last executing test programs: 8m53.469831875s ago: executing program 3 (id=27707): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, &(0x7f0000000100), 0xe, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000100)={@local}) 8m53.205379151s ago: executing program 3 (id=27715): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c, 0x0}}], 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8924, &(0x7f00000000c0)={'dummy0\x00', 0x1}) 8m53.097986887s ago: executing program 3 (id=27719): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) sendmsg(r0, &(0x7f0000000380)={&(0x7f0000000080)=@l2={0x1d, 0x400, @any, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000100)="751edb18dbf46e8f09d97e5bbd402d11fea33f21e2", 0x15}, {&(0x7f00000001c0)="da", 0x1}, {&(0x7f0000000240)="6d5f67af894fc09d550067b675507cd5556770418b1b34525a6becaa1a13b103508a04d5cd215b761cd584cddde2539d4d275745d349805bf16f7bd8010d7104086c0e743d76d4de754ad1714e562adea566098cbd4bb4b351de0ed58f1361f6920b4598be11b9f546e6ba23ba5075072ef9d7362c255f7797866066f2697c324aa5dc055389df4d7725ef8f4e391c9bcbc80b7a9397f3f484ddc09076e854b1ee0569277a48abb91df8c3d57555dd4ed07a395e7c78444c971401bb04a219d661d01158a497c68330c7a8878ad272b2fd9915717c58efd568017a16947f3145cc2d", 0x22}], 0x3}, 0x4010) 8m53.064917806s ago: executing program 3 (id=27722): creat(&(0x7f0000000c40)='./file0\x00', 0x100) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x91450, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6) 8m52.964933402s ago: executing program 3 (id=27724): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x24, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x4c}, 0x1, 0x0, 0x0, 0x4000810}, 0x40) 8m52.758817409s ago: executing program 3 (id=27727): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4401}) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000240)="0bc3ff", 0x3}, {&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00\x00', 0x7}, {&(0x7f00000000c0)="3564ae4f", 0xb}], 0x3) 8m52.439317666s ago: executing program 32 (id=27727): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4401}) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000240)="0bc3ff", 0x3}, {&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00\x00', 0x7}, {&(0x7f00000000c0)="3564ae4f", 0xb}], 0x3) 2.662203525s ago: executing program 0 (id=37374): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @local}}, 0x0, 0x0, 0x9, 0x0, "774c3302b1f1b066a380bfe207b87eee3eae02bd83c2a1221c61cc28de9738dd65a7087c64eb12c6b6de92c94c30ac369a9c40de052c528fa8db2e5e374fb46ca3db74fa6de1fc0d3b3daed2a0227652"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x2b, 0x0, "fca57b76070d3dab6b0ec22c3b4e860e817343e91f2a7ebc860f6f4fb693e0ffd7f933e856d35e17f5e064800e1b8ab99c03a012548145d120157e5da1bd9e00"}, 0xd8) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) 2.575456442s ago: executing program 0 (id=37377): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000005000000850000002e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r2, 0x4) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x10) 2.270765763s ago: executing program 0 (id=37383): landlock_create_ruleset(&(0x7f0000000080)={0x8040}, 0x18, 0x0) r0 = socket(0x2, 0x80805, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x1}, 0x8) 2.210062129s ago: executing program 0 (id=37385): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast2, 0x4e23, 0x4, 'lblcr\x00', 0x0, 0xfffffffc, 0x80}, 0x2c) poll(&(0x7f0000000000), 0x20000000000000ea, 0x7) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68) 2.08691097s ago: executing program 5 (id=37390): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002380)={'hsr0\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r2, &(0x7f0000000380)="c1858aec1d0a06756f6608f288fb", 0xe, 0x24080000, &(0x7f0000000680)={0x11, 0x0, r1, 0x1, 0x5, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14) 2.032307038s ago: executing program 5 (id=37392): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20000) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}) 1.98633856s ago: executing program 0 (id=37393): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000398000/0x2000)=nil, 0x3000, 0x2}) 1.905897747s ago: executing program 5 (id=37395): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r2, 0xc008aec1, &(0x7f0000000080)) 1.788973035s ago: executing program 5 (id=37397): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]}) close_range(r0, 0xffffffffffffffff, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000200), 0x123240, 0x0) clock_settime(0xfffffffb, &(0x7f0000000280)={0x0, 0x989680}) 1.733102492s ago: executing program 5 (id=37399): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') read$FUSE(r1, &(0x7f0000001680)={0x2020}, 0x2020) 1.633309615s ago: executing program 5 (id=37401): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x23, {[@global=@item_012={0x2, 0x1, 0x9, '\f\"'}, @global=@item_4={0x3, 0x1, 0x1, "61f3bdd5"}, @global=@item_4={0x3, 0x1, 0x2, "c6dc64b9"}, @global=@item_012={0x1, 0x1, 0x8, 'O'}, @main=@item_4={0x3, 0x0, 0xb, "c83e0503"}, @local=@item_4={0x3, 0x2, 0x1, "dde84050"}, @local=@item_4={0x3, 0x2, 0x9, "808c84d6"}, @local=@item_4={0x3, 0x2, 0x5, 'c^,-'}]}}, 0x0}, 0x0) 1.595818109s ago: executing program 1 (id=37402): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) munlockall() setrlimit(0x7, &(0x7f0000000400)) 1.547758628s ago: executing program 1 (id=37403): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="c4000000140001000000000000004000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000087000000c9"], 0xc4}, 0x1, 0x0, 0x0, 0x40100}, 0x2c000010) 1.383778046s ago: executing program 1 (id=37405): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) pidfd_getfd(r1, r1, 0x0) 1.313565058s ago: executing program 0 (id=37407): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe9f}}]}}, 0x0) syz_usb_connect(0x0, 0x6d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100003cda2a200a111022"], 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) 1.278377943s ago: executing program 1 (id=37408): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x3, &(0x7f0000001080)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) timerfd_settime(0xffffffffffffffff, 0x1, 0x0, 0x0) 817.807942ms ago: executing program 2 (id=37412): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x6a8, 0x0, 0x9}]}) 670.560943ms ago: executing program 4 (id=37414): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x2) r1 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000001080)={0x20000009}) 588.949911ms ago: executing program 2 (id=37415): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r2, 0x4014f50b, 0x0) 522.91098ms ago: executing program 1 (id=37416): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/mem_sleep', 0x80802, 0xcd) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x2, 0x6010000000000ffd, 0x0, 0x0, 0x19, 0x5, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "42d8cc26f7061a74df2cfc1fc89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd0c7f3f800b2f7b6aa54cc50c1fcaed1e831fa79a00", "141802c4daf4162e43ac61b7ad3300", [0xbffffffffffffce8, 0x100]}}) sendfile(r0, r0, 0x0, 0x9) 498.955352ms ago: executing program 2 (id=37417): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8ab43, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000001, 0x0, 0x8}]}) 411.276414ms ago: executing program 4 (id=37418): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001280), r0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0xfc}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc43c223e63755adf}, 0x20004000) 363.056078ms ago: executing program 1 (id=37419): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file1\x00', 0x80242, 0x8) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x4, 0x1, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0xff, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0) sendfile(r0, r0, &(0x7f0000000080), 0x4d9b6eaf) 352.364625ms ago: executing program 2 (id=37420): r0 = syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x20000) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000180)={0x8000001e, 0x0, 0x1}, 0x10) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f0000000180)) 328.568034ms ago: executing program 4 (id=37421): setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8001}, 0x8) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) 242.2201ms ago: executing program 4 (id=37422): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0xc0011022, 0x0, 0x3be4}]}) 190.095432ms ago: executing program 2 (id=37423): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000440)={0x2, 0x0, [{0x1, 0x0, 0x5, 0x7, 0x800, 0x7fffffff, 0x2}, {0x7, 0x1, 0x0, 0xfffffc01, 0x3, 0x8, 0xfffffffc}]}) 78.133308ms ago: executing program 4 (id=37424): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000480)=""/106, 0x6a}, {&(0x7f0000000580)=""/198, 0xc6}, {&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000000080)=""/118, 0x76}, {&(0x7f0000000240)=""/115, 0x73}], 0x5}, 0x7}], 0x3, 0x40002000, 0x0) 2.843976ms ago: executing program 2 (id=37425): r0 = open(&(0x7f0000000280)='.\x00', 0x80, 0x122) fcntl$notify(r0, 0x402, 0x8000003d) fcntl$setown(r0, 0x8, 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) 0s ago: executing program 4 (id=37426): r0 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r0, 0x40146f2c, &(0x7f0000000100)={0x2, 0x1, 0x3, 0x14, 0x4}) ioctl$DVB_DEMUX_DMX_ADD_PID(r0, 0x40026f33, &(0x7f0000000040)=0x312) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r0, 0x40146f2c, &(0x7f00000003c0)={0x2, 0x0, 0x0, 0x4, 0x4}) kernel console output (not intermixed with test programs): 00000 phys_seg 1 prio class 2 [ 1709.023685][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 1709.033795][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1709.043444][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 1709.051678][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1709.061334][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 1709.077075][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1709.086715][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 1709.094802][ T9209] ldm_validate_partition_table(): Disk read failed. [ 1709.102937][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1709.112590][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 1709.121252][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1709.130887][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 1709.138999][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1709.148653][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 1709.156815][ T9209] Dev loop4: unable to read RDB block 0 [ 1709.177504][ T9209] loop4: unable to read partition table [ 1709.183650][ T9209] loop4: partition table beyond EOD, truncated [ 1709.194642][ T9209] loop_reread_partitions: partition scan of loop4 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 1709.235986][T25549] usb 6-1: new high-speed USB device number 63 using dummy_hcd [ 1709.405694][T25549] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1709.417254][T25549] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1709.447006][T25549] usb 6-1: config 0 descriptor?? [ 1709.454394][T25549] cp210x 6-1:0.0: cp210x converter detected [ 1709.516952][ T796] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 1709.677269][ T796] usb 5-1: Using ep0 maxpacket: 16 [ 1709.684423][ T796] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1709.697068][ T796] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1709.708713][ T796] usb 5-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31 [ 1709.720825][ T796] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1709.733786][ T796] usb 5-1: Product: syz [ 1709.739911][ T796] usb 5-1: Manufacturer: syz [ 1709.744941][ T796] usb 5-1: SerialNumber: syz [ 1709.766214][ T796] usb 5-1: config 0 descriptor?? [ 1709.770324][ T9487] netlink: 11 bytes leftover after parsing attributes in process `syz.2.35294'. [ 1709.860878][T25549] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1709.883714][T25549] usb 6-1: cp210x converter now attached to ttyUSB0 [ 1709.998743][ T9332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1710.010546][ T9332] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1710.022436][ T796] usb 5-1: USB disconnect, device number 45 [ 1710.095390][ T24] usb 6-1: USB disconnect, device number 63 [ 1710.120442][ T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1710.153326][ T9595] netlink: 12 bytes leftover after parsing attributes in process `syz.0.35298'. [ 1710.166154][ T9595] netlink: 12 bytes leftover after parsing attributes in process `syz.0.35298'. [ 1710.183456][ T24] cp210x 6-1:0.0: device disconnected [ 1710.486362][ T796] usb 5-1: new full-speed USB device number 46 using dummy_hcd [ 1710.504530][ T9732] netlink: 'syz.2.35307': attribute type 3 has an invalid length. [ 1710.512771][ T9732] netlink: 772 bytes leftover after parsing attributes in process `syz.2.35307'. [ 1710.522415][ T9732] netlink: 'syz.2.35307': attribute type 3 has an invalid length. [ 1710.531095][ T9732] netlink: 772 bytes leftover after parsing attributes in process `syz.2.35307'. [ 1710.651059][ T796] usb 5-1: config 0 has an invalid interface number: 229 but max is 0 [ 1710.665028][ T796] usb 5-1: config 0 has no interface number 0 [ 1710.673616][ T796] usb 5-1: config 0 interface 229 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1710.688796][ T796] usb 5-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38 [ 1710.701006][ T796] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1710.710234][ T796] usb 5-1: Product: syz [ 1710.714498][ T796] usb 5-1: Manufacturer: syz [ 1710.720196][ T796] usb 5-1: SerialNumber: syz [ 1710.739924][ T796] usb 5-1: config 0 descriptor?? [ 1710.882482][ T9749] netlink: 4 bytes leftover after parsing attributes in process `syz.5.35313'. [ 1710.893582][ T9749] netlink: 173 bytes leftover after parsing attributes in process `syz.5.35313'. [ 1710.969831][ T5993] usb 5-1: USB disconnect, device number 46 [ 1711.238244][ T9760] bridge0: port 2(bridge_slave_1) entered disabled state [ 1711.245468][ T9760] bridge0: port 1(bridge_slave_0) entered disabled state [ 1711.299248][ T9760] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1711.336900][ T9760] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1711.418285][ T9760] macvlan2: left promiscuous mode [ 1711.441489][ T9761] geneve2: entered promiscuous mode [ 1711.581317][ T9763] ip6gretap0: entered promiscuous mode [ 1711.604875][ T9763] 8021q: adding VLAN 0 to HW filter on device team0 [ 1711.618419][ T9763] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1711.640172][ T106] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1711.663525][ T106] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1711.672552][ T106] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 49002 - 0 [ 1711.690832][ T106] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1711.700705][ T106] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1711.710778][ T106] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 49002 - 0 [ 1711.722596][ T106] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1711.747446][ T106] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1711.776726][ T106] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 49002 - 0 [ 1711.817156][ T106] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1711.843830][ T106] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1711.882928][ T106] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 49002 - 0 [ 1712.042231][ T9899] could not allocate digest TFM handle _!5(iHP,omxę*71U"~ 2.