1326 audit(1753863965.908:7139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10377 comm="syz.2.30021" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1879.118649][T26996] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 1879.318190][T26996] usb 3-1: Using ep0 maxpacket: 8 [ 1879.326320][T26996] usb 3-1: config 135 has an invalid interface number: 230 but max is 0 [ 1879.336531][T26996] usb 3-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 1879.363688][T26996] usb 3-1: config 135 has no interface number 0 [ 1879.381583][T26996] usb 3-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30 [ 1879.427867][T26996] usb 3-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53 [ 1879.434708][ T30] audit: type=1326 audit(1753863966.638:7140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10409 comm="syz.4.30034" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1879.467845][T26996] usb 3-1: config 135 interface 230 has no altsetting 0 [ 1879.490442][T26996] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 1879.502316][T26996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1879.540340][T26996] usb 3-1: Product: syz [ 1879.544595][T26996] usb 3-1: Manufacturer: syz [ 1879.577765][T26996] usb 3-1: SerialNumber: syz [ 1879.598248][T26996] usb 3-1: Found UVC 0.00 device syz (18ec:3288) [ 1879.616536][T26996] usb 3-1: No valid video chain found. [ 1879.831676][T10387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1879.851125][T10387] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1879.896018][T26996] usb 3-1: USB disconnect, device number 97 [ 1882.682578][T10556] usb usb7: usbfs: process 10556 (syz.2.30081) did not claim interface 0 before use [ 1883.869784][T10606] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1883.892957][T10606] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 1884.051209][T26994] IPVS: starting estimator thread 0... [ 1884.148534][T10620] IPVS: using max 23 ests per chain, 55200 per kthread [ 1884.228554][T10630] lo: Caught tx_queue_len zero misconfig [ 1884.757014][T10658] tipc: Started in network mode [ 1884.771622][T10658] tipc: Node identity ac14140f, cluster identity 4711 [ 1884.790819][T10658] tipc: New replicast peer: 255.255.255.255 [ 1884.802363][T10658] tipc: Enabled bearer , priority 20 [ 1885.528206][T26996] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 1885.690978][T26996] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1885.720246][T26996] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1885.752807][T26996] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1885.783408][T26996] usb 4-1: config 0 descriptor?? [ 1885.907944][T26980] tipc: Node number set to 2886997007 [ 1886.229299][T26996] ath6kl: Unsupported hardware version: 0x0 [ 1886.250964][T26996] ath6kl: Failed to init ath6kl core: -22 [ 1886.274519][T26996] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 1886.470395][ T5848] usb 4-1: USB disconnect, device number 90 [ 1887.207285][T10777] team0: Caught tx_queue_len zero misconfig [ 1888.694590][T10874] input: syz0 as /devices/virtual/input/input190 [ 1889.003476][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 1889.003495][ T30] audit: type=1326 audit(1753863976.208:7145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10896 comm="syz.2.30183" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x0 [ 1889.441175][T10918] kvm: user requested TSC rate below hardware speed [ 1890.448891][T10952] tipc: New replicast peer: 255.255.255.255 [ 1890.482754][T10952] tipc: Enabled bearer , priority 20 [ 1890.704506][T10962] sch_fq: defrate 0 ignored. [ 1890.983730][T10971] wg2: entered promiscuous mode [ 1890.993629][T10971] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 1891.231918][T10981] tap0: tun_chr_ioctl cmd 35111 [ 1893.736655][T11099] ALSA: mixer_oss: invalid OSS volume '' [ 1893.843225][T11102] netlink: 8 bytes leftover after parsing attributes in process `syz.1.30260'. [ 1894.755676][T11153] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 1895.275296][T11179] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.30288'. [ 1895.443260][T11181] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1895.490336][T11189] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1896.083485][T11218] netlink: 4 bytes leftover after parsing attributes in process `syz.4.30301'. [ 1896.151134][T11219] netlink: 4 bytes leftover after parsing attributes in process `syz.4.30301'. [ 1897.032292][T11256] ip6tnl0: Caught tx_queue_len zero misconfig [ 1897.999696][T11298] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30329'. [ 1898.029979][T11298] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30329'. [ 1899.121914][T11335] netlink: 16 bytes leftover after parsing attributes in process `syz.0.30342'. [ 1899.383999][T11344] netlink: 28 bytes leftover after parsing attributes in process `syz.0.30345'. [ 1899.718869][T11368] netlink: 11 bytes leftover after parsing attributes in process `syz.4.30353'. [ 1900.606183][T11411] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.30370'. [ 1901.027693][T11430] vlan4: entered allmulticast mode [ 1901.033117][T11430] hsr0: entered allmulticast mode [ 1901.067919][T11430] bond0: entered allmulticast mode [ 1901.088709][T11430] batadv0: entered allmulticast mode [ 1901.099897][T11430] bond11: entered allmulticast mode [ 1901.106169][T11430] veth1_to_batadv: entered allmulticast mode [ 1901.528016][ T5968] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1901.695012][ T5968] usb 4-1: Using ep0 maxpacket: 32 [ 1901.712445][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1901.727659][ T5968] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00 [ 1901.744171][ T5968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1901.771665][ T5968] usb 4-1: config 0 descriptor?? [ 1902.127027][T11481] pim6reg: entered allmulticast mode [ 1902.147303][T11479] pim6reg: left allmulticast mode [ 1902.222501][ T5968] corsair-psu 0003:1B1C:1C0D.0102: unknown main item tag 0x0 [ 1902.234359][ T30] audit: type=1326 audit(1753863989.428:7146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11489 comm="syz.1.30398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1902.256977][ T5968] corsair-psu 0003:1B1C:1C0D.0102: unknown main item tag 0x0 [ 1902.269065][ T5968] corsair-psu 0003:1B1C:1C0D.0102: unknown main item tag 0x0 [ 1902.276637][ T30] audit: type=1326 audit(1753863989.438:7147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11489 comm="syz.1.30398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1902.300172][ T5968] corsair-psu 0003:1B1C:1C0D.0102: unknown main item tag 0x0 [ 1902.312657][ T5968] corsair-psu 0003:1B1C:1C0D.0102: unknown main item tag 0x0 [ 1902.344766][ T5968] corsair-psu 0003:1B1C:1C0D.0102: hidraw0: USB HID v0.05 Device [HID 1b1c:1c0d] on usb-dummy_hcd.3-1/input0 [ 1902.376571][ T30] audit: type=1326 audit(1753863989.438:7148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11489 comm="syz.1.30398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1902.431308][ T30] audit: type=1326 audit(1753863989.438:7149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11489 comm="syz.1.30398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1902.497733][ T30] audit: type=1326 audit(1753863989.438:7150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11489 comm="syz.1.30398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1902.558672][ T30] audit: type=1326 audit(1753863989.438:7151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11489 comm="syz.1.30398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1902.625028][ T30] audit: type=1326 audit(1753863989.438:7152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11489 comm="syz.1.30398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1902.684066][ T30] audit: type=1326 audit(1753863989.438:7153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11489 comm="syz.1.30398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1902.736375][ T30] audit: type=1326 audit(1753863989.438:7154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11489 comm="syz.1.30398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=364 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1902.760278][ T5968] corsair-psu 0003:1B1C:1C0D.0102: unable to initialize device (-110) [ 1902.785404][ T30] audit: type=1326 audit(1753863989.438:7155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11489 comm="syz.1.30398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1902.809412][ T5968] corsair-psu 0003:1B1C:1C0D.0102: probe with driver corsair-psu failed with error -110 [ 1902.828919][ T5968] usb 4-1: USB disconnect, device number 91 [ 1903.169392][T11536] netlink: 12 bytes leftover after parsing attributes in process `syz.1.30411'. [ 1904.358458][T11577] netlink: 8 bytes leftover after parsing attributes