last executing test programs: 6.723948246s ago: executing program 3 (id=6534): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x70bd2a, 0x25dfdbfb, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x30e, 0x3}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4040044) 6.314693511s ago: executing program 3 (id=6539): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r0 = io_uring_setup(0x74cb, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 3.576943594s ago: executing program 3 (id=6559): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x6000, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x5}}}]}, 0x48}}, 0x0) 3.10093789s ago: executing program 3 (id=6563): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000280)={0x1c, &(0x7f0000000140)={0x40, 0x7, 0x49, "2a4e22f5c5196e03ba8bebf15b08cd0649fed85d8ccbb74527e74636849e944f932f50821243b8106afba1842d46ec710cb202fb49d1771543d1939ff4a29127c4798a0dee6e9ae5cf"}, 0x0, 0x0}) 2.759294283s ago: executing program 0 (id=6566): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newlink={0x2c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_ADDRESS={0xa, 0x1, @link_local}]}, 0x2c}}, 0x0) 2.524012118s ago: executing program 0 (id=6569): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000240)={0x18, r1, 0x1, 0x0, &(0x7f0000000080)=[{0x3cc5, 0x5e97}]}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000001c0)={0x28, 0x6, r1, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2}) 2.362993515s ago: executing program 4 (id=6571): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000dc0)={'veth1_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x921, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xc}}}, 0x24}}, 0x0) 2.217208466s ago: executing program 0 (id=6573): r0 = syz_io_uring_setup(0x178b, &(0x7f0000000180)={0x0, 0x0, 0x13291}, &(0x7f0000000100), &(0x7f0000000080)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xff2e) io_uring_enter(r0, 0x0, 0x0, 0x1, 0x0, 0x0) 2.102751761s ago: executing program 4 (id=6574): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x49, &(0x7f0000000540), 0x4) 1.876788674s ago: executing program 2 (id=6575): r0 = syz_io_uring_setup(0x110, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x10000}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000c00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.684414983s ago: executing program 2 (id=6576): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000021c0)={'vxcan1\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="10031400e4ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14) 1.450492777s ago: executing program 2 (id=6577): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='blkio.reset_stats\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000100)=0x6, 0xebc7) 1.23868243s ago: executing program 2 (id=6578): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00') writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)='y', 0x1}], 0x1) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) creat(&(0x7f0000000040)='./file0\x00', 0x0) 1.02330744s ago: executing program 0 (id=6579): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c00000010000305000000000000ffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b0001006d616373656300001c000280050007000000000005000a0000000000050009000000000008000500", @ANYRES32=r1], 0x5c}}, 0x0) 1.022410422s ago: executing program 1 (id=6580): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x2e4, 0x65, 0x0, 0x0, 0x4, {}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_ENC_IP_TTL={0x5, 0x52, 0x8}, @TCA_FLOWER_KEY_FLAGS={0x8, 0x2f, 0x9}, @TCA_FLOWER_KEY_IP_TTL_MASK={0x5, 0x4c, 0xf}, @TCA_FLOWER_KEY_PORT_DST_MIN={0x6, 0x59, 0x4e20}, @TCA_FLOWER_KEY_TCP_FLAGS_MASK={0x6, 0x48, 0xb}]}}, @filter_kind_options=@f_route={{0xa}, {0x26c, 0x2, [@TCA_ROUTE4_ACT={0xec, 0x6, [@m_csum={0x60, 0xa, 0x0, 0x0, {{0x9}, {0x4}, {0x31, 0x6, "991484448f1d00330606eae8262acc6b874adb0b5f39b5acc02b0f0c146eb28c42c5557089903d448af6c4bff6"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_nat={0x2c, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_csum={0x5c, 0x0, 0x0, 0x0, {{0x9}, {0x4}, {0x2d, 0x6, "15dd5715dffe2dcdad7dc6b93445f36c3fbcc1e7958959aadbbdf06c6268e2bd21638170f239d065d6"}, {0xc}, {0xc}}}]}, @TCA_ROUTE4_ACT={0x16c, 0x6, [@m_connmark={0xc8, 0x0, 0x0, 0x0, {{0xd}, {0x4}, {0x95, 0x6, "91a991d04aa8cb411880b88050856c4a5b99aafe5cf70a535f4e162db7c30535ebf5e9ab54237bf6d2780785c80bcf9eae2d6d6d65f242d28d9992d8a093d12a497447bc2a6c4f73538dbca11ebb12d1c8ea001eac3246ebaf518402b88e3f2b51ce947977543e069be9c85124bbe592bd2ed79c20d83d312cd1c151c51eed4c8c8bce1d810f14cea570fce0fb771c34fd"}, {0xc}, {0xc}}}, @m_xt={0xa0, 0x0, 0x0, 0x0, {{0x7}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}]}, {0x51, 0x6, "fae989b72cd1567b9bad37bf2ce794398582215656fee24553c54ba398ca4c3830ada34a0e2befac1fe52b72b015eac1ca08b9039605ef2765a3062973a87b76aa7479a8029cc78a117261c825"}, {0xc}, {0xc}}}]}, @TCA_ROUTE4_TO={0x8}, @TCA_ROUTE4_FROM={0x8}]}}]}, 0x2e4}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 981.808139ms ago: executing program 2 (id=6581): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000340)=ANY=[@ANYBLOB="01000000000000008d03"]) 791.253208ms ago: executing program 1 (id=6582): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) keyctl$update(0x2, r1, &(0x7f0000000240)='K', 0x1) 698.147836ms ago: executing program 3 (id=6583): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_PRIORITY={0x8}]}, 0x24}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="300000002000010300fd0000000000000200000000000000000000001400110076"], 0x30}}, 0x0) 693.890554ms ago: executing program 4 (id=6584): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000000)=0x6, 0x4) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000040)='\f\x00', 0xffeb, 0x0, &(0x7f0000000340), 0x10) 616.290468ms ago: executing program 2 (id=6585): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) unlink(&(0x7f0000000000)='./cgroup\x00') 563.380618ms ago: executing program 1 (id=6586): sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000440)) socket$nl_generic(0x10, 0x3, 0x10) 439.62161ms ago: executing program 4 (id=6587): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r0, &(0x7f00000000c0), 0x10) sendto$l2tp(r0, &(0x7f0000000040)="e5786a0d000000000000c83b", 0xc, 0x0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x160, 0x0) 438.593432ms ago: executing program 1 (id=6588): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) unshare(0x2a020400) pidfd_getfd(r1, r1, 0x0) 417.261394ms ago: executing program 0 (id=6589): r0 = socket$rxrpc(0x21, 0x2, 0x2) connect$rxrpc(r0, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x24) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) recvfrom$rxrpc(r0, 0x0, 0x0, 0x80000000, 0x0, 0x0) 226.768469ms ago: executing program 4 (id=6590): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a40)={0x90, r1, 0x1, 0x0, 0x20, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x71, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x2}, @device_a, @device_a, @from_mac=@device_b, {0x5, 0x9}, @value=@ver_80211n={0x0, 0x3, 0x3, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1}}, 0xfffffffffffffff9, @random=0x617, 0x2002, @void, @void, @val={0x3, 0x1, 0x7}, @val={0x4, 0x6, {0x4, 0x78, 0x101, 0xf}}, @void, @val={0x5, 0x3, {0x1, 0x4c, 0x3}}, @void, @void, @void, @val={0x2d, 0x1a, {0x8000, 0x0, 0x7, 0x0, {0x10000, 0x7e, 0x0, 0x4, 0x0, 0x1, 0x0, 0x3}, 0x800, 0x1126, 0x6}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xeb, 0x48}}, @val={0x76, 0x6, {0x0, 0x80, 0x3c, 0x8}}}}]}, 0x90}}, 0x40004) 203.802535ms ago: executing program 1 (id=6591): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="18", 0x48, 0x0, &(0x7f00000000c0)={0x11, 0xd, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 174.248199ms ago: executing program 3 (id=6592): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x800800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000400)={0x1, 0x0, [{0x4b564d04, 0x0, 0x5}]}) 7.174758ms ago: executing program 1 (id=6593): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private0}, 0x1c) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x7a, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, &(0x7f0000000080)=0x9c) 6.883703ms ago: executing program 4 (id=6594): r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0) fcntl$setstatus(r0, 0x4, 0x2000) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x80402) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000003800000000000000000002000000ff"], 0x78) 0s ago: executing program 0 (id=6595): bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c) io_setup(0x7, &(0x7f0000000280)=0x0) r1 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x42, 0x0) io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0xfffffc98}]) kernel console output (not intermixed with test programs): 44.418836][ T29] audit: type=1326 audit(2000000019.330:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15330 comm="syz.2.4270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf85b7def9 code=0x7ffc0000 [ 444.654408][ T5282] usb 4-1: USB disconnect, device number 50 [ 444.939391][T15355] ALSA: mixer_oss: invalid OSS volume '' [ 446.040408][T15388] netlink: 'syz.2.4287': attribute type 2 has an invalid length. [ 446.075489][T15388] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 446.288705][T15130] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 446.348699][T15130] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 446.417738][T15130] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 446.569186][T15130] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 446.662040][T15402] bridge0: entered promiscuous mode [ 446.721272][ T29] audit: type=1326 audit(2000000022.450:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15403 comm="syz.3.4292" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d7517def9 code=0x0 [ 446.734319][T15402] macsec2: entered promiscuous mode [ 446.778918][T15402] bridge0: left promiscuous mode [ 447.004939][ T5331] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 447.208838][T15130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 447.224401][ T942] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 447.242752][ T5331] usb 3-1: config 0 has no interfaces? [ 447.250667][ T5331] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 447.275026][ T5331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.286574][T15130] 8021q: adding VLAN 0 to HW filter on device team0 [ 447.306977][ T5331] usb 3-1: config 0 descriptor?? [ 447.342109][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.349389][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 447.420173][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 447.427499][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 447.446600][ T942] usb 2-1: Using ep0 maxpacket: 8 [ 447.481288][ T942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 447.500574][ T942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 447.559632][ T942] usb 2-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00 [ 447.577287][ T5331] usb 3-1: USB disconnect, device number 46 [ 447.644461][ T942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.675819][ T942] usb 2-1: config 0 descriptor?? [ 448.144937][ T942] playstation 0003:054C:0CE6.0075: unknown main item tag 0x0 [ 448.152421][ T942] playstation 0003:054C:0CE6.0075: unknown main item tag 0x0 [ 448.184648][ T942] playstation 0003:054C:0CE6.0075: unknown main item tag 0x0 [ 448.207710][ T942] playstation 0003:054C:0CE6.0075: unknown main item tag 0x0 [ 448.231122][ T942] playstation 0003:054C:0CE6.0075: unknown main item tag 0x0 [ 448.264991][ T942] playstation 0003:054C:0CE6.0075: unknown main item tag 0x0 [ 448.272650][ T942] playstation 0003:054C:0CE6.0075: unknown main item tag 0x0 [ 448.365008][ T942] playstation 0003:054C:0CE6.0075: hidraw0: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.1-1/input0 [ 448.473285][T15130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 448.485371][ T942] playstation 0003:054C:0CE6.0075: Invalid byte count transferred, expected 20 got 0 [ 448.524365][ T942] playstation 0003:054C:0CE6.0075: Failed to retrieve DualSense pairing info: -22 [ 448.545834][ T942] playstation 0003:054C:0CE6.0075: Failed to get MAC address from DualSense [ 448.582157][ T942] playstation 0003:054C:0CE6.0075: Failed to create dualsense. [ 448.650117][ T942] playstation 0003:054C:0CE6.0075: probe with driver playstation failed with error -22 [ 448.726899][ T942] usb 2-1: USB disconnect, device number 46 [ 448.759848][T15130] veth0_vlan: entered promiscuous mode [ 448.901429][T15130] veth1_vlan: entered promiscuous mode [ 449.052222][T15130] veth0_macvtap: entered promiscuous mode [ 449.060868][T15452] xt_CT: You must specify a L4 protocol and not use inversions on it [ 449.098142][T15130] veth1_macvtap: entered promiscuous mode [ 449.224694][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.275626][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.293074][ T1111] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 449.306428][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.347493][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.384274][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.420394][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.460964][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.514116][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.538647][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.557825][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.598463][T15130] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 449.657878][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.734213][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.756847][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.796451][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.822440][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.843140][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.862396][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.883574][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.899156][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.922125][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.943789][T15130] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 450.055203][T15130] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.063989][T15130] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.164341][T15130] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.173123][T15130] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.700655][ T2990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 450.775121][ T2990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 450.951945][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 451.014416][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 451.149691][T15499] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 451.216156][T15499] overlayfs: conflicting lowerdir path [ 452.196541][T15524] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4333'. [ 452.730886][T15540] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 453.315378][T15557] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4344'. [ 453.574989][T15567] netlink: 'syz.4.4347': attribute type 11 has an invalid length. [ 453.655103][T15569] input: syz1 as /devices/virtual/input/input61 [ 454.593144][T15608] netlink: 'syz.4.4362': attribute type 1 has an invalid length. [ 454.618167][T15608] netlink: 9312 bytes leftover after parsing attributes in process `syz.4.4362'. [ 454.635014][T15608] netlink: 'syz.4.4362': attribute type 1 has an invalid length. [ 455.050273][ T11] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 456.384433][T15665] netlink: 9352 bytes leftover after parsing attributes in process `syz.1.4380'. [ 456.434743][T15665] netlink: 'syz.1.4380': attribute type 1 has an invalid length. [ 456.474389][T15665] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4380'. [ 456.577413][T15671] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4382'. [ 456.966588][T15681] program syz.4.4387 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 457.459154][T15690] delete_channel: no stack [ 459.306996][T15754] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4419'. [ 459.363396][T15754] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 459.408596][T15754] macsec2: entered promiscuous mode [ 459.422859][T15754] macsec2: entered allmulticast mode [ 459.444376][T15754] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 459.618461][ T29] audit: type=1326 audit(2000000035.350:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15758 comm="syz.2.4421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf85b7def9 code=0x7ffc0000 [ 459.689157][ T29] audit: type=1326 audit(2000000035.350:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15758 comm="syz.2.4421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf85b7def9 code=0x7ffc0000 [ 459.835828][ T29] audit: type=1326 audit(2000000035.400:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15758 comm="syz.2.4421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf85b7def9 code=0x7ffc0000 [ 459.919530][ T29] audit: type=1326 audit(2000000035.400:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15758 comm="syz.2.4421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf85b7def9 code=0x7ffc0000 [ 459.995715][ T29] audit: type=1326 audit(2000000035.400:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15758 comm="syz.2.4421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf85b7def9 code=0x7ffc0000 [ 460.006668][T15765] netlink: 'syz.3.4424': attribute type 1 has an invalid length. [ 460.068506][ T29] audit: type=1326 audit(2000000035.410:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15758 comm="syz.2.4421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf85b7def9 code=0x7ffc0000 [ 460.129849][ T29] audit: type=1326 audit(2000000035.410:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15758 comm="syz.2.4421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf85b7def9 code=0x7ffc0000 [ 460.131570][T15765] netlink: 'syz.3.4424': attribute type 2 has an invalid length. [ 460.189230][ T29] audit: type=1326 audit(2000000035.410:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15758 comm="syz.2.4421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcf85b74ea7 code=0x7ffc0000 [ 460.258704][ T29] audit: type=1326 audit(2000000035.410:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15758 comm="syz.2.4421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf85b19869 code=0x7ffc0000 [ 460.348358][ T29] audit: type=1326 audit(2000000035.410:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15758 comm="syz.2.4421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcf85b74ea7 code=0x7ffc0000 [ 460.804816][T13943] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 461.961614][T15809] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 462.364401][T15819] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4450'. [ 463.026297][T15848] IPVS: Error joining to the multicast group [ 463.316875][T15843] syz.1.4461 (15843): drop_caches: 1 [ 463.561082][T15843] syz.1.4461 (15843): drop_caches: 1 [ 464.008076][T15872] program syz.1.4475 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 464.201672][T15877] netlink: 'syz.4.4476': attribute type 5 has an invalid length. [ 465.624196][T15919] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4495'. [ 465.810686][T15925] IPVS: nq: TCP 172.20.20.170:0 - no destination available [ 466.556713][ T35] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 466.671921][T15947] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 466.734009][T15947] bridge0: port 1(team0) entered disabled state [ 466.760504][T15947] bridge0: entered allmulticast mode [ 469.902521][T16049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4554'. [ 470.079367][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 470.079389][ T29] audit: type=1326 audit(2000000045.810:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16055 comm="syz.1.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 470.169592][ T29] audit: type=1326 audit(2000000045.810:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16055 comm="syz.1.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 470.229266][ T29] audit: type=1326 audit(2000000045.850:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16055 comm="syz.1.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 470.273943][ T29] audit: type=1326 audit(2000000045.850:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16055 comm="syz.1.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 470.312186][ T29] audit: type=1326 audit(2000000045.860:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16055 comm="syz.1.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 470.410791][ T29] audit: type=1326 audit(2000000045.860:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16055 comm="syz.1.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 470.432381][ C0] vkms_vblank_simulate: vblank timer overrun [ 470.434803][ T5283] usb 3-1: new full-speed USB device number 47 using dummy_hcd [ 470.504175][ T29] audit: type=1326 audit(2000000045.860:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16055 comm="syz.1.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 470.569397][ T29] audit: type=1326 audit(2000000045.860:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16055 comm="syz.1.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd4a4f74ea7 code=0x7ffc0000 [ 470.635192][ T29] audit: type=1326 audit(2000000045.860:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16055 comm="syz.1.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd4a4f19869 code=0x7ffc0000 [ 470.647121][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 470.690930][T16069] vim2m vim2m.0: vidioc_s_fmt queue busy [ 470.713609][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.720235][ T29] audit: type=1326 audit(2000000045.860:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16055 comm="syz.1.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd4a4f74ea7 code=0x7ffc0000 [ 470.760047][ T5283] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 470.779487][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.825980][ T5283] usb 3-1: config 0 descriptor?? [ 470.863570][ T5283] usb 3-1: can't set config #0, error -71 [ 470.895129][ T5283] usb 3-1: USB disconnect, device number 47 [ 471.675145][ T11] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 472.046130][T16108] sch_tbf: burst 8 is lower than device lo mtu (81) ! [ 473.030553][T16138] syz_tun: entered promiscuous mode [ 473.088951][T16138] syz_tun: left promiscuous mode [ 473.228500][T16141] netlink: 43 bytes leftover after parsing attributes in process `syz.1.4597'. [ 473.265649][T16144] netlink: 'syz.2.4598': attribute type 19 has an invalid length. [ 474.052299][T16169] ======================================================= [ 474.052299][T16169] WARNING: The mand mount option has been deprecated and [ 474.052299][T16169] and is ignored by this kernel. Remove the mand [ 474.052299][T16169] option from the mount to silence this warning. [ 474.052299][T16169] ======================================================= [ 474.152631][T16175] netlink: 204 bytes leftover after parsing attributes in process `syz.2.4611'. [ 474.206667][T16175] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 475.344212][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 475.344233][ T29] audit: type=1326 audit(2000000051.070:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16206 comm="syz.0.4624" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15f0d7def9 code=0x0 [ 476.196762][ T29] audit: type=1326 audit(2000000051.930:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16227 comm="syz.2.4633" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf85b7def9 code=0x0 [ 477.436207][ T2990] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 478.223641][T16287] block nbd3: NBD_DISCONNECT [ 478.760811][T16312] netlink: 'syz.4.4672': attribute type 2 has an invalid length. [ 478.794755][T16312] netlink: 16142 bytes leftover after parsing attributes in process `syz.4.4672'. [ 480.131492][T16365] vlan2: entered promiscuous mode [ 480.142438][T16365] gretap0: entered promiscuous mode [ 480.885328][ T942] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 481.104683][ T942] usb 2-1: Using ep0 maxpacket: 16 [ 481.145143][ T942] usb 2-1: config 0 has no interfaces? [ 481.176793][ T942] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 481.195674][ T942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.222657][ T942] usb 2-1: Product: syz [ 481.227583][ T942] usb 2-1: Manufacturer: syz [ 481.232241][ T942] usb 2-1: SerialNumber: syz [ 481.263433][ T942] usb 2-1: config 0 descriptor?? [ 481.359472][T16397] bridge_slave_0: default FDB implementation only supports local addresses [ 481.555873][T16404] input: syz1 as /devices/virtual/input/input62 [ 481.607191][ T5331] usb 2-1: USB disconnect, device number 47 [ 482.208539][T16420] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4719'. [ 482.428801][T16423] sch_tbf: burst 0 is lower than device lo mtu (39799) ! [ 482.451742][T16425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4721'. [ 482.933130][T16439] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4725'. [ 483.004706][T16442] netlink: 'syz.2.4727': attribute type 3 has an invalid length. [ 483.198786][ T2990] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 483.884257][ T942] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 483.890135][T16459] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4734'. [ 484.127141][ T942] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 484.161820][ T942] usb 3-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 484.192979][ T942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.235264][ T942] usb 3-1: config 0 descriptor?? [ 484.256672][ T942] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 484.429723][T16467] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.4737'. [ 484.496872][ T942] usb 3-1: USB disconnect, device number 48 [ 484.826791][T16478] input: syz0 as /devices/virtual/input/input63 [ 486.722816][T16534] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4766'. [ 486.858645][T16538] netlink: 'syz.2.4768': attribute type 1 has an invalid length. [ 486.870073][T16538] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4768'. [ 487.339591][T16553] sp0: Synchronizing with TNC [ 487.655681][ T942] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 487.875295][ T942] usb 5-1: Using ep0 maxpacket: 8 [ 487.891751][ T942] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 487.922107][ T942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.950422][ T942] usb 5-1: Product: syz [ 487.966132][ T942] usb 5-1: Manufacturer: syz [ 487.991373][ T942] usb 5-1: SerialNumber: syz [ 488.017892][ T942] usb 5-1: config 0 descriptor?? [ 488.056803][ T942] gspca_main: sq930x-2.14.0 probing 2770:930c [ 488.490123][T16589] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4789'. [ 488.902222][ T942] gspca_sq930x: ucbus_write failed -71 [ 488.956875][ T1111] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 489.056339][T16599] netlink: 'syz.1.4793': attribute type 1 has an invalid length. [ 489.095667][T16599] netlink: 'syz.1.4793': attribute type 2 has an invalid length. [ 489.103489][T16599] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4793'. [ 489.144215][ T942] gspca_sq930x: Sensor ov9630 not yet treated [ 489.150426][ T942] sq930x 5-1:0.0: probe with driver sq930x failed with error -22 [ 489.187081][ T942] usb 5-1: USB disconnect, device number 54 [ 489.834696][ T5310] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 489.951750][T16626] netlink: 104 bytes leftover after parsing attributes in process `syz.2.4807'. [ 490.034416][ T5310] usb 4-1: Using ep0 maxpacket: 32 [ 490.100728][ T5310] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 490.124207][ T5310] usb 4-1: config 0 has no interface number 0 [ 490.142653][ T5310] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 490.178375][ T5310] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 490.200529][T16630] pimreg12: entered allmulticast mode [ 490.219250][ T5310] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 490.252548][T16629] pimreg12: left allmulticast mode [ 490.258159][ T5310] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.293187][ T5310] usb 4-1: config 0 descriptor?? [ 490.463711][T16636] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4812'. [ 490.707867][T16643] netlink: 'syz.2.4815': attribute type 6 has an invalid length. [ 490.966405][ T5331] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 490.990078][ T5310] uclogic 0003:28BD:0094.0076: pen parameters not found [ 491.007865][ T5310] uclogic 0003:28BD:0094.0076: interface is invalid, ignoring [ 491.056962][ T5310] usb 4-1: USB disconnect, device number 51 [ 491.175391][ T5331] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 491.201777][ T5331] usb 5-1: config 0 has no interfaces? [ 491.223575][ T5331] usb 5-1: config 0 has no interfaces? [ 491.241941][ T5331] usb 5-1: config 0 has no interfaces? [ 491.261489][ T5331] usb 5-1: config 0 has no interfaces? [ 491.276529][ T5331] usb 5-1: config 0 has no interfaces? [ 491.310064][ T5331] usb 5-1: config 0 has no interfaces? [ 491.325310][ T5331] usb 5-1: config 0 has no interfaces? [ 491.350246][ T5331] usb 5-1: config 0 has no interfaces? [ 491.373148][ T5331] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 491.394213][ T5331] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 491.410391][ T5331] usb 5-1: Product: syz [ 491.423981][ T5331] usb 5-1: Manufacturer: syz [ 491.438273][ T5331] usb 5-1: SerialNumber: syz [ 491.465794][ T5331] usb 5-1: config 0 descriptor?? [ 491.781515][ T5283] usb 5-1: USB disconnect, device number 55 [ 492.353096][T16675] overlayfs: missing 'workdir' [ 492.655828][T16686] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4835'. [ 492.682814][T16686] bridge0: left allmulticast mode [ 492.772068][T16689] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4836'. [ 492.980866][T16697] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.4839'. [ 493.025242][T16697] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 493.174726][T16701] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4841'. [ 493.246074][T16704] netlink: 'syz.3.4840': attribute type 1 has an invalid length. [ 493.304222][T16704] netlink: 9360 bytes leftover after parsing attributes in process `syz.3.4840'. [ 493.370902][T16704] netlink: 22 bytes leftover after parsing attributes in process `syz.3.4840'. [ 493.594759][ T5236] Bluetooth: hci7: command 0x0406 tx timeout [ 493.834250][ T942] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 494.004758][T16728] kernel read not supported for file /eth0 (pid: 16728 comm: syz.2.4852) [ 494.023920][ T29] audit: type=1800 audit(2000000069.750:266): pid=16728 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.4852" name="eth0" dev="mqueue" ino=51924 res=0 errno=0 [ 494.036319][ T942] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 494.072761][ T942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.095342][ T942] usb 2-1: config 0 descriptor?? [ 494.109506][ T942] cp210x 2-1:0.0: cp210x converter detected [ 494.548466][ T942] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 494.563614][ T942] usb 2-1: cp210x converter now attached to ttyUSB0 [ 494.714746][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 494.792333][ T25] usb 2-1: USB disconnect, device number 48 [ 494.824682][ T25] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 494.860088][ T25] cp210x 2-1:0.0: device disconnected [ 495.263411][T16763] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.4868'. [ 495.346369][T16763] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 495.469211][T16769] netlink: 'syz.2.4873': attribute type 1 has an invalid length. [ 495.493445][T16769] netlink: 9312 bytes leftover after parsing attributes in process `syz.2.4873'. [ 495.564337][T16769] netlink: 'syz.2.4873': attribute type 1 has an invalid length. [ 495.576810][T16773] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4874'. [ 495.910780][T16784] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.4880'. [ 496.673374][ T29] audit: type=1326 audit(2000000072.400:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16795 comm="syz.2.4884" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcf85b7def9 code=0x0 [ 497.100284][T16809] delete_channel: no stack [ 497.102696][T16807] delete_channel: no stack [ 497.904159][ T5310] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 498.124169][ T5310] usb 4-1: Using ep0 maxpacket: 8 [ 498.152989][ T5310] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 498.193750][ T5310] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 498.234317][ T5310] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 498.282636][ T5310] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 498.316590][ T5310] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 498.374808][ T5310] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 498.382378][ T5310] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 498.434604][ T5310] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 498.470479][ T5310] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 498.504323][ T5310] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 