>~e>/y [ 1712.077954][ T30] audit: type=1326 audit(1775558713.136:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9901 comm="syz.2.35331" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x0 [ 1712.414745][ T9919] netlink: 92 bytes leftover after parsing attributes in process `syz.1.35337'. [ 1712.861143][ T9944] netlink: 260 bytes leftover after parsing attributes in process `syz.4.35348'. [ 1713.829059][T10093] kAFS: unable to lookup cell 'mSjˡ8' [ 1715.556182][ T5993] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 1715.736062][ T5993] usb 5-1: Using ep0 maxpacket: 16 [ 1715.747064][ T5993] usb 5-1: config 0 has no interfaces? [ 1715.763249][ T5993] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1715.772981][ T5993] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1715.781261][ T5993] usb 5-1: SerialNumber: syz [ 1715.796126][ T5993] usb 5-1: config 0 descriptor?? [ 1715.840351][T10505] netlink: 'syz.5.35398': attribute type 2 has an invalid length. [ 1716.036843][ T5993] usb 5-1: USB disconnect, device number 47 [ 1716.426869][T10627] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 1717.482407][ T30] audit: type=1326 audit(1775558718.536:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10772 comm="syz.2.35424" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000 [ 1717.532077][ T30] audit: type=1326 audit(1775558718.536:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10772 comm="syz.2.35424" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000 [ 1717.555693][ T30] audit: type=1326 audit(1775558718.536:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10772 comm="syz.2.35424" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf700ef6c code=0x7ffc0000 [ 1717.579023][ T30] audit: type=1326 audit(1775558718.536:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10772 comm="syz.2.35424" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000 [ 1717.603147][ T30] audit: type=1326 audit(1775558718.536:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10772 comm="syz.2.35424" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000 [ 1717.668641][ T30] audit: type=1326 audit(1775558718.536:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10772 comm="syz.2.35424" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf700ef6c code=0x7ffc0000 [ 1717.691260][ T30] audit: type=1326 audit(1775558718.536:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10772 comm="syz.2.35424" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000 [ 1717.715093][ T30] audit: type=1326 audit(1775558718.536:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10772 comm="syz.2.35424" exe="/root/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf700ef6c code=0x7ffc0000 [ 1717.743441][ T30] audit: type=1326 audit(1775558718.536:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10772 comm="syz.2.35424" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000 [ 1717.770889][ T30] audit: type=1326 audit(1775558718.536:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10772 comm="syz.2.35424" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000 [ 1718.033274][T10900] netlink: 28 bytes leftover after parsing attributes in process `syz.2.35434'. [ 1718.236515][T10912] gretap0: entered promiscuous mode [ 1718.243627][T10912] gretap0: left promiscuous mode [ 1718.583613][T10936] netlink: 4 bytes leftover after parsing attributes in process `syz.1.35446'. [ 1718.598137][T10936] netlink: 12 bytes leftover after parsing attributes in process `syz.1.35446'. [ 1718.949387][T10962] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.35454'. [ 1719.056783][T25549] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 1719.216113][T25549] usb 2-1: Using ep0 maxpacket: 8 [ 1719.246175][T25549] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1719.264746][T25549] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1719.286705][T25549] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1719.306411][T25549] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1719.319882][T25549] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1719.333618][T25549] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1719.356755][T25549] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1719.589543][T25549] usb 2-1: GET_CAPABILITIES returned 0 [ 1719.595210][T25549] usbtmc 2-1:16.0: can't read capabilities [ 1719.817707][T25549] usb 2-1: USB disconnect, device number 56 [ 1720.295106][T11048] pim6reg: tun_chr_ioctl cmd 1074025677 [ 1720.307129][T11048] pim6reg: linktype set to 6 [ 1720.477350][T11066] netlink: 8 bytes leftover after parsing attributes in process `syz.1.35489'. [ 1720.487715][T11066] netlink: 28 bytes leftover after parsing attributes in process `syz.1.35489'. [ 1720.887172][T11090] netdevsim netdevsim5 netdevsim0: IPsec offload requires 128 bit authentication [ 1721.236794][T11106] netlink: 156 bytes leftover after parsing attributes in process `syz.5.35507'. [ 1722.241699][T11244] input: syz1 as /devices/virtual/input/input237 [ 1722.347158][T25549] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1722.369828][T11250] netlink: 190972 bytes leftover after parsing attributes in process `syz.1.35522'. [ 1722.498230][ T30] kauditd_printk_skb: 410 callbacks suppressed [ 1722.498248][ T30] audit: type=1326 audit(1775558723.556:2398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.4.35497" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7ffc0000 [ 1722.537348][T25549] usb 3-1: Using ep0 maxpacket: 8 [ 1722.549902][ T30] audit: type=1326 audit(1775558723.556:2399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.4.35497" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7ffc0000 [ 1722.557610][T25549] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1722.582968][ T30] audit: type=1326 audit(1775558723.556:2400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.4.35497" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7ffc0000 [ 1722.608891][ T30] audit: type=1326 audit(1775558723.556:2401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.4.35497" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7ffc0000 [ 1722.614018][T25549] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1722.643589][T25549] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1722.658252][T25549] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1722.673053][T25549] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1722.682918][T25549] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1722.712298][ T30] audit: type=1326 audit(1775558723.556:2402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.4.35497" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7ffc0000 [ 1722.791373][ T30] audit: type=1326 audit(1775558723.556:2403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.4.35497" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7ffc0000 [ 1722.814706][ T30] audit: type=1326 audit(1775558723.556:2404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.4.35497" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7ffc0000 [ 1722.837435][ T30] audit: type=1326 audit(1775558723.556:2405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.4.35497" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7ffc0000 [ 1722.876843][ T30] audit: type=1326 audit(1775558723.556:2406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.4.35497" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7ffc0000 [ 1722.911402][ T30] audit: type=1326 audit(1775558723.556:2407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.4.35497" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7ffc0000 [ 1722.964334][T25549] usb 3-1: GET_CAPABILITIES returned 0 [ 1722.976114][T25549] usbtmc 3-1:16.0: can't read capabilities [ 1723.146764][ T5993] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 1723.257700][ T796] usb 3-1: USB disconnect, device number 33 [ 1723.306814][ T5993] usb 6-1: Using ep0 maxpacket: 8 [ 1723.313567][ T5993] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1723.336108][ T5993] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1723.347746][ T5993] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 168 [ 1723.364404][ T5993] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1723.379880][ T5993] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1723.389497][ T5993] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1723.615098][ T5993] usb 6-1: GET_CAPABILITIES returned 0 [ 1723.632627][ T5993] usbtmc 6-1:16.0: can't read capabilities [ 1723.842272][ T5993] usb 6-1: USB disconnect, device number 64 [ 1725.486330][T11525] netlink: 4 bytes leftover after parsing attributes in process `syz.0.35570'. [ 1725.583474][T11525] netlink: 28 bytes leftover after parsing attributes in process `syz.0.35570'. [ 1725.594590][T11525] netlink: 28 bytes leftover after parsing attributes in process `syz.0.35570'. [ 1725.870755][T11745] binder: 11743:11745 unknown command 1074553622 [ 1725.890644][T11745] binder: 11743:11745 ioctl c0306201 80000640 returned -22 [ 1726.028243][T11753] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 1726.770869][T11894] tmpfs: Unknown parameter '18446744073709551615' [ 1727.038688][T12010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.35607'. [ 1727.048348][T12010] netlink: 'syz.4.35607': attribute type 5 has an invalid length. [ 1727.317560][T12022] netlink: 24 bytes leftover after parsing attributes in process `syz.4.35609'. [ 1727.332867][T12022] netlink: 32 bytes leftover after parsing attributes in process `syz.4.35609'. [ 1727.811796][T12053] netlink: 8 bytes leftover after parsing attributes in process `syz.0.35618'. [ 1728.144386][T12077] bridge: RTM_NEWNEIGH with unconfigured vlan 1 on bridge0 [ 1729.236453][T12346] loop4: detected capacity change from 0 to 1 [ 1729.278106][T12346] Dev loop4: unable to read RDB block 1 [ 1729.298279][T12346] loop4: unable to read partition table [ 1729.304355][T12346] loop4: partition table beyond EOD, truncated [ 1729.316615][T12346] loop_reread_partitions: partition scan of loop4 (被x^> ) failed (rc=-5) [ 1729.496508][T12358] cgroup: fork rejected by pids controller in /syz5 [ 1729.544811][T12363] netlink: 8 bytes leftover after parsing attributes in process `syz.1.35657'. [ 1729.956174][ T24] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 1730.156029][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1730.170969][ T24] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1730.181417][ T24] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1730.204917][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.211479][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.223645][ T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1730.233311][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1730.243298][ T24] usb 2-1: Product: syz [ 1730.248431][ T24] usb 2-1: Manufacturer: syz [ 1730.253069][ T24] usb 2-1: SerialNumber: syz [ 1730.286832][ T24] hub 2-1:1.0: bad descriptor, ignoring hub [ 1730.296115][ T24] hub 2-1:1.0: probe with driver hub failed with error -5 [ 1730.385176][T10169] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 49002 - 0 [ 1730.480834][ T24] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 57 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1730.592030][T10169] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 49002 - 0 [ 1730.760375][ T1746] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1730.773221][ T1746] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1730.795497][ T1746] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1730.817032][T10169] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 49002 - 0 [ 1730.827938][ T1746] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1730.840374][ T1746] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1730.966389][ T24] usb 2-1: USB disconnect, device number 57 [ 1730.994840][ T24] usblp0: removed [ 1731.043242][T10169] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 49002 - 0 [ 1731.302788][T12417] chnl_net:caif_netlink_parms(): no params data found [ 1731.482134][T12529] netlink: 28 bytes leftover after parsing attributes in process `syz.4.35675'. [ 1731.778577][T10169] bridge_slave_1: left allmulticast mode [ 1731.784290][T10169] bridge_slave_1: left promiscuous mode [ 1731.793186][T10169] bridge0: port 2(bridge_slave_1) entered disabled state [ 1731.812121][T10169] bridge_slave_0: left allmulticast mode [ 1731.826023][T10169] bridge_slave_0: left promiscuous mode [ 1731.836757][T10169] bridge0: port 1(bridge_slave_0) entered disabled state [ 1732.261226][T10169]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 1732.271824][T10169]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 1732.285375][T10169]  (unregistering): Released all slaves [ 1732.301756][T10169] bond0 (unregistering): Released all slaves [ 1732.318330][T12417] bridge0: port 1(bridge_slave_0) entered blocking state [ 1732.325640][T12417] bridge0: port 1(bridge_slave_0) entered disabled state [ 1732.333405][T12417] bridge_slave_0: entered allmulticast mode [ 1732.345263][T12417] bridge_slave_0: entered promiscuous mode [ 1732.359691][T12417] bridge0: port 2(bridge_slave_1) entered blocking state [ 1732.368459][T12417] bridge0: port 2(bridge_slave_1) entered disabled state [ 1732.375777][T12417] bridge_slave_1: entered allmulticast mode [ 1732.384415][T12417] bridge_slave_1: entered promiscuous mode [ 1732.700987][T12417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1732.884886][T12417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1732.925536][ T1746] Bluetooth: hci3: command tx timeout [ 1733.002908][T12417] team0: Port device team_slave_0 added [ 1733.021100][T12417] team0: Port device team_slave_1 added [ 1733.137690][T12417] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1733.144980][T12417] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1733.171601][T12417] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1733.216136][T10169] hsr_slave_0: left promiscuous mode [ 1733.231582][T10169] hsr_slave_1: left promiscuous mode [ 1733.258853][T10169] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1733.298496][T10169] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1733.310719][ T796] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 1733.347790][T12919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.35695'. [ 1733.485955][ T796] usb 5-1: Using ep0 maxpacket: 32 [ 1733.497933][ T796] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1733.524848][ T796] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1733.545391][ T796] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1733.567499][ T796] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1733.576386][T10169] team0 (unregistering): Port device team_slave_1 removed [ 1733.591709][ T796] usb 5-1: config 0 descriptor?? [ 1733.599817][ T796] hub 5-1:0.0: USB hub found [ 1733.669153][T10169] team0 (unregistering): Port device team_slave_0 removed [ 1733.820181][ T796] hub 5-1:0.0: config failed, can't read hub descriptor (err -90) [ 1733.911149][T12417] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1733.918608][T12417] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1733.944825][T12417] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1734.039119][ T796] usbhid 5-1:0.0: can't add hid device: -71 [ 1734.045161][ T796] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1734.092077][ T796] usb 5-1: USB disconnect, device number 48 [ 1734.153839][T12417] hsr_slave_0: entered promiscuous mode [ 1734.168336][T12417] hsr_slave_1: entered promiscuous mode [ 1734.996508][ T1746] Bluetooth: hci3: command tx timeout [ 1735.395626][T10169] IPVS: stop unused estimator thread 0... [ 1735.851394][T13322] netlink: 4 bytes leftover after parsing attributes in process `syz.1.35716'. [ 1735.874300][T13322] netlink: 72 bytes leftover after parsing attributes in process `syz.1.35716'. [ 1736.548558][T12417] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1736.572639][T12417] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1736.594690][T12417] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1736.618202][T12417] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1736.870680][T12417] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1736.931527][T13516] macvlan2: entered promiscuous mode [ 1736.947678][T13516] bridge0: entered promiscuous mode [ 1736.976580][T12417] 8021q: adding VLAN 0 to HW filter on device team0 [ 1737.010148][T10169] bridge0: port 1(bridge_slave_0) entered blocking state [ 1737.017317][T10169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1737.064105][T10169] bridge0: port 2(bridge_slave_1) entered blocking state [ 1737.071327][T10169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1737.076350][ T1746] Bluetooth: hci3: command tx timeout [ 1737.240156][T12417] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1737.341837][T12417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1737.455582][T12417] veth0_vlan: entered promiscuous mode [ 1737.475539][T12417] veth1_vlan: entered promiscuous mode [ 1737.553281][T12417] veth0_macvtap: entered promiscuous mode [ 1737.611903][T12417] veth1_macvtap: entered promiscuous mode [ 1737.662723][T12417] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1737.708874][T12417] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1737.732158][T10169] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1737.759668][T10169] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1737.798140][T10169] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1737.817153][T10169] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1738.079475][T10169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1738.095974][T10169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1738.096198][T25549] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 1738.168898][ T1044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1738.187345][ T1044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1738.288369][T25549] usb 5-1: Using ep0 maxpacket: 8 [ 1738.302415][T25549] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1738.328656][T25549] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1738.342447][T25549] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1738.353192][T25549] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1738.373413][T25549] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1738.402232][T25549] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1738.647972][T25549] usb 5-1: GET_CAPABILITIES returned 0 [ 1738.653517][T25549] usbtmc 5-1:16.0: can't read capabilities [ 1738.944375][T15507] usb 5-1: USB disconnect, device number 49 [ 1738.976273][T25549] usb 2-1: new full-speed USB device number 58 using dummy_hcd [ 1739.137996][T25549] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1739.158661][ T1746] Bluetooth: hci3: command tx timeout [ 