in process `syz.3.30424'. [ 1905.147978][T26996] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 1905.328635][T26996] usb 3-1: Using ep0 maxpacket: 32 [ 1905.355264][T26996] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1905.376659][T26996] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1905.425870][T26996] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1905.437652][T26996] usb 3-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 1905.457068][T26996] usb 3-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 1905.477839][T26996] usb 3-1: Product: syz [ 1905.491011][T26996] usb 3-1: config 0 descriptor?? [ 1905.905602][T11638] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30446'. [ 1905.915118][T11638] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30446'. [ 1905.966614][T26996] waterforce 0003:1044:7A4D.0103: unknown main item tag 0x0 [ 1905.983968][T26996] waterforce 0003:1044:7A4D.0103: unknown main item tag 0x0 [ 1906.004931][T26996] waterforce 0003:1044:7A4D.0103: unknown main item tag 0x0 [ 1906.026302][T26996] waterforce 0003:1044:7A4D.0103: unknown main item tag 0x0 [ 1906.045012][T26996] waterforce 0003:1044:7A4D.0103: unknown main item tag 0x0 [ 1906.070008][T26996] waterforce 0003:1044:7A4D.0103: hidraw0: USB HID v0.05 Device [syz] on usb-dummy_hcd.2-1/input0 [ 1906.147836][T26996] waterforce 0003:1044:7A4D.0103: fw version request failed with -38 [ 1906.204175][T26996] usb 3-1: USB disconnect, device number 98 [ 1906.397756][T11668] fido_id[11668]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1907.603651][T11712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30467'. [ 1907.622300][T11710] netlink: 44 bytes leftover after parsing attributes in process `syz.0.30466'. [ 1907.656030][T11712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30467'. [ 1908.446209][T11746] usb usb8: usbfs: process 11746 (syz.1.30480) did not claim interface 0 before use [ 1908.618817][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1908.618837][ T30] audit: type=1326 audit(1753863995.828:7157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.0.30483" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x0 [ 1908.860743][T11756] gtp0: entered promiscuous mode [ 1908.875422][T11756] gtp0: entered allmulticast mode [ 1910.732715][T11822] netlink: 'syz.2.30508': attribute type 2 has an invalid length. [ 1910.935298][T11829] kvm: user requested TSC rate below hardware speed [ 1911.227875][ T5968] usb 2-1: new low-speed USB device number 89 using dummy_hcd [ 1911.390039][ T5968] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1911.404456][ T5968] usb 2-1: config 1 has an invalid interface number: 74 but max is 0 [ 1911.413287][ T5968] usb 2-1: config 1 has no interface number 0 [ 1911.419833][ T5968] usb 2-1: config 1 interface 74 altsetting 1 has an endpoint descriptor with address 0xE4, changing to 0x84 [ 1911.443577][ T5968] usb 2-1: config 1 interface 74 altsetting 1 endpoint 0x84 has invalid maxpacket 1023, setting to 8 [ 1911.464923][ T5968] usb 2-1: config 1 interface 74 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 1911.480854][ T5968] usb 2-1: config 1 interface 74 altsetting 1 endpoint 0x7 is Bulk; changing to Interrupt [ 1911.491910][ T5968] usb 2-1: config 1 interface 74 has no altsetting 0 [ 1911.505392][ T5968] usb 2-1: string descriptor 0 read error: -22 [ 1911.518402][ T5968] usb 2-1: New USB device found, idVendor=10cf, idProduct=5502, bcdDevice=a0.e9 [ 1911.534218][ T30] audit: type=1326 audit(1753863998.738:7158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11861 comm="syz.4.30520" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1911.573669][ T5968] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1911.585855][ T30] audit: type=1326 audit(1753863998.738:7159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11861 comm="syz.4.30520" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1911.618422][T11837] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1911.655072][ T5968] vmk80xx 2-1:1.74: driver 'vmk80xx' failed to auto-configure device. [ 1911.665050][ T30] audit: type=1326 audit(1753863998.738:7160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11861 comm="syz.4.30520" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1911.705524][ T30] audit: type=1326 audit(1753863998.738:7161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11861 comm="syz.4.30520" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1911.750553][ T30] audit: type=1326 audit(1753863998.738:7162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11861 comm="syz.4.30520" exe="/root/syz-executor" sig=0 arch=40000003 syscall=434 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1911.774252][ T30] audit: type=1326 audit(1753863998.738:7163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11861 comm="syz.4.30520" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1911.804218][ T30] audit: type=1326 audit(1753863998.738:7164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11861 comm="syz.4.30520" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1911.826471][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.837013][ T30] audit: type=1326 audit(1753863998.738:7165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11861 comm="syz.4.30520" exe="/root/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1911.859274][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.882266][ T5968] usb 2-1: USB disconnect, device number 89 [ 1911.883805][ T30] audit: type=1326 audit(1753863998.738:7166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11861 comm="syz.4.30520" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1911.910798][ C1] vkms_vblank_simulate: vblank timer overrun [ 1913.119548][T11930] Context (ID=0x1) not attached to queue pair (handle=0x1:0x40) [ 1913.324592][T11938] netlink: 44 bytes leftover after parsing attributes in process `syz.1.30545'. [ 1913.954109][T11963] sctp: [Deprecated]: syz.3.30556 (pid 11963) Use of int in max_burst socket option deprecated. [ 1913.954109][T11963] Use struct sctp_assoc_value instead [ 1914.682303][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1914.690007][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1914.947958][T12016] netlink: 8 bytes leftover after parsing attributes in process `syz.4.30573'. [ 1914.976337][T12016] netlink: 12 bytes leftover after parsing attributes in process `syz.4.30573'. [ 1914.991680][T12016] netlink: 'syz.4.30573': attribute type 13 has an invalid length. [ 1915.207804][ T5968] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 1915.248295][ T5848] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1915.368491][ T5968] usb 3-1: Using ep0 maxpacket: 8 [ 1915.376061][ T5968] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1915.386897][ T5968] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1915.398665][ T5848] usb 4-1: Using ep0 maxpacket: 32 [ 1915.409635][ T5968] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1915.410794][ T5848] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 1915.434264][ T5968] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1915.453061][ T5848] usb 4-1: config 0 has no interface number 0 [ 1915.460680][ T5968] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1915.473449][ T5968] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1915.484698][ T5848] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1915.501160][ T5848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1915.531378][ T5848] usb 4-1: Product: syz [ 1915.535677][ T5848] usb 4-1: Manufacturer: syz [ 1915.554747][ T5848] usb 4-1: SerialNumber: syz [ 1915.573118][ T5848] usb 4-1: config 0 descriptor?? [ 1915.584442][ T5848] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1915.737084][ T5968] usb 3-1: GET_CAPABILITIES returned 0 [ 1915.753114][ T5968] usbtmc 3-1:16.0: can't read capabilities [ 1915.813650][ T5848] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1915.836000][ T5848] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1915.984570][ T5848] usb 3-1: USB disconnect, device number 99 [ 1916.068290][T12024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1916.077379][T12024] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1916.290038][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1916.291711][T26996] usb 4-1: USB disconnect, device number 92 [ 1916.332893][T26996] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1916.386066][T26996] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1916.415170][T26996] quatech2 4-1:0.51: device disconnected [ 1917.208067][ T5968] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 1917.367851][ T5968] usb 2-1: Using ep0 maxpacket: 16 [ 1917.380618][ T5968] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1917.403792][ T5968] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1917.404616][T12122] ip6gretap0: entered promiscuous mode [ 1917.446706][ T5968] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1917.466372][ T5968] usb 2-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 1917.507105][ T5968] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1917.548597][ T5968] usb 2-1: config 0 descriptor?? [ 1917.972248][ T5968] apple 0003:05AC:0247.0104: unknown main item tag 0x0 [ 1917.993301][ T5968] apple 0003:05AC:0247.0104: unknown main item tag 0x0 [ 1918.014314][ T5968] apple 0003:05AC:0247.0104: unexpected long global item [ 1918.026009][ T5968] apple 0003:05AC:0247.0104: parse failed [ 1918.041651][ T5968] apple 0003:05AC:0247.0104: probe with driver apple failed with error -22 [ 1918.191504][T26994] usb 2-1: USB disconnect, device number 90 [ 1918.704329][T12194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.30614'. [ 1918.716151][T12194] netlink: 104 bytes leftover after parsing attributes in process `syz.2.30614'. [ 1918.730610][T12194] netlink: 104 bytes leftover after parsing attributes in process `syz.2.30614'. [ 1920.277879][ T5848] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 1920.438930][ T5848] usb 3-1: Using ep0 maxpacket: 8 [ 1920.452114][ T5848] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 1920.469294][ T5848] usb 3-1: config 179 has no interface number 0 [ 1920.479123][ T5848] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1920.491013][ T5848] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1920.513847][ T5848] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 1920.531905][ T5848] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 1920.549556][ T5848] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1920.577741][ T5848] usb 3-1: config 179 interface 65 has no altsetting 0 [ 1920.595071][ T5848] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1920.623660][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1920.657948][ T5968] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 1920.694643][T12288] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 1920.715289][ T5848] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input191 [ 1920.773796][T12286] tap0: tun_chr_ioctl cmd 1074025677 [ 1920.794395][T12286] tap0: linktype set to 0 [ 1920.819630][ T5198] input input191: unable to receive magic message: -110 [ 1920.848544][ T5968] usb 2-1: Using ep0 maxpacket: 8 [ 1920.862174][ T5968] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1920.874407][ T5968] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1920.889688][ T5968] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1920.906999][ T5198] input input191: unable to receive magic message: -32 [ 1920.927819][ T5968] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1920.951855][ T5198] input input191: unable to receive magic message: -32 [ 1920.959991][ T5968] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1920.969675][ T5968] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1920.980016][ T5198] input input191: unable to receive magic message: -32 [ 1921.005000][ T5198] input input191: unable to receive magic message: -32 [ 1921.165972][T26994] usb 3-1: USB disconnect, device number 100 [ 1921.166104][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1921.215275][ T5968] usb 2-1: GET_CAPABILITIES returned 0 [ 1921.236316][ T5968] usbtmc 2-1:16.0: can't read capabilities [ 1921.438931][ T5968] usb 2-1: USB disconnect, device number 91 [ 1921.761704][T12336] pimreg0: tun_chr_ioctl cmd 35108 [ 1922.289974][T12359] block device autoloading is deprecated and will be removed. [ 1922.534085][ T30] audit: type=1326 audit(1753864009.738:7167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12371 comm="syz.1.30665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1922.592188][ T30] audit: type=1326 audit(1753864009.738:7168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12371 comm="syz.1.30665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1922.651517][ T30] audit: type=1326 audit(1753864009.748:7169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12371 comm="syz.1.30665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1922.692350][ T30] audit: type=1326 audit(1753864009.748:7170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12371 comm="syz.1.30665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1922.721111][ T30] audit: type=1326 audit(1753864009.748:7171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12371 comm="syz.1.30665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1922.800150][ T30] audit: type=1326 audit(1753864009.748:7172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12371 comm="syz.1.30665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1922.850044][ T30] audit: type=1326 audit(1753864009.748:7173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12371 comm="" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1922.916180][ T30] audit: type=1326 audit(1753864009.748:7174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12371 comm="" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1922.942091][T12386] loop6: detected capacity change from 0 to 524287999 [ 1922.950035][T12386] buffer_io_error: 29 callbacks suppressed [ 1922.950056][T12386] Buffer I/O error on dev loop6, logical block 0, async page read [ 1922.957359][ T30] audit: type=1326 audit(1753864009.758:7175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12371 comm="" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1922.976599][T12386] Buffer I/O error on dev loop6, logical block 0, async page read [ 1923.033892][T12386] Buffer I/O error on dev loop6, logical block 0, async page read [ 1923.042353][ T30] audit: type=1326 audit(1753864009.758:7176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12371 comm="" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 1923.063686][ C0] vkms_vblank_simulate: vblank timer overrun [ 1923.085600][T12386] Buffer I/O error on dev loop6, logical block 0, async page read [ 1923.094767][T12386] Buffer I/O error on dev loop6, logical block 0, async page read [ 1923.103721][T12386] Buffer I/O error on dev loop6, logical block 0, async page read [ 1923.112217][T12386] Buffer I/O error on dev loop6, logical block 0, async page read [ 1923.121578][T12386] Buffer I/O error on dev loop6, logical block 0, async page read [ 1923.130170][T12386] ldm_validate_partition_table(): Disk read failed. [ 1923.137034][T12386] Buffer I/O error on dev loop6, logical block 0, async page read [ 1923.146054][T12386] Buffer I/O error on dev loop6, logical block 0, async page read [ 1923.155376][T12386] Dev loop6: unable to read RDB block 0 [ 1923.162679][T12386] loop6: unable to read partition table [ 1923.183926][T12386] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1923.238593][T12391] Invalid logical block size (3) [ 1923.879503][T12427] netlink: 16 bytes leftover after parsing attributes in process `syz.1.30684'. [ 1924.603343][T12469] netlink: 'syz.3.30696': attribute type 1 has an invalid length. [ 1924.618345][T12047] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 1924.749748][T12475] kvm: kvm [12474]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0x3 [ 1924.793621][T12047] usb 2-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 1924.807048][T12047] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1924.815204][T12047] usb 2-1: Product: syz [ 1924.822216][T12047] usb 2-1: Manufacturer: syz [ 1924.826899][T12047] usb 2-1: SerialNumber: syz [ 1924.838309][T12047] usb 2-1: config 0 descriptor?? [ 1925.461359][T12047] usb 2-1: f81604_read: reg: 105 failed: -EPROTO [ 1925.474686][T12047] f81604 2-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 1925.518211][T12047] f81604 2-1:0.0: probe with driver f81604 failed with error -71 [ 1925.539971][T12047] usb 2-1: USB disconnect, device number 92 [ 1926.637842][T12047] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 1926.790990][T12047] usb 2-1: Using ep0 maxpacket: 8 [ 1926.802050][T12047] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1926.808371][T26994] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 1926.814245][T12047] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1926.830401][T12047] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1926.842084][T12047] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1926.862373][T12047] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1926.873435][T12047] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1926.927445][T26996] hid-generic 0000:0000:0000.0105: unknown main item tag 0x0 [ 1926.947358][T26996] hid-generic 0000:0000:0000.0105: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1926.999585][T26994] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 1927.037920][T26994] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1927.081934][T26994] usb 