498.519733][T16838] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4902'. [ 498.540078][ T5310] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 498.559933][T16838] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4902'. [ 498.584916][ T5310] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 498.633910][ T5310] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 498.674083][ T5310] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 498.729922][ T5310] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 498.788224][ T5310] usb 4-1: string descriptor 0 read error: -22 [ 498.795969][ T5310] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 498.824784][ T5310] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.864741][ T5310] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 499.257914][ T5283] usb 4-1: USB disconnect, device number 52 [ 499.846073][T13943] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 500.397151][T16876] netlink: 1 bytes leftover after parsing attributes in process `syz.0.4917'. [ 500.428478][T16876] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4917'. [ 500.464500][T16876] netlink: 1 bytes leftover after parsing attributes in process `syz.0.4917'. [ 500.695127][ T29] audit: type=1326 audit(2000000076.430:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16885 comm="syz.2.4923" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf85b7def9 code=0x0 [ 500.738301][T16889] netlink: 'syz.3.4921': attribute type 15 has an invalid length. [ 500.756157][ T942] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 500.944599][ T942] usb 5-1: Using ep0 maxpacket: 32 [ 500.956968][ T942] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 500.988342][ T942] usb 5-1: config 0 has no interfaces? [ 501.001807][ T942] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 501.025727][ T942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.051301][ T942] usb 5-1: config 0 descriptor?? [ 501.065724][T16901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4928'. [ 501.308840][ T5331] usb 5-1: USB disconnect, device number 56 [ 501.774427][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.781055][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.375518][T16936] Falling back ldisc for ttyS3. [ 502.479610][T16947] netlink: 312 bytes leftover after parsing attributes in process `syz.4.4946'. [ 503.424429][T16974] tipc: Enabling of bearer rejected, failed to enable media [ 503.555653][T16975] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4959'. [ 503.561969][T16977] netlink: 'syz.0.4961': attribute type 1 has an invalid length. [ 503.623250][T16977] netlink: 9372 bytes leftover after parsing attributes in process `syz.0.4961'. [ 503.666901][T16977] netlink: 'syz.0.4961': attribute type 1 has an invalid length. [ 503.682200][T16975] netlink: 160 bytes leftover after parsing attributes in process `syz.3.4959'. [ 503.834825][ T5236] Bluetooth: hci3: command 0x0406 tx timeout [ 504.007353][T16983] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4963'. [ 504.036666][T16983] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4963'. [ 505.597539][T13943] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 506.004406][ T942] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 506.048493][T17043] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 506.087097][T17043] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 506.215926][ T942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 506.234612][ T942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 506.259047][ T942] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 506.303830][ T942] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 506.336742][ T942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.359510][ T942] usb 3-1: config 0 descriptor?? [ 506.590862][T17036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.625287][T17036] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.701793][ T942] usbhid 3-1:0.0: can't add hid device: -71 [ 506.718046][ T942] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 506.756639][ T942] usb 3-1: USB disconnect, device number 49 [ 506.864201][ T25] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 507.066366][ T25] usb 4-1: config 0 has no interfaces? [ 507.071928][ T25] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 507.094922][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.117027][ T25] usb 4-1: config 0 descriptor?? [ 507.304248][ T942] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 507.324144][ T5332] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 507.505112][ T942] usb 3-1: Using ep0 maxpacket: 8 [ 507.511493][T17079] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 507.517752][ T942] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 507.556461][ T5332] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 507.574163][ T5332] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 507.583966][ T5332] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 507.597909][T17051] dvmrp0: entered allmulticast mode [ 507.603479][ T942] usb 3-1: config 0 has no interface number 0 [ 507.624526][ T942] usb 3-1: config 0 interface 1 altsetting 1 has an endpoint descriptor with address 0xD6, changing to 0x86 [ 507.636238][ T942] usb 3-1: config 0 interface 1 altsetting 1 endpoint 0x86 has invalid maxpacket 256, setting to 64 [ 507.654418][ T5332] usb 2-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00 [ 507.663580][ T942] usb 3-1: config 0 interface 1 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 507.666157][ T5310] usb 4-1: USB disconnect, device number 53 [ 507.687544][ T5332] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.716260][ T942] usb 3-1: config 0 interface 1 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 507.735143][ T5332] usb 2-1: config 0 descriptor?? [ 507.757929][ T942] usb 3-1: config 0 interface 1 has no altsetting 0 [ 507.774726][ T942] usb 3-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 507.783875][ T942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.819357][ T942] usb 3-1: config 0 descriptor?? [ 507.839848][ T942] hso 3-1:0.1: Failed to find BULK IN ep [ 508.012999][T17085] netlink: 'syz.0.5008': attribute type 10 has an invalid length. [ 508.101621][ T5310] usb 3-1: USB disconnect, device number 50 [ 508.124290][ T25] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 508.164009][ T5332] playstation 0003:054C:0BA0.0077: unknown main item tag 0x0 [ 508.182165][ T5332] playstation 0003:054C:0BA0.0077: unbalanced collection at end of report description [ 508.213715][ T5332] playstation 0003:054C:0BA0.0077: Parse failed [ 508.223091][ T5332] playstation 0003:054C:0BA0.0077: probe with driver playstation failed with error -22 [ 508.373811][ T25] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 508.403663][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.428447][ T5332] usb 2-1: USB disconnect, device number 49 [ 508.437456][ T25] usb 5-1: Product: syz [ 508.444593][ T25] usb 5-1: Manufacturer: syz [ 508.453272][ T25] usb 5-1: SerialNumber: syz [ 508.467224][ T25] usb 5-1: config 0 descriptor?? [ 508.472990][ T80] dvmrp0 (unregistering): left allmulticast mode [ 508.814472][ T5310] usb 5-1: USB disconnect, device number 57 [ 509.543331][T17106] pimreg: entered allmulticast mode [ 509.592394][T17105] pimreg: left allmulticast mode [ 509.644699][ T5310] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 509.804230][ T5332] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 509.834344][ T5310] usb 2-1: Using ep0 maxpacket: 32 [ 509.852390][ T5310] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 509.876042][ T5310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.915455][ T5310] usb 2-1: config 0 descriptor?? [ 509.934696][ T5310] gspca_main: sq930x-2.14.0 probing 041e:403c [ 510.017267][ T5332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 510.033728][T17116] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5022'. [ 510.052892][ T5332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 510.076900][ T5332] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 510.103304][ T5332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.123874][ T5332] usb 3-1: config 0 descriptor?? [ 510.592584][ T5332] arvo 0003:1E7D:30D4.0078: unbalanced collection at end of report description [ 510.625540][ T5332] arvo 0003:1E7D:30D4.0078: parse failed [ 510.631324][ T5332] arvo 0003:1E7D:30D4.0078: probe with driver arvo failed with error -22 [ 510.658388][T17129] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5030'. [ 510.794719][ T5310] gspca_sq930x: reg_w 0105 bf00 failed -71 [ 510.867439][ T942] usb 3-1: USB disconnect, device number 51 [ 510.875013][ T5310] sq930x 2-1:0.0: probe with driver sq930x failed with error -71 [ 510.903874][ T5310] usb 2-1: USB disconnect, device number 50 [ 511.062841][T17134] loop8: detected capacity change from 0 to 6 [ 511.113163][T17134] Dev loop8: unable to read RDB block 6 [ 511.127549][T17134] loop8: unable to read partition table [ 511.154013][T17134] loop8: partition table beyond EOD, truncated [ 511.163228][T17134] loop_reread_partitions: partition scan of loop8 (被xڬdƤݡ [ 511.163228][T17134] ) failed (rc=-5) [ 511.355040][ T35] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 511.568139][T17141] vlan4: entered promiscuous mode [ 511.612190][T17141] vlan4: entered allmulticast mode [ 511.988712][ T29] audit: type=1326 audit(2000000087.710:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17152 comm="syz.1.5041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 512.084151][ T29] audit: type=1326 audit(2000000087.710:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17152 comm="syz.1.5041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 512.134416][ T29] audit: type=1326 audit(2000000087.720:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17152 comm="syz.1.5041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 512.174159][ T29] audit: type=1326 audit(2000000087.720:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17152 comm="syz.1.5041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 512.242539][ T29] audit: type=1326 audit(2000000087.720:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17152 comm="syz.1.5041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 512.345530][ T29] audit: type=1326 audit(2000000087.760:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17152 comm="syz.1.5041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 512.444214][ T29] audit: type=1326 audit(2000000087.760:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17152 comm="syz.1.5041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 512.534197][ T29] audit: type=1326 audit(2000000087.780:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17152 comm="syz.1.5041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 512.617276][ T29] audit: type=1326 audit(2000000087.780:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17152 comm="syz.1.5041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 512.660089][ T5231] Bluetooth: hci3: unexpected event for opcode 0x0c5b [ 512.744305][ T29] audit: type=1326 audit(2000000087.810:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17152 comm="syz.1.5041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x7ffc0000 [ 513.627373][T17198] Process accounting resumed [ 514.464384][ T5332] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 514.664676][ T5332] usb 3-1: Using ep0 maxpacket: 8 [ 514.672526][ T5332] usb 3-1: config 167 has too many interfaces: 202, using maximum allowed: 32 [ 514.704157][ T5332] usb 3-1: config 167 has 1 interface, different from the descriptor's value: 202 [ 514.741748][ T5332] usb 3-1: New USB device found, idVendor=1025, idProduct=005f, bcdDevice=fe.29 [ 514.764683][ T5332] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.793171][ T5332] usb 3-1: Product: syz [ 514.803177][ T5332] usb 3-1: Manufacturer: syz [ 514.818962][ T5332] usb 3-1: SerialNumber: syz [ 514.829727][ T5332] dvb-usb: found a 'Unknown USB1.1 DVB-T device ???? please report the name to the author' in warm state. [ 514.857135][ T5332] dvb-usb: bulk message failed: -22 (3/0) [ 514.897610][ T5332] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 514.914919][ T5332] dvbdev: DVB: registering new adapter (Unknown USB1.1 DVB-T device ???? please report the name to the author) [ 514.944778][ T5332] usb 3-1: media controller created [ 515.048771][ T5332] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 515.125807][ T5332] dvb-usb: bulk message failed: -22 (6/0) [ 515.153932][ T5332] dvb-usb: no frontend was attached by 'Unknown USB1.1 DVB-T device ???? please report the name to the author' [ 515.206497][ T5332] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input64 [ 515.253501][ T5332] dvb-usb: schedule remote query interval to 150 msecs. [ 515.274451][ T5332] dvb-usb: bulk message failed: -22 (3/0) [ 515.324126][ T5332] dvb-usb: Unknown USB1.1 DVB-T device ???? please report the name to the author successfully initialized and connected. [ 515.377781][ T5332] usb 3-1: USB disconnect, device number 52 [ 515.576508][ T5332] dvb-usb: Unknown USB1.1 DVB-T device ???? please successfully deinitialized and disconnected. [ 517.124956][ T11] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 517.166465][ T5310] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 517.240681][T17286] netlink: 'syz.2.5100': attribute type 1 has an invalid length. [ 517.262503][T17286] netlink: 'syz.2.5100': attribute type 2 has an invalid length. [ 517.284180][T17286] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5100'. [ 517.374350][ T5310] usb 2-1: Using ep0 maxpacket: 8 [ 517.381786][ T5310] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 517.404398][ T5310] usb 2-1: config 179 has no interface number 0 [ 517.410814][ T5310] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 517.473955][ T5310] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 517.506356][ T5310] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 517.550433][ T5310] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 517.581624][ T5310] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 517.622972][ T5310] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 517.651157][ T5310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.705641][T17271] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 518.091590][ T5310] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input66 [ 518.109556][T17300] vlan2: entered allmulticast mode [ 518.168993][T17300] bridge0: port 3(vlan2) entered blocking state [ 518.219555][T17300] bridge0: port 3(vlan2) entered disabled state [ 518.274165][ T5332] usb 2-1: USB disconnect, device number 51 [ 518.274292][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 518.288390][ C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 518.300078][ T5332] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 518.610341][T17310] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.622040][T17313] tap0: tun_chr_ioctl cmd 1074025677 [ 518.631832][T17313] tap0: linktype set to 8 [ 519.327388][ T25] kernel write not supported for file /media0 (pid: 25 comm: kworker/1:0) [ 519.860387][T17349] Bluetooth: MGMT ver 1.23 [ 521.447548][T17400] netem: incorrect ge model size [ 521.456522][T17400] netem: change failed [ 521.868276][T17412] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 521.917207][ T29] audit: type=1326 audit(2000000097.650:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17413 comm="syz.4.5157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 521.994448][ T29] audit: type=1326 audit(2000000097.680:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17413 comm="syz.4.5157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 522.084378][ T29] audit: type=1326 audit(2000000097.680:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17413 comm="syz.4.5157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 522.145168][ T29] audit: type=1326 audit(2000000097.680:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17413 comm="syz.4.5157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 522.194529][ T29] audit: type=1326 audit(2000000097.680:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17413 comm="syz.4.5157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 522.237895][ T29] audit: type=1326 audit(2000000097.690:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17413 comm="syz.4.5157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 522.332916][ T29] audit: type=1326 audit(2000000097.690:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17413 comm="syz.4.5157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 522.332986][ T29] audit: type=1326 