1739.180656][T25549] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1739.207894][T25549] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1739.253651][T25549] usb 2-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 1739.293371][T25549] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1739.323274][T25549] usb 2-1: config 0 descriptor?? [ 1739.797575][T25549] hid-multitouch 0003:0457:07DA.00AF: unknown main item tag 0x0 [ 1739.813902][T25549] hid-multitouch 0003:0457:07DA.00AF: unknown main item tag 0x0 [ 1739.824118][T25549] hid-multitouch 0003:0457:07DA.00AF: unknown main item tag 0x0 [ 1739.854388][T25549] hid-multitouch 0003:0457:07DA.00AF: unknown main item tag 0x0 [ 1739.870688][T25549] hid-multitouch 0003:0457:07DA.00AF: unknown main item tag 0x0 [ 1739.891795][T25549] hid-multitouch 0003:0457:07DA.00AF: unknown main item tag 0x0 [ 1739.911317][T25549] hid-multitouch 0003:0457:07DA.00AF: unknown main item tag 0x0 [ 1739.926044][T25549] hid-multitouch 0003:0457:07DA.00AF: unknown main item tag 0x0 [ 1739.943944][T25549] hid-multitouch 0003:0457:07DA.00AF: unknown main item tag 0x0 [ 1739.951945][T25549] hid-multitouch 0003:0457:07DA.00AF: unknown main item tag 0x0 [ 1739.970579][T25549] hid-multitouch 0003:0457:07DA.00AF: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.1-1/input0 [ 1740.112178][ T24] usb 2-1: USB disconnect, device number 58 [ 1740.567171][T10169] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 47442 - 0 [ 1740.732071][T10169] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 47442 - 0 [ 1740.999825][T10169] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 47442 - 0 [ 1741.065638][T21305] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1741.081038][T21305] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1741.090576][T21305] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1741.107710][T21305] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1741.125118][T21305] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1741.133134][T10169] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 47442 - 0 [ 1741.693006][T10169] tipc: Disabling bearer [ 1742.038507][T10169] batman_adv: batadv0: Removing interface: gretap1 [ 1742.233398][T13893] netlink: 'syz.0.35780': attribute type 9 has an invalid length. [ 1742.510478][T10169] bond1 (unregistering): Released all slaves [ 1742.523416][T10169] .2442 (unregistering): Released all slaves [ 1742.537151][T10169] bond2 (unregistering): Released all slaves [ 1742.552477][T10169] bond3 (unregistering): Released all slaves [ 1742.571387][T10169] bond4 (unregistering): Released all slaves [ 1742.583585][T10169] bond5 (unregistering): Released all slaves [ 1742.598794][T10169] bond0 (unregistering): (slave bond6): Releasing backup interface [ 1742.613219][T10169] bond0 (unregistering): Released all slaves [ 1742.625746][T10169] bond6 (unregistering): Released all slaves [ 1742.648289][T13793] chnl_net:caif_netlink_parms(): no params data found [ 1742.849456][T10169] : left promiscuous mode [ 1742.970325][T10169] tipc: Disabling bearer [ 1742.986183][T10169] tipc: Left network mode [ 1743.238757][ T1746] Bluetooth: hci4: command tx timeout [ 1743.259101][T13793] bridge0: port 1(bridge_slave_0) entered blocking state [ 1743.270059][T13793] bridge0: port 1(bridge_slave_0) entered disabled state [ 1743.279423][T13793] bridge_slave_0: entered allmulticast mode [ 1743.291377][T13793] bridge_slave_0: entered promiscuous mode [ 1743.320554][T13793] bridge0: port 2(bridge_slave_1) entered blocking state [ 1743.334723][T13793] bridge0: port 2(bridge_slave_1) entered disabled state [ 1743.345164][T13793] bridge_slave_1: entered allmulticast mode [ 1743.353849][T13793] bridge_slave_1: entered promiscuous mode [ 1743.413767][T13793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1743.441460][T13793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1743.631053][T13793] team0: Port device team_slave_0 added [ 1743.671016][T13793] team0: Port device team_slave_1 added [ 1743.798171][T13793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1743.830266][T13793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1743.889968][T13793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1743.917913][T13793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1743.933510][T13793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1744.017653][T13793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1744.219760][T14173] netlink: 'syz.0.35795': attribute type 10 has an invalid length. [ 1744.228266][T14173] netlink: 12 bytes leftover after parsing attributes in process `syz.0.35795'. [ 1744.260267][T14175] tun0: tun_chr_ioctl cmd 1074025677 [ 1744.329318][T14175] tun0: linktype set to 780 [ 1744.342533][T13793] hsr_slave_0: entered promiscuous mode [ 1744.359625][T13793] hsr_slave_1: entered promiscuous mode [ 1744.376513][T13793] debugfs: 'hsr0' already exists in 'hsr' [ 1744.385958][T13793] Cannot create hsr debugfs directory [ 1744.406123][T14197] kvm: kvm [14196]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x3ffeb7 [ 1744.454334][T10169] batman_adv: batadv0: Removing interface: macvtap1 [ 1744.883920][T10169] hsr_slave_0: left promiscuous mode [ 1744.921862][T10169] hsr_slave_1: left promiscuous mode [ 1744.935010][T10169] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1744.974218][T10169] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1744.990571][ T30] kauditd_printk_skb: 1513 callbacks suppressed [ 1744.990586][ T30] audit: type=1326 audit(1775558746.046:3921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14288 comm="syz.1.35806" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1745.039146][ T30] audit: type=1326 audit(1775558746.046:3922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14288 comm="syz.1.35806" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1745.063984][ T30] audit: type=1326 audit(1775558746.056:3923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14288 comm="syz.1.35806" exe="/root/syz-executor" sig=0 arch=40000003 syscall=291 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1745.118798][ T30] audit: type=1326 audit(1775558746.056:3924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14288 comm="syz.1.35806" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1745.185982][ T30] audit: type=1326 audit(1775558746.056:3925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14288 comm="syz.1.35806" exe="/root/syz-executor" sig=0 arch=40000003 syscall=292 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1745.238900][ T30] audit: type=1326 audit(1775558746.056:3926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14288 comm="syz.1.35806" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1745.262455][ T30] audit: type=1326 audit(1775558746.056:3927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14288 comm="syz.1.35806" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1745.319165][ T1746] Bluetooth: hci4: command tx timeout [ 1745.435742][T14310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.35813'. [ 1745.449460][T14310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.35813'. [ 1745.663740][T14322] netlink: 'syz.1.35817': attribute type 8 has an invalid length. [ 1746.635425][T10169] team0 (unregistering): Port device team_slave_1 removed [ 1746.655387][T10169] team0 (unregistering): Port device team_slave_0 removed [ 1746.805225][T14326] erspan0: entered promiscuous mode [ 1747.398489][ T1746] Bluetooth: hci4: command tx timeout [ 1747.893339][T13793] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1747.952342][T10169] IPVS: stop unused estimator thread 0... [ 1747.961859][T13793] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1747.990531][T13793] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1748.037422][T13793] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1748.177973][T13793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1748.213601][T13793] 8021q: adding VLAN 0 to HW filter on device team0 [ 1748.229036][ T146] bridge0: port 1(bridge_slave_0) entered blocking state [ 1748.236250][ T146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1748.252720][T10169] bridge0: port 2(bridge_slave_1) entered blocking state [ 1748.259940][T10169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1748.378485][T13793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1748.504740][T13793] veth0_vlan: entered promiscuous mode [ 1748.549602][T13793] veth1_vlan: entered promiscuous mode [ 1748.620060][T13793] veth0_macvtap: entered promiscuous mode [ 1748.653050][T13793] veth1_macvtap: entered promiscuous mode [ 1748.726785][T13793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1748.759790][T13793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1748.828142][ T146] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1748.873547][ T146] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1748.903198][ T146] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1748.928518][ T146] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1749.081868][ T7625] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1749.124831][ T7625] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1749.185797][T14671] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1749.205983][T14671] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1749.482873][ T1746] Bluetooth: hci4: command tx timeout [ 1750.897975][T14988] tipc: Started in network mode [ 1750.902915][T14988] tipc: Node identity ac14140f, cluster identity 4711 [ 1750.946328][T14988] tipc: New replicast peer: 255.255.255.255 [ 1750.957229][T14988] tipc: Enabled bearer , priority 20 [ 1751.657429][T15029] input: syz1 as /devices/virtual/input/input239 [ 1752.076359][ T5912] tipc: Node number set to 2886997007 [ 1752.355277][T15064] tap0: tun_chr_ioctl cmd 1074025677 [ 1752.382920][T15064] tap0: linktype set to 1 [ 1753.161530][T15120] netlink: 8 bytes leftover after parsing attributes in process `syz.5.35911'. [ 1753.322926][T15133] futex_wake_op: syz.1.35915 tries to shift op by -1; fix this program [ 1753.407033][T15137] netlink: 'syz.5.35917': attribute type 12 has an invalid length. [ 1753.576080][ T30] audit: type=1326 audit(1775558754.626:3928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15145 comm="syz.1.35921" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x0 [ 1753.598142][T15150] ip6tnl1: entered allmulticast mode [ 1753.611097][T14671] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1753.633035][T25549] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1753.644393][T14671] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1753.985952][ T5912] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1754.046195][ T5993] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1754.096629][T25549] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 1754.137796][ T5912] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1754.153378][ T5912] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1754.176767][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1754.197028][ T5912] usb 5-1: config 0 descriptor?? [ 1754.208670][ T5912] pwc: Askey VC010 type 2 USB webcam detected. [ 1754.256400][T25399] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1754.289397][T25549] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1754.289428][T25549] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1754.289461][T25549] usb 6-1: New USB device found, idVendor=046d, idProduct=0a07, bcdDevice= 0.00 [ 1754.289482][T25549] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1754.297426][T25549] usb 6-1: config 0 descriptor?? [ 1754.324084][T15200] sctp: [Deprecated]: syz.0.35937 (pid 15200) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1754.324084][T15200] Use struct sctp_sack_info instead [ 1754.633272][ T5912] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1754.722422][T25549] hid_parser_main: 12 callbacks suppressed [ 1754.722444][T25549] lg-g15 0003:046D:0A07.00B0: unknown main item tag 0x1 [ 1754.736424][T25549] lg-g15 0003:046D:0A07.00B0: unknown main item tag 0x1 [ 1754.743403][T25549] lg-g15 0003:046D:0A07.00B0: item fetching failed at offset 2/5 [ 1754.754377][T25549] lg-g15 0003:046D:0A07.00B0: probe with driver lg-g15 failed with error -22 [ 1754.844206][ T5912] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1754.854468][ T5912] pwc: recv_control_msg error -71 req 04 val 1000 [ 1754.863712][ T5912] pwc: recv_control_msg error -71 req 04 val 1300 [ 1754.871865][ T5912] pwc: recv_control_msg error -71 req 04 val 1400 [ 1754.886762][ T5912] pwc: recv_control_msg error -71 req 02 val 2000 [ 1754.901660][ T5912] pwc: recv_control_msg error -71 req 02 val 2100 [ 1754.916359][ T6014] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 1754.924844][ T5912] pwc: recv_control_msg error -71 req 04 val 1500 [ 1754.936092][ T5912] pwc: recv_control_msg error -71 req 02 val 2500 [ 1754.942955][ T5912] pwc: recv_control_msg error -71 req 02 val 2400 [ 1754.953716][T25549] usb 6-1: USB disconnect, device number 65 [ 1754.959717][ T5912] pwc: recv_control_msg error -71 req 02 val 2600 [ 1754.960114][ T5912] pwc: recv_control_msg error -71 req 02 val 2900 [ 1754.975635][ T5912] pwc: recv_control_msg error -71 req 02 val 2800 [ 1754.997479][ T5912] pwc: recv_control_msg error -71 req 04 val 1100 [ 1755.006066][ T5912] pwc: recv_control_msg error -71 req 04 val 1200 [ 1755.029854][ T5912] pwc: Registered as video103. [ 1755.050798][ T5912] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input240 [ 1755.087382][ T5912] usb 5-1: USB disconnect, device number 50 [ 1755.093772][ T6014] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1755.105941][ T6014] usb 2-1: config 0 has no interface number 0 [ 1755.123684][ T6014] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1755.136311][ T6014] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1755.144361][ T6014] usb 2-1: Product: syz [ 1755.149112][ T6014] usb 2-1: Manufacturer: syz [ 1755.176035][ T6014] usb 2-1: SerialNumber: syz [ 1755.213460][ T6014] usb 2-1: config 0 descriptor?? [ 1755.393717][T15274] netlink: 4 bytes leftover after parsing attributes in process `syz.2.35955'. [ 1755.405577][T15274] netlink: 72 bytes leftover after parsing attributes in process `syz.2.35955'. [ 1755.456563][ T6014] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 1755.478801][ T6014] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1755.493219][ T6014] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 1755.501858][ T6014] usb 2-1: media controller created [ 1755.556829][ T6014] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1756.472175][T15347] input: syz0 as /devices/virtual/input/input241 [ 1756.679490][ T6014] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 1756.773660][ T6014] usb 2-1: USB disconnect, device number 59 [ 1756.926523][ T24] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 1756.984138][T15395] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1757.086100][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 1757.093616][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1757.105636][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1757.116532][ T24] usb 5-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 1757.125771][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1757.140105][ T24] usb 5-1: config 0 descriptor?? [ 1757.581610][ T24] ntrig 0003:1B96:0008.00B1: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.4-1/input0 [ 1757.593198][T15517] kvm_intel: kvm [15516]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x2000000000003 [ 1757.726149][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1757.775775][ T24] ntrig 0003:1B96:0008.00B1: Firmware version: 2.7.31.21.7 (dfb5 afea) [ 1757.922898][T15540] tap0: tun_chr_ioctl cmd 2147767507 [ 1757.988787][ T5993] usb 5-1: USB disconnect, device number 51 [ 1758.095244][T15558] netlink: 76 bytes leftover after parsing attributes in process `syz.1.36006'. [ 1758.104899][T15558] netlink: 76 bytes leftover after parsing attributes in process `syz.1.36006'. [ 1758.115598][T15558] netlink: 292 bytes leftover after parsing attributes in process `syz.1.36006'. [ 1758.348917][T15568] tap0: tun_chr_ioctl cmd 1074025677 [ 1758.354538][T15568] tap0: linktype set to 0 [ 1758.468264][T15679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.36013'. [ 1758.496089][T15679] netlink: 12 bytes leftover after parsing attributes in process `syz.1.36013'. [ 1758.505194][T15679] netlink: 'syz.1.36013': attribute type 6 has an invalid length. [ 1758.879155][ T24] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1758.998515][ T5993] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 1759.037663][ T24] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1759.059235][ T24] usb 5-1: config 0 has no interface number 0 [ 1759.065395][ T24] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1759.087282][ T24] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1759.098157][ T24] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1759.107310][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1759.128025][ T24] usb 5-1: config 0 descriptor?? [ 1759.167762][ T5993] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1759.184194][ T5993] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1759.222738][ T5993] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1759.236322][ T5993] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1759.244351][ T5993] usb 6-1: SerialNumber: syz [ 1759.465603][T15754] tap0: tun_chr_ioctl cmd 1074025677 [ 1759.483355][ T5993] usb 6-1: 0:2 : does not exist [ 1759.488494][T15754] tap0: linktype set to 804 [ 1759.554407][ T24] uclogic 0003:256C:006D.00B2: unknown main item tag 0x0 [ 1759.570653][ T24] uclogic 0003:256C:006D.00B2: unknown main item tag 0x0 [ 1759.572607][ T5993] usb 6-1: USB disconnect, device number 66 [ 1759.578885][ T24] uclogic 0003:256C:006D.00B2: unknown main item tag 0x0 [ 1759.592118][ T24] uclogic 0003:256C:006D.00B2: unknown main item tag 0x0 [ 1759.616339][ T24] uclogic 0003:256C:006D.00B2: unknown main item tag 0x0 [ 1759.632275][T12828] udevd[12828]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1759.657301][ T24] uclogic 0003:256C:006D.00B2: hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.4-1/input1 [ 1760.070973][T15898] macvlan3: entered promiscuous mode [ 1760.077769][T15898] mac80211_hwsim hwsim68 wlan1: entered promiscuous mode [ 1760.365803][ T5993] usb 5-1: USB disconnect, device number 52 [ 1761.119691][ T5993] usb 5-1: new full-speed USB device number 53 using dummy_hcd [ 1761.298043][ T5993] usb 5-1: config 9 interface 0 has no altsetting 0 [ 1761.309943][ T5993] usb 5-1: New USB device found, idVendor=17cc, idProduct=1969, bcdDevice=34.15 [ 1761.319394][ T5993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1761.346023][ T5993] usb 5-1: Product: syz [ 1761.350244][ T5993] usb 5-1: Manufacturer: syz [ 1761.354853][ T5993] usb 5-1: SerialNumber: syz [ 1761.694158][T16213] loop9: detected capacity change from 0 to 7 [ 1761.704220][T12828] Dev loop9: unable to read RDB block 7 [ 1761.711092][T12828] loop9: unable to read partition table [ 1761.718488][T12828] loop9: partition table beyond EOD, truncated [ 1761.729797][T16213] Dev loop9: unable to read RDB block 7 [ 1761.735623][T16213] loop9: unable to read partition table [ 1761.760858][T16213] loop9: partition table beyond EOD, truncated [ 1761.776025][T16213] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 1761.849768][T16222] netlink: 'syz.1.36089': attribute type 2 has an invalid length. [ 1762.023252][ T5993] snd-usb-caiaq 5-1:9.0: invalid EPs [ 1762.056030][ T5993] usb 5-1: unable to init card! (ret=-22) [ 1762.063060][ T5993] snd-usb-caiaq 5-1:9.0: probe with driver snd-usb-caiaq failed with error -22 [ 1762.250536][T25399] usb 5-1: USB disconnect, device number 53 [ 1762.490467][ T30] audit: type=1326 audit(1775558763.536:3929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16263 comm="syz.1.36103" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x0 [ 1762.906139][T25399] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1763.082577][T25399] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1763.094150][T25399] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1763.105733][T25399] usb 3-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00 [ 1763.115431][T25399] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1763.133324][T25399] usb 3-1: config 0 descriptor?? [ 1763.301877][ T5993] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 1763.463538][ T5993] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 1763.474237][ T5993] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1763.488450][ T5993] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1763.511935][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1763.521639][ T5993] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1763.531228][ T5993] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1763.542576][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1763.554056][T25399] playstation 0003:054C:0BA0.00B3: unknown main item tag 0x0 [ 1763.561935][ T5993] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1763.572424][ T5993] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1763.587392][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1763.594157][T25399] playstation 0003:054C:0BA0.00B3: hidraw0: USB HID v0.00 Device [HID 054c:0ba0] on usb-dummy_hcd.2-1/input0 [ 1763.608219][ T5993] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1763.627481][ T5993] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1763.659027][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1763.680067][ T5993] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1763.703848][ T5993] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1763.746111][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1763.754094][ T5993] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1763.763369][T25399] playstation 0003:054C:0BA0.00B3: Failed to retrieve feature with reportID 18: -71 [ 1763.780729][ T5993] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1763.793071][T25399] playstation 0003:054C:0BA0.00B3: Failed to retrieve DualShock4 pairing info: -71 [ 1763.804818][T25399] playstation 0003:054C:0BA0.00B3: Failed to get MAC address from DualShock4 [ 1763.813766][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1763.821126][T25399] playstation 0003:054C:0BA0.00B3: Failed to create dualshock4. [ 1763.835057][ T5993] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1763.845225][ T30] audit: type=1326 audit(1775558764.896:3930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16468 comm="syz.4.36128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1763.847655][ T5993] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1763.868279][ T30] audit: type=1326 audit(1775558764.896:3931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16468 comm="syz.4.36128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1763.902770][ T30] audit: type=1326 audit(1775558764.896:3932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16468 comm="syz.4.36128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1763.925356][ T30] audit: type=1326 audit(1775558764.896:3933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16468 comm="syz.4.36128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1763.958454][T25399] playstation 0003:054C:0BA0.00B3: probe with driver playstation failed with error -71 [ 1763.975484][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1763.994896][T25399] usb 3-1: USB disconnect, device number 34 [ 1764.001369][ T5993] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1764.012195][ T30] audit: type=1326 audit(1775558764.896:3934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16468 comm="syz.4.36128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1764.043762][ T5993] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1764.057350][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1764.068701][ T30] audit: type=1326 audit(1775558764.896:3935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16468 comm="syz.4.36128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1764.124857][ T5993] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1764.134986][ T5993] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1764.153058][ T30] audit: type=1326 audit(1775558764.896:3936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16468 comm="syz.4.36128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1764.175868][ T5993] usb 6-1: Product: syz [ 1764.180051][ T5993] usb 6-1: Manufacturer: syz [ 1764.184656][ T5993] usb 6-1: SerialNumber: syz [ 1764.203177][ T5993] usb 6-1: config 0 descriptor?? [ 1764.213214][ T30] audit: type=1326 audit(1775558764.896:3937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16468 comm="syz.4.36128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1764.246962][ T5993] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 1764.259624][ T30] audit: type=1326 audit(1775558764.936:3938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16468 comm="syz.4.36128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=63 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1764.354233][T16594] netlink: 8 bytes leftover after parsing attributes in process `syz.4.36131'. [ 1764.364473][T16594] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1764.403553][T16598] netlink: 236 bytes leftover after parsing attributes in process `syz.1.36133'. [ 1764.688097][ C0] usb 6-1: yurex_control_callback - control failed: -71 [ 1764.689360][ T5912] usb 6-1: USB disconnect, device number 67 [ 1764.711205][T16620] netlink: 8 bytes leftover after parsing attributes in process `syz.4.36140'. [ 1764.730985][ T5912] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 1764.924546][T16638] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1765.536101][T16676] netlink: 'syz.5.36157': attribute type 1 has an invalid length. [ 1765.543999][T16676] netlink: 'syz.5.36157': attribute type 2 has an invalid length. [ 1765.698848][T16687] netlink: 'syz.1.36162': attribute type 8 has an invalid length. [ 1765.716663][T16687] netem: change failed [ 1766.036057][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1767.499570][T16914] netlink: 4 bytes leftover after parsing attributes in process `syz.4.36209'. [ 1767.648515][T17027] netlink: 12 bytes leftover after parsing attributes in process `syz.5.36212'. [ 1767.658026][T17027] netlink: 12 bytes leftover after parsing attributes in process `syz.5.36212'. [ 1767.660233][T17026] netlink: 4 bytes leftover after parsing attributes in process `syz.4.36211'. [ 1767.996005][ T6014] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 1768.047719][T17154] netlink: 12 bytes leftover after parsing attributes in process `syz.1.36218'. [ 1768.166128][ T6014] usb 6-1: Using ep0 maxpacket: 16 [ 1768.173303][ T6014] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1768.201903][ T6014] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1768.235098][ T6014] usb 6-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 1768.265489][ T6014] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1768.276578][ T6014] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 1768.285691][ T6014] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1768.309602][ T6014] usb 6-1: config 0 descriptor?? [ 1768.726372][ T6014] hid (null): unknown global tag 0x50 [ 1768.731831][ T6014] hid (null): unknown global tag 0xc [ 1768.929156][T25399] usb 6-1: USB disconnect, device number 68 [ 1769.466248][T25549] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 1769.626475][T25549] usb 2-1: Using ep0 maxpacket: 32 [ 1769.633195][T25549] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1769.642987][T25549] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1769.653963][T25549] usb 2-1: config 0 descriptor?? [ 1769.663201][T25549] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 1769.826547][T25399] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 1769.996112][T25399] usb 6-1: Using ep0 maxpacket: 16 [ 1770.003145][T25399] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1770.015292][T25399] usb 6-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 1770.024569][T25399] usb 6-1: New USB device strings: Mfr=34, Product=0, SerialNumber=0 [ 1770.033528][T25399] usb 6-1: Manufacturer: syz [ 1770.040906][T25399] usb 6-1: config 0 descriptor?? [ 1770.496014][T25549] gspca_vc032x: reg_w err -71 [ 1770.500741][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.508411][T25399] input: syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:041E:3100.00B5/input/input242 [ 1770.526364][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.531688][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.565643][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.571357][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.576858][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.582212][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.593550][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.611135][T25399] creative-sb0540 0003:041E:3100.00B5: input,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 1770.622835][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.635936][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.641279][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.652833][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.658474][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.663798][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.669173][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.674712][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.689306][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.694679][T25549] gspca_vc032x: I2c Bus Busy Wait 00 [ 1770.726890][T25549] gspca_vc032x: Unknown sensor... [ 1770.732068][T25549] vc032x 2-1:0.0: probe with driver vc032x failed with error -22 [ 1770.774757][T25549] usb 2-1: USB disconnect, device number 60 [ 1770.906432][ T6014] usb 6-1: USB disconnect, device number 69 [ 1770.948804][T17390] netlink: 28 bytes leftover after parsing attributes in process `syz.0.36252'. [ 1771.470542][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 1771.470558][ T30] audit: type=1326 audit(1775558772.516:3954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17437 comm="syz.2.36265" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x0 [ 1772.036091][ T6014] usb 2-1: new full-speed USB device number 61 using dummy_hcd [ 1772.198788][ T6014] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1772.209386][ T6014] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1772.221885][ T6014] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1772.232425][ T6014] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1772.245987][ T6014] usb 2-1: Product: syz [ 1772.254753][ T6014] usb 2-1: Manufacturer: syz [ 1772.260188][ T6014] usb 2-1: SerialNumber: syz [ 1772.624181][T17507] netlink: 16 bytes leftover after parsing attributes in process `syz.4.36288'. [ 1772.685492][ T6014] usb 2-1: 0:2 : does not exist [ 1772.818195][T17520] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 1772.841580][T17520] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1772.964836][T17526] dummy0: mtu less than device minimum [ 1773.128529][ T6014] usb 2-1: USB disconnect, device number 61 [ 1774.019929][T17692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.36315'. [ 1774.333227][T17710] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.36322'. [ 1774.765924][ T5912] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 1774.826705][T17737] loop8: detected capacity change from 0 to 7 [ 1774.841859][ C0] blk_print_req_error: 10 callbacks suppressed [ 1774.841877][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1774.857728][ C0] buffer_io_error: 10 callbacks suppressed [ 1774.857746][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 1774.884416][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 1774.893944][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1774.903593][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 1774.913737][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1774.919542][ T5912] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 1774.923398][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 1774.932688][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1774.945961][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1774.959003][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 1774.967260][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1774.976890][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 1774.985052][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1774.994703][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 1775.004090][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1775.013728][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 1775.022991][T17737] ldm_validate_partition_table(): Disk read failed. [ 1775.037720][ T5912] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1775.047106][ T5912] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1775.055576][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1775.055612][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 1775.078022][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1775.087688][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 1775.093636][T17748] netlink: 'syz.5.36337': attribute type 1 has an invalid length. [ 1775.104049][ T5912] usb 5-1: Manufacturer: syz [ 1775.104690][T17748] netlink: 'syz.5.36337': attribute type 7 has an invalid length. [ 1775.108937][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 1775.120682][ T5912] usb 5-1: config 0 descriptor?? [ 1775.127195][T17737] Dev loop8: unable to read RDB block 0 [ 1775.137060][T17737] loop8: unable to read partition table [ 1775.142918][T17737] loop8: partition table beyond EOD, truncated [ 1775.146108][T17748] netlink: 'syz.5.36337': attribute type 8 has an invalid length. [ 1775.150320][T17737] loop_reread_partitions: partition scan of loop8 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 1775.185973][T17748] netlink: 132 bytes leftover after parsing attributes in process `syz.5.36337'. [ 1775.266829][ T5912] rc_core: IR keymap rc-hauppauge not found [ 1775.272779][ T5912] Registered IR keymap rc-empty [ 1775.281558][ T5912] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 1775.301300][ T5912] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input243 [ 1776.081138][ T24] usb 5-1: USB disconnect, device number 54 [ 