4-1: config 0 descriptor?? [ 1927.097094][T12047] usb 2-1: GET_CAPABILITIES returned 0 [ 1927.207630][T12047] usbtmc 2-1:16.0: can't read capabilities [ 1927.339891][T12047] usb 2-1: USB disconnect, device number 93 [ 1927.719716][T26994] ath6kl: mismatched byte count 0 vs. expected 12 [ 1927.738660][T26994] ath6kl: Failed to init ath6kl core: -22 [ 1927.769192][T26994] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 1927.935694][T12047] usb 4-1: USB disconnect, device number 93 [ 1928.088166][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 1928.088185][ T30] audit: type=1800 audit(1753864015.288:7182): pid=12658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.30746" name="file2" dev="tmpfs" ino=30944 res=0 errno=0 [ 1930.185350][ T30] audit: type=1326 audit(1753864017.378:7183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12713 comm="syz.3.30768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7fc00000 [ 1932.110566][ T5848] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 1932.287639][ T5848] usb 4-1: Using ep0 maxpacket: 32 [ 1932.311308][ T5848] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1932.343347][ T5848] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1932.384388][ T5848] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 1932.401381][ T5848] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 1932.411640][ T5848] usb 4-1: Product: syz [ 1932.416021][ T5848] usb 4-1: Manufacturer: syz [ 1932.424539][ T5848] usb 4-1: SerialNumber: syz [ 1932.456007][ T5848] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input193 [ 1932.715457][ T5848] usb 4-1: USB disconnect, device number 94 [ 1932.764939][ T5848] appletouch 4-1:1.0: input: appletouch disconnected [ 1932.960788][T12906] netlink: 40 bytes leftover after parsing attributes in process `syz.1.30821'. [ 1933.814613][T12944] sctp: [Deprecated]: syz.4.30838 (pid 12944) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1933.814613][T12944] Use struct sctp_sack_info instead [ 1934.408082][T12970] tun0: tun_chr_ioctl cmd 2148553947 [ 1934.587213][T12984] netlink: 8 bytes leftover after parsing attributes in process `syz.2.30851'. [ 1934.623826][T12984] netlink: 32 bytes leftover after parsing attributes in process `syz.2.30851'. [ 1935.546557][T13014] netlink: 28 bytes leftover after parsing attributes in process `syz.4.30862'. [ 1935.938344][T26980] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 1936.113515][T26980] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1936.122737][T26980] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1936.140320][T26980] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1936.149767][T26980] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 1936.198140][T26980] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 1936.231249][T26980] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1936.240858][T26980] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1936.267743][T26980] usb 4-1: Product: syz [ 1936.272090][T26980] usb 4-1: Manufacturer: syz [ 1936.318809][T26980] cdc_wdm 4-1:1.0: skipping garbage [ 1936.334319][T26980] cdc_wdm 4-1:1.0: skipping garbage [ 1936.360180][T26980] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 1936.372722][T26980] cdc_wdm 4-1:1.0: Unknown control protocol [ 1936.427497][T13044] sch_fq: defrate 0 ignored. [ 1936.549211][ C1] cdc_wdm 4-1:1.0: unknown notification 110 received: index 65336 len 25860 [ 1936.689775][T13054] MPI: mpi too large (16392 bits) [ 1936.755021][T26980] usb 4-1: USB disconnect, device number 95 [ 1936.828746][ T5848] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 1937.016806][ T5848] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1937.038335][ T5848] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1937.057605][ T5848] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1937.085471][ T5848] usb 3-1: New USB device found, idVendor=050d, idProduct=3201, bcdDevice= 0.00 [ 1937.094699][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1937.114695][ T5848] usb 3-1: config 0 descriptor?? [ 1937.532555][ T5848] belkin 0003:050D:3201.0106: global environment stack underflow [ 1937.552015][ T5848] belkin 0003:050D:3201.0106: item 0 4 1 11 parsing failed [ 1937.572178][ T5848] belkin 0003:050D:3201.0106: parse failed [ 1937.593387][ T5848] belkin 0003:050D:3201.0106: probe with driver belkin failed with error -22 [ 1937.658944][T13087] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30880'. [ 1937.754011][T26994] usb 3-1: USB disconnect, device number 101 [ 1937.830771][T13091] kvm: user requested TSC rate below hardware speed [ 1938.690951][T13155] bond0: option arp_interval: invalid value (18446744071578845184) [ 1938.727955][T13155] bond0: option arp_interval: allowed values 0 - 2147483647 [ 1939.250705][T13187] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 1939.462290][T13195] netlink: 236 bytes leftover after parsing attributes in process `syz.3.30904'. [ 1939.682939][T13208] netlink: 4 bytes leftover after parsing attributes in process `syz.2.30909'. [ 1939.708653][T13208] netlink: 4 bytes leftover after parsing attributes in process `syz.2.30909'. [ 1940.278273][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1941.538607][T13304] netlink: 44 bytes leftover after parsing attributes in process `syz.1.30933'. [ 1941.548289][T13304] ip6gre0: Caught tx_queue_len zero misconfig [ 1943.163314][ T3583] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1943.175108][ T3583] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1943.183843][ T3583] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1943.192403][ T3583] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1943.220633][ T3583] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1943.649609][T13397] chnl_net:caif_netlink_parms(): no params data found [ 1943.851663][T13397] bridge0: port 1(bridge_slave_0) entered blocking state [ 1943.867478][T13397] bridge0: port 1(bridge_slave_0) entered disabled state [ 1943.886528][T13397] bridge_slave_0: entered allmulticast mode [ 1943.915686][T13397] bridge_slave_0: entered promiscuous mode [ 1943.936833][T13397] bridge0: port 2(bridge_slave_1) entered blocking state [ 1943.961997][T13397] bridge0: port 2(bridge_slave_1) entered disabled state [ 1943.973097][T13397] bridge_slave_1: entered allmulticast mode [ 1943.984724][T13397] bridge_slave_1: entered promiscuous mode [ 1944.113767][T13397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1944.142227][T13397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1944.270797][T13397] team0: Port device team_slave_0 added [ 1944.286594][T13397] team0: Port device team_slave_1 added [ 1944.440103][T13397] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1944.447127][T13397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1944.473131][ C1] vkms_vblank_simulate: vblank timer overrun [ 1944.495653][T13397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1944.515059][T13397] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1944.523596][T13397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1944.556773][T13397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1944.580313][T13657] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1944.587632][T13657] IPv6: NLM_F_CREATE should be set when creating new route [ 1944.595001][T13657] IPv6: NLM_F_CREATE should be set when creating new route [ 1944.602322][T13657] IPv6: NLM_F_CREATE should be set when creating new route [ 1944.819493][T13397] hsr_slave_0: entered promiscuous mode [ 1944.835951][T13397] hsr_slave_1: entered promiscuous mode [ 1944.851124][T13397] debugfs: 'hsr0' already exists in 'hsr' [ 1944.860135][T13397] Cannot create hsr debugfs directory [ 1945.066753][ T5968] hid-generic 0003:0004:0000.0107: unknown main item tag 0x0 [ 1945.078883][ T5968] hid-generic 0003:0004:0000.0107: unknown main item tag 0x0 [ 1945.086572][ T5968] hid-generic 0003:0004:0000.0107: unknown main item tag 0x0 [ 1945.115755][ T5968] hid-generic 0003:0004:0000.0107: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 1945.227170][T13757] fido_id[13757]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1945.318334][ T3583] Bluetooth: hci1: command tx timeout [ 1945.394124][T13397] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1945.593232][T13397] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1945.791209][T13397] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1945.833233][T13801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30984'. [ 1945.977423][T13397] netdevsim netdevsim2 netdevsim0 (unregistering): left allmulticast mode [ 1946.072341][T13397] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1946.490327][T13397] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1946.523259][T13397] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1946.590911][T13397] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1946.632063][T13847] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.30998'. [ 