audit(2000000097.690:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17413 comm="syz.4.5157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 522.333036][ T29] audit: type=1326 audit(2000000097.690:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17413 comm="syz.4.5157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 522.390756][T17426] pim6reg: entered allmulticast mode [ 522.431819][T17425] pim6reg: left allmulticast mode [ 522.876394][ T2990] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 522.945264][T17435] kvm: user requested TSC rate below hardware speed [ 523.204513][ T5283] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 523.396312][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 523.422035][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 523.462094][ T5283] usb 2-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 523.494594][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.518919][ T5283] usb 2-1: config 0 descriptor?? [ 523.854519][ T942] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 523.961083][ T5283] sony 0003:1345:3008.0079: unknown main item tag 0x0 [ 523.984289][ T5283] sony 0003:1345:3008.0079: unknown main item tag 0x0 [ 524.001442][ T5283] sony 0003:1345:3008.0079: unknown main item tag 0x0 [ 524.034586][ T5283] sony 0003:1345:3008.0079: unknown main item tag 0x0 [ 524.051112][ T942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 524.067717][ T5283] sony 0003:1345:3008.0079: hiddev0,hidraw0: USB HID v80.00 Device [HID 1345:3008] on usb-dummy_hcd.1-1/input0 [ 524.093164][ T942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 524.098754][ T5283] sony 0003:1345:3008.0079: failed to claim input [ 524.126900][ T942] usb 3-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00 [ 524.164250][ T942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.198088][ T942] usb 3-1: config 0 descriptor?? [ 524.284480][ T5310] usb 2-1: USB disconnect, device number 52 [ 524.667487][ T942] apple 0003:05AC:0262.007A: bogus close delimiter [ 524.694405][ T942] apple 0003:05AC:0262.007A: item 0 1 2 10 parsing failed [ 524.709748][ T942] apple 0003:05AC:0262.007A: parse failed [ 524.737823][ T942] apple 0003:05AC:0262.007A: probe with driver apple failed with error -22 [ 524.914935][T17487] trusted_key: syz.3.5191 sent an empty control message without MSG_MORE. [ 524.935290][ T5283] usb 3-1: USB disconnect, device number 53 [ 525.708350][T17508] dvmrp8: entered allmulticast mode [ 525.782545][T17508] dvmrp8: left allmulticast mode [ 526.144182][ T5331] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 526.344478][ T5331] usb 4-1: Using ep0 maxpacket: 16 [ 526.391023][ T5331] usb 4-1: config 0 has an invalid interface number: 251 but max is 0 [ 526.409768][ T5331] usb 4-1: config 0 has no interface number 0 [ 526.439223][ T5331] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 526.485309][ T5331] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 526.529298][ T5331] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 526.558954][ T5331] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.594332][ T5331] usb 4-1: Product: syz [ 526.598569][ T5331] usb 4-1: Manufacturer: syz [ 526.643813][ T5331] usb 4-1: SerialNumber: syz [ 526.665219][ T5331] usb 4-1: config 0 descriptor?? [ 526.684614][T17514] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 526.724293][T17514] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 527.038986][T17514] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 527.076298][T17547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5217'. [ 527.094913][T17514] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 527.568730][ T5331] asix 4-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 527.606218][ T5331] asix 4-1:0.251: probe with driver asix failed with error -524 [ 527.893064][ T5332] usb 4-1: USB disconnect, device number 54 [ 528.275405][T17581] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.5234'. [ 528.305244][T17581] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 528.647618][ T2990] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 529.328621][T17613] netlink: 'syz.1.5249': attribute type 14 has an invalid length. [ 529.604725][ T25] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 529.853914][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 529.881306][ T25] usb 4-1: config 0 has an invalid descriptor of length 115, skipping remainder of the config [ 529.904626][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 529.929644][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 101, changing to 10 [ 529.970956][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24675, setting to 1024 [ 529.996911][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 530.038554][ T25] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 530.083150][ T25] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 530.111854][ T25] usb 4-1: Manufacturer: syz [ 530.143405][ T25] usb 4-1: config 0 descriptor?? [ 530.167653][ T25] mceusb 4-1:0.0: mceusb_dev_probe: device setup failed! [ 530.184734][ T25] mceusb 4-1:0.0: probe with driver mceusb failed with error -12 [ 530.206551][ T25] usbhid 4-1:0.0: can't add hid device: -22 [ 530.212724][ T25] usbhid 4-1:0.0: probe with driver usbhid failed with error -22 [ 530.479366][ T5331] usb 4-1: USB disconnect, device number 55 [ 531.088593][T17662] netlink: 64 bytes leftover after parsing attributes in process `syz.2.5271'. [ 531.630867][T17677] netlink: 160 bytes leftover after parsing attributes in process `syz.0.5278'. [ 531.765501][ T5331] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 532.006425][ T5331] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 532.028816][ T5331] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 532.065699][ T5331] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 532.084811][ T5331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 532.092888][ T5331] usb 2-1: SerialNumber: syz [ 532.312219][T17697] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 532.350711][ T5331] usb 2-1: 0:2 : does not exist [ 532.434746][ T5331] usb 2-1: USB disconnect, device number 53 [ 532.793334][T17708] @: renamed from veth0_vlan (while UP) [ 534.409446][T13943] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 535.714669][T17778] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5321'. [ 536.302281][T17791] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 536.598974][T17804] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5332'. [ 536.941450][T17814] netlink: 248 bytes leftover after parsing attributes in process `syz.4.5337'. [ 539.354648][ T25] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 539.564760][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 539.605815][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 539.635130][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 539.675888][ T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 539.709543][ T25] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 539.744585][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.773258][ T25] usb 5-1: config 0 descriptor?? [ 540.155066][ T1111] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 540.203754][T17932] netlink: 'syz.1.5390': attribute type 3 has an invalid length. [ 540.206151][ T25] microsoft 0003:045E:07DA.007B: unknown main item tag 0x0 [ 540.254644][ T25] microsoft 0003:045E:07DA.007B: item 0 0 0 11 parsing failed [ 540.262951][ T25] microsoft 0003:045E:07DA.007B: parse failed [ 540.294165][ T25] microsoft 0003:045E:07DA.007B: probe with driver microsoft failed with error -22 [ 540.470005][ T25] usb 5-1: USB disconnect, device number 58 [ 540.725671][ T2990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.733559][ T2990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.764195][T17942] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 542.104298][T17966] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5403'. [ 542.294231][T17972] netlink: 312 bytes leftover after parsing attributes in process `syz.0.5405'. [ 543.000321][T18000] QAT: Device 1 not found [ 543.864316][ T25] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 544.067758][ T25] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 544.078834][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.115614][ T25] usb 2-1: config 0 descriptor?? [ 544.154939][ T29] audit: type=1326 audit(2000000119.880:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18027 comm="syz.2.5432" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf85b7def9 code=0x0 [ 544.574631][ T25] [drm:udl_init] *ERROR* Selecting channel failed [ 544.610835][ T25] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 544.628537][ T25] [drm] Initialized udl on minor 2 [ 544.639741][ T25] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 544.662940][ T25] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 544.696482][ T5310] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 544.715318][ T25] usb 2-1: USB disconnect, device number 54 [ 544.738947][ T5310] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 544.896676][T18041] program syz.0.5438 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 545.146598][T18049] syz.2.5441: attempt to access beyond end of device [ 545.146598][T18049] loop2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 545.178532][T18049] FAT-fs (loop2): unable to read boot sector [ 545.476210][T18062] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 545.915229][T13943] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 546.365008][T18097] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.5463'. [ 546.695856][T18111] netlink: 209840 bytes leftover after parsing attributes in process `syz.2.5469'. [ 546.804298][ T5331] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 546.947214][T18117] netlink: 'syz.3.5472': attribute type 14 has an invalid length. [ 547.011915][ T5331] usb 5-1: Using ep0 maxpacket: 32 [ 547.049286][ T5331] usb 5-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 547.062553][ T5331] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.087794][ T5331] usb 5-1: Product: syz [ 547.101441][ T5331] usb 5-1: Manufacturer: syz [ 547.110878][ T5331] usb 5-1: SerialNumber: syz [ 547.130126][ T5331] usb 5-1: config 0 descriptor?? [ 547.627077][ T5332] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 547.774790][ T5331] peak_usb 5-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 547.798888][ T5331] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 547.817799][ T5331] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 547.835912][ T5332] usb 2-1: Using ep0 maxpacket: 16 [ 547.851785][ T5332] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 547.874260][ T5332] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.897111][ T5332] usb 2-1: Product: syz [ 547.906373][ T5332] usb 2-1: Manufacturer: syz [ 547.911017][ T5332] usb 2-1: SerialNumber: syz [ 547.935619][ T5331] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -22 [ 547.964477][ T5332] r8152-cfgselector 2-1: Unknown version 0x0000 [ 547.982890][ T5332] r8152-cfgselector 2-1: config 0 descriptor?? [ 548.078305][ T5331] usb 5-1: USB disconnect, device number 59 [ 548.230602][ T5332] r8152-cfgselector 2-1: Needed 2 retries to read version [ 548.248249][ T5332] r8152-cfgselector 2-1: Unknown version 0x0000 [ 548.261993][ T5332] r8152-cfgselector 2-1: bad CDC descriptors [ 548.488835][ T5331] r8152-cfgselector 2-1: USB disconnect, device number 55 [ 548.802872][T18144] bridge0: port 1(bridge_slave_0) entered blocking state [ 548.810158][T18144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 549.195044][T18151] hsr0: entered promiscuous mode [ 550.732874][T18196] netlink: 'syz.4.5506': attribute type 1 has an invalid length. [ 551.035123][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 551.246290][T18202] bond0: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 551.552409][T18209] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5512'. [ 552.261357][T18229] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5520'. [ 552.283556][T18227] netlink: 'syz.0.5519': attribute type 1 has an invalid length. [ 552.303610][T18229] netlink: 'syz.2.5520': attribute type 1 has an invalid length. [ 552.334763][T18229] netlink: 'syz.2.5520': attribute type 2 has an invalid length. [ 552.345016][T18227] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.5519'. [ 552.357173][T18229] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5520'. [ 552.401877][T18227] netlink: 'syz.0.5519': attribute type 1 has an invalid length. [ 552.704257][ T25] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 552.904250][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 552.912127][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 552.943828][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 552.964406][ T25] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 552.987292][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.011251][ T25] usb 5-1: config 0 descriptor?? [ 553.446073][ T25] corsair 0003:1B1C:1B02.007C: unknown main item tag 0x0 [ 553.481514][ T25] corsair 0003:1B1C:1B02.007C: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.4-1/input0 [ 553.649034][ T25] corsair 0003:1B1C:1B02.007C: Read invalid backlight brightness: db. [ 553.930687][ T25] usb 5-1: USB disconnect, device number 60 [ 555.176151][T18283] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 555.716967][T18305] program syz.2.5556 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 556.210787][T18322] netlink: 47 bytes leftover after parsing attributes in process `syz.4.5564'. [ 556.418270][T18328] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 556.539117][T18333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 556.560337][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 556.584859][T18335] input: syz1 as /devices/virtual/input/input68 [ 556.591312][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 556.806564][ T2990] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 556.946657][T18342] netlink: 'syz.1.5572': attribute type 1 has an invalid length. [ 557.439909][T18352] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 558.612667][T18381] sch_tbf: burst 4 is lower than device lo mtu (65550) ! [ 558.916606][T18396] vcan0: entered allmulticast mode [ 559.043913][T18398] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 559.122644][T18398] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 559.183657][T18398] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 559.234146][T18398] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 559.658765][T18415] sch_tbf: burst 0 is lower than device team0 mtu (1514) ! [ 559.784464][ T5283] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 559.982909][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 560.004429][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 560.033730][ T5283] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 560.078159][ T5283] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 560.111095][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.151299][ T5283] usb 3-1: config 0 descriptor?? [ 560.377188][T18411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 560.417703][T18411] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 560.464224][ T5283] usbhid 3-1:0.0: can't add hid device: -71 [ 560.485642][ T5283] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 560.515949][ T5283] usb 3-1: USB disconnect, device number 54 [ 560.584171][ T5310] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 560.780034][ T5310] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 560.793069][ T5310] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 560.826688][ T5310] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 560.841727][ T5310] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.860279][ T5310] usb 5-1: Product: syz [ 560.871481][ T5310] usb 5-1: Manufacturer: syz [ 560.892877][ T5310] usb 5-1: SerialNumber: syz [ 560.914625][ T5310] usb 5-1: config 0 descriptor?? [ 560.933440][T18430] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 560.947649][T18430] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 561.114987][ T5283] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 561.208619][T18430] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 561.229543][T18430] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 561.327178][ T5283] usb 3-1: Using ep0 maxpacket: 8 [ 561.345805][ T5283] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 561.378420][ T5283] usb 3-1: config 0 has no interface number 0 [ 561.395853][ T5283] usb 3-1: config 0 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 561.411256][ T5283] usb 3-1: config 0 interface 1 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 