1776.806172][T25549] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 1776.976293][T25549] usb 2-1: Using ep0 maxpacket: 16 [ 1776.978111][ T5912] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1776.986464][T25549] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1777.016275][T25549] usb 2-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 25 [ 1777.039620][T25549] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1777.053738][T25549] usb 2-1: New USB device found, idVendor=1038, idProduct=12c2, bcdDevice= 0.00 [ 1777.064627][T25549] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1777.077000][T25549] usb 2-1: config 0 descriptor?? [ 1777.136981][ T5912] usb 3-1: Using ep0 maxpacket: 8 [ 1777.147840][ T5912] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1777.164554][ T5912] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1777.178735][T15507] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 1777.180835][ T5912] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1777.198543][ T5912] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1777.213655][ T5912] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1777.223189][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1777.357995][T15507] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 1777.367268][T15507] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1777.376960][T15507] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1777.387518][T15507] usb 6-1: config 220 has no interface number 2 [ 1777.393861][T15507] usb 6-1: config 220 interface 1 altsetting 5 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1777.405108][T15507] usb 6-1: config 220 interface 1 altsetting 5 bulk endpoint 0x1 has invalid maxpacket 0 [ 1777.405521][ T24] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 1777.415313][T15507] usb 6-1: config 220 interface 1 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 1777.443945][T15507] usb 6-1: config 220 interface 0 has no altsetting 0 [ 1777.455039][T15507] usb 6-1: config 220 interface 76 has no altsetting 0 [ 1777.462549][T15507] usb 6-1: config 220 interface 1 has no altsetting 0 [ 1777.465988][ T5912] usb 3-1: GET_CAPABILITIES returned 0 [ 1777.472089][T15507] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1777.475213][ T5912] usbtmc 3-1:16.0: can't read capabilities [ 1777.484655][T15507] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1777.501623][T15507] usb 6-1: Product: syz [ 1777.508072][T25549] steelseries 0003:1038:12C2.00B6: unknown main item tag 0x0 [ 1777.515501][T25549] steelseries 0003:1038:12C2.00B6: unknown main item tag 0x0 [ 1777.527305][T15507] usb 6-1: Manufacturer: syz [ 1777.531935][T15507] usb 6-1: SerialNumber: syz [ 1777.536882][T25549] steelseries 0003:1038:12C2.00B6: unknown main item tag 0x0 [ 1777.544308][T25549] steelseries 0003:1038:12C2.00B6: unknown main item tag 0x0 [ 1777.554504][T25549] steelseries 0003:1038:12C2.00B6: unknown main item tag 0x0 [ 1777.567147][T25549] steelseries 0003:1038:12C2.00B6: unknown main item tag 0x0 [ 1777.575046][T25549] steelseries 0003:1038:12C2.00B6: unknown main item tag 0x0 [ 1777.582839][T25549] steelseries 0003:1038:12C2.00B6: collection stack underflow [ 1777.586613][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 1777.591466][T25549] steelseries 0003:1038:12C2.00B6: item 0 0 0 12 parsing failed [ 1777.598448][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1777.604353][T25549] steelseries 0003:1038:12C2.00B6: probe with driver steelseries failed with error -22 [ 1777.616247][ T24] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1777.638921][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1777.651093][ T24] usb 5-1: config 0 descriptor?? [ 1777.693819][T25549] usb 3-1: USB disconnect, device number 35 [ 1777.774788][T15507] uvcvideo 6-1:220.1: Unknown video format 00000000-0000-0000-0000-000000000000 [ 1777.790697][ T5912] usb 2-1: USB disconnect, device number 62 [ 1777.793537][T15507] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 1777.810862][T15507] uvcvideo 6-1:220.0: No valid video chain found. [ 1777.820744][T15507] usb 6-1: selecting invalid altsetting 0 [ 1777.857514][T15507] usb 6-1: selecting invalid altsetting 0 [ 1777.869104][T15507] usbtest 6-1:220.1: probe with driver usbtest failed with error -22 [ 1777.884498][T15507] usb 6-1: USB disconnect, device number 70 [ 1778.051197][T18120] input: syz1 as /devices/virtual/input/input244 [ 1778.072544][ T24] mcp2221 0003:04D8:00DD.00B7: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 1778.506029][T25549] usb 5-1: USB disconnect, device number 55 [ 1779.776025][ T24] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 1779.936639][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 1779.944504][ T24] usb 2-1: config 0 has no interfaces? [ 1779.952687][ T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1779.962661][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1779.971604][ T24] usb 2-1: Product: syz [ 1779.976173][ T24] usb 2-1: Manufacturer: syz [ 1779.981729][ T24] usb 2-1: SerialNumber: syz [ 1779.990730][ T24] usb 2-1: config 0 descriptor?? [ 1780.210233][T25549] usb 2-1: USB disconnect, device number 63 [ 1780.268632][T18397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.36425'. [ 1780.326049][ T24] usb 6-1: new full-speed USB device number 71 using dummy_hcd [ 1780.499439][ T24] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1780.516432][ T24] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1780.529542][ T24] usb 6-1: Product: syz [ 1780.533785][ T24] usb 6-1: Manufacturer: syz [ 1780.545939][ T24] usb 6-1: SerialNumber: syz [ 1780.553377][ T24] usb 6-1: config 0 descriptor?? [ 1780.827231][ T24] usb 6-1: USB disconnect, device number 71 [ 1781.105073][T18455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.36433'. [ 1781.446862][T18469] kvm: kvm [18468]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x40000057) = 0xffffffffffffffff [ 1781.849031][ T796] hid-generic 0000:0000:0000.00B8: unknown main item tag 0x0 [ 1781.865483][T18591] netlink: 12 bytes leftover after parsing attributes in process `syz.4.36449'. [ 1781.875152][ T796] hid-generic 0000:0000:0000.00B8: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1782.293050][T18618] netem: incorrect gi model size [ 1782.296516][T18619] program syz.4.36458 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1782.311637][T18618] netem: change failed [ 1782.531027][T18731] hub 9-0:1.0: USB hub found [ 1782.538865][T18731] hub 9-0:1.0: 1 port detected [ 1782.753277][T18745] pim6reg: entered allmulticast mode [ 1782.809553][T18756] netlink: 24 bytes leftover after parsing attributes in process `syz.1.36470'. [ 1782.821399][T18744] pim6reg: left allmulticast mode [ 1782.851080][T18756] netlink: 24 bytes leftover after parsing attributes in process `syz.1.36470'. [ 1783.036305][ T796] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 1783.118879][T18783] netlink: 4 bytes leftover after parsing attributes in process `syz.1.36478'. [ 1783.196809][ T796] usb 6-1: Using ep0 maxpacket: 32 [ 1783.211696][ T796] usb 6-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 1783.224627][ T796] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1783.235486][ T796] usb 6-1: Product: syz [ 1783.241901][ T796] usb 6-1: Manufacturer: syz [ 1783.247182][ T796] usb 6-1: SerialNumber: syz [ 1783.255651][ T796] usb 6-1: config 0 descriptor?? [ 1783.316025][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1783.433224][T18806] kvm: kvm [18805]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010000) = 0xbf [ 1783.885570][ T796] peak_usb 6-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 1783.906052][ T796] peak_usb 6-1:0.0 can0: sending command failure: -22 [ 1783.917743][ T796] peak_usb 6-1:0.0 can0: sending command failure: -22 [ 1784.019630][ T796] peak_usb 6-1:0.0: probe with driver peak_usb failed with error -22 [ 1784.131784][ T796] usb 6-1: USB disconnect, device number 72 [ 1784.372379][T18969] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 1784.559901][T18976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.36507'. [ 1784.717746][T18978] kvm: apic: phys broadcast and lowest prio [ 1784.936005][ T796] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1785.087172][ T796] usb 5-1: Using ep0 maxpacket: 16 [ 1785.110814][ T796] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1785.122700][ T796] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1785.145949][ T796] usb 5-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00 [ 1785.155053][ T796] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1785.187317][ T796] usb 5-1: config 0 descriptor?? [ 1785.286124][ T5912] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 1785.349030][T19015] netlink: 12 bytes leftover after parsing attributes in process `syz.2.36518'. [ 1785.440723][T19018] netlink: 4 bytes leftover after parsing attributes in process `syz.0.36521'. [ 1785.452809][T19018] netlink: 4 bytes leftover after parsing attributes in process `syz.0.36521'. [ 1785.467073][ T5912] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1785.486233][ T5912] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1785.519698][ T5912] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1785.545935][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1785.607383][ T796] aureal 0003:0755:2626.00B9: unknown main item tag 0x0 [ 1785.614429][ T796] aureal 0003:0755:2626.00B9: unknown main item tag 0x0 [ 1785.645326][ T796] aureal 0003:0755:2626.00B9: unknown main item tag 0x0 [ 1785.665444][ T796] aureal 0003:0755:2626.00B9: unknown main item tag 0x0 [ 1785.676042][ T796] aureal 0003:0755:2626.00B9: unknown main item tag 0x0 [ 1785.683085][ T796] aureal 0003:0755:2626.00B9: unknown main item tag 0x0 [ 1785.695538][ T796] aureal 0003:0755:2626.00B9: unknown main item tag 0x0 [ 1785.706249][ T796] aureal 0003:0755:2626.00B9: unknown main item tag 0x0 [ 1785.713359][ T796] aureal 0003:0755:2626.00B9: unknown main item tag 0x0 [ 1785.724260][ T796] aureal 0003:0755:2626.00B9: unknown main item tag 0x0 [ 1785.735298][ T796] aureal 0003:0755:2626.00B9: hidraw0: USB HID v0.00 Device [HID 0755:2626] on usb-dummy_hcd.4-1/input0 [ 1785.852529][ T796] usb 5-1: USB disconnect, device number 56 [ 1785.892974][T19036] fido_id[19036]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 1786.406178][ T796] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 1786.570600][ T796] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1786.590347][ T5912] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 1786.601097][ T796] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1786.620932][ T5912] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input245 [ 1786.630653][ T796] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 1786.646343][ T796] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1786.654574][ T5912] input: failed to attach handler kbd to device input245, error: -5 [ 1786.693566][ T5912] usb 2-1: USB disconnect, device number 64 [ 1787.497889][ T796] hid-led 0003:27B8:01ED.00BA: probe with driver hid-led failed with error -71 [ 1787.530791][ T796] usb 3-1: USB disconnect, device number 36 [ 1787.789318][T19232] hub 9-0:1.0: USB hub found [ 1787.794538][T19232] hub 9-0:1.0: 1 port detected [ 1790.542874][T19659] pimreg: tun_chr_ioctl cmd 2147767521 [ 1790.630890][T19672] netlink: 'syz.1.36592': attribute type 14 has an invalid length. [ 1790.946136][T25399] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1791.106297][T25399] usb 5-1: Using ep0 maxpacket: 32 [ 1791.120137][T25399] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1791.134367][T25399] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1791.169107][T25399] usb 5-1: config 0 descriptor?? [ 1791.182168][T25399] gspca_main: sunplus-2.14.0 probing 041e:400b [ 1791.466192][ T796] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1791.618345][ T796] usb 3-1: Using ep0 maxpacket: 32 [ 1791.641027][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.649243][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1791.677634][ T796] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1791.699165][ T796] usb 3-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice= 0.40 [ 1791.715148][ T796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1791.740606][ T796] usb 3-1: Product: syz [ 1791.744819][ T796] usb 3-1: Manufacturer: syz [ 1791.756030][ T796] usb 3-1: SerialNumber: syz [ 1791.946078][T15507] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 1791.994909][T25399] gspca_sunplus: reg_w_riv err -71 [ 1792.000583][T25399] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 1792.023483][T25399] usb 5-1: USB disconnect, device number 57 [ 1792.059060][T19716] netlink: 24 bytes leftover after parsing attributes in process `syz.2.36604'. [ 1792.091871][ T796] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 1792.103914][ T796] usb 3-1: USB disconnect, device number 37 [ 1792.106352][T15507] usb 2-1: Using ep0 maxpacket: 16 [ 1792.146673][T15507] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 1792.165969][T15507] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1792.174008][T15507] usb 2-1: Product: syz [ 1792.205919][T15507] usb 2-1: Manufacturer: syz [ 1792.210667][T15507] usb 2-1: SerialNumber: syz [ 1792.220205][T15507] usb 2-1: config 0 descriptor?? [ 1792.239737][T15507] ums-onetouch 2-1:0.0: USB Mass Storage device detected [ 1792.470407][T15507] usb 2-1: USB disconnect, device number 65 [ 1792.529863][T19916] syzkaller0: tun_chr_ioctl cmd 1074025672 [ 1792.546315][T19916] syzkaller0: ignored: set checksum disabled [ 1792.635138][T19925] C: renamed from team_slave_0 (while UP) [ 1792.692192][T19925] netlink: 'syz.0.36628': attribute type 1 has an invalid length. [ 1792.724544][T19925] netlink: 128 bytes leftover after parsing attributes in process `syz.0.36628'. [ 1792.742752][T19925] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1793.016320][T19943] netlink: 4 bytes leftover after parsing attributes in process `syz.4.36636'. [ 1793.254137][T19957] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1793.641593][ T30] audit: type=1326 audit(1775558794.696:3955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20092 comm="syz.1.36650" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1793.695801][ T30] audit: type=1326 audit(1775558794.696:3956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20092 comm="syz.1.36650" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1793.770337][ T30] audit: type=1326 audit(1775558794.716:3957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20092 comm="syz.1.36650" exe="/root/syz-executor" sig=0 arch=40000003 syscall=440 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1793.816240][ T30] audit: type=1326 audit(1775558794.716:3958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20092 comm="syz.1.36650" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1793.875319][ T30] audit: type=1326 audit(1775558794.716:3959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20092 comm="syz.1.36650" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1793.953258][T20110] netlink: 16 bytes leftover after parsing attributes in process `syz.1.36657'. [ 1794.055570][T20114] kvm: kvm [20113]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010004) = 0xfffffffffffffffd [ 1794.127863][T20122] netlink: 20 bytes leftover after parsing attributes in process `syz.0.36659'. [ 1794.247627][T20131] cifs: Unknown parameter 'fd' [ 1795.436081][ T796] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 1795.607652][ T796] usb 2-1: Using ep0 maxpacket: 16 [ 1795.622432][ T796] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1795.634212][ T796] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1795.656404][ T796] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1795.665520][ T796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1795.693583][ T796] usb 2-1: config 0 descriptor?? [ 1796.115135][T20293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1796.149775][T20293] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1796.195091][ T796] hid_parser_main: 31 callbacks suppressed [ 1796.195114][ T796] nzxt-smart2 0003:1E71:2009.00BB: unknown main item tag 0x0 [ 1796.226013][ T796] nzxt-smart2 0003:1E71:2009.00BB: unknown main item tag 0x4 [ 1796.233486][ T796] nzxt-smart2 0003:1E71:2009.00BB: item fetching failed at offset 2/5 [ 1796.256770][ T796] nzxt-smart2 0003:1E71:2009.00BB: probe with driver nzxt-smart2 failed with error -22 [ 1796.393191][T15507] usb 2-1: USB disconnect, device number 66 [ 1797.727377][T20521] netlink: 4 bytes leftover after parsing attributes in process `syz.2.36727'. [ 1797.790259][T20526] netlink: 16 bytes leftover after parsing attributes in process `syz.2.36727'. [ 1798.764783][T20782] netlink: 8 bytes leftover after parsing attributes in process `syz.5.36748'. [ 1799.145983][ T24] usb 6-1: new full-speed USB device number 73 using dummy_hcd [ 1799.159018][T20812] cifs: Unknown parameter 'f,' [ 1799.299806][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1799.332890][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1799.348955][ T24] usb 6-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 1799.358438][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1799.369562][ T24] usb 6-1: config 0 descriptor?? [ 1799.456092][ T5912] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 1799.606950][ T5912] usb 3-1: Using ep0 maxpacket: 16 [ 1799.618045][ T5912] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1799.631249][ T5912] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1799.644524][ T5912] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1799.655336][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1799.664887][ T5912] usb 3-1: Product: syz [ 1799.669545][ T5912] usb 3-1: Manufacturer: syz [ 1799.674222][ T5912] usb 3-1: SerialNumber: syz [ 1799.786113][ T24] petalynx 0003:18B1:0037.00BC: unknown main item tag 0x0 [ 1799.793332][ T24] petalynx 0003:18B1:0037.00BC: unknown main item tag 0x0 [ 1799.816403][ T24] petalynx 0003:18B1:0037.00BC: unknown main item tag 0x0 [ 1799.828836][ T24] petalynx 0003:18B1:0037.00BC: unknown main item tag 0x0 [ 1799.846293][ T24] petalynx 0003:18B1:0037.00BC: unknown main item tag 0x0 [ 1799.856880][ T24] petalynx 0003:18B1:0037.00BC: unknown main item tag 0x0 [ 1799.864455][ T24] petalynx 0003:18B1:0037.00BC: unknown main item tag 0x0 [ 1799.872633][ T24] petalynx 0003:18B1:0037.00BC: unknown main item tag 0x0 [ 1799.882062][ T24] petalynx 0003:18B1:0037.00BC: unknown global tag 0xd [ 1799.899726][ T24] petalynx 0003:18B1:0037.00BC: item 0 4 1 13 parsing failed [ 1799.917161][ T24] petalynx 0003:18B1:0037.00BC: parse failed [ 1799.941150][ T24] petalynx 0003:18B1:0037.00BC: probe with driver petalynx failed with error -22 [ 1800.010666][ T24] usb 6-1: USB disconnect, device number 73 [ 1800.089630][T20958] netlink: 'syz.0.36769': attribute type 4 has an invalid length. [ 1800.100636][ T5912] usb 3-1: 0:2 : does not exist [ 1800.529344][ T5912] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 1800.627167][ T5912] usb 3-1: USB disconnect, device number 38 [ 1800.690460][T12828] udevd[12828]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1802.190592][T21227] netlink: 4 bytes leftover after parsing attributes in process `syz.5.36809'. [ 1802.203683][T21227] netlink: 4 bytes leftover after parsing attributes in process `syz.5.36809'. [ 1802.246129][ T5912] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1802.408025][ T5912] usb 5-1: Using ep0 maxpacket: 32 [ 1802.420713][ T5912] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 1802.431638][ T5912] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1802.452004][ T5912] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1802.472067][ T5912] usb 5-1: config 1 has no interface number 0 [ 1802.478706][ T5912] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1802.484171][T21343] netlink: 32 bytes leftover after parsing attributes in process `syz.2.36816'. [ 1802.494690][ T5912] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1802.499646][T21338] tap0: tun_chr_ioctl cmd 3233846309 [ 1802.513529][ T5912] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1802.538308][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1802.572616][ T5912] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 1802.698014][T21358] futex_wake_op: syz.5.36819 tries to shift op by 32; fix this program [ 1802.726038][ T796] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 1802.781114][ T5912] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached [ 1802.886483][ T796] usb 2-1: Using ep0 maxpacket: 16 [ 1802.898740][ T796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1802.918998][ T796] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1802.929137][ T796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1802.947351][ T796] usb 2-1: config 0 descriptor?? [ 1803.195963][T25399] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1803.211466][ T5912] usb 5-1: USB disconnect, device number 58 [ 1803.224812][ T5912] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 1803.346788][T25399] usb 3-1: Using ep0 maxpacket: 32 [ 1803.353802][T25399] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 1803.362269][T25399] usb 3-1: config 0 has no interface number 0 [ 1803.370708][T25399] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1803.379876][T25399] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1803.387783][ T796] mcp2221 0003:04D8:00DD.00BD: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 1803.391414][T25399] usb 3-1: Product: syz [ 1803.402473][T25399] usb 3-1: Manufacturer: syz [ 1803.408284][T25399] usb 3-1: SerialNumber: syz [ 1803.415466][T25399] usb 3-1: config 0 descriptor?? [ 1803.424075][T25399] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1803.476362][T15507] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 1803.629859][T25399] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1803.641712][T15507] usb 6-1: config 2 has an invalid interface number: 97 but max is 0 [ 1803.652692][T15507] usb 6-1: config 2 has no interface number 0 [ 1803.659812][T25399] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1803.669376][T15507] usb 6-1: config 2 interface 97 altsetting 13 bulk endpoint 0x1 has invalid maxpacket 64 [ 1803.683369][T15507] usb 6-1: config 2 interface 97 altsetting 13 bulk endpoint 0x82 has invalid maxpacket 64 [ 1803.694213][T15507] usb 6-1: config 2 interface 97 has no altsetting 0 [ 1803.703977][T15507] usb 6-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1803.726225][T15507] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1803.734281][T15507] usb 6-1: Product: syz [ 1803.741830][T15507] usb 6-1: Manufacturer: syz [ 1803.747267][T15507] usb 6-1: SerialNumber: syz [ 1803.772701][T21398] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1803.783130][T21398] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1803.802149][ T796] usb 2-1: USB disconnect, device number 67 [ 1803.840612][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 24 [ 1804.068557][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1804.072820][ T796] usb 3-1: USB disconnect, device number 39 [ 1804.111333][ T796] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1804.136848][ T796] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1804.161044][ T796] quatech2 3-1:0.51: device disconnected [ 1804.216398][T15507] usb-storage 6-1:2.97: USB Mass Storage device detected [ 1804.228546][T15507] usb-storage 6-1:2.97: Quirks match for vid 04e6 pid 000b: 4 [ 1804.425102][T15507] scsi host1: usb-storage 6-1:2.97 [ 1804.649894][T25399] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1804.663902][ T796] usb 6-1: USB disconnect, device number 74 [ 1804.812783][T25399] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1804.828201][T25399] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1804.841697][T25399] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1804.852734][T25399] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1804.879958][T21491] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1804.899713][T25399] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1805.106346][ T24] usb 2-1: USB disconnect, device number 68 [ 1805.264551][ T796] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1805.313077][ T30] audit: type=1326 audit(1775558806.366:3960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21577 comm="syz.4.36856" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1805.336810][ T30] audit: type=1326 audit(1775558806.396:3961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21577 comm="syz.4.36856" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1805.360644][ T30] audit: type=1326 audit(1775558806.416:3962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21577 comm="syz.4.36856" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1805.384707][ T30] audit: type=1326 audit(1775558806.416:3963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21577 comm="syz.4.36856" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1805.436053][ T796] usb 3-1: Using ep0 maxpacket: 8 [ 1805.442900][ T796] usb 3-1: config 0 has an invalid interface number: 186 but max is 0 [ 1805.455287][ T30] audit: type=1326 audit(1775558806.416:3964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21577 comm="syz.4.36856" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1805.459337][ T796] usb 3-1: config 0 has no interface number 0 [ 1805.478703][ T30] audit: type=1326 audit(1775558806.436:3965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21577 comm="syz.4.36856" exe="/root/syz-executor" sig=0 arch=40000003 syscall=444 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1805.518762][ T30] audit: type=1326 audit(1775558806.436:3966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21577 comm="syz.4.36856" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1805.528638][ T796] usb 3-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1805.542706][ T30] audit: type=1326 audit(1775558806.436:3967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21577 comm="syz.4.36856" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1805.574168][ T796] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x1 has an invalid bInterval 18, changing to 8 [ 1805.578506][ T30] audit: type=1326 audit(1775558806.436:3968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21577 comm="syz.4.36856" exe="/root/syz-executor" sig=0 arch=40000003 syscall=445 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1805.596369][ T796] usb 3-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 1805.608949][ T30] audit: type=1326 audit(1775558806.436:3969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21577 comm="syz.4.36856" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08f6c code=0x7ffc0000 [ 1805.665895][ T796] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1805.678160][ T796] usb 3-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 1805.734542][ T796] usb 3-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 1805.744867][ T796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1805.764916][ T796] usb 3-1: Product: syz [ 1805.771645][ T796] usb 3-1: Manufacturer: syz [ 1805.776535][ T796] usb 3-1: SerialNumber: syz [ 1805.797992][ T796] usb 3-1: config 0 descriptor?? [ 1806.034320][ T796] iowarrior 3-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0 [ 1806.088356][T21606] tipc: Enabling of bearer rejected, already enabled [ 1806.269420][ T796] usb 3-1: USB disconnect, device number 40 [ 1806.779584][T21681] netlink: 'syz.4.36880': attribute type 10 has an invalid length. [ 1806.926734][T21691] 8021q: VLANs not supported on team0 [ 1807.492208][T21731] netlink: 4 bytes leftover after parsing attributes in process `syz.4.36897'. [ 1809.311789][T22035] netlink: 4 bytes leftover after parsing attributes in process `syz.4.36934'. [ 1809.346362][T22035] netlink: 4 bytes leftover after parsing attributes in process `syz.4.36934'. [ 1810.692688][T22204] program syz.2.36960 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1810.705221][T22206] netlink: 4 bytes leftover after parsing attributes in process `syz.5.36961'. [ 1810.744980][T22208] program syz.2.36960 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1810.793490][T22210] sctp: [Deprecated]: syz.4.36962 (pid 22210) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1810.793490][T22210] Use struct sctp_sack_info instead [ 1811.359843][T25399] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1811.536698][T25399] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 1811.545271][T25399] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1811.556794][T25399] usb 5-1: config 220 has an invalid descriptor of length 41, skipping remainder of the config [ 1811.586208][T25399] usb 5-1: config 220 has no interface number 2 [ 1811.592942][T25399] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1811.608977][T25399] usb 5-1: config 220 interface 0 has no altsetting 0 [ 1811.616082][T25399] usb 5-1: config 220 interface 76 has no altsetting 0 [ 1811.628979][T25399] usb 5-1: config 220 interface 1 has no altsetting 0 [ 1811.647090][T25399] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1811.676903][T25399] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1811.684934][T25399] usb 5-1: Product: syz [ 1811.704040][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1811.704062][ T30] audit: type=1326 audit(1775558812.756:3971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22275 comm="syz.1.36988" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x0 [ 1811.733029][T25399] usb 5-1: Manufacturer: syz [ 1811.735970][ T796] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 1811.737814][T25399] usb 5-1: SerialNumber: syz [ 1811.895954][ T796] usb 3-1: Using ep0 maxpacket: 8 [ 1811.909559][ T796] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1811.928238][ T796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1811.936535][ T796] usb 3-1: Product: syz [ 1811.940885][ T796] usb 3-1: Manufacturer: syz [ 1811.945494][ T796] usb 3-1: SerialNumber: syz [ 1811.958154][ T796] usb 3-1: config 0 descriptor?? [ 1811.976841][ T796] gspca_main: se401-2.14.0 probing 047d:5003 [ 1811.993625][T25399] usb 5-1: selecting invalid altsetting 0 [ 1812.013519][T25399] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 1812.022753][T25399] uvcvideo 5-1:220.0: No valid video chain found. [ 1812.044482][T25399] usb 5-1: selecting invalid altsetting 0 [ 1812.052035][T25399] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 1812.060133][T22296] netlink: 16 bytes leftover after parsing attributes in process `syz.5.36992'. [ 1812.075393][T25399] usb 5-1: USB disconnect, device number 59 [ 1812.155374][T22304] bridge0: port 2(bridge_slave_1) entered disabled state [ 1812.165269][T22304] bridge0: port 1(bridge_slave_0) entered disabled state [ 1812.378253][ T796] gspca_se401: Too many frame sizes [ 1812.516266][T15507] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 1812.599723][T25399] usb 3-1: USB disconnect, device number 41 [ 1812.676031][T15507] usb 6-1: Using ep0 maxpacket: 32 [ 1812.682918][T15507] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 1812.696864][T15507] usb 6-1: config 0 has no interface number 0 [ 1812.707877][T15507] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1812.717407][T15507] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1812.725426][T15507] usb 6-1: Product: syz [ 1812.730195][T15507] usb 6-1: Manufacturer: syz [ 1812.734935][T15507] usb 6-1: SerialNumber: syz [ 1812.745461][T15507] usb 6-1: config 0 descriptor?? [ 1812.759525][T15507] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1812.963148][T15507] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1812.981459][T15507] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1813.362493][ C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1813.371238][T25549] usb 6-1: USB disconnect, device number 75 [ 1813.381206][T25549] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1813.403897][T25549] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1813.420354][T25549] quatech2 6-1:0.51: device disconnected [ 1813.531649][T22372] kvm: kvm [22371]: vcpu128, guest rIP: 0xfff0 Unhandled RDMSR(0x40000076) [ 1813.576197][T15507] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1813.736177][T15507] usb 5-1: Using ep0 maxpacket: 16 [ 1813.746449][T15507] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1813.757945][T15507] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1813.773901][T15507] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 1813.786162][T15507] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1813.799000][T15507] usb 5-1: config 0 descriptor?? [ 1814.226149][T15507] hid_parser_main: 47 callbacks suppressed [ 1814.226170][T15507] hid-multitouch 0003:1FD2:6007.00BE: unknown main item tag 0x0 [ 1814.240932][T15507] hid-multitouch 0003:1FD2:6007.00BE: unknown main item tag 0x0 [ 1814.249030][T15507] hid-multitouch 0003:1FD2:6007.00BE: unknown main item tag 0x0 [ 1814.257339][T15507] hid-multitouch 0003:1FD2:6007.00BE: unknown main item tag 0x0 [ 1814.265049][T15507] hid-multitouch 0003:1FD2:6007.00BE: unknown main item tag 0x0 [ 1814.317169][T15507] hid-multitouch 0003:1FD2:6007.00BE: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 1814.398771][T22516] x_tables: ip6_tables: recent.0 match: invalid size 216 (kernel) != (user) 232 [ 1814.538503][T25549] usb 5-1: USB disconnect, device number 60 [ 1815.993740][T22609] netlink: 4 bytes leftover after parsing attributes in process `syz.5.37053'. [ 1816.602657][T22739] loop9: detected capacity change from 0 to 7 [ 1816.637206][T12974] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 1816.642563][T12974] loop9: partition table partially beyond EOD, truncated [ 1816.653898][T12974] loop9: p1 size 2437361653 extends beyond EOD, truncated [ 1816.684554][T22739] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 1816.693235][T22739] loop9: partition table partially beyond EOD, truncated [ 1816.704578][T22739] loop9: p1 size 2437361653 extends beyond EOD, truncated [ 1816.781927][T12828] udevd[12828]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory [ 1816.822662][T12828] udevd[12828]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory [ 1817.236284][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1817.499143][T22895] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.37082'. [ 1817.606163][T22900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37084'. [ 