1946.654792][T13397] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1947.118394][T13397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1947.164082][T13397] 8021q: adding VLAN 0 to HW filter on device team0 [ 1947.202340][T22827] bridge0: port 1(bridge_slave_0) entered blocking state [ 1947.209632][T22827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1947.272872][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state [ 1947.280140][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1947.397777][ T3583] Bluetooth: hci1: command tx timeout [ 1947.595894][T13397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1947.739980][T13397] veth0_vlan: entered promiscuous mode [ 1947.784459][T13397] veth1_vlan: entered promiscuous mode [ 1947.896281][T13397] veth0_macvtap: entered promiscuous mode [ 1947.981129][T13397] veth1_macvtap: entered promiscuous mode [ 1948.051198][T13397] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1948.104163][T13886] netlink: 4 bytes leftover after parsing attributes in process `syz.3.31009'. [ 1948.111410][T13397] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1948.154015][T13397] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1948.175320][T13397] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1948.204903][T13397] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1948.219165][T13397] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1948.503833][T22827] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1948.512559][T13900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.31012'. [ 1948.536844][T22827] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1948.552966][T13901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.31013'. [ 1948.594774][ T3498] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1948.605340][T13901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.31013'. [ 1948.637220][ T3498] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1949.477747][ T3583] Bluetooth: hci1: command tx timeout [ 1949.955876][T13945] netlink: 28 bytes leftover after parsing attributes in process `syz.2.31026'. [ 1951.557794][ T3583] Bluetooth: hci1: command tx timeout [ 1952.276466][T14039] netlink: 36 bytes leftover after parsing attributes in process `syz.1.31063'. [ 1952.300042][T14039] netlink: 16 bytes leftover after parsing attributes in process `syz.1.31063'. [ 1953.687473][T14089] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 1954.993679][T14146] netlink: 8 bytes leftover after parsing attributes in process `syz.2.31099'. [ 1955.031945][T14146] bridge0: port 2(bridge_slave_1) entered disabled state [ 1955.041536][T14146] bridge0: port 1(bridge_slave_0) entered disabled state [ 1955.067749][T26994] usb 2-1: new full-speed USB device number 94 using dummy_hcd [ 1955.239750][T26994] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1955.267678][T26994] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1955.307679][T26994] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1955.410195][T26994] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1955.460233][T26994] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1955.478270][T26994] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1955.496935][T26994] usb 2-1: Manufacturer: syz [ 1955.515715][T26994] usb 2-1: config 0 descriptor?? [ 1955.635300][T14176] netlink: 60 bytes leftover after parsing attributes in process `syz.2.31109'. [ 1955.659321][T14177] netlink: 'syz.4.31110': attribute type 2 has an invalid length. [ 1955.671865][T14177] netlink: 12 bytes leftover after parsing attributes in process `syz.4.31110'. [ 1955.857674][T26994] rc_core: IR keymap rc-hauppauge not found [ 1955.866017][T26994] Registered IR keymap rc-empty [ 1955.883518][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1955.927878][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1955.959222][T26994] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 1955.984616][T26994] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input194 [ 1956.013712][ T5848] IPVS: starting estimator thread 0... [ 1956.020965][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1956.057781][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1956.118453][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1956.118480][T14193] IPVS: using max 27 ests per chain, 64800 per kthread [ 1956.157921][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1956.188084][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1956.229032][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1956.251554][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1956.307755][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1956.337792][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1956.355567][T14214] netlink: 16410 bytes leftover after parsing attributes in process `syz.2.31120'. [ 1956.368577][T26994] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1956.401225][T26994] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1956.423342][T26994] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1956.487597][T26994] usb 2-1: USB disconnect, device number 94 [ 1956.755092][T14239] netlink: 'syz.2.31125': attribute type 32 has an invalid length. [ 1956.777036][T14239] bond0: option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 1957.230600][T14259] loop9: detected capacity change from 0 to 7 [ 1957.242221][T14259] Dev loop9: unable to read RDB block 7 [ 1957.264602][T14259] loop9: AHDI p1 p2 [ 1957.274703][T14259] loop9: partition table partially beyond EOD, truncated [ 1957.301796][T14259] loop9: p1 start 1835360114 is beyond EOD, truncated [ 1957.963460][T14291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.31139'. [ 1958.067859][ T5848] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 1958.268138][ T5848] usb 3-1: Using ep0 maxpacket: 32 [ 1958.288915][ T5848] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 1958.312373][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1958.322085][ T5848] usb 3-1: Product: syz [ 1958.326901][ T5848] usb 3-1: Manufacturer: syz [ 1958.337128][ T5848] usb 3-1: SerialNumber: syz [ 1958.356241][ T5848] usb 3-1: config 0 descriptor?? [ 1958.371543][ T5848] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 1958.446164][T14309] netlink: 4 bytes leftover after parsing attributes in process `syz.3.31147'. [ 1959.186924][ T5848] gspca_stk1135: reg_w 0x5 err -71 [ 1959.207455][ T5848] gspca_stk1135: serial bus timeout: status=0x00 [ 1959.214261][ T5848] gspca_stk1135: Sensor write failed [ 1959.230401][ T5848] gspca_stk1135: serial bus timeout: status=0x00 [ 1959.258772][ T5848] gspca_stk1135: Sensor write failed [ 1959.264158][ T5848] gspca_stk1135: serial bus timeout: status=0x00 [ 1959.292253][ T5848] gspca_stk1135: Sensor read failed [ 1959.300272][ T5848] gspca_stk1135: serial bus timeout: status=0x00 [ 1959.306673][ T5848] gspca_stk1135: Sensor read failed [ 1959.318898][ T5848] gspca_stk1135: Detected sensor type unknown (0x0) [ 1959.325574][ T5848] gspca_stk1135: serial bus timeout: status=0x00 [ 1959.340743][ T5848] gspca_stk1135: Sensor read failed [ 1959.346046][ T5848] gspca_stk1135: serial bus timeout: status=0x00 [ 1959.365742][ T5848] gspca_stk1135: Sensor read failed [ 1959.385840][ T5848] gspca_stk1135: serial bus timeout: status=0x00 [ 1959.396400][ T5848] gspca_stk1135: Sensor write failed [ 1959.427998][ T5848] gspca_stk1135: serial bus timeout: status=0x00 [ 1959.434408][ T5848] gspca_stk1135: Sensor write failed [ 1959.452240][ T5848] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71 [ 1959.498057][ T5848] usb 3-1: USB disconnect, device number 102 [ 1959.636535][T14348] netlink: 12 bytes leftover after parsing attributes in process `syz.3.31160'. [ 1960.758403][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1960.888963][T14398] [ 1960.891362][T14398] ===================================================== [ 1960.898331][T14398] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1960.905942][T14398] 6.16.0-syzkaller-04405-g4b290aae788e #0 Not tainted [ 1960.912744][T14398] ----------------------------------------------------- [ 1960.919718][T14398] syz.0.31182/14398 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1960.927598][T14398] ffffffff8de0c058 (tasklist_lock){.+.+}-{3:3}, at: send_sigio+0x101/0x370 [ 1960.936300][T14398] [ 1960.936300][T14398] and this task is already holding: [ 1960.943819][T14398] ffff888077c7faa0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 [ 1960.952505][T14398] which would create a new lock dependency: [ 1960.958433][T14398] (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} [ 1960.966108][T14398] [ 1960.966108][T14398] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1960.975577][T14398] (&client->buffer_lock){..