561.438917][ T5283] usb 3-1: config 0 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 561.465239][ T5283] usb 3-1: config 0 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 561.506342][ T5283] usb 3-1: config 0 interface 1 has no altsetting 0 [ 561.528013][ T5283] usb 3-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 561.560769][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.580644][ T5283] usb 3-1: config 0 descriptor?? [ 561.654371][ T5310] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 561.865812][ T5310] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 561.891846][ T5283] usb 3-1: USB disconnect, device number 55 [ 561.909764][T18449] input: syz1 as /devices/virtual/input/input69 [ 561.914402][ T5310] usb 5-1: USB disconnect, device number 61 [ 561.918327][ T2990] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 562.772797][ T29] audit: type=1326 audit(2000000138.500:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18478 comm="syz.2.5634" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf85b7def9 code=0x0 [ 562.797863][T18482] netlink: 372 bytes leftover after parsing attributes in process `syz.0.5632'. [ 563.017522][ T5332] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 563.204872][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.211340][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.222590][ T5332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 563.246312][ T5332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 563.257561][ T5332] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 563.271961][ T5332] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 563.281630][ T5332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.296164][ T5332] usb 4-1: config 0 descriptor?? [ 563.770447][ T5332] corsair-cpro 0003:1B1C:1D00.007D: item fetching failed at offset 3/5 [ 563.808746][ T5332] corsair-cpro 0003:1B1C:1D00.007D: probe with driver corsair-cpro failed with error -22 [ 563.986135][ T5330] usb 4-1: USB disconnect, device number 56 [ 564.409975][ T29] audit: type=1326 audit(2000000140.140:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18526 comm="syz.1.5653" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x0 [ 564.510944][ T29] audit: type=1326 audit(2000000140.140:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18526 comm="syz.1.5653" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x0 [ 564.885756][T18539] [U]  [ 565.112520][T18550] CUSE: info not properly terminated [ 565.133588][T18519] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 565.152151][T18519] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 565.187738][T18519] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 565.224635][T18519] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 565.245406][T18519] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 565.251409][T18519] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 565.295556][T18519] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 565.301679][T18519] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 565.397156][T18557] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5662'. [ 565.445947][T18557] netlink: 'syz.2.5662': attribute type 2 has an invalid length. [ 565.474704][T18557] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5662'. [ 566.061824][T18519] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 566.094151][T18519] Bluetooth: hci7: Error when powering off device on rfkill (-4) [ 566.426970][T18519] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 566.461375][T18519] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 566.784142][T18519] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 566.790127][T18519] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 567.034924][ T11] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 567.340250][T18612] input: syz1 as /devices/virtual/input/input70 [ 568.007266][T18635] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5686'. [ 568.558978][ T5330] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 568.774511][ T5330] usb 3-1: Using ep0 maxpacket: 8 [ 568.804907][ T5330] usb 3-1: config 0 has an invalid interface number: 54 but max is 0 [ 568.844206][ T5330] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 568.883594][ T5330] usb 3-1: config 0 has no interface number 0 [ 568.900181][ T5330] usb 3-1: config 0 interface 54 altsetting 15 has an invalid descriptor for endpoint zero, skipping [ 568.944188][ T5330] usb 3-1: config 0 interface 54 altsetting 15 bulk endpoint 0xD has invalid maxpacket 32 [ 568.985098][ T5330] usb 3-1: config 0 interface 54 altsetting 15 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 569.024345][ T5330] usb 3-1: config 0 interface 54 altsetting 15 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 569.064197][ T5330] usb 3-1: config 0 interface 54 has no altsetting 0 [ 569.084355][ T5330] usb 3-1: New USB device found, idVendor=1b5c, idProduct=0105, bcdDevice=b2.78 [ 569.112192][ T5330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.168126][ T5330] usb 3-1: config 0 descriptor?? [ 569.335513][T18661] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5692'. [ 569.416132][ T5330] usb 3-1: string descriptor 0 read error: -71 [ 569.443172][ T5330] ftdi_sio 3-1:0.54: FTDI USB Serial Device converter detected [ 569.477813][ T5330] ftdi_sio ttyUSB0: unknown device type: 0xb278 [ 569.517298][ T5330] usb 3-1: USB disconnect, device number 56 [ 569.558400][ T5330] ftdi_sio 3-1:0.54: device disconnected [ 570.274292][T18687] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5701'. [ 572.106764][T18742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5719'. [ 572.156366][ T35] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 572.196113][T18745] netlink: 988 bytes leftover after parsing attributes in process `syz.1.5720'. [ 572.241839][T18745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5720'. [ 572.844545][ T5283] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 573.049737][ T5283] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 573.073518][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.105383][ T5283] usb 2-1: config 0 descriptor?? [ 573.285899][T18764] netlink: 2060 bytes leftover after parsing attributes in process `syz.4.5728'. [ 573.354290][T18764] netlink: 'syz.4.5728': attribute type 1 has an invalid length. [ 573.362316][T18764] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.5728'. [ 573.566683][ T5283] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 573.593935][ T5283] [drm] Initialized udl on minor 2 [ 573.665265][T18773] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 573.744304][ T5283] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 573.793944][ T5283] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 573.807392][ T25] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 573.864411][ T25] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 573.884515][ T5283] usb 2-1: USB disconnect, device number 56 [ 573.904357][ T25] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 573.915084][T18773] vhci_hcd: default hub control req: 4012 v0007 i0006 l0 [ 574.313743][T18786] bridge: RTM_NEWNEIGH with invalid ether address [ 574.551089][T18791] netlink: 'syz.1.5740': attribute type 1 has an invalid length. [ 574.580306][T18791] netlink: 9396 bytes leftover after parsing attributes in process `syz.1.5740'. [ 576.159532][ T5236] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 576.172097][ T5236] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 576.191291][ T5236] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 576.202608][ T5236] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 576.215330][ T5236] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 576.222975][ T5236] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 576.240605][ T5231] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 576.253300][ T5231] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 576.261018][ T5231] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 576.305652][ T5231] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 576.331235][ T5231] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 576.341496][ T5231] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 577.259871][T18823] chnl_net:caif_netlink_parms(): no params data found [ 577.702095][T18823] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.720912][T18823] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.735294][T18823] bridge_slave_0: entered allmulticast mode [ 577.767706][T18823] bridge_slave_0: entered promiscuous mode [ 577.809741][T18823] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.846137][T18823] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.853476][T18823] bridge_slave_1: entered allmulticast mode [ 577.896109][T18823] bridge_slave_1: entered promiscuous mode [ 577.915117][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 578.009481][T18823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 578.052741][T18823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 578.202669][T18823] team0: Port device team_slave_0 added [ 578.220007][T18874] netlink: 'syz.2.5772': attribute type 11 has an invalid length. [ 578.294927][T18823] team0: Port device team_slave_1 added [ 578.395398][ T5231] Bluetooth: hci6: command tx timeout [ 578.436901][T18880] netlink: 'syz.4.5774': attribute type 1 has an invalid length. [ 578.495285][T18880] netlink: 9372 bytes leftover after parsing attributes in process `syz.4.5774'. [ 578.534150][T18880] netlink: 'syz.4.5774': attribute type 1 has an invalid length. [ 578.585376][T18823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 578.592380][T18823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 578.674653][T18823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 578.705991][T18823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 578.712993][T18823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 578.797693][T18823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 579.108780][T18823] hsr_slave_0: entered promiscuous mode [ 579.166514][T18823] hsr_slave_1: entered promiscuous mode [ 579.214802][T18823] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 579.239858][T18823] Cannot create hsr debugfs directory [ 579.551122][T18908] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5787'. [ 579.856496][T18918] netlink: 'syz.2.5793': attribute type 1 has an invalid length. [ 580.211837][T18823] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.308965][T18925] netlink: 'syz.1.5795': attribute type 10 has an invalid length. [ 580.375004][T18925] team0: Port device netdevsim0 added [ 580.389131][T18927] netlink: 'syz.1.5795': attribute type 10 has an invalid length. [ 580.475767][ T5231] Bluetooth: hci6: command tx timeout [ 580.504932][T18927] team0: Port device netdevsim0 removed [ 580.515901][T18927] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 580.719504][T18823] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.855561][T18947] syz.2.5805[18947] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 580.855746][T18947] syz.2.5805[18947] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 580.964105][ T29] audit: type=1400 audit(2000000156.690:292): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=18948 comm="syz.1.5806" [ 581.148784][T18823] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.427258][T18823] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.958064][T18823] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 582.010989][T18823] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 582.055917][T18823] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 582.149638][T18823] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 582.557273][ T5231] Bluetooth: hci6: command tx timeout [ 582.633946][T18823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 582.733659][T18823] 8021q: adding VLAN 0 to HW filter on device team0 [ 582.787528][ T80] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.794750][ T80] bridge0: port 1(bridge_slave_0) entered forwarding state [ 582.852525][T13943] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.859772][T13943] bridge0: port 2(bridge_slave_1) entered forwarding state [ 583.680150][ T1111] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 583.722752][T18823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 583.926951][T18823] veth0_vlan: entered promiscuous mode [ 583.958862][T18823] veth1_vlan: entered promiscuous mode [ 584.083813][T18823] veth0_macvtap: entered promiscuous mode [ 584.107338][T19017] tipc: Enabling of bearer rejected, failed to enable media [ 584.157192][T18823] veth1_macvtap: entered promiscuous mode [ 584.238104][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.274384][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.303184][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.341764][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.375763][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.413780][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.448823][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.478020][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.508786][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.538685][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.578391][T18823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 584.635696][ T5231] Bluetooth: hci6: command tx timeout [ 584.687366][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.698119][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.710128][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.720825][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.731471][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.764435][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.776851][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.810549][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.821360][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.843794][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.871530][T18823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.910537][T18823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.953591][T18823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 585.003408][T18823] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.038381][T18823] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.083377][T18823] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.132180][T18823] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.464788][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 585.472649][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 585.575397][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 585.591399][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 585.847133][ T29] audit: type=1326 audit(2000000161.580:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19052 comm="syz.1.5850" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x0 [ 586.259372][T19064] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 586.332707][T19064] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 586.364317][ T29] audit: type=1400 audit(2000000162.090:294): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=19065 comm="syz.2.5854" [ 586.886097][T19079] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5860'. [ 587.435289][T19098] tipc: Enabling of bearer rejected, failed to enable media [ 587.664114][ T29] audit: type=1326 audit(2000000163.390:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19107 comm="syz.1.5873" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd4a4f7def9 code=0x0 [ 588.508740][ T29] audit: type=1400 audit(2000000164.230:296): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=19134 comm="syz.2.5887" [ 588.530058][T19137] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 0, id = 0 [ 588.550178][T19138] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 0, id = 1 [ 588.562991][T19139] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 0, id = 2 [ 588.583708][T19140] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 0, id = 3 [ 588.814898][ T11] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 589.785207][ T29] audit: type=1326 audit(2000000165.520:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19172 comm="syz.4.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 589.874326][ T29] audit: type=1326 audit(2000000165.520:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19172 comm="syz.4.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 589.943026][ T29] audit: type=1326 audit(2000000165.550:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19172 comm="syz.4.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 590.029155][ T29] audit: type=1326 audit(2000000165.550:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19172 comm="syz.4.