1817.832964][T22941] sit0: entered promiscuous mode [ 1817.856478][T22941] netlink: 'syz.1.37087': attribute type 1 has an invalid length. [ 1817.876092][T22941] netlink: 1 bytes leftover after parsing attributes in process `syz.1.37087'. [ 1818.516064][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1818.951991][T23008] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37111'. [ 1818.965715][T23008] netlink: 8 bytes leftover after parsing attributes in process `syz.1.37111'. [ 1819.316533][T22785] Bluetooth: hci2: command 0x0406 tx timeout [ 1819.848801][T23147] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37126'. [ 1820.077425][T23157] netlink: 16 bytes leftover after parsing attributes in process `syz.2.37130'. [ 1820.224727][T23168] pimreg: tun_chr_ioctl cmd 1074025677 [ 1820.231392][T23168] pimreg: linktype set to 805 [ 1820.912218][T23211] loop4: detected capacity change from 0 to 524287936 [ 1821.114808][T23271] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 1821.121372][T23271] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1821.214466][T23271] vhci_hcd vhci_hcd.0: Device attached [ 1821.290747][T23322] vhci_hcd: connection closed [ 1821.291103][ T1044] vhci_hcd vhci_hcd.0: stop threads [ 1821.301919][ T1044] vhci_hcd vhci_hcd.0: release socket [ 1821.317165][ T1044] vhci_hcd vhci_hcd.0: disconnect device [ 1821.326303][ T796] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 1821.497151][ T30] audit: type=1326 audit(1775558822.556:3972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23441 comm="syz.5.37157" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 1821.552401][ T30] audit: type=1326 audit(1775558822.556:3973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23441 comm="syz.5.37157" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 1821.601554][ T30] audit: type=1326 audit(1775558822.556:3974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23441 comm="syz.5.37157" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 1821.654975][ T30] audit: type=1326 audit(1775558822.556:3975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23441 comm="syz.5.37157" exe="/root/syz-executor" sig=0 arch=40000003 syscall=395 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 1821.705634][T23457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.37164'. [ 1821.716515][ T30] audit: type=1326 audit(1775558822.556:3976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23441 comm="syz.5.37157" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 1821.776237][ T30] audit: type=1326 audit(1775558822.556:3977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23441 comm="syz.5.37157" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 1821.814008][ T30] audit: type=1326 audit(1775558822.556:3978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23441 comm="syz.5.37157" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 1821.841009][ T30] audit: type=1326 audit(1775558822.556:3979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23441 comm="syz.5.37157" exe="/root/syz-executor" sig=0 arch=40000003 syscall=397 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 1821.902776][ T30] audit: type=1326 audit(1775558822.556:3980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23441 comm="syz.5.37157" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 1821.926619][ T30] audit: type=1326 audit(1775558822.556:3981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23441 comm="syz.5.37157" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 1822.058697][T23577] netlink: 8 bytes leftover after parsing attributes in process `syz.4.37169'. [ 1822.714617][T23625] netlink: 8 bytes leftover after parsing attributes in process `syz.4.37186'. [ 1822.809332][T23630] bridge0: port 1(bridge_slave_0) entered blocking state [ 1822.816574][T23630] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1823.130246][T23655] netlink: 4 bytes leftover after parsing attributes in process `syz.5.37198'. [ 1823.731088][T23785] macvlan2: entered promiscuous mode [ 1823.745086][T23785] bridge0: entered promiscuous mode [ 1823.925024][T23801] netlink: 19 bytes leftover after parsing attributes in process `syz.5.37215'. [ 1823.936395][T25399] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 1824.105952][T25399] usb 3-1: Using ep0 maxpacket: 8 [ 1824.112668][T25399] usb 3-1: config 0 has an invalid interface number: 71 but max is 0 [ 1824.121481][T25399] usb 3-1: config 0 has no interface number 0 [ 1824.128069][T25399] usb 3-1: config 0 interface 71 has no altsetting 0 [ 1824.134994][T25399] usb 3-1: New USB device found, idVendor=1604, idProduct=8005, bcdDevice=13.88 [ 1824.166372][T25399] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1824.187717][T25399] usb 3-1: config 0 descriptor?? [ 1824.421668][T25399] usb 3-1: string descriptor 0 read error: -71 [ 1824.524896][T25399] usb 3-1: USB disconnect, device number 42 [ 1825.336215][T25399] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1825.496023][T25399] usb 5-1: Using ep0 maxpacket: 16 [ 1825.508563][T25399] usb 5-1: config 166 has an invalid interface number: 177 but max is 1 [ 1825.526237][T25399] usb 5-1: config 166 has an invalid interface number: 34 but max is 1 [ 1825.534800][T25399] usb 5-1: config 166 has no interface number 0 [ 1825.541580][T25399] usb 5-1: config 166 has no interface number 1 [ 1825.548565][T25399] usb 5-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 1825.560724][T25399] usb 5-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 1825.572431][T25399] usb 5-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 1825.584056][T25399] usb 5-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 1825.596241][ T6014] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1825.597091][T25399] usb 5-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 1825.615956][T25399] usb 5-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 1825.627675][T25399] usb 5-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 1825.639636][T25399] usb 5-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0 [ 1825.650186][T25399] usb 5-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 1825.663752][T25399] usb 5-1: config 166 interface 177 has no altsetting 0 [ 1825.671317][T25399] usb 5-1: config 166 interface 34 has no altsetting 0 [ 1825.680906][T25399] usb 5-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 1825.690327][T25399] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1825.699468][T25399] usb 5-1: Product: syz [ 1825.703953][T25399] usb 5-1: Manufacturer: syz [ 1825.708664][T25399] usb 5-1: SerialNumber: syz [ 1825.756110][ T6014] usb 3-1: Using ep0 maxpacket: 8 [ 1825.763064][ T6014] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 1825.775706][ T6014] usb 3-1: config 0 has no interface number 0 [ 1825.782305][ T6014] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1825.795517][ T6014] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1825.809250][ T6014] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1825.821252][ T6014] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1825.835068][ T6014] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1825.852054][ T6014] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1825.866707][ T6014] usb 3-1: config 0 descriptor?? [ 1825.887208][ T6014] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1825.921740][T25399] ums-realtek 5-1:166.177: USB Mass Storage device detected [ 1826.104510][ T796] usb 3-1: USB disconnect, device number 43 [ 1826.110689][ C1] ldusb 3-1:0.55: usb_submit_urb failed (-19) [ 1826.123450][T25399] ums-realtek 5-1:166.34: USB Mass Storage device detected [ 1826.137715][ T796] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 1826.327624][T24344] netlink: 32 bytes leftover after parsing attributes in process `syz.1.37249'. [ 1826.364068][T25399] ums-realtek 5-1:166.34: probe with driver ums-realtek failed with error -5 [ 1826.524266][T25399] uvcvideo 5-1:166.34: Found UVC 0.00 device syz (0bda:0138) [ 1826.537454][T25399] uvcvideo 5-1:166.34: No valid video chain found. [ 1826.563390][T25399] usb 5-1: USB disconnect, device number 61 [ 1827.609314][T24720] overlay: Unknown parameter 'f' [ 1827.671057][T24726] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37274'. [ 1827.715010][T24729] VFS: Mount too revealing [ 1827.822495][T24737] netlink: 'syz.1.37279': attribute type 30 has an invalid length. [ 1828.066234][T15507] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 1828.229160][T15507] usb 3-1: Using ep0 maxpacket: 32 [ 1828.244829][T15507] usb 3-1: config index 0 descriptor too short (expected 164, got 36) [ 1828.264783][T15507] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1828.295920][T15507] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1828.336108][T15507] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 1828.372025][T15507] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1828.396185][T15507] usb 3-1: config 0 descriptor?? [ 1828.524441][T24777] netlink: 12 bytes leftover after parsing attributes in process `syz.1.37293'. [ 1828.567111][T24777] netlink: 12 bytes leftover after parsing attributes in process `syz.1.37293'. [ 1828.824681][T15507] logitech 0003:046D:C29C.00BF: item fetching failed at offset 0/5 [ 1828.845334][T15507] logitech 0003:046D:C29C.00BF: parse failed [ 1828.869370][T15507] logitech 0003:046D:C29C.00BF: probe with driver logitech failed with error -22 [ 1829.054941][T15507] usb 3-1: USB disconnect, device number 44 [ 1829.299202][T24919] netlink: 128 bytes leftover after parsing attributes in process `syz.0.37310'. [ 1829.308670][T24919] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1829.445905][ T796] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1829.607379][ T796] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1829.634751][ T796] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1829.646983][ T796] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 1829.656891][ T796] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1829.668473][ T796] usb 5-1: config 0 descriptor?? [ 1829.729828][T24963] kvm: kvm [24962]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x400006 [ 1829.776047][ T24] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1829.867044][T24971] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1829.873271][T24971] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1829.884951][T24971] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1829.910467][T24971] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1829.938568][ T24] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1829.952304][ T24] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 1829.962297][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1829.970500][ T24] usb 2-1: Product: syz [ 1829.971283][T24971] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1829.974693][ T24] usb 2-1: Manufacturer: syz [ 1829.985317][ T24] usb 2-1: SerialNumber: syz [ 1829.997821][ T24] usb 2-1: config 0 descriptor?? [ 1830.028007][T24971] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1830.040169][T24971] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1830.047865][T24971] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1830.061641][T24971] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1830.089454][ T796] hid-led 0003:1D34:000A.00C0: unknown main item tag 0x0 [ 1830.098144][ T796] hid-led 0003:1D34:000A.00C0: unknown main item tag 0x0 [ 1830.105230][ T796] hid-led 0003:1D34:000A.00C0: unknown main item tag 0x0 [ 1830.243523][ T24] usb 2-1: USB disconnect, device number 69 [ 1830.288938][ T796] hid-led 0003:1D34:000A.00C0: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.4-1/input0 [ 1830.312480][ T796] hid-led 0003:1D34:000A.00C0: Dream Cheeky Webmail Notifier initialized [ 1830.490191][T25549] usb 5-1: USB disconnect, device number 62 [ 1831.111176][T25066] netlink: 212356 bytes leftover after parsing attributes in process `syz.4.37343'. [ 1831.246890][T25071] netlink: 'syz.1.37345': attribute type 27 has an invalid length. [ 1831.264951][T25071] netlink: 'syz.1.37345': attribute type 4 has an invalid length. [ 1831.283781][T25071] netlink: 152 bytes leftover after parsing attributes in process `syz.1.37345'. [ 1831.296422][T25075] macsec0: entered promiscuous mode [ 1831.303784][T25075] macsec0: left promiscuous mode [ 1831.876046][ T1746] Bluetooth: hci2: command 0x0406 tx timeout [ 1831.882838][T22785] Bluetooth: hci0: command 0x0c1a tx timeout [ 1831.956135][ T1746] Bluetooth: hci3: command 0x0c1a tx timeout [ 1832.126082][ T1746] Bluetooth: hci4: command 0x0c1a tx timeout [ 1832.725984][ T24] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1832.823944][T25171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37380'. [ 1832.876767][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 1832.896522][ T24] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1064, setting to 1024 [ 1832.910639][ T24] usb 5-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40 [ 1832.921298][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1832.938139][ T24] usb 5-1: Product: syz [ 1832.942347][ T24] usb 5-1: Manufacturer: syz [ 1832.948366][ T24] usb 5-1: SerialNumber: syz [ 1833.096203][T25549] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 1833.256340][T25549] usb 3-1: Using ep0 maxpacket: 8 [ 1833.263025][T25549] usb 3-1: config 0 has no interfaces? [ 1833.270962][T25549] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 1833.280773][T25549] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1833.289475][T25549] usb 3-1: Product: syz [ 1833.294197][T25549] usb 3-1: Manufacturer: syz [ 1833.301488][T25549] usb 3-1: SerialNumber: syz [ 1833.309158][T25549] usb 3-1: config 0 descriptor?? [ 1833.540703][T25549] usb 3-1: USB disconnect, device number 45 [ 1833.597512][T25227] vivid-002: disconnect [ 1833.604003][T25226] vivid-002: reconnect [ 1833.720959][T25237] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37403'. [ 1833.734865][T25237] netlink: 116 bytes leftover after parsing attributes in process `syz.1.37403'. [ 1833.769836][ T24] snd-ua101 5-1:1.1: sample format descriptor not found [ 1833.777871][ T24] snd-ua101 5-1:1.0: invalid num_altsetting [ 1833.785523][T25237] netlink: 116 bytes leftover after parsing attributes in process `syz.1.37403'. [ 1833.818364][ T24] usb 5-1: USB disconnect, device number 63 [ 1833.866056][T22944] usb 6-1: new high-speed USB device number 76 using dummy_hcd [ 1833.903119][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 1833.903135][ T30] audit: type=1326 audit(1775558834.956:3990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25254 comm="syz.1.37405" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1833.953381][ T30] audit: type=1326 audit(1775558834.996:3991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25254 comm="syz.1.37405" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1833.976123][ T1746] Bluetooth: hci2: command 0x0406 tx timeout [ 1833.986332][ T30] audit: type=1326 audit(1775558834.996:3992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25254 comm="syz.1.37405" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1834.009163][ T30] audit: type=1326 audit(1775558834.996:3993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25254 comm="syz.1.37405" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1834.032007][T22944] usb 6-1: Using ep0 maxpacket: 16 [ 1834.037974][ T1746] Bluetooth: hci3: command 0x0c1a tx timeout [ 1834.044313][ T30] audit: type=1326 audit(1775558834.996:3994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25254 comm="syz.1.37405" exe="/root/syz-executor" sig=0 arch=40000003 syscall=434 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1834.068796][ T30] audit: type=1326 audit(1775558834.996:3995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25254 comm="syz.1.37405" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1834.091568][ T30] audit: type=1326 audit(1775558834.996:3996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25254 comm="syz.1.37405" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1834.114640][T22944] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1834.126459][T22944] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1834.137041][T22944] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1834.150242][ T30] audit: type=1326 audit(1775558834.996:3997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25254 comm="syz.1.37405" exe="/root/syz-executor" sig=0 arch=40000003 syscall=438 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1834.172708][T22944] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1834.181904][T22944] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1834.195981][ T1746] Bluetooth: hci4: command 0x0c1a tx timeout [ 1834.215951][ T30] audit: type=1326 audit(1775558834.996:3998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25254 comm="syz.1.37405" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1834.247398][ T30] audit: type=1326 audit(1775558834.996:3999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25254 comm="syz.1.37405" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000 [ 1834.270544][T22944] usb 6-1: config 0 descriptor?? [ 1834.691526][T22944] microsoft 0003:045E:07DA.00C1: item 0 4 0 11 parsing failed [ 1834.700091][T22944] microsoft 0003:045E:07DA.00C1: parse failed [ 1834.706662][T22944] microsoft 0003:045E:07DA.00C1: probe with driver microsoft failed with error -22 [ 1834.754374][T25398] loop7: detected capacity change from 0 to 7 [ 1834.895703][T25549] usb 6-1: USB disconnect, device number 76 [ 1835.303285][T25442] [ 1835.305662][T25442] ===================================================== [ 1835.312596][T25442] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1835.320068][T25442] syzkaller #0 Tainted: G L [ 1835.326050][T25442] ----------------------------------------------------- [ 1835.332981][T25442] syz.2.37425/25442 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1835.340797][T25442] ffffffff8e40c058 (tasklist_lock){.