-.}-{3:3} [ 1960.975616][T14398] [ 1960.975616][T14398] ... which became SOFTIRQ-irq-safe at: [ 1960.988799][T14398] lock_acquire+0x120/0x360 [ 1960.993428][T14398] _raw_spin_lock+0x2e/0x40 [ 1960.998033][T14398] evdev_pass_values+0xb9/0xbd0 [ 1961.003069][T14398] evdev_events+0x1e6/0x340 [ 1961.007675][T14398] input_pass_values+0x285/0x890 [ 1961.012720][T14398] input_event_dispose+0x3e5/0x6b0 [ 1961.017945][T14398] input_inject_event+0x1fe/0x320 [ 1961.023088][T14398] led_trigger_event+0x138/0x210 [ 1961.028128][T14398] kbd_bh+0x1c6/0x2e0 [ 1961.032219][T14398] tasklet_action_common+0x36c/0x580 [ 1961.037613][T14398] handle_softirqs+0x286/0x870 [ 1961.042489][T14398] run_ksoftirqd+0x9b/0x100 [ 1961.047100][T14398] smpboot_thread_fn+0x542/0xa60 [ 1961.052154][T14398] kthread+0x711/0x8a0 [ 1961.056327][T14398] ret_from_fork+0x3fc/0x770 [ 1961.061019][T14398] ret_from_fork_asm+0x1a/0x30 [ 1961.065894][T14398] [ 1961.065894][T14398] to a SOFTIRQ-irq-unsafe lock: [ 1961.072921][T14398] (tasklist_lock){.+.+}-{3:3} [ 1961.072954][T14398] [ 1961.072954][T14398] ... which became SOFTIRQ-irq-unsafe at: [ 1961.085695][T14398] ... [ 1961.085707][T14398] lock_acquire+0x120/0x360 [ 1961.092998][T14398] _raw_read_lock+0x36/0x50 [ 1961.097712][T14398] __do_wait+0xde/0x740 [ 1961.101996][T14398] do_wait+0x1f8/0x520 [ 1961.106174][T14398] kernel_wait+0xab/0x170 [ 1961.110965][T14398] call_usermodehelper_exec_work+0xbe/0x230 [ 1961.116998][T14398] process_scheduled_works+0xade/0x17b0 [ 1961.122676][T14398] worker_thread+0x8a0/0xda0 [ 1961.127380][T14398] kthread+0x711/0x8a0 [ 1961.131554][T14398] ret_from_fork+0x3fc/0x770 [ 1961.136337][T14398] ret_from_fork_asm+0x1a/0x30 [ 1961.141209][T14398] [ 1961.141209][T14398] other info that might help us debug this: [ 1961.141209][T14398] [ 1961.151480][T14398] Chain exists of: [ 1961.151480][T14398] &client->buffer_lock --> &f_owner->lock --> tasklist_lock [ 1961.151480][T14398] [ 1961.164729][T14398] Possible interrupt unsafe locking scenario: [ 1961.164729][T14398] [ 1961.173058][T14398] CPU0 CPU1 [ 1961.178443][T14398] ---- ---- [ 1961.183855][T14398] lock(tasklist_lock); [ 1961.188120][T14398] local_irq_disable(); [ 1961.194911][T14398] lock(&client->buffer_lock); [ 1961.202318][T14398] lock(&f_owner->lock); [ 1961.209182][T14398] [ 1961.212757][T14398] lock(&client->buffer_lock); [ 1961.217957][T14398] [ 1961.217957][T14398] *** DEADLOCK *** [ 1961.217957][T14398] [ 1961.226119][T14398] 6 locks held by syz.0.31182/14398: [ 1961.231411][T14398] #0: ffffffff8f56ab70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1961.239632][T14398] #1: ffffffff8f56a988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 1961.248630][T14398] #2: ffffffff8e13c520 (rcu_read_lock){....}-{1:3}, at: sock_def_readable+0xbe/0x550 [ 1961.258238][T14398] #3: ffffffff8e13c520 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1961.267318][T14398] #4: ffff888031f8fbe8 (&new->fa_lock){...-}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1961.276473][T14398] #5: ffff888077c7faa0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 [ 1961.285638][T14398] [ 1961.285638][T14398] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1961.296054][T14398] -> (&client->buffer_lock){..-.}-{3:3} { [ 1961.301993][T14398] IN-SOFTIRQ-W at: [ 1961.306156][T14398] lock_acquire+0x120/0x360 [ 1961.312682][T14398] _raw_spin_lock+0x2e/0x40 [ 1961.319208][T14398] evdev_pass_values+0xb9/0xbd0 [ 1961.326072][T14398] evdev_events+0x1e6/0x340 [ 1961.332601][T14398] input_pass_values+0x285/0x890 [ 1961.339569][T14398] input_event_dispose+0x3e5/0x6b0 [ 1961.346711][T14398] input_inject_event+0x1fe/0x320 [ 1961.353771][T14398] led_trigger_event+0x138/0x210 [ 1961.360733][T14398] kbd_bh+0x1c6/0x2e0 [ 1961.366730][T14398] tasklet_action_common+0x36c/0x580 [ 1961.374055][T14398] handle_softirqs+0x286/0x870 [ 1961.380850][T14398] run_ksoftirqd+0x9b/0x100 [ 1961.387361][T14398] smpboot_thread_fn+0x542/0xa60 [ 1961.394308][T14398] kthread+0x711/0x8a0 [ 1961.400398][T14398] ret_from_fork+0x3fc/0x770 [ 1961.407000][T14398] ret_from_fork_asm+0x1a/0x30 [ 1961.413805][T14398] INITIAL USE at: [ 1961.417890][T14398] lock_acquire+0x120/0x360 [ 1961.424330][T14398] _raw_spin_lock+0x2e/0x40 [ 1961.430763][T14398] evdev_pass_values+0xb9/0xbd0 [ 1961.437582][T14398] evdev_events+0x1e6/0x340 [ 1961.444025][T14398] input_pass_values+0x285/0x890 [ 1961.450885][T14398] input_event_dispose+0x330/0x6b0 [ 1961.457926][T14398] input_inject_event+0x1fe/0x320 [ 1961.464875][T14398] evdev_write+0x2fc/0x480 [ 1961.471216][T14398] vfs_write+0x27b/0xa90 [ 1961.477385][T14398] ksys_write+0x145/0x250 [ 1961.483641][T14398] __do_fast_syscall_32+0xb6/0x2b0 [ 1961.490691][T14398] do_fast_syscall_32+0x34/0x80 [ 1961.497474][T14398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1961.505737][T14398] } [ 1961.508428][T14398] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 1961.516768][T14398] -> (&new->fa_lock){...-}-{3:3} { [ 1961.522011][T14398] IN-SOFTIRQ-R at: [ 1961.526088][T14398] lock_acquire+0x120/0x360 [ 1961.532441][T14398] _raw_read_lock_irqsave+0xaf/0x100 [ 1961.539570][T14398] kill_fasync+0x199/0x4d0 [ 1961.545821][T14398] sock_wake_async+0x137/0x160 [ 1961.552427][T14398] sock_def_readable+0x3bb/0x550 [ 1961.559231][T14398] __sock_queue_rcv_skb+0x6a2/0x9c0 [ 1961.566282][T14398] sock_queue_rcv_skb_reason+0x75/0xe0 [ 1961.573674][T14398] raw_rcv+0x74b/0x9d0 [ 1961.579585][T14398] raw_local_deliver+0x9ee/0xe90 [ 1961.586362][T14398] ip_protocol_deliver_rcu+0x46/0x440 [ 1961.593656][T14398] ip_local_deliver_finish+0x2fb/0x580 [ 1961.600958][T14398] NF_HOOK+0x309/0x3a0 [ 1961.606859][T14398] NF_HOOK+0x309/0x3a0 [ 1961.612781][T14398] __netif_receive_skb+0x143/0x380 [ 1961.619742][T14398] process_backlog+0x60e/0x14f0 [ 1961.626443][T14398] __napi_poll+0xc7/0x480 [ 1961.632638][T14398] net_rx_action+0x707/0xe30 [ 1961.639070][T14398] handle_softirqs+0x286/0x870 [ 1961.645673][T14398] do_softirq+0xec/0x180 [ 1961.651845][T14398] __local_bh_enable_ip+0x17d/0x1c0 [ 1961.658883][T14398] __dev_queue_xmit+0x1cd7/0x3a70 [ 1961.665834][T14398] ip_finish_output2+0xd03/0x1160 [ 1961.672704][T14398] ip_push_pending_frames+0xbe/0x150 [ 1961.679838][T14398] raw_sendmsg+0x143f/0x18b0 [ 1961.686265][T14398] __sock_sendmsg+0x19c/0x270 [ 1961.692787][T14398] __sys_sendto+0x3bd/0x520 [ 1961.699127][T14398] __ia32_sys_sendto+0xdd/0x100 [ 1961.705811][T14398] __do_fast_syscall_32+0xb6/0x2b0 [ 1961.712764][T14398] do_fast_syscall_32+0x34/0x80 [ 1961.719460][T14398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1961.727680][T14398] INITIAL USE at: [ 1961.731690][T14398] lock_acquire+0x120/0x360 [ 1961.737956][T14398] _raw_write_lock_irq+0xa2/0xf0 [ 1961.744650][T14398] fasync_remove_entry+0xf1/0x1c0 [ 1961.751424][T14398] lease_modify+0x1ca/0x3c0 [ 1961.757683][T14398] locks_remove_file+0x4bf/0xea0 [ 1961.764381][T14398] __fput+0x3ab/0xa70 [ 1961.770112][T14398] task_work_run+0x1d1/0x260 [ 1961.776451][T14398] exit_to_user_mode_loop+0xec/0x110 [ 1961.783494][T14398] __do_fast_syscall_32+0x1f4/0x2b0 [ 1961.790447][T14398] do_fast_syscall_32+0x34/0x80 [ 1961.797056][T14398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1961.805156][T14398] INITIAL READ USE at: [ 1961.809930][T14398] lock_acquire+0x120/0x360 [ 1961.816625][T14398] _raw_read_lock_irqsave+0xaf/0x100 [ 1961.824101][T14398] kill_fasync+0x199/0x4d0 [ 1961.830704][T14398] pipe_release+0x19c/0x330 [ 1961.837400][T14398] __fput+0x449/0xa70 [ 1961.843565][T14398] task_work_run+0x1d1/0x260 [ 1961.850342][T14398] exit_to_user_mode_loop+0xec/0x110 [ 1961.857915][T14398] __do_fast_syscall_32+0x1f4/0x2b0 [ 1961.865302][T14398] do_fast_syscall_32+0x34/0x80 [ 1961.872346][T14398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1961.880863][T14398] } [ 1961.883458][T14398] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1961.892242][T14398] ... acquired at: [ 1961.896141][T14398] lock_acquire+0x120/0x360 [ 1961.900838][T14398] _raw_read_lock_irqsave+0xaf/0x100 [ 1961.906311][T14398] kill_fasync+0x199/0x4d0 [ 1961.910917][T14398] evdev_pass_values+0x627/0xbd0 [ 1961.916036][T14398] evdev_events+0x1e6/0x340 [ 1961.920723][T14398] input_pass_values+0x285/0x890 [ 1961.925853][T14398] input_event_dispose+0x330/0x6b0 [ 1961.931166][T14398] input_inject_event+0x1fe/0x320 [ 1961.936390][T14398] evdev_write+0x2fc/0x480 [ 1961.940999][T14398] vfs_write+0x27b/0xa90 [ 1961.945447][T14398] ksys_write+0x145/0x250 [ 1961.949995][T14398] __do_fast_syscall_32+0xb6/0x2b0 [ 1961.955305][T14398] do_fast_syscall_32+0x34/0x80 [ 1961.960355][T14398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1961.966896][T14398] [ 1961.969229][T14398] -> (&f_owner->lock){....