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 590.075681][ T29] audit: type=1326 audit(2000000165.550:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19172 comm="syz.4.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 590.154731][ T29] audit: type=1326 audit(2000000165.560:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19172 comm="syz.4.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 590.241261][ T29] audit: type=1326 audit(2000000165.560:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19172 comm="syz.4.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x7ffc0000 [ 590.426026][T19193] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.5909'. [ 591.243142][T19207] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5915'. [ 591.682346][T19221] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5919'. [ 591.775617][T19221] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5919'. [ 592.368532][T19231] netlink: 'syz.4.5927': attribute type 1 has an invalid length. [ 592.441416][T19231] netlink: 9380 bytes leftover after parsing attributes in process `syz.4.5927'. [ 593.488271][T19251] netlink: 'syz.2.5936': attribute type 12 has an invalid length. [ 594.555515][ T2990] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 595.755212][T19304] mkiss: ax0: crc mode is auto. [ 596.859523][T19325] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5967'. [ 597.258493][T19337] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5975'. [ 598.496899][T19375] input: syz0 as /devices/virtual/input/input72 [ 598.608600][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 598.608622][ T29] audit: type=1400 audit(2000000174.340:306): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=19378 comm="syz.3.5991" dest=20002 netif=wpan0 [ 598.835364][ T29] audit: type=1400 audit(2000000174.570:307): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=19384 comm="syz.2.5993" [ 599.155721][ T29] audit: type=1326 audit(2000000174.880:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19394 comm="syz.4.5999" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7ac757def9 code=0x0 [ 599.528165][T19406] hsr0: entered promiscuous mode [ 599.546662][T19406] macvlan2: entered promiscuous mode [ 599.563500][T19406] macvlan2: entered allmulticast mode [ 599.578294][T19406] hsr0: entered allmulticast mode [ 599.599580][T19406] hsr_slave_0: entered allmulticast mode [ 599.616111][T19406] hsr_slave_1: entered allmulticast mode [ 599.655646][T19412] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 599.657688][T19406] hsr0: left allmulticast mode [ 599.703791][T19406] hsr_slave_0: left allmulticast mode [ 599.731781][T19406] hsr_slave_1: left allmulticast mode [ 599.869659][T19415] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 600.117082][ T29] audit: type=1326 audit(2000000175.850:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19417 comm="syz.3.6008" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f898b37def9 code=0x0 [ 600.166808][T19422] netlink: 'syz.4.6010': attribute type 42 has an invalid length. [ 600.315970][ T2990] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 600.531359][T19428] sctp: [Deprecated]: syz.2.6013 (pid 19428) Use of int in max_burst socket option deprecated. [ 600.531359][T19428] Use struct sctp_assoc_value instead [ 601.722722][T19456] random: crng reseeded on system resumption [ 601.825623][T19459] netlink: 'syz.4.6025': attribute type 12 has an invalid length. [ 601.867414][T19459] netlink: 197276 bytes leftover after parsing attributes in process `syz.4.6025'. [ 602.258667][T19470] netlink: 'syz.0.6029': attribute type 2 has an invalid length. [ 602.613416][T19481] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6033'. [ 603.026405][T19456] Restarting kernel threads ... done. [ 603.944212][T19512] netlink: 'syz.4.6049': attribute type 2 has an invalid length. [ 604.345928][T19523] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 604.798082][ T5332] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 605.101833][ T5332] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 605.125113][ T5332] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 605.154362][ T5332] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 605.163469][ T5332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.244816][ T5332] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 605.520988][ T5332] gspca_sn9c2028: read1 error -32 [ 605.531140][ T5332] gspca_sn9c2028: read1 error -32 [ 605.535326][ T5330] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 605.564216][ T5281] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 605.767152][ T5330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.772855][ T5281] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 605.795439][ T5330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.821433][ T5281] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 605.832046][ T5330] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 605.864362][ T5281] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 605.873025][ T5330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.879412][ T5331] usb 3-1: USB disconnect, device number 57 [ 605.908508][ T5281] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.927135][ T5330] usb 2-1: config 0 descriptor?? [ 605.950965][T19556] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 605.998271][ T5281] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 606.077428][ T1111] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 606.387383][ T5330] cp2112 0003:10C4:EA90.007E: unknown main item tag 0x0 [ 606.424453][ T5330] cp2112 0003:10C4:EA90.007E: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 606.576521][ T25] usb 4-1: USB disconnect, device number 57 [ 606.585794][ T5330] cp2112 0003:10C4:EA90.007E: Part Number: 0x82 Device Version: 0xFE [ 606.787150][ T5330] cp2112 0003:10C4:EA90.007E: error requesting SMBus config [ 606.802875][ T5330] cp2112 0003:10C4:EA90.007E: probe with driver cp2112 failed with error -71 [ 606.816989][ T5330] usb 2-1: USB disconnect, device number 57 [ 607.504455][ T5330] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 607.714259][ T5330] usb 5-1: Using ep0 maxpacket: 32 [ 607.737212][ T5330] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 607.746772][ T5330] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.784057][ T5330] usb 5-1: Product: syz [ 607.788289][ T5330] usb 5-1: Manufacturer: syz [ 607.792926][ T5330] usb 5-1: SerialNumber: syz [ 607.823770][ T5330] usb 5-1: config 0 descriptor?? [ 607.833432][ T5330] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 607.902868][T19594] netlink: 'syz.3.6087': attribute type 13 has an invalid length. [ 607.944814][T19594] veth0_macvtap: left promiscuous mode [ 607.972075][T19594] macvtap0: entered allmulticast mode [ 608.069031][T19594] macvtap0: refused to change device tx_queue_len [ 608.574714][ T5330] gspca_ov534_9: reg_w failed -110 [ 608.621066][T19592] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 608.647205][T19592] Bluetooth: hci6: Error when powering off device on rfkill (-4) [ 609.084126][ T5330] gspca_ov534_9: Unknown sensor 0000 [ 609.084240][ T5330] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22 [ 609.286605][ T5330] usb 5-1: USB disconnect, device number 62 [ 609.775022][T19625] netlink: 'syz.2.6101': attribute type 1 has an invalid length. [ 609.803079][T19625] netlink: 'syz.2.6101': attribute type 2 has an invalid length. [ 609.839789][T19625] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check. [ 610.333437][T19636] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 610.630876][ T5281] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 610.794357][ T5332] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 610.824743][ T5281] usb 5-1: Using ep0 maxpacket: 8 [ 610.832507][ T5281] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 610.855865][ T5281] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 610.874338][ T5281] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.893609][ T5281] usb 5-1: Product: syz [ 610.903107][ T5281] usb 5-1: Manufacturer: syz [ 610.923371][ T5281] usb 5-1: SerialNumber: syz [ 610.942160][ T5281] usb 5-1: config 0 descriptor?? [ 610.966094][ T5281] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 610.984861][ T5332] usb 3-1: Using ep0 maxpacket: 32 [ 611.009431][ T5332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 611.035723][ T5332] usb 3-1: New USB device found, idVendor=0123, idProduct=0001, bcdDevice=4a.fe [ 611.053502][ T5332] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.075388][ T5332] usb 3-1: Product: syz [ 611.088613][ T5332] usb 3-1: Manufacturer: syz [ 611.103785][ T5332] usb 3-1: SerialNumber: syz [ 611.125643][ T5332] usb 3-1: config 0 descriptor?? [ 611.199193][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 611.362220][ T5332] usbtouchscreen 3-1:0.0: probe with driver usbtouchscreen failed with error -71 [ 611.389993][ T5332] usb 3-1: USB disconnect, device number 58 [ 611.422220][T19662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6118'. [ 611.606590][ T5281] gspca_zc3xx: reg_w_i err -71 [ 612.244797][ T5281] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 612.254263][ T5281] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 612.294448][ T5281] usb 5-1: USB disconnect, device number 63 [ 615.081432][T19755] xt_bpf: check failed: parse error [ 615.844328][ T5330] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 615.934201][T19779] Invalid logical block size (65527) [ 615.946813][ T5230] kernel write not supported for file /snd/seq (pid: 5230 comm: kworker/1:3) [ 616.060011][ T5330] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 616.069551][ T5330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.098861][ T5330] usb 3-1: config 0 descriptor?? [ 616.138776][ T5330] cp210x 3-1:0.0: cp210x converter detected [ 616.302184][T19790] netlink: 'syz.0.6174': attribute type 7 has an invalid length. [ 616.316075][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 616.374578][T19790] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.6174'. [ 616.576722][ T5330] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 616.615586][ T5330] usb 3-1: cp210x converter now attached to ttyUSB0 [ 616.767885][T19801] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6178'. [ 616.778021][T19801] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6178'. [ 616.882322][ T5330] usb 3-1: USB disconnect, device number 59 [ 616.897542][ T5330] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 616.976895][ T5330] cp210x 3-1:0.0: device disconnected [ 617.446548][T19817] netlink: 830 bytes leftover after parsing attributes in process `syz.1.6187'. [ 617.458185][T19817] bond_slave_0: entered promiscuous mode [ 617.466173][T19817] bond_slave_1: entered promiscuous mode [ 617.472017][T19817] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 617.735820][T19830] sctp: [Deprecated]: syz.1.6191 (pid 19830) Use of struct sctp_assoc_value in delayed_ack socket option. [ 617.735820][T19830] Use struct sctp_sack_info instead [ 617.980405][T19836] bond0: entered promiscuous mode [ 617.994818][T19836] bond_slave_0: entered promiscuous mode [ 618.014326][T19836] bond_slave_1: entered promiscuous mode [ 619.287920][T19882] binder: 19881:19882 ioctl c018620c 200005c0 returned -1 [ 620.184813][T19906] netlink: 'syz.4.6227': attribute type 10 has an invalid length. [ 620.267526][T19906] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 620.310652][T19906] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 620.352681][T19906] team0: Port device netdevsim0 added [ 620.392279][T19909] netlink: 'syz.4.6227': attribute type 10 has an invalid length. [ 620.469920][T19909] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 620.506817][ T5330] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 620.517434][T19909] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 620.577926][T19909] team0: Port device netdevsim0 removed [ 620.617115][T19909] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 620.714619][ T5330] usb 3-1: Using ep0 maxpacket: 32 [ 620.724687][ T5330] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 620.734815][ T5330] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 620.742837][ T5330] usb 3-1: Product: syz [ 620.754331][ T5330] usb 3-1: Manufacturer: syz [ 620.759150][ T5330] usb 3-1: SerialNumber: syz [ 620.767284][ T5330] usb 3-1: config 0 descriptor?? [ 620.803853][T19912] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6229'. [ 621.439650][ T5330] rtl8150 3-1:0.0: eth1: rtl8150 is detected [ 621.705023][ T5281] usb 3-1: USB disconnect, device number 60 [ 621.858903][T19939] bridge0: port 2(veth0_to_bridge) entered blocking state [ 621.882458][T19939] bridge0: port 2(veth0_to_bridge) entered disabled state [ 621.908770][T19939] veth0_to_bridge: entered allmulticast mode [ 621.930827][T19939] veth0_to_bridge: entered promiscuous mode [ 621.962460][T19943] ./bus: Can't lookup blockdev [ 622.084943][ T1111] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 622.444189][ T942] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 622.665343][ T942] usb 2-1: Using ep0 maxpacket: 8 [ 622.672805][ T942] usb 2-1: config index 0 descriptor too short (expected 6427, got 27) [ 622.700284][ T942] usb 2-1: config 0 has an invalid interface number: 21 but max is 0 [ 622.724493][ T942] usb 2-1: config 0 has no interface number 0 [ 622.730719][ T942] usb 2-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 622.774984][ T942] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 622.824194][ T942] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 622.855514][ T942] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 622.885118][ T942] usb 2-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 622.893185][ T942] usb 2-1: Product: syz [ 622.919340][ T942] usb 2-1: config 0 descriptor?? [ 623.004337][ T5330] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 623.234502][ T5330] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 623.298571][ T5330] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 623.318097][ T5330] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 623.364067][ T5330] usb 4-1: config 0 interface 0 has no altsetting 0 [ 623.402828][ T5330] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 623.440426][ T5330] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 623.480815][ T5330] usb 4-1: config 0 interface 0 has no altsetting 0 [ 623.524817][ T5330] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 623.544144][ T5330] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 623.566520][ T942] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.21/input/input74 [ 623.574477][ T5330] usb 4-1: config 0 interface 0 has no altsetting 0 [ 623.615219][ T5330] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 623.636555][ T5330] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 623.636569][ T942] input: failed to attach handler kbd to device input74, error: -5 [ 623.636598][ T5330] usb 4-1: config 0 interface 0 has no altsetting 0 [ 623.725709][ T5330] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 623.744387][ T5330] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 623.794761][ T5330] usb 4-1: config 0 interface 0 has no altsetting 0 [ 623.824118][ T5230] usb 2-1: USB disconnect, device number 58 [ 623.832035][ T5330] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 623.861648][ T5330] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 623.881947][ T5330] usb 4-1: config 0 interface 0 has no altsetting 0 [ 623.905359][ T5330] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 623.922894][ T5330] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 623.944421][ T5330] usb 4-1: config 0 interface 0 has no altsetting 0 [ 623.981774][ T5330] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 624.008872][ T5330] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 624.034096][ T5330] usb 4-1: config 0 interface 0 has no altsetting 0 [ 624.045276][ T942] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 624.056597][ T5330] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 624.094846][ T5330] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 624.113524][ T5330] usb 4-1: Product: syz [ 624.123660][ T5330] usb 4-1: Manufacturer: syz [ 624.133780][ T5330] usb 4-1: SerialNumber: syz [ 624.160666][ T5330] usb 4-1: config 0 descriptor?? [ 624.215695][ T5330] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 624.254970][T19991] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6266'. [ 624.264243][ T942] usb 5-1: Using ep0 maxpacket: 16 [ 624.267993][ T942] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 