+.+}-{3:3}, at: send_sigio+0x101/0x370 [ 1835.349456][T25442] [ 1835.349456][T25442] and this task is already holding: [ 1835.356824][T25442] ffff888059ee3d20 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 [ 1835.365468][T25442] which would create a new lock dependency: [ 1835.371371][T25442] (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} [ 1835.378971][T25442] [ 1835.378971][T25442] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1835.388423][T25442] (&client->buffer_lock){..-.}-{3:3} [ 1835.388457][T25442] [ 1835.388457][T25442] ... which became SOFTIRQ-irq-safe at: [ 1835.401530][T25442] lock_acquire+0xf0/0x2e0 [ 1835.406055][T25442] _raw_spin_lock+0x2e/0x40 [ 1835.410653][T25442] evdev_pass_values+0xb9/0xbd0 [ 1835.415584][T25442] evdev_events+0x1e6/0x340 [ 1835.420181][T25442] input_pass_values+0x288/0x890 [ 1835.425190][T25442] input_event_dispose+0x330/0x6b0 [ 1835.430397][T25442] input_event+0x89/0xe0 [ 1835.434714][T25442] creative_sb0540_raw_event+0x38e/0x430 [ 1835.440420][T25442] hid_input_report+0x41d/0x580 [ 1835.445351][T25442] hid_irq_in+0x47e/0x6d0 [ 1835.449754][T25442] __usb_hcd_giveback_urb+0x376/0x540 [ 1835.455212][T25442] dummy_timer+0xbbd/0x4650 [ 1835.459786][T25442] __hrtimer_run_queues+0x53a/0xcc0 [ 1835.465087][T25442] hrtimer_run_softirq+0x182/0x5a0 [ 1835.470278][T25442] handle_softirqs+0x22a/0x870 [ 1835.475132][T25442] __irq_exit_rcu+0x5f/0x150 [ 1835.479794][T25442] irq_exit_rcu+0x9/0x30 [ 1835.484110][T25442] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1835.489898][T25442] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1835.495948][T25442] lock_acquire+0x20b/0x2e0 [ 1835.500527][T25442] kernfs_root+0x38/0x230 [ 1835.504929][T25442] kernfs_parent+0x51/0x190 [ 1835.509503][T25442] kernfs_iop_get_link+0x10d/0x6c0 [ 1835.514692][T25442] vfs_readlink+0x24a/0x540 [ 1835.519272][T25442] do_readlinkat+0x218/0x510 [ 1835.523935][T25442] __x64_sys_readlink+0x7f/0x90 [ 1835.528861][T25442] do_syscall_64+0x14d/0xf80 [ 1835.533525][T25442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1835.539487][T25442] [ 1835.539487][T25442] to a SOFTIRQ-irq-unsafe lock: [ 1835.546485][T25442] (tasklist_lock){.+.+}-{3:3} [ 1835.546509][T25442] [ 1835.546509][T25442] ... which became SOFTIRQ-irq-unsafe at: [ 1835.559101][T25442] ... [ 1835.559108][T25442] lock_acquire+0xf0/0x2e0 [ 1835.566162][T25442] _raw_read_lock+0x36/0x50 [ 1835.570739][T25442] __do_wait+0xde/0x740 [ 1835.574966][T25442] do_wait+0x1e7/0x540 [ 1835.579106][T25442] kernel_wait+0xd6/0x1c0 [ 1835.583507][T25442] call_usermodehelper_exec_work+0xbe/0x230 [ 1835.589473][T25442] process_scheduled_works+0xb6e/0x18c0 [ 1835.595094][T25442] worker_thread+0xa53/0xfc0 [ 1835.599757][T25442] kthread+0x388/0x470 [ 1835.603897][T25442] ret_from_fork+0x51e/0xb90 [ 1835.608559][T25442] ret_from_fork_asm+0x1a/0x30 [ 1835.613402][T25442] [ 1835.613402][T25442] other info that might help us debug this: [ 1835.613402][T25442] [ 1835.623613][T25442] Chain exists of: [ 1835.623613][T25442] &client->buffer_lock --> &f_owner->lock --> tasklist_lock [ 1835.623613][T25442] [ 1835.636810][T25442] Possible interrupt unsafe locking scenario: [ 1835.636810][T25442] [ 1835.645109][T25442] CPU0 CPU1 [ 1835.650462][T25442] ---- ---- [ 1835.655817][T25442] lock(tasklist_lock); [ 1835.660063][T25442] local_irq_disable(); [ 1835.666805][T25442] lock(&client->buffer_lock); [ 1835.674172][T25442] lock(&f_owner->lock); [ 1835.681014][T25442] [ 1835.684457][T25442] lock(&client->buffer_lock); [ 1835.689478][T25442] [ 1835.689478][T25442] *** DEADLOCK *** [ 1835.689478][T25442] [ 1835.697603][T25442] 5 locks held by syz.2.37425/25442: [ 1835.702865][T25442] #0: ffff88807e2fc420 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 1835.711996][T25442] #1: ffff88807f2bdd58 (&type->i_mutex_dir_key#5){++++}-{4:4}, at: path_openat+0xb4c/0x3860 [ 1835.722166][T25442] #2: ffffffff9a2fb7f8 (&fsnotify_mark_srcu){.+.?}-{0:0}, at: fsnotify+0x74c/0x1ae0 [ 1835.731635][T25442] #3: ffff888057e68100 (&mark->lock){+.+.}-{3:3}, at: dnotify_handle_event+0x62/0x440 [ 1835.741298][T25442] #4: ffff888059ee3d20 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 [ 1835.750353][T25442] [ 1835.750353][T25442] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1835.760738][T25442] -> (&client->buffer_lock){..-.}-{3:3} { [ 1835.766628][T25442] IN-SOFTIRQ-W at: [ 1835.770765][T25442] lock_acquire+0xf0/0x2e0 [ 1835.777169][T25442] _raw_spin_lock+0x2e/0x40 [ 1835.783660][T25442] evdev_pass_values+0xb9/0xbd0 [ 1835.790579][T25442] evdev_events+0x1e6/0x340 [ 1835.797066][T25442] input_pass_values+0x288/0x890 [ 1835.803985][T25442] input_event_dispose+0x330/0x6b0 [ 1835.811092][T25442] input_event+0x89/0xe0 [ 1835.817320][T25442] creative_sb0540_raw_event+0x38e/0x430 [ 1835.824934][T25442] hid_input_report+0x41d/0x580 [ 1835.831774][T25442] hid_irq_in+0x47e/0x6d0 [ 1835.838085][T25442] __usb_hcd_giveback_urb+0x376/0x540 [ 1835.845445][T25442] dummy_timer+0xbbd/0x4650 [ 1835.851932][T25442] __hrtimer_run_queues+0x53a/0xcc0 [ 1835.859117][T25442] hrtimer_run_softirq+0x182/0x5a0 [ 1835.866216][T25442] handle_softirqs+0x22a/0x870 [ 1835.872968][T25442] __irq_exit_rcu+0x5f/0x150 [ 1835.879544][T25442] irq_exit_rcu+0x9/0x30 [ 1835.885775][T25442] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1835.893492][T25442] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1835.901475][T25442] lock_acquire+0x20b/0x2e0 [ 1835.907978][T25442] kernfs_root+0x38/0x230 [ 1835.914295][T25442] kernfs_parent+0x51/0x190 [ 1835.920782][T25442] kernfs_iop_get_link+0x10d/0x6c0 [ 1835.927880][T25442] vfs_readlink+0x24a/0x540 [ 1835.934370][T25442] do_readlinkat+0x218/0x510 [ 1835.940938][T25442] __x64_sys_readlink+0x7f/0x90 [ 1835.947782][T25442] do_syscall_64+0x14d/0xf80 [ 1835.954358][T25442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1835.962239][T25442] INITIAL USE at: [ 1835.966298][T25442] lock_acquire+0xf0/0x2e0 [ 1835.972619][T25442] _raw_spin_lock+0x2e/0x40 [ 1835.979020][T25442] evdev_handle_get_val+0x70/0x9f0 [ 1835.986050][T25442] evdev_ioctl_handler+0x127b/0x1fe0 [ 1835.993228][T25442] __ia32_compat_sys_ioctl+0x5ea/0x950 [ 1836.000590][T25442] __do_fast_syscall_32+0x20d/0x640 [ 1836.007689][T25442] do_fast_syscall_32+0x33/0x70 [ 1836.014439][T25442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1836.022664][T25442] } [ 1836.025316][T25442] ... key at: [] evdev_open.__key.27+0x0/0x20 [ 1836.033672][T25442] -> (&new->fa_lock){....}-{3:3} { [ 1836.038872][T25442] INITIAL USE at: [ 1836.042838][T25442] lock_acquire+0xf0/0x2e0 [ 1836.048979][T25442] _raw_write_lock_irq+0x3d/0x50 [ 1836.055643][T25442] fasync_remove_entry+0xf1/0x1c0 [ 1836.062387][T25442] __fput+0x8a5/0xa70 [ 1836.068095][T25442] task_work_run+0x1d9/0x270 [ 1836.074407][T25442] exit_to_user_mode_loop+0xed/0x480 [ 1836.081415][T25442] __do_fast_syscall_32+0x415/0x640 [ 1836.088350][T25442] do_fast_syscall_32+0x33/0x70 [ 1836.094948][T25442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1836.103009][T25442] INITIAL READ USE at: [ 1836.107417][T25442] lock_acquire+0xf0/0x2e0 [ 1836.113995][T25442] _raw_read_lock_irqsave+0x48/0x60 [ 1836.121352][T25442] kill_fasync+0x199/0x4d0 [ 1836.127928][T25442] pipe_release+0x19c/0x330 [ 1836.134633][T25442] __fput+0x44f/0xa70 [ 1836.140799][T25442] task_work_run+0x1d9/0x270 [ 1836.147547][T25442] exit_to_user_mode_loop+0xed/0x480 [ 1836.154993][T25442] __do_fast_syscall_32+0x415/0x640 [ 1836.162350][T25442] do_fast_syscall_32+0x33/0x70 [ 1836.169363][T25442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1836.177848][T25442] } [ 1836.180413][T25442] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1836.189180][T25442] ... acquired at: [ 1836.193062][T25442] _raw_read_lock_irqsave+0x48/0x60 [ 1836.198424][T25442] kill_fasync+0x199/0x4d0 [ 1836.203003][T25442] evdev_pass_values+0x627/0xbd0 [ 1836.208098][T25442] evdev_events+0x1e6/0x340 [ 1836.212757][T25442] input_pass_values+0x288/0x890 [ 1836.217852][T25442] input_event_dispose+0x330/0x6b0 [ 1836.223126][T25442] input_inject_event+0x1dd/0x340 [ 1836.228311][T25442] evdev_write+0x325/0x4c0 [ 1836.232882][T25442] vfs_write+0x29a/0xb90 [ 1836.237281][T25442] ksys_write+0x150/0x270 [ 1836.241764][T25442] __do_fast_syscall_32+0x20d/0x640 [ 1836.247125][T25442] do_fast_syscall_32+0x33/0x70 [ 1836.252136][T25442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1836.258629][T25442] [ 1836.260936][T25442] -> (&f_owner->lock){....}-{3:3} { [ 1836.266135][T25442] INITIAL USE at: [ 1836.270012][T25442] lock_acquire+0xf0/0x2e0 [ 1836.276006][T25442] _raw_write_lock_irq+0x3d/0x50 [ 1836.282495][T25442] __f_setown+0x67/0x370 [ 1836.288285][T25442] fcntl_dirnotify+0x3f9/0x6a0 [ 1836.294609][T25442] do_fcntl+0x77e/0x1a20 [ 1836.300398][T25442] do_compat_fcntl64+0x51e/0x7e0 [ 1836.306885][T25442] __do_fast_syscall_32+0x20d/0x640 [ 1836.313636][T25442] do_fast_syscall_32+0x33/0x70 [ 1836.320039][T25442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1836.327918][T25442] INITIAL READ USE at: [ 1836.332230][T25442] lock_acquire+0xf0/0x2e0 [ 1836.338628][T25442] _raw_read_lock_irq+0x45/0x60 [ 1836.345485][T25442] f_getown+0x54/0x2a0 [ 1836.351535][T25442] do_fcntl+0x1ac/0x1a20 [ 1836.357776][T25442] do_compat_fcntl64+0x51e/0x7e0 [ 1836.364697][T25442] __do_fast_syscall_32+0x20d/0x640 [ 1836.371881][T25442] do_fast_syscall_32+0x33/0x70 [ 1836.378718][T25442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1836.387026][T25442] } [ 1836.389506][T25442] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1836.398344][T25442] ... acquired at: [ 1836.402128][T25442] _raw_read_lock_irqsave+0x48/0x60 [ 1836.407487][T25442] send_sigio+0x38/0x370 [ 1836.411887][T25442] kill_fasync+0x24d/0x4d0 [ 1836.416462][T25442] lease_break_callback+0x26/0x30 [ 1836.421645][T25442] __break_lease+0x81c/0x1e80 [ 1836.426483][T25442] do_dentry_open+0x1010/0x14e0 [ 1836.431498][T25442] vfs_open+0x3b/0x340 [ 1836.435726][T25442] path_openat+0x2e08/0x3860 [ 1836.440474][T25442] do_file_open+0x23e/0x4a0 [ 1836.445136][T25442] do_sys_openat2+0x113/0x200 [ 1836.449978][T25442] __ia32_compat_sys_openat+0x131/0x160 [ 1836.455689][T25442] __do_fast_syscall_32+0x20d/0x640 [ 1836.461047][T25442] do_fast_syscall_32+0x33/0x70 [ 1836.466058][T25442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1836.472544][T25442] [ 1836.474850][T25442] [ 1836.474850][T25442] the dependencies between the lock to be acquired [ 1836.474857][T25442] and SOFTIRQ-irq-unsafe lock: [ 1836.488353][T25442] -> (tasklist_lock){.+.+}-{3:3} { [ 1836.493465][T25442] HARDIRQ-ON-R at: [ 1836.497430][T25442] lock_acquire+0xf0/0x2e0 [ 1836.503483][T25442] _raw_read_lock+0x36/0x50 [ 1836.509631][T25442] __do_wait+0xde/0x740 [ 1836.515437][T25442] do_wait+0x1e7/0x540 [ 1836.521153][T25442] kernel_wait+0xd6/0x1c0 [ 1836.527123][T25442] call_usermodehelper_exec_work+0xbe/0x230 [ 1836.534652][T25442] process_scheduled_works+0xb6e/0x18c0 [ 1836.541832][T25442] worker_thread+0xa53/0xfc0 [ 1836.548059][T25442] kthread+0x388/0x470 [ 1836.553757][T25442] ret_from_fork+0x51e/0xb90 [ 1836.559983][T25442] ret_from_fork_asm+0x1a/0x30 [ 1836.566388][T25442] SOFTIRQ-ON-R at: [ 1836.570349][T25442] lock_acquire+0xf0/0x2e0 [ 1836.576399][T25442] _raw_read_lock+0x36/0x50 [ 1836.582535][T25442] __do_wait+0xde/0x740 [ 1836.588321][T25442] do_wait+0x1e7/0x540 [ 1836.594022][T25442] kernel_wait+0xd6/0x1c0 [ 1836.599989][T25442] call_usermodehelper_exec_work+0xbe/0x230 [ 1836.607522][T25442] process_scheduled_works+0xb6e/0x18c0 [ 1836.614701][T25442] worker_thread+0xa53/0xfc0 [ 1836.621016][T25442] kthread+0x388/0x470 [ 1836.626735][T25442] ret_from_fork+0x51e/0xb90 [ 1836.632960][T25442] ret_from_fork_asm+0x1a/0x30 [ 1836.639360][T25442] INITIAL USE at: [ 1836.643237][T25442] lock_acquire+0xf0/0x2e0 [ 1836.649199][T25442] _raw_write_lock_irq+0x3d/0x50 [ 1836.655691][T25442] copy_process+0x247a/0x3cd0 [ 1836.661919][T25442] kernel_clone+0x248/0x8e0 [ 1836.667974][T25442] user_mode_thread+0x110/0x180 [ 1836.674373][T25442] rest_init+0x23/0x300 [ 1836.680072][T25442] start_kernel+0x385/0x3d0 [ 1836.686129][T25442] x86_64_start_reservations+0x24/0x30 [ 1836.693132][T25442] x86_64_start_kernel+0x143/0x1c0 [ 1836.699791][T25442] common_startup_64+0x13e/0x147 [ 1836.706279][T25442] INITIAL READ USE at: [ 1836.710599][T25442] lock_acquire+0xf0/0x2e0 [ 1836.716997][T25442] _raw_read_lock+0x36/0x50 [ 1836.723480][T25442] __do_wait+0xde/0x740 [ 1836.729614][T25442] do_wait+0x1e7/0x540 [ 1836.735661][T25442] kernel_wait+0xd6/0x1c0 [ 1836.741973][T25442] call_usermodehelper_exec_work+0xbe/0x230 [ 1836.749846][T25442] process_scheduled_works+0xb6e/0x18c0 [ 1836.757375][T25442] worker_thread+0xa53/0xfc0 [ 1836.763953][T25442] kthread+0x388/0x470 [ 1836.770008][T25442] ret_from_fork+0x51e/0xb90 [ 1836.776605][T25442] ret_from_fork_asm+0x1a/0x30 [ 1836.783383][T25442] } [ 1836.785863][T25442] ... key at: [] tasklist_lock+0x18/0x40 [ 1836.793661][T25442] ... acquired at: [ 1836.797442][T25442] _raw_read_lock+0x36/0x50 [ 1836.802104][T25442] send_sigio+0x101/0x370 [ 1836.806589][T25442] dnotify_handle_event+0x169/0x440 [ 1836.812032][T25442] fsnotify+0x1831/0x1ae0 [ 1836.816522][T25442] path_openat+0x15c2/0x3860 [ 1836.821271][T25442] do_file_open+0x23e/0x4a0 [ 1836.825929][T25442] do_sys_openat2+0x113/0x200 [ 1836.830772][T25442] __ia32_compat_sys_openat+0x131/0x160 [ 1836.836487][T25442] __do_fast_syscall_32+0x20d/0x640 [ 1836.841932][T25442] do_fast_syscall_32+0x33/0x70 [ 1836.846945][T25442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1836.853453][T25442] [ 1836.855767][T25442] [ 1836.855767][T25442] stack backtrace: [ 1836.861643][T25442] CPU: 0 UID: 0 PID: 25442 Comm: syz.2.37425 Tainted: G L syzkaller #0 PREEMPT(full) [ 1836.861668][T25442] Tainted: [L]=SOFTLOCKUP [ 1836.861674][T25442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1836.861684][T25442] Call Trace: [ 1836.861693][T25442] [ 1836.861700][T25442] dump_stack_lvl+0xe8/0x150 [ 1836.861725][T25442] __lock_acquire+0x2a94/0x2cf0 [ 1836.861751][T25442] lock_acquire+0xf0/0x2e0 [ 1836.861769][T25442] ? send_sigio+0x101/0x370 [ 1836.861787][T25442] _raw_read_lock+0x36/0x50 [ 1836.861804][T25442] ? send_sigio+0x101/0x370 [ 1836.861819][T25442] send_sigio+0x101/0x370 [ 1836.861835][T25442] dnotify_handle_event+0x169/0x440 [ 1836.861856][T25442] fsnotify+0x1831/0x1ae0 [ 1836.861869][T25442] ? ktime_get_coarse_real_ts64_mg+0x1c5/0x1e0 [ 1836.861891][T25442] ? fsnotify+0x74c/0x1ae0 [ 1836.861905][T25442] ? __pfx_fsnotify+0x10/0x10 [ 1836.861917][T25442] ? do_raw_spin_unlock+0xf5/0x210 [ 1836.861933][T25442] ? d_make_persistent+0x10f/0x180 [ 1836.861950][T25442] ? shmem_mknod+0x2ea/0x360 [ 1836.861970][T25442] path_openat+0x15c2/0x3860 [ 1836.861996][T25442] ? __pfx_path_openat+0x10/0x10 [ 1836.862011][T25442] ? __ia32_compat_sys_openat+0x131/0x160 [ 1836.862036][T25442] ? __lock_acquire+0x6b5/0x2cf0 [ 1836.862055][T25442] do_file_open+0x23e/0x4a0 [ 1836.862072][T25442] ? __pfx_do_file_open+0x10/0x10 [ 1836.862093][T25442] ? _raw_spin_unlock+0x28/0x50 [ 1836.862108][T25442] ? alloc_fd+0x64b/0x6c0 [ 1836.862132][T25442] do_sys_openat2+0x113/0x200 [ 1836.862159][T25442] ? __pfx_do_sys_openat2+0x10/0x10 [ 1836.862182][T25442] ? rcu_is_watching+0x15/0xb0 [ 1836.862202][T25442] __ia32_compat_sys_openat+0x131/0x160 [ 1836.862226][T25442] __do_fast_syscall_32+0x20d/0x640 [ 1836.862247][T25442] ? lockdep_hardirqs_on+0x7a/0x110 [ 1836.862266][T25442] ? do_fast_syscall_32+0x33/0x70 [ 1836.862285][T25442] ? irqentry_exit+0x10e/0x620 [ 1836.862304][T25442] ? trace_irq_disable+0x3b/0x150 [ 1836.862317][T25442] do_fast_syscall_32+0x33/0x70 [ 1836.862337][T25442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1836.862356][T25442] RIP: 0023:0xf700ef6c [ 1836.862370][T25442] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1836.862383][T25442] RSP: 002b:00000000f53fd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 1836.862400][T25442] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040 [ 1836.862411][T25442] RDX: 000000000000275a RSI: 0000000000000000 RDI: 0000000000000000 [ 1836.862420][T25442] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1836.862429][T25442] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1836.862438][T25442] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1836.862451][T25442] [ 1836.945913][ T1746] Bluetooth: hci3: command 0x0c1a tx timeout [ 1837.048739][T22785] Bluetooth: hci4: command 0x0c1a tx timeout [ 1837.716017][ C0] ip6_tunnel: ip6gretap4 xmit: Local address not yet configured!