}-{3:3} { [ 1961.974458][T14398] INITIAL USE at: [ 1961.978364][T14398] lock_acquire+0x120/0x360 [ 1961.984451][T14398] _raw_write_lock_irq+0xa2/0xf0 [ 1961.990981][T14398] __f_setown+0x67/0x370 [ 1961.996798][T14398] generic_setlease+0xd5d/0x1240 [ 1962.003322][T14398] fcntl_setlease+0x3a2/0x4c0 [ 1962.009579][T14398] do_fcntl+0x6a9/0x1910 [ 1962.015396][T14398] do_compat_fcntl64+0x477/0x720 [ 1962.021912][T14398] __do_fast_syscall_32+0xb6/0x2b0 [ 1962.028611][T14398] do_fast_syscall_32+0x34/0x80 [ 1962.035040][T14398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1962.042953][T14398] INITIAL READ USE at: [ 1962.047297][T14398] lock_acquire+0x120/0x360 [ 1962.053835][T14398] _raw_read_lock_irq+0xaa/0xf0 [ 1962.060793][T14398] f_getown+0x54/0x2a0 [ 1962.066895][T14398] sock_ioctl+0x536/0x790 [ 1962.073257][T14398] compat_sock_ioctl+0x285/0xc80 [ 1962.080210][T14398] __ia32_compat_sys_ioctl+0x540/0x840 [ 1962.087687][T14398] __do_fast_syscall_32+0xb6/0x2b0 [ 1962.094831][T14398] do_fast_syscall_32+0x34/0x80 [ 1962.101695][T14398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1962.110061][T14398] } [ 1962.112564][T14398] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1962.121542][T14398] ... acquired at: [ 1962.125356][T14398] lock_acquire+0x120/0x360 [ 1962.130073][T14398] _raw_read_lock_irqsave+0xaf/0x100 [ 1962.135642][T14398] send_sigio+0x38/0x370 [ 1962.140079][T14398] kill_fasync+0x24d/0x4d0 [ 1962.144780][T14398] lease_break_callback+0x26/0x30 [ 1962.150000][T14398] __break_lease+0x6a5/0x1620 [ 1962.154905][T14398] do_dentry_open+0xd62/0x1970 [ 1962.159854][T14398] vfs_open+0x3b/0x340 [ 1962.164102][T14398] path_openat+0x2ee5/0x3830 [ 1962.168965][T14398] do_filp_open+0x1fa/0x410 [ 1962.173655][T14398] do_sys_openat2+0x121/0x1c0 [ 1962.178554][T14398] __ia32_compat_sys_open+0x117/0x140 [ 1962.184123][T14398] __do_fast_syscall_32+0xb6/0x2b0 [ 1962.189431][T14398] do_fast_syscall_32+0x34/0x80 [ 1962.194470][T14398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1962.201093][T14398] [ 1962.203438][T14398] [ 1962.203438][T14398] the dependencies between the lock to be acquired [ 1962.203449][T14398] and SOFTIRQ-irq-unsafe lock: [ 1962.216979][T14398] -> (tasklist_lock){.+.+}-{3:3} { [ 1962.222130][T14398] HARDIRQ-ON-R at: [ 1962.226120][T14398] lock_acquire+0x120/0x360 [ 1962.232289][T14398] _raw_read_lock+0x36/0x50 [ 1962.238454][T14398] __do_wait+0xde/0x740 [ 1962.244304][T14398] do_wait+0x1f8/0x520 [ 1962.250039][T14398] kernel_wait+0xab/0x170 [ 1962.256031][T14398] call_usermodehelper_exec_work+0xbe/0x230 [ 1962.263595][T14398] process_scheduled_works+0xade/0x17b0 [ 1962.270816][T14398] worker_thread+0x8a0/0xda0 [ 1962.277075][T14398] kthread+0x711/0x8a0 [ 1962.282806][T14398] ret_from_fork+0x3fc/0x770 [ 1962.289055][T14398] ret_from_fork_asm+0x1a/0x30 [ 1962.295495][T14398] SOFTIRQ-ON-R at: [ 1962.299689][T14398] lock_acquire+0x120/0x360 [ 1962.305944][T14398] _raw_read_lock+0x36/0x50 [ 1962.312114][T14398] __do_wait+0xde/0x740 [ 1962.317933][T14398] do_wait+0x1f8/0x520 [ 1962.323666][T14398] kernel_wait+0xab/0x170 [ 1962.329668][T14398] call_usermodehelper_exec_work+0xbe/0x230 [ 1962.337229][T14398] process_scheduled_works+0xade/0x17b0 [ 1962.344444][T14398] worker_thread+0x8a0/0xda0 [ 1962.350702][T14398] kthread+0x711/0x8a0 [ 1962.356434][T14398] ret_from_fork+0x3fc/0x770 [ 1962.362687][T14398] ret_from_fork_asm+0x1a/0x30 [ 1962.369124][T14398] INITIAL USE at: [ 1962.373031][T14398] lock_acquire+0x120/0x360 [ 1962.379116][T14398] _raw_write_lock_irq+0xa2/0xf0 [ 1962.385629][T14398] copy_process+0x224f/0x3c00 [ 1962.391877][T14398] kernel_clone+0x21e/0x840 [ 1962.397959][T14398] user_mode_thread+0xdd/0x140 [ 1962.404293][T14398] rest_init+0x23/0x300 [ 1962.410016][T14398] start_kernel+0x3a9/0x410 [ 1962.416097][T14398] x86_64_start_reservations+0x24/0x30 [ 1962.423131][T14398] x86_64_start_kernel+0x143/0x1c0 [ 1962.429824][T14398] common_startup_64+0x13e/0x147 [ 1962.436343][T14398] INITIAL READ USE at: [ 1962.440685][T14398] lock_acquire+0x120/0x360 [ 1962.447205][T14398] _raw_read_lock+0x36/0x50 [ 1962.453805][T14398] __do_wait+0xde/0x740 [ 1962.459976][T14398] do_wait+0x1f8/0x520 [ 1962.466059][T14398] kernel_wait+0xab/0x170 [ 1962.472500][T14398] call_usermodehelper_exec_work+0xbe/0x230 [ 1962.480507][T14398] process_scheduled_works+0xade/0x17b0 [ 1962.488075][T14398] worker_thread+0x8a0/0xda0 [ 1962.494758][T14398] kthread+0x711/0x8a0 [ 1962.500843][T14398] ret_from_fork+0x3fc/0x770 [ 1962.507444][T14398] ret_from_fork_asm+0x1a/0x30 [ 1962.514241][T14398] } [ 1962.516765][T14398] ... key at: [] tasklist_lock+0x18/0x40 [ 1962.524501][T14398] ... acquired at: [ 1962.528310][T14398] lock_acquire+0x120/0x360 [ 1962.533009][T14398] _raw_read_lock+0x36/0x50 [ 1962.537711][T14398] send_sigio+0x101/0x370 [ 1962.542234][T14398] kill_fasync+0x24d/0x4d0 [ 1962.546851][T14398] sock_wake_async+0x137/0x160 [ 1962.551831][T14398] sock_def_readable+0x3bb/0x550 [ 1962.556972][T14398] netlink_sendskb+0xa1/0x140 [ 1962.562018][T14398] ctrl_getfamily+0x499/0x590 [ 1962.566885][T14398] genl_family_rcv_msg_doit+0x212/0x300 [ 1962.572619][T14398] genl_rcv_msg+0x60e/0x790 [ 1962.577308][T14398] netlink_rcv_skb+0x205/0x470 [ 1962.582257][T14398] genl_rcv+0x28/0x40 [ 1962.586435][T14398] netlink_unicast+0x759/0x8e0 [ 1962.591400][T14398] netlink_sendmsg+0x805/0xb30 [ 1962.596349][T14398] __sock_sendmsg+0x21c/0x270 [ 1962.601224][T14398] __sys_sendto+0x3bd/0x520 [ 1962.605913][T14398] __ia32_compat_sys_socketcall+0x71c/0x9c0 [ 1962.611993][T14398] __do_fast_syscall_32+0xb6/0x2b0 [ 1962.617380][T14398] do_fast_syscall_32+0x34/0x80 [ 1962.622418][T14398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1962.628937][T14398] [ 1962.631268][T14398] [ 1962.631268][T14398] stack backtrace: [ 1962.637161][T14398] CPU: 1 UID: 0 PID: 14398 Comm: syz.0.31182 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1962.637184][T14398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1962.637195][T14398] Call Trace: [ 1962.637205][T14398] [ 1962.637214][T14398] dump_stack_lvl+0x189/0x250 [ 1962.637237][T14398] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1962.637255][T14398] ? __pfx__printk+0x10/0x10 [ 1962.637282][T14398] validate_chain+0x1f05/0x2140 [ 1962.637310][T14398] __lock_acquire+0xab9/0xd20 [ 1962.637338][T14398] ? send_sigio+0x101/0x370 [ 1962.637355][T14398] lock_acquire+0x120/0x360 [ 1962.637379][T14398] ? send_sigio+0x101/0x370 [ 1962.637396][T14398] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1962.637419][T14398] ? do_raw_read_lock+0x3d/0x90 [ 1962.637441][T14398] _raw_read_lock+0x36/0x50 [ 1962.637460][T14398] ? send_sigio+0x101/0x370 [ 1962.637481][T14398] send_sigio+0x101/0x370 [ 1962.637502][T14398] kill_fasync+0x24d/0x4d0 [ 1962.637525][T14398] ? kill_fasync+0x53/0x4d0 [ 1962.637549][T14398] sock_wake_async+0x137/0x160 [ 1962.637584][T14398] sock_def_readable+0x3bb/0x550 [ 1962.637614][T14398] ? sock_def_readable+0xbe/0x550 [ 1962.637646][T14398] netlink_sendskb+0xa1/0x140 [ 1962.637680][T14398] ctrl_getfamily+0x499/0x590 [ 1962.637709][T14398] ? __pfx_ctrl_getfamily+0x10/0x10 [ 1962.637738][T14398] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1962.637772][T14398] genl_family_rcv_msg_doit+0x212/0x300 [ 1962.637805][T14398] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1962.637843][T14398] genl_rcv_msg+0x60e/0x790 [ 1962.637868][T14398] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1962.637890][T14398] ? ref_tracker_free+0x63a/0x7d0 [ 1962.637916][T14398] ? __pfx_ctrl_getfamily+0x10/0x10 [ 1962.637937][T14398] ? __pfx_ref_tracker_free+0x10/0x10 [ 1962.637966][T14398] netlink_rcv_skb+0x205/0x470 [ 1962.637983][T14398] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1962.638006][T14398] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1962.638028][T14398] ? down_read+0x1ad/0x2e0 [ 1962.638055][T14398] genl_rcv+0x28/0x40 [ 1962.638075][T14398] netlink_unicast+0x759/0x8e0 [ 1962.638105][T14398] netlink_sendmsg+0x805/0xb30 [ 1962.638127][T14398] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1962.638145][T14398] ? aa_sock_msg_perm+0x94/0x160 [ 1962.638167][T14398] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1962.638184][T14398] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1962.638202][T14398] __sock_sendmsg+0x21c/0x270 [ 1962.638227][T14398] __sys_sendto+0x3bd/0x520 [ 1962.638245][T14398] ? __pfx___sys_sendto+0x10/0x10 [ 1962.638267][T14398] ? __might_fault+0xb0/0x130 [ 1962.638298][T14398] __ia32_compat_sys_socketcall+0x71c/0x9c0 [ 1962.638320][T14398] ? count_memcg_event_mm+0x21/0x260 [ 1962.638342][T14398] ? __pfx___ia32_compat_sys_socketcall+0x10/0x10 [ 1962.638365][T14398] ? exc_page_fault+0x76/0xf0 [ 1962.638390][T14398] ? lockdep_hardirqs_on+0x9c/0x150 [ 1962.638413][T14398] __do_fast_syscall_32+0xb6/0x2b0 [ 1962.638438][T14398] ? lockdep_hardirqs_on+0x9c/0x150 [ 1962.638461][T14398] do_fast_syscall_32+0x34/0x80 [ 1962.638493][T14398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1962.638514][T14398] RIP: 0023:0xf70ce539 [ 1962.638530][T14398] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1962.638546][T14398] RSP: 002b:00000000f50bd430 EFLAGS: 00000206 ORIG_RAX: 0000000000000066 [ 1962.638566][T14398] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f50bd444 [ 1962.638579][T14398] RDX: 0000000000000000 RSI: 00000000f50bd560 RDI: 00000000f7434ff4 [ 1962.638590][T14398] RBP: 00000000f50bd560 R08: 0000000000000000 R09: 0000000000000000 [ 1962.638601][T14398] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1962.638612][T14398] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1962.638628][T14398] [ 1963.006047][ C1] vkms_vblank_simulate: vblank timer overrun [ 1964.181796][T13337] bond0: (slave syz_tun): Releasing backup interface [ 1964.325701][ T3476] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1964.424918][ T3476] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1964.493567][ T3476] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1964.610553][ T3476] tipc: Disabling bearer [ 1964.616781][ T3476] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1965.582684][ T3476] bond0 (unregistering): (slave 0!): Releasing backup interface [ 1965.594276][ T3476] !: left allmulticast mode [ 1965.599725][ T3476] bond0 (unregistering): Released all slaves [ 1965.737821][ T3476] bond1 (unregistering): Released all slaves [ 1965.748123][ T3476] bond2 (unregistering): Released all slaves [ 1965.766634][ T3476] bond3 (unregistering): Released all slaves [ 1965.776164][ T3476] bond4 (unregistering): Released all slaves [ 1965.786476][ T3476] bond5 (unregistering): Released all slaves [ 1965.922713][ T3476] bond6 (unregistering): Released all slaves [ 1965.932956][ T3476] bond7 (unregistering): Released all slaves [ 1965.943163][ T3476] bond8 (unregistering): Released all slaves [ 1966.034545][ T3476] ‰lm;Ê-: left promiscuous mode [ 1966.079618][ T3476] : left promiscuous mode [ 1966.142094][ T3476] tipc: Disabling bearer [ 1966.151399][ T3476] tipc: Disabling bearer [ 1966.156851][ T3476] tipc: Left network mode [ 1966.402376][ T3476] hsr_slave_0: left promiscuous mode [ 1966.408979][ T3476] hsr_slave_1: left promiscuous mode [ 1966.416480][ T3476] veth1_to_batadv: left promiscuous mode [ 1966.423934][ T3476] veth1_vlan: left promiscuous mode [ 1966.473329][ T3476] team0 (unregistering): Port device batadv0 removed [ 1968.785440][ T3476] IPVS: stop unused estimator thread 0... [ 1968.825036][ T3476] ------------[ cut here ]------------ [ 1968.830762][ T3476] WARNING: CPU: 1 PID: 3476 at net/xfrm/xfrm_state.c:3284 xfrm_state_fini+0x270/0x2f0 [ 1968.840583][ T3476] Modules linked in: [ 1968.844611][ T3476] CPU: 1 UID: 0 PID: 3476 Comm: kworker/u8:8 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1968.856532][ T3476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1968.866683][ T3476] Workqueue: netns cleanup_net [ 1968.871576][ T3476] RIP: 0010:xfrm_state_fini+0x270/0x2f0 [ 1968.877172][ T3476] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 58 e8 09 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 16 b7 ea f7 e8 51 d5 a7 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 43 d5 a7 f7 90 0f 0b 90 e9 60 fe ff ff [ 1968.897017][ T3476] RSP: 0018:ffffc9000b8f7898 EFLAGS: 00010293 [ 1968.903499][ T3476] RAX: ffffffff8a17e68f RBX: ffff8880339a0000 RCX: ffff88803112bc00 [ 1968.911752][ T3476] RDX: 0000000000000000 RSI: ffffffff8be2f5e0 RDI: ffff88803112bc00 [ 1968.920150][ T3476] RBP: ffffc9000b8f79b0 R08: ffffffff8fa050f7 R09: 1ffffffff1f40a1e [ 1968.928292][ T3476] R10: dffffc0000000000 R11: fffffbfff1f40a1f R12: ffffffff8f5ffd20 [ 1968.936426][ T3476] R13: 1ffff9200171ef40 R14: ffff8880339a14c0 R15: dffffc0000000000 [ 1968.944589][ T3476] FS: 0000000000000000(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000 [ 1968.953698][ T3476] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1968.960393][ T3476] CR2: 0000555e1c81c000 CR3: 000000007de50000 CR4: 00000000003526f0 [ 1968.968526][ T3476] Call Trace: [ 1968.971855][ T3476] [ 1968.974834][ T3476] xfrm_net_exit+0x2d/0x70 [ 1968.979446][ T3476] ops_undo_list+0x49a/0x990 [ 1968.984078][ T3476] ? __pfx_ops_undo_list+0x10/0x10 [ 1968.989293][ T3476] cleanup_net+0x4c5/0x800 [ 1968.993751][ T3476] ? __pfx_cleanup_net+0x10/0x10 [ 1968.998766][ T3476] ? rcu_is_watching+0x15/0xb0 [ 1969.003683][ T3476] ? process_scheduled_works+0x9ef/0x17b0 [ 1969.009621][ T3476] ? process_scheduled_works+0x9ef/0x17b0 [ 1969.015401][ T3476] process_scheduled_works+0xade/0x17b0 [ 1969.021057][ T3476] ? __pfx_process_scheduled_works+0x10/0x10 [ 1969.027085][ T3476] worker_thread+0x8a0/0xda0 [ 1969.031780][ T3476] kthread+0x711/0x8a0 [ 1969.035897][ T3476] ? __pfx_worker_thread+0x10/0x10 [ 1969.041086][ T3476] ? __pfx_kthread+0x10/0x10 [ 1969.045718][ T3476] ? _raw_spin_unlock_irq+0x23/0x50 [ 1969.051018][ T3476] ? lockdep_hardirqs_on+0x9c/0x150 [ 1969.056263][ T3476] ? __pfx_kthread+0x10/0x10 [ 1969.060957][ T3476] ret_from_fork+0x3fc/0x770 [ 1969.065577][ T3476] ? __pfx_ret_from_fork+0x10/0x10 [ 1969.070751][ T3476] ? __switch_to_asm+0x39/0x70 [ 1969.075580][ T3476] ? __switch_to_asm+0x33/0x70 [ 1969.080454][ T3476] ? __pfx_kthread+0x10/0x10 [ 1969.085077][ T3476] ret_from_fork_asm+0x1a/0x30 [ 1969.089913][ T3476] [ 1969.093440][ T3476] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1969.100757][ T3476] CPU: 1 UID: 0 PID: 3476 Comm: kworker/u8:8 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1969.112573][ T3476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1969.122642][ T3476] Workqueue: netns cleanup_net [ 1969.127416][ T3476] Call Trace: [ 1969.130699][ T3476] [ 1969.133631][ T3476] dump_stack_lvl+0x99/0x250 [ 1969.138236][ T3476] ? __asan_memcpy+0x40/0x70 [ 1969.142851][ T3476] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1969.148077][ T3476] ? __pfx__printk+0x10/0x10 [ 1969.152712][ T3476] panic+0x2db/0x790 [ 1969.156636][ T3476] ? __pfx_panic+0x10/0x10 [ 1969.161070][ T3476] ? ret_from_fork_asm+0x1a/0x30 [ 1969.166029][ T3476] __warn+0x31b/0x4b0 [ 1969.170027][ T3476] ? xfrm_state_fini+0x270/0x2f0 [ 1969.174980][ T3476] ? xfrm_state_fini+0x270/0x2f0 [ 1969.179932][ T3476] report_bug+0x2be/0x4f0 [ 1969.184280][ T3476] ? xfrm_state_fini+0x270/0x2f0 [ 1969.189240][ T3476] ? xfrm_state_fini+0x270/0x2f0 [ 1969.194186][ T3476] ? xfrm_state_fini+0x272/0x2f0 [ 1969.199133][ T3476] handle_bug+0x84/0x160 [ 1969.203398][ T3476] exc_invalid_op+0x1a/0x50 [ 1969.208355][ T3476] asm_exc_invalid_op+0x1a/0x20 [ 1969.213226][ T3476] RIP: 0010:xfrm_state_fini+0x270/0x2f0 [ 1969.218784][ T3476] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 58 e8 09 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 16 b7 ea f7 e8 51 d5 a7 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 43 d5 a7 f7 90 0f 0b 90 e9 60 fe ff ff [ 1969.238404][ T3476] RSP: 0018:ffffc9000b8f7898 EFLAGS: 00010293 [ 1969.244500][ T3476] RAX: ffffffff8a17e68f RBX: ffff8880339a0000 RCX: ffff88803112bc00 [ 1969.252482][ T3476] RDX: 0000000000000000 RSI: ffffffff8be2f5e0 RDI: ffff88803112bc00 [ 1969.260469][ T3476] RBP: ffffc9000b8f79b0 R08: ffffffff8fa050f7 R09: 1ffffffff1f40a1e [ 1969.268452][ T3476] R10: dffffc0000000000 R11: fffffbfff1f40a1f R12: ffffffff8f5ffd20 [ 1969.276439][ T3476] R13: 1ffff9200171ef40 R14: ffff8880339a14c0 R15: dffffc0000000000 [ 1969.284460][ T3476] ? xfrm_state_fini+0x26f/0x2f0 [ 1969.289434][ T3476] ? xfrm_state_fini+0x26f/0x2f0 [ 1969.294470][ T3476] xfrm_net_exit+0x2d/0x70 [ 1969.298905][ T3476] ops_undo_list+0x49a/0x990 [ 1969.303517][ T3476] ? __pfx_ops_undo_list+0x10/0x10 [ 1969.308647][ T3476] cleanup_net+0x4c5/0x800 [ 1969.313081][ T3476] ? __pfx_cleanup_net+0x10/0x10 [ 1969.318032][ T3476] ? rcu_is_watching+0x15/0xb0 [ 1969.322808][ T3476] ? process_scheduled_works+0x9ef/0x17b0 [ 1969.328548][ T3476] ? process_scheduled_works+0x9ef/0x17b0 [ 1969.334296][ T3476] process_scheduled_works+0xade/0x17b0 [ 1969.339926][ T3476] ? __pfx_process_scheduled_works+0x10/0x10 [ 1969.346027][ T3476] worker_thread+0x8a0/0xda0 [ 1969.350638][ T3476] kthread+0x711/0x8a0 [ 1969.354722][ T3476] ? __pfx_worker_thread+0x10/0x10 [ 1969.359846][ T3476] ? __pfx_kthread+0x10/0x10 [ 1969.364455][ T3476] ? _raw_spin_unlock_irq+0x23/0x50 [ 1969.369673][ T3476] ? lockdep_hardirqs_on+0x9c/0x150 [ 1969.374888][ T3476] ? __pfx_kthread+0x10/0x10 [ 1969.379492][ T3476] ret_from_fork+0x3fc/0x770 [ 1969.384096][ T3476] ? __pfx_ret_from_fork+0x10/0x10 [ 1969.389565][ T3476] ? __switch_to_asm+0x39/0x70 [ 1969.394341][ T3476] ? __switch_to_asm+0x33/0x70 [ 1969.399126][ T3476] ? __pfx_kthread+0x10/0x10 [ 1969.403734][ T3476] ret_from_fork_asm+0x1a/0x30 [ 1969.408538][ T3476] [ 1969.411893][ T3476] Kernel Offset: disabled [ 1969.416230][ T3476] Rebooting in 86400 seconds..