624.284562][ T942] usb 5-1: config 0 has no interface number 0 [ 624.304194][ T942] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 624.354121][ T942] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 624.386467][ T942] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 624.414760][ T942] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 624.422922][ T942] usb 5-1: Product: syz [ 624.454162][ T942] usb 5-1: SerialNumber: syz [ 624.486925][ T5332] usb 4-1: USB disconnect, device number 58 [ 624.497619][ T5332] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 624.505170][ T942] usb 5-1: config 0 descriptor?? [ 624.522751][ T942] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 624.555912][ T942] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input75 [ 624.642055][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.649008][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.158319][ C0] cm109_urb_ctl_callback: 196 callbacks suppressed [ 625.158350][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 625.174289][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 625.181546][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 625.188768][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 625.195995][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 625.203219][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 625.210410][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 625.217622][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 625.224829][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 625.232141][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 625.279970][ T5330] usb 5-1: USB disconnect, device number 64 [ 625.279968][ C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 625.628621][ T5330] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 626.621839][T20035] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6285'. [ 627.607489][T20057] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 627.724556][T20057] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 627.835406][ T1111] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 628.854884][T20084] netlink: 52 bytes leftover after parsing attributes in process `syz.1.6307'. [ 628.874454][T20084] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6307'. [ 629.264494][ T25] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 629.456700][ T25] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 629.466650][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.497693][ T25] usb 3-1: config 0 descriptor?? [ 629.519006][ T25] cp210x 3-1:0.0: cp210x converter detected [ 629.933270][ T25] usb 3-1: cp210x converter now attached to ttyUSB0 [ 630.164519][ T25] usb 3-1: USB disconnect, device number 61 [ 630.207864][ T25] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 630.235408][ T25] cp210x 3-1:0.0: device disconnected [ 630.603472][T20131] netlink: 'syz.1.6330': attribute type 1 has an invalid length. [ 630.624618][T20131] netlink: 9344 bytes leftover after parsing attributes in process `syz.1.6330'. [ 631.764420][ T25] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 631.948546][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 631.970489][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 632.000751][ T25] usb 3-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 632.036797][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.081316][ T25] usb 3-1: config 0 descriptor?? [ 632.088509][T20185] netlink: 3084 bytes leftover after parsing attributes in process `syz.4.6355'. [ 632.126079][T20185] netlink: 'syz.4.6355': attribute type 1 has an invalid length. [ 632.155277][T20185] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.6355'. [ 632.517191][T20163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 632.562242][T20163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 632.607967][T20201] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6362'. [ 632.608416][ T25] sony 0003:054C:024B.007F: unknown main item tag 0x0 [ 632.656301][ T25] sony 0003:054C:024B.007F: unknown main item tag 0x0 [ 632.674352][ T25] sony 0003:054C:024B.007F: unexpected long global item [ 632.682221][ T25] sony 0003:054C:024B.007F: parse failed [ 632.699513][ T25] sony 0003:054C:024B.007F: probe with driver sony failed with error -22 [ 632.764169][ T942] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 632.843157][ T25] usb 3-1: USB disconnect, device number 62 [ 632.954590][ T942] usb 5-1: Using ep0 maxpacket: 16 [ 632.966831][ T942] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 632.983469][ T942] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 633.003090][ T942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 633.012491][ T942] usb 5-1: Product: syz [ 633.024436][ T942] usb 5-1: Manufacturer: syz [ 633.031995][ T942] usb 5-1: SerialNumber: syz [ 633.055449][ T942] usb 5-1: config 0 descriptor?? [ 633.083721][ T942] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 633.117176][ T942] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 633.216664][T20215] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 633.595401][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 633.708319][ T942] em28xx 5-1:0.0: chip ID is em2860 [ 634.002537][ T942] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 634.021261][ T80] Bluetooth: hci8: Frame reassembly failed (-84) [ 634.037637][ T942] em28xx 5-1:0.0: board has no eeprom [ 634.111443][T20244] netlink: 'syz.2.6383': attribute type 1 has an invalid length. [ 634.120002][T20244] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6383'. [ 634.146426][ T942] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 634.178290][ T942] em28xx 5-1:0.0: dvb set to bulk mode. [ 634.205004][ T5281] em28xx 5-1:0.0: Binding DVB extension [ 634.241639][ T942] usb 5-1: USB disconnect, device number 65 [ 634.268308][ T942] em28xx 5-1:0.0: Disconnecting em28xx [ 634.389917][ T5281] em28xx 5-1:0.0: Registering input extension [ 634.544288][ T5281] rc_core: IR keymap rc-pinnacle-pctv-hd not found [ 634.550913][ T5281] Registered IR keymap rc-empty [ 634.589473][ T5281] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 634.637362][ T5281] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input76 [ 634.707197][ T5281] em28xx 5-1:0.0: Input extension successfully initialized [ 634.733879][ T942] em28xx 5-1:0.0: Closing input extension [ 634.785810][T20260] tipc: Started in network mode [ 634.804382][T20260] tipc: Node identity 7f000001, cluster identity 4711 [ 634.834141][T20260] tipc: Enabling of bearer rejected, failed to enable media [ 634.912633][ T942] em28xx 5-1:0.0: Freeing device [ 635.208693][ T29] audit: type=1400 audit(2000000210.930:310): lsm=SMACK fn=smack_inode_permission action=denied subject="y" object="_" requested=wx pid=20268 comm="syz.1.6393" name="1483" dev="tmpfs" ino=7539 [ 635.375851][T20271] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.6394'. [ 635.423500][T20271] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 635.440966][T20275] netlink: 'syz.1.6396': attribute type 1 has an invalid length. [ 635.470613][T20275] netlink: 9116 bytes leftover after parsing attributes in process `syz.1.6396'. [ 635.500619][T20275] netlink: 'syz.1.6396': attribute type 1 has an invalid length. [ 635.524229][T20275] netlink: 209 bytes leftover after parsing attributes in process `syz.1.6396'. [ 635.811362][ C0] vkms_vblank_simulate: vblank timer overrun [ 636.074283][ T5231] Bluetooth: hci8: Opcode 0x1003 failed: -110 [ 636.074535][ T5236] Bluetooth: hci8: command 0x1003 tx timeout [ 638.286720][ T5281] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 638.485686][ T5281] usb 5-1: Using ep0 maxpacket: 16 [ 638.491159][T20370] program syz.2.6437 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 638.525990][ T5281] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 638.544568][ T5281] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 638.576733][ T5281] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 638.604400][ T5281] usb 5-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 638.612820][ T5281] usb 5-1: Product: syz [ 638.644372][ T5281] usb 5-1: Manufacturer: syz [ 638.651459][ T5281] usb 5-1: config 0 descriptor?? [ 638.716253][ T35] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 638.770512][T20375] syz.2.6441: attempt to access beyond end of device [ 638.770512][T20375] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0 [ 638.846064][T20375] syz.2.6441: attempt to access beyond end of device [ 638.846064][T20375] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0 [ 638.914785][T20375] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 638.949641][T20375] syz.2.6441: attempt to access beyond end of device [ 638.949641][T20375] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0 [ 639.000602][T20375] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 639.034196][T20375] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found [ 639.041850][T20375] UDF-fs: Scanning with blocksize 512 failed [ 639.076921][T20375] syz.2.6441: attempt to access beyond end of device [ 639.076921][T20375] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 639.113415][T20383] tap0: tun_chr_ioctl cmd 1074812118 [ 639.119026][T20375] syz.2.6441: attempt to access beyond end of device [ 639.119026][T20375] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 639.119143][T20375] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 639.119371][T20375] syz.2.6441: attempt to access beyond end of device [ 639.119371][T20375] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 639.162914][ T5281] kovaplus 0003:1E7D:2D50.0080: unknown main item tag 0x0 [ 639.184162][T20375] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 639.194834][ T5281] kovaplus 0003:1E7D:2D50.0080: unknown main item tag 0x0 [ 639.197195][T20375] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found [ 639.201996][ T5281] kovaplus 0003:1E7D:2D50.0080: unknown main item tag 0x0 [ 639.202029][ T5281] kovaplus 0003:1E7D:2D50.0080: unknown main item tag 0x0 [ 639.243689][T20375] UDF-fs: Scanning with blocksize 1024 failed [ 639.252980][ T5281] kovaplus 0003:1E7D:2D50.0080: unknown main item tag 0x0 [ 639.261345][T20375] syz.2.6441: attempt to access beyond end of device [ 639.261345][T20375] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 639.276764][ T5281] kovaplus 0003:1E7D:2D50.0080: unknown main item tag 0x0 [ 639.289119][ T5281] kovaplus 0003:1E7D:2D50.0080: unknown main item tag 0x0 [ 639.307246][ T5281] kovaplus 0003:1E7D:2D50.0080: hidraw0: USB HID v0.07 Device [syz syz] on usb-dummy_hcd.4-1/input0 [ 639.318691][T20375] syz.2.6441: attempt to access beyond end of device [ 639.318691][T20375] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 639.359472][T20375] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 639.370130][T20375] syz.2.6441: attempt to access beyond end of device [ 639.370130][T20375] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 639.383413][T20375] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 639.394506][T20375] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found [ 639.402184][T20375] UDF-fs: Scanning with blocksize 2048 failed [ 639.411619][T20375] syz.2.6441: attempt to access beyond end of device [ 639.411619][T20375] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 639.425304][T20375] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 639.441106][T20375] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 639.451130][T20375] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found [ 639.461299][T20375] UDF-fs: Scanning with blocksize 4096 failed [ 639.474260][T20375] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 639.659834][ T5281] kovaplus 0003:1E7D:2D50.0080: couldn't init struct kovaplus_device [ 639.678003][ T5281] kovaplus 0003:1E7D:2D50.0080: couldn't install mouse [ 639.696456][ T5281] kovaplus 0003:1E7D:2D50.0080: probe with driver kovaplus failed with error -71 [ 639.727975][ T5281] usb 5-1: USB disconnect, device number 66 [ 640.080448][T20403] Falling back ldisc for ttyS3. [ 641.194515][ T29] audit: type=1400 audit(2000000216.930:311): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=20432 comm="syz.2.6466" dest=20003 [ 641.875467][T20451] netem: incorrect ge model size [ 641.881234][T20451] netem: change failed [ 642.384268][ T5281] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 642.574497][ T5281] usb 2-1: Using ep0 maxpacket: 32 [ 642.582153][ T5281] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 642.598437][ T5281] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.623122][ T5281] usb 2-1: config 0 descriptor?? [ 642.646857][ T5281] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 643.075527][ T5281] gspca_nw80x: reg_r err -71 [ 643.080382][ T5281] nw80x 2-1:0.0: probe with driver nw80x failed with error -71 [ 643.124690][ T5281] usb 2-1: USB disconnect, device number 59 [ 643.815653][T20504] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6499'. [ 643.864633][T20504] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6499'. [ 643.993825][T20512] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6502'. [ 644.024885][T20512] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6502'. [ 646.144228][T20586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6535'. [ 646.154319][T20586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6535'. [ 646.636044][ T5332] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 646.864627][ T5332] usb 3-1: Using ep0 maxpacket: 8 [ 646.891634][ T5332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 646.937394][ T5332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 646.970020][ T5332] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 647.000856][ T5332] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 647.010430][ T5332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 647.033090][ T5332] usb 3-1: config 0 descriptor?? [ 647.468071][ T5332] pyra 0003:1E7D:2C24.0081: item fetching failed at offset 5/7 [ 647.504914][ T5332] pyra 0003:1E7D:2C24.0081: parse failed [ 647.533456][ T5332] pyra 0003:1E7D:2C24.0081: probe with driver pyra failed with error -22 [ 647.644272][ T942] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 647.763037][ T5281] usb 3-1: USB disconnect, device number 63 [ 647.854190][ T942] usb 2-1: Using ep0 maxpacket: 16 [ 647.862292][ T942] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 647.895510][T20618] loop0: detected capacity change from 0 to 1 [ 647.906268][ T942] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 647.919123][T20618] Dev loop0: unable to read RDB block 1 [ 647.934707][T20618] loop0: unable to read partition table [ 647.935696][ T942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.950995][T20618] loop0: partition table beyond EOD, truncated [ 647.964118][T20618] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 647.964118][T20618] ) failed (rc=-5) [ 647.969790][ T942] usb 2-1: Product: syz [ 648.002308][ T942] usb 2-1: Manufacturer: syz [ 648.012648][ T942] usb 2-1: SerialNumber: syz [ 648.028261][ T942] usb 2-1: config 0 descriptor?? [ 648.289735][ T942] usb 2-1: Not enough endpoints found in device, aborting! [ 648.603375][ T5330] usb 2-1: USB disconnect, device number 60 [ 649.469064][T20644] debugfs: Directory 'netdev:nicvf0' with parent 'phy5' already present! [ 649.730433][T20649] program syz.0.6562 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 650.067273][ T942] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 650.313439][ T942] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 650.344119][ T942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.369355][ T942] usb 4-1: config 0 descriptor?? [ 650.426466][ T942] cp210x 4-1:0.0: cp210x converter detected [ 650.904547][ T942] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 650.940794][ T942] usb 4-1: cp210x converter now attached to ttyUSB0 [ 651.252138][ T942] usb 4-1: USB disconnect, device number 59 [ 651.285956][ T942] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 651.345436][ T942] cp210x 4-1:0.0: device disconnected [ 651.658436][ T29] audit: type=1400 audit(2000000227.390:312): lsm=SMACK fn=smack_inode_permission action=denied subject="y" object="_" requested=wx pid=20686 comm="syz.2.6578" name="621" dev="tmpfs" ino=3157 [ 651.983127][T20694] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6579'. [ 652.793464][T20723] [ 652.795888][T20723] ===================================================== [ 652.804210][T20723] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 652.811704][T20723] 6.11.0-syzkaller-02520-gadfc3ded5c33 #0 Not tainted [ 652.818498][T20723] ----------------------------------------------------- [ 652.825463][T20723] syz.4.6594/20723 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 652.833312][T20723] ffff88802fb702b8 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x199/0x4f0 [ 652.842091][T20723] [ 652.842091][T20723] and this task is already holding: [ 652.849490][T20723] ffff88802a720230 (&dev->event_lock#2){..-.}-{2:2}, at: input_inject_event+0xc5/0x340 [ 652.859266][T20723] which would create a new lock dependency: [ 652.865187][T20723] (&dev->event_lock#2){..-.}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 652.873192][T20723] [ 652.873192][T20723] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 652.882676][T20723] (&dev->event_lock#2){..-.}-{2:2} [ 652.882729][T20723] [ 652.882729][T20723] ... which became SOFTIRQ-irq-safe at: [ 652.895756][T20723] lock_acquire+0x1ed/0x550 [ 652.900390][T20723] _raw_spin_lock_irqsave+0xd5/0x120 [ 652.905781][T20723] input_inject_event+0xc5/0x340 [ 652.910817][T20723] led_trigger_event+0x138/0x210 [ 652.915933][T20723] kbd_bh+0x1b5/0x290 [ 652.920006][T20723] tasklet_action_common+0x321/0x4d0 [ 652.925383][T20723] handle_softirqs+0x2c4/0x970 [ 652.930235][T20723] __irq_exit_rcu+0xf4/0x1c0 [ 652.934917][T20723] irq_exit_rcu+0x9/0x30 [ 652.939261][T20723] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 652.945095][T20723] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 652.951177][T20723] _raw_spin_unlock_irq+0x29/0x50 [ 652.956301][T20723] n_tty_ioctl_helper+0x2a1/0x360 [ 652.961469][T20723] tty_ioctl+0x998/0xdc0 [ 652.965799][T20723] __se_sys_ioctl+0xf9/0x170 [ 652.971268][T20723] do_syscall_64+0xf3/0x230 [ 652.975889][T20723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.981965][T20723] [ 652.981965][T20723] to a SOFTIRQ-irq-unsafe lock: [ 652.989009][T20723] (tasklist_lock){.+.+}-{2:2} [ 652.989045][T20723] [ 652.989045][T20723] ... which became SOFTIRQ-irq-unsafe at: [ 653.002250][T20723] ... [ 653.002262][T20723] lock_acquire+0x1ed/0x550 [ 653.009725][T20723] _raw_read_lock+0x36/0x50 [ 653.014541][T20723] __do_wait+0x12d/0x850 [ 653.018889][T20723] do_wait+0x1e9/0x560 [ 653.023051][T20723] kernel_wait+0xe9/0x240 [ 653.027500][T20723] call_usermodehelper_exec_work+0xbd/0x230 [ 653.033499][T20723] process_scheduled_works+0xa2c/0x1830 [ 653.039149][T20723] worker_thread+0x870/0xd30 [ 653.043836][T20723] kthread+0x2f0/0x390 [ 653.047999][T20723] ret_from_fork+0x4b/0x80 [ 653.052554][T20723] ret_from_fork_asm+0x1a/0x30 [ 653.057413][T20723] [ 653.057413][T20723] other info that might help us debug this: [ 653.057413][T20723] [ 653.067639][T20723] Chain exists of: [ 653.067639][T20723] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 653.067639][T20723] [ 653.080607][T20723] Possible interrupt unsafe locking scenario: [ 653.080607][T20723] [ 653.088921][T20723] CPU0 CPU1 [ 653.094287][T20723] ---- ---- [ 653.099657][T20723] lock(tasklist_lock); [ 653.103906][T20723] local_irq_disable(); [ 653.110658][T20723] lock(&dev->event_lock#2); [ 653.117878][T20723] lock(&new->fa_lock); [ 653.124731][T20723] [ 653.128179][T20723] lock(&dev->event_lock#2); [ 653.133035][T20723] [ 653.133035][T20723] *** DEADLOCK *** [ 653.133035][T20723] [ 653.141175][T20723] 6 locks held by syz.4.6594/20723: [ 653.146378][T20723] #0: ffff88802a722110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x26f/0x7c0 [ 653.155548][T20723] #1: ffff88802a720230 (&dev->event_lock#2){..-.}-{2:2}, at: input_inject_event+0xc5/0x340 [ 653.165752][T20723] #2: ffffffff8e738660 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xd6/0x340 [ 653.175445][T20723] #3: ffffffff8e738660 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0x8f/0x860 [ 653.185050][T20723] #4: ffffffff8e738660 (rcu_read_lock){....}-{1:2}, at: mousedev_notify_readers+0x2a/0xc80 [ 653.195174][T20723] #5: ffffffff8e738660 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x54/0x4f0 [ 653.204270][T20723] [ 653.204270][T20723] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 653.214675][T20723] -> (&dev->event_lock#2){..-.}-{2:2} { [ 653.220285][T20723] IN-SOFTIRQ-W at: [ 653.224271][T20723] lock_acquire+0x1ed/0x550 [ 653.230439][T20723] _raw_spin_lock_irqsave+0xd5/0x120 [ 653.237398][T20723] input_inject_event+0xc5/0x340 [ 653.244002][T20723] led_trigger_event+0x138/0x210 [ 653.250604][T20723] kbd_bh+0x1b5/0x290 [ 653.256251][T20723] tasklet_action_common+0x321/0x4d0 [ 653.263199][T20723] handle_softirqs+0x2c4/0x970 [ 653.269715][T20723] __irq_exit_rcu+0xf4/0x1c0 [ 653.275989][T20723] irq_exit_rcu+0x9/0x30 [ 653.282014][T20723] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 653.289409][T20723] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 653.297059][T20723] _raw_spin_unlock_irq+0x29/0x50 [ 653.303753][T20723] n_tty_ioctl_helper+0x2a1/0x360 [ 653.310448][T20723] tty_ioctl+0x998/0xdc0 [ 653.316347][T20723] __se_sys_ioctl+0xf9/0x170 [ 653.322614][T20723] do_syscall_64+0xf3/0x230 [ 653.328789][T20723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.336359][T20723] INITIAL USE at: [ 653.340270][T20723] lock_acquire+0x1ed/0x550 [ 653.346345][T20723] _raw_spin_lock_irqsave+0xd5/0x120 [ 653.353204][T20723] input_inject_event+0xc5/0x340 [ 653.359703][T20723] kbd_led_trigger_activate+0xb8/0x100 [ 653.366728][T20723] led_trigger_set+0x582/0x9c0 [ 653.373059][T20723] led_trigger_set_default+0x229/0x260 [ 653.380079][T20723] led_classdev_register_ext+0x6e6/0x8a0 [ 653.387306][T20723] input_leds_connect+0x489/0x630 [ 653.393915][T20723] input_register_device+0xd3b/0x1110 [ 653.400867][T20723] atkbd_connect+0x752/0xa00 [ 653.407031][T20723] serio_driver_probe+0x7f/0xa0 [ 653.413475][T20723] really_probe+0x2b8/0xad0 [ 653.419561][T20723] __driver_probe_device+0x1a2/0x390 [ 653.426436][T20723] driver_probe_device+0x50/0x430 [ 653.433078][T20723] __driver_attach+0x45f/0x710 [ 653.439422][T20723] bus_for_each_dev+0x239/0x2b0 [ 653.445861][T20723] serio_handle_event+0x1c7/0x920 [ 653.452469][T20723] process_scheduled_works+0xa2c/0x1830 [ 653.459597][T20723] worker_thread+0x870/0xd30 [ 653.465758][T20723] kthread+0x2f0/0x390 [ 653.471474][T20723] ret_from_fork+0x4b/0x80 [ 653.477463][T20723] ret_from_fork_asm+0x1a/0x30 [ 653.483802][T20723] } [ 653.486299][T20723] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 653.495330][T20723] [ 653.495330][T20723] the dependencies between the lock to be acquired [ 653.495341][T20723] and SOFTIRQ-irq-unsafe lock: [ 653.509538][T20723] -> (tasklist_lock){.+.+}-{2:2} { [ 653.515783][T20723] HARDIRQ-ON-R at: [ 653.519977][T20723] lock_acquire+0x1ed/0x550 [ 653.526502][T20723] _raw_read_lock+0x36/0x50 [ 653.533036][T20723] __do_wait+0x12d/0x850 [ 653.539565][T20723] do_wait+0x1e9/0x560 [ 653.545708][T20723] kernel_wait+0xe9/0x240 [ 653.552063][T20723] call_usermodehelper_exec_work+0xbd/0x230 [ 653.560269][T20723] process_scheduled_works+0xa2c/0x1830 [ 653.567948][T20723] worker_thread+0x870/0xd30 [ 653.574938][T20723] kthread+0x2f0/0x390 [ 653.581048][T20723] ret_from_fork+0x4b/0x80 [ 653.587647][T20723] ret_from_fork_asm+0x1a/0x30 [ 653.594473][T20723] SOFTIRQ-ON-R at: [ 653.598656][T20723] lock_acquire+0x1ed/0x550 [ 653.605178][T20723] _raw_read_lock+0x36/0x50 [ 653.611718][T20723] __do_wait+0x12d/0x850 [ 653.617968][T20723] do_wait+0x1e9/0x560 [ 653.624057][T20723] kernel_wait+0xe9/0x240 [ 653.630416][T20723] call_usermodehelper_exec_work+0xbd/0x230 [ 653.638341][T20723] process_scheduled_works+0xa2c/0x1830 [ 653.645895][T20723] worker_thread+0x870/0xd30 [ 653.652499][T20723] kthread+0x2f0/0x390 [ 653.658600][T20723] ret_from_fork+0x4b/0x80 [ 653.665027][T20723] ret_from_fork_asm+0x1a/0x30 [ 653.671824][T20723] INITIAL USE at: [ 653.675896][T20723] lock_acquire+0x1ed/0x550 [ 653.682317][T20723] _raw_write_lock_irq+0xd3/0x120 [ 653.689252][T20723] copy_process+0x228b/0x3dc0 [ 653.695853][T20723] kernel_clone+0x223/0x880 [ 653.702298][T20723] user_mode_thread+0x132/0x1a0 [ 653.709069][T20723] rest_init+0x23/0x300 [ 653.715146][T20723] start_kernel+0x47a/0x500 [ 653.721562][T20723] x86_64_start_reservations+0x2a/0x30 [ 653.728940][T20723] x86_64_start_kernel+0x9f/0xa0 [ 653.735794][T20723] common_startup_64+0x13e/0x147 [ 653.742641][T20723] INITIAL READ USE at: [ 653.747144][T20723] lock_acquire+0x1ed/0x550 [ 653.754002][T20723] _raw_read_lock+0x36/0x50 [ 653.760860][T20723] __do_wait+0x12d/0x850 [ 653.767449][T20723] do_wait+0x1e9/0x560 [ 653.773864][T20723] kernel_wait+0xe9/0x240 [ 653.780648][T20723] call_usermodehelper_exec_work+0xbd/0x230 [ 653.788919][T20723] process_scheduled_works+0xa2c/0x1830 [ 653.796830][T20723] worker_thread+0x870/0xd30 [ 653.803777][T20723] kthread+0x2f0/0x390 [ 653.810207][T20723] ret_from_fork+0x4b/0x80 [ 653.816976][T20723] ret_from_fork_asm+0x1a/0x30 [ 653.824096][T20723] } [ 653.826780][T20723] ... key at: [] tasklist_lock+0x18/0x40 [ 653.834702][T20723] ... acquired at: [ 653.838684][T20723] lock_acquire+0x1ed/0x550 [ 653.843376][T20723] _raw_read_lock+0x36/0x50 [ 653.848585][T20723] send_sigio+0x108/0x390 [ 653.853124][T20723] dnotify_handle_event+0x157/0x460 [ 653.858525][T20723] fsnotify+0x18ab/0x1f70 [ 653.863054][T20723] fsnotify_change+0x24f/0x2a0 [ 653.868994][T20723] notify_change+0xc0c/0xe90 [ 653.874057][T20723] chmod_common+0x2ab/0x4c0 [ 653.878793][T20723] __x64_sys_fchmod+0xf5/0x160 [ 653.884814][T20723] do_syscall_64+0xf3/0x230 [ 653.890153][T20723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.896567][T20723] [ 653.899692][T20723] -> (&f_owner->lock){....}-{2:2} { [ 653.906873][T20723] INITIAL USE at: [ 653.910954][T20723] lock_acquire+0x1ed/0x550 [ 653.919168][T20723] _raw_write_lock_irq+0xd3/0x120 [ 653.926592][T20723] f_modown+0x62/0x370 [ 653.932697][T20723] fcntl_dirnotify+0x459/0x5b0 [ 653.939283][T20723] do_fcntl+0x7e2/0x1a70 [ 653.945877][T20723] __se_sys_fcntl+0xd2/0x1e0 [ 653.952345][T20723] do_syscall_64+0xf3/0x230 [ 653.958677][T20723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.966625][T20723] INITIAL READ USE at: [ 653.971084][T20723] lock_acquire+0x1ed/0x550 [ 653.978064][T20723] _raw_read_lock_irqsave+0xdd/0x130 [ 653.985584][T20723] send_sigio+0x37/0x390 [ 653.992110][T20723] dnotify_handle_event+0x157/0x460 [ 653.999579][T20723] fsnotify+0x18ab/0x1f70 [ 654.006209][T20723] vfs_readv+0x921/0xa80 [ 654.012634][T20723] __se_sys_preadv2+0x1ca/0x2d0 [ 654.019842][T20723] do_syscall_64+0xf3/0x230 [ 654.026620][T20723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.034896][T20723] } [ 654.037621][T20723] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 654.047020][T20723] ... acquired at: [ 654.051463][T20723] lock_acquire+0x1ed/0x550 [ 654.057657][T20723] _raw_read_lock_irqsave+0xdd/0x130 [ 654.063766][T20723] send_sigio+0x37/0x390 [ 654.068297][T20723] kill_fasync+0x256/0x4f0 [ 654.072899][T20723] lease_break_callback+0x26/0x30 [ 654.078108][T20723] __break_lease+0x6d5/0x1820 [ 654.082964][T20723] do_dentry_open+0x8d4/0x1460 [ 654.087907][T20723] vfs_open+0x3e/0x330 [ 654.092242][T20723] path_openat+0x2c84/0x3590 [ 654.097024][T20723] do_filp_open+0x235/0x490 [ 654.101724][T20723] do_sys_openat2+0x13e/0x1d0 [ 654.106586][T20723] __x64_sys_open+0x225/0x270 [ 654.111438][T20723] do_syscall_64+0xf3/0x230 [ 654.116117][T20723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.122195][T20723] [ 654.124521][T20723] -> (&new->fa_lock){....}-{2:2} { [ 654.129657][T20723] INITIAL USE at: [ 654.133549][T20723] lock_acquire+0x1ed/0x550 [ 654.139706][T20723] _raw_write_lock_irq+0xd3/0x120 [ 654.146296][T20723] fasync_remove_entry+0xff/0x1d0 [ 654.152913][T20723] pipe_fasync+0xaf/0x1f0 [ 654.158817][T20723] __fput+0x71b/0x880 [ 654.164381][T20723] task_work_run+0x24f/0x310 [ 654.170644][T20723] syscall_exit_to_user_mode+0x168/0x370 [ 654.177854][T20723] do_syscall_64+0x100/0x230 [ 654.184014][T20723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.191475][T20723] INITIAL READ USE at: [ 654.195806][T20723] lock_acquire+0x1ed/0x550 [ 654.202331][T20723] _raw_read_lock_irqsave+0xdd/0x130 [ 654.209648][T20723] kill_fasync+0x199/0x4f0 [ 654.216116][T20723] __se_sys_vmsplice+0xc69/0x1460 [ 654.223164][T20723] do_syscall_64+0xf3/0x230 [ 654.229675][T20723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.237574][T20723] } [ 654.240071][T20723] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 654.248755][T20723] ... acquired at: [ 654.252551][T20723] lock_acquire+0x1ed/0x550 [ 654.257239][T20723] _raw_read_lock_irqsave+0xdd/0x130 [ 654.262707][T20723] kill_fasync+0x199/0x4f0 [ 654.267301][T20723] mousedev_notify_readers+0x719/0xc80 [ 654.272938][T20723] mousedev_event+0x5d9/0x1390 [ 654.278061][T20723] input_handler_events_default+0x107/0x1c0 [ 654.284148][T20723] input_pass_values+0x286/0x860 [ 654.289269][T20723] input_event_dispose+0x30f/0x600 [ 654.294564][T20723] input_handle_event+0xa71/0xbe0 [ 654.299801][T20723] input_inject_event+0x22f/0x340 [ 654.305006][T20723] evdev_write+0x66f/0x7c0 [ 654.309777][T20723] vfs_write+0x29c/0xc90 [ 654.314245][T20723] ksys_write+0x1a0/0x2c0 [ 654.318790][T20723] do_syscall_64+0xf3/0x230 [ 654.323469][T20723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.329540][T20723] [ 654.331857][T20723] [ 654.331857][T20723] stack backtrace: [ 654.337752][T20723] CPU: 0 UID: 0 PID: 20723 Comm: syz.4.6594 Not tainted 6.11.0-syzkaller-02520-gadfc3ded5c33 #0 [ 654.348176][T20723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 654.358261][T20723] Call Trace: [ 654.361554][T20723] [ 654.364494][T20723] dump_stack_lvl+0x241/0x360 [ 654.369201][T20723] ? __pfx_dump_stack_lvl+0x10/0x10 [ 654.374413][T20723] ? __pfx__printk+0x10/0x10 [ 654.379015][T20723] ? print_shortest_lock_dependencies+0xf2/0x160 [ 654.385358][T20723] validate_chain+0x4de0/0x5900 [ 654.390220][T20723] ? __pfx_validate_chain+0x10/0x10 [ 654.395431][T20723] ? __pfx_validate_chain+0x10/0x10 [ 654.400639][T20723] ? register_lock_class+0x102/0x980 [ 654.405939][T20723] ? __pfx_register_lock_class+0x10/0x10 [ 654.411583][T20723] ? mark_lock+0x9a/0x350 [ 654.415926][T20723] __lock_acquire+0x137a/0x2040 [ 654.420796][T20723] lock_acquire+0x1ed/0x550 [ 654.425312][T20723] ? kill_fasync+0x199/0x4f0 [ 654.430700][T20723] ? __pfx_lock_acquire+0x10/0x10 [ 654.435742][T20723] ? __pfx_lock_acquire+0x10/0x10 [ 654.440787][T20723] _raw_read_lock_irqsave+0xdd/0x130 [ 654.446119][T20723] ? kill_fasync+0x199/0x4f0 [ 654.450753][T20723] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 654.456711][T20723] kill_fasync+0x199/0x4f0 [ 654.461145][T20723] ? kill_fasync+0x54/0x4f0 [ 654.465681][T20723] mousedev_notify_readers+0x719/0xc80 [ 654.471159][T20723] ? mousedev_notify_readers+0x2a/0xc80 [ 654.476724][T20723] mousedev_event+0x5d9/0x1390 [ 654.481535][T20723] ? __pfx_mousedev_event+0x10/0x10 [ 654.487509][T20723] input_handler_events_default+0x107/0x1c0 [ 654.493450][T20723] input_pass_values+0x286/0x860 [ 654.498446][T20723] ? input_pass_values+0x8f/0x860 [ 654.503589][T20723] input_event_dispose+0x30f/0x600 [ 654.508718][T20723] input_handle_event+0xa71/0xbe0 [ 654.513767][T20723] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 654.519271][T20723] ? __pfx_input_handle_event+0x10/0x10 [ 654.524852][T20723] input_inject_event+0x22f/0x340 [ 654.529892][T20723] ? input_inject_event+0xd6/0x340 [ 654.535016][T20723] evdev_write+0x66f/0x7c0 [ 654.539455][T20723] ? __pfx_evdev_write+0x10/0x10 [ 654.544417][T20723] ? bpf_lsm_file_permission+0x9/0x10 [ 654.549807][T20723] ? security_file_permission+0x7f/0xa0 [ 654.555357][T20723] ? rw_verify_area+0x1c3/0x6f0 [ 654.560249][T20723] ? __pfx_evdev_write+0x10/0x10 [ 654.565202][T20723] vfs_write+0x29c/0xc90 [ 654.569461][T20723] ? __pfx_vfs_write+0x10/0x10 [ 654.574233][T20723] ? do_futex+0x33b/0x560 [ 654.578573][T20723] ? __fget_files+0x29/0x470 [ 654.583169][T20723] ? __fget_files+0x3f3/0x470 [ 654.587850][T20723] ? __fget_files+0x29/0x470 [ 654.592447][T20723] ? __fdget_pos+0x19a/0x320 [ 654.597042][T20723] ksys_write+0x1a0/0x2c0 [ 654.601404][T20723] ? __pfx_ksys_write+0x10/0x10 [ 654.606275][T20723] ? do_syscall_64+0x100/0x230 [ 654.611045][T20723] ? do_syscall_64+0xb6/0x230 [ 654.615731][T20723] do_syscall_64+0xf3/0x230 [ 654.620245][T20723] ? clear_bhb_loop+0x35/0x90 [ 654.624931][T20723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.630841][T20723] RIP: 0033:0x7f7ac757def9 [ 654.635261][T20723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.654896][T20723] RSP: 002b:00007f7ac8402038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 654.663304][T20723] RAX: ffffffffffffffda RBX: 00007f7ac7735f80 RCX: 00007f7ac757def9 [ 654.671270][T20723] RDX: 0000000000000078 RSI: 00000000200003c0 RDI: 0000000000000004 [ 654.679237][T20723] RBP: 00007f7ac75f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 654.687219][T20723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 654.695187][T20723] R13: 0000000000000000 R14: 00007f7ac7735f80 R15: 00007ffe519d29d8 [ 654.703167][T20723] [ 657.925081][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration