last executing test programs: 8m20.51999843s ago: executing program 4 (id=14820): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140)={0x43, 0x3, 0x0, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) close(r0) 8m20.44720914s ago: executing program 4 (id=14821): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000030000000900010073"], 0x48}}, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) 8m20.220717729s ago: executing program 4 (id=14823): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = memfd_create(&(0x7f0000000800)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xfe\xff\xff\xff\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x8b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3k\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x00\x00Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x7) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4, 0x12, r0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r1, 0x0, 0x0, 0x20080004, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}}, 0x14) 8m20.036457416s ago: executing program 4 (id=14826): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0) 8m19.141456169s ago: executing program 4 (id=14841): r0 = fsopen(&(0x7f0000005880)='zonefs\x00', 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0xfffffffffffffffe, &(0x7f0000000000), 0x111}}, 0x20) close_range(r0, 0xffffffffffffffff, 0x0) 8m18.783139833s ago: executing program 4 (id=14846): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x3, 0xf000, 0x0, r2, 0x8}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x2, 0xf000, 0x4, r2, 0x9}) 8m18.436078615s ago: executing program 32 (id=14846): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x3, 0xf000, 0x0, r2, 0x8}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x2, 0xf000, 0x4, r2, 0x9}) 3m4.499058648s ago: executing program 3 (id=18399): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800009502"]) 3m4.314896634s ago: executing program 3 (id=18403): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000dc0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xfc5, 0xb080, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000000)={0x40, 0x2, 0x4, {0x4, 0x0, "34d0"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000009c0)={0x1c, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x20, 0x1, 0x1, 0x2}, 0x0}) 3m2.048597632s ago: executing program 3 (id=18424): r0 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x45ac, 0x13100, 0x102, 0x2de}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = eventfd(0xd) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000140)=r3, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd_index=0x47, 0xffffffff7fffffff, 0x0, 0x1}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 3m1.856811092s ago: executing program 3 (id=18428): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 3m0.904035089s ago: executing program 3 (id=18437): pipe2(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) read$FUSE(r0, &(0x7f00000024c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000400)={0x50, 0x0, r2, {0x7, 0x28, 0x80000001, 0x0, 0xbe0, 0x0, 0xfffffffe, 0x1, 0x0, 0x0, 0x40}}, 0x50) vmsplice(r1, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x1000000000000000) fcntl$setpipe(r1, 0x407, 0x100000) 3m0.62839514s ago: executing program 3 (id=18440): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000386dd0a00100000004000000060ec97020fc80400fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe) 3m0.388758997s ago: executing program 33 (id=18440): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000386dd0a00100000004000000060ec97020fc80400fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe) 3.871259003s ago: executing program 6 (id=20554): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@x25, 0x80, 0x0}, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={r2, 0x2}, 0x8) 3.777933006s ago: executing program 6 (id=20555): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000080)={@broadcast, @multicast2, 0x1, "2e982c09ab15eb7cc2bb0a1eec919049d880907f99a9f17c7e9bd9a81fa77d7e", 0x7, 0x10001, 0x572, 0xfffffffb}, 0x3c) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@broadcast, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0xe, 0x4) 3.689396507s ago: executing program 6 (id=20566): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) preadv(r1, &(0x7f0000000480)=[{&(0x7f0000000000)=""/150, 0x96}], 0x1, 0xc, 0x4) 3.318320591s ago: executing program 5 (id=20561): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000140)={0x0, 0x0, @pic={0x6, 0x5, 0x6, 0x8f, 0xb, 0xb, 0x9, 0x1, 0xdc, 0x4, 0x7, 0x6, 0x6, 0xa4, 0xf, 0x5}}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000380)={0xa, 0x7}) 3.231247891s ago: executing program 2 (id=20562): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) 3.186125124s ago: executing program 5 (id=20563): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) poll(&(0x7f0000b2c000)=[{}], 0x2c, 0xffffffffffbffff8) 2.881126575s ago: executing program 1 (id=20565): r0 = socket(0x200000000000011, 0x2, 0xd) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0x33, &(0x7f00000000c0)={@remote, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4a23, 0x11, 0x0, @opaque="d879b578998bd3ffbe"}}}}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000300)=ANY=[@ANYBLOB="e90c630faca20180c20000000800450000240000e0000011"], 0x0) 2.812657841s ago: executing program 1 (id=20567): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x162) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f0000000340)='./file1/file2\x00', 0x81c0, 0x2) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xd5b}) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 2.676386965s ago: executing program 1 (id=20568): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x441, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ppoll(&(0x7f0000000200)=[{r0, 0x20c}], 0x1, 0x0, 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) 2.620949134s ago: executing program 1 (id=20569): r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002e80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/180, 0xb4}, 0x7}], 0x1, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000180)=0x80000001, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f00000006c0)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x64, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0x5e}]}}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 2.459658217s ago: executing program 1 (id=20570): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) write(r0, &(0x7f0000000080)="e666ea031dd03a", 0x7) 2.340424975s ago: executing program 2 (id=20571): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80002}}]}, {0xffffff6e}, {0xc}, {0xc, 0x8, {0x6}}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4080000}, 0x20040000) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r2], 0x90}}, 0x0) 2.264209287s ago: executing program 1 (id=20572): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGFIELDINFO(r1, 0xc038480a, &(0x7f0000001240)={0x1, 0x1, 0x5, 0xfffffff9, 0x7, 0x8, 0x20004, 0x9, 0x40000004, 0x5, 0x0, 0x2, 0xfffffff9, 0x800d89}) 2.209940163s ago: executing program 5 (id=20573): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x3, 0x2) mbind(&(0x7f00004c9000/0x3000)=nil, 0x3000, 0x8000, 0x0, 0x20, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 2.138147795s ago: executing program 2 (id=20574): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) 1.956957584s ago: executing program 5 (id=20575): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e20, 0x6, @empty, 0x4}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in6={{0xa, 0x4e23, 0x91, @loopback}}, 0x0, 0x0, 0xffffffff, 0x0, 0x8, 0x2}, 0x9c) 1.703069174s ago: executing program 0 (id=20577): setrlimit(0x9, &(0x7f0000000000)) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r0) execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000002200)={[&(0x7f0000000340)='^-%-\\x\\$})\'!&}*', &(0x7f0000000440)='syz0']}, 0x0) 1.612024146s ago: executing program 2 (id=20578): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) 1.568548792s ago: executing program 0 (id=20579): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x7}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x58) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e20, 0x45, @empty, 0x1}}, 0x0, 0x0, 0x21, 0x0, "5d9ed5ab7ede1bcf73742bc36c0ea13d3dec33e0b7cc1ff724fe1906cf9f794509000000dfea4f8d9094d5eb926f70f03d2d46f374a6b62ee9d04ac1bf0bef969bcbd8e470061600"}, 0xd8) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) 1.532134779s ago: executing program 0 (id=20580): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="005b4aa3d49100dc50ecc3b4000082e3", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000001d80)=[{{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000001ac0)="062ecacdad0dd57826970c96b7ceff23b3c6c5a9e51ad170cd8773178826bcd9bfb6a5be860ead8065c8fb108d62867cd44278aeb99304f9602937143bbb0575bd4c377f602d50966ba4d5275ad883a9428eff372f4fd7bbdeee163273a3acbf2c0996081214ec9cbbbf42e33e4b7a0336c9f0cf8dbf725433a4f9745a8b108232017b6681908f565e16300c2b3dfa821a309eaf2d5b5231f467a4d46503413d99441113cd1799909c38c34f857835fc8c4c2780875a51cf4675e227b20b2a4eac9c021416f2bcd89c201a813dfd30e059effdfbf4b1cfdb", 0xd8}, {&(0x7f0000001c40)="ca85c2d5e46c093a10893e2b87f6a28a3791ea32cd3cb7993c2860ac462c632aef5e50f13b0130ca99de4d05de7e704797de3337875b34462a0c0b5b772fe1b235c1ac332a251f59a6a918db89e20018dd9d9808791358", 0x57}], 0x2, 0x0, 0x0, 0x400c5}}], 0x1, 0x4) 1.519847715s ago: executing program 2 (id=20581): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) getdents(r0, &(0x7f0000000fc0)=""/72, 0x48) 1.436469276s ago: executing program 0 (id=20582): r0 = syz_io_uring_setup(0x485b, &(0x7f0000002600)={0x0, 0xffffff7c, 0x13580, 0x3, 0x35c}, &(0x7f00000000c0)=0x0, &(0x7f0000000580)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_ASYNC_CANCEL={0xe, 0x7}) r3 = eventfd2(0x1000, 0x80000) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000040)=r3, 0x1) io_uring_enter(r0, 0x54, 0x0, 0x0, 0x0, 0x0) 1.401875329s ago: executing program 0 (id=20583): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, r0, 0x0, 0x8, 0x0) waitid(0x1, r0, 0x0, 0x4, 0x0) 1.193788053s ago: executing program 2 (id=20584): syz_usb_connect(0x1, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r0 = syz_io_uring_setup(0x279, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x1ffe, 0x0, 0x0, 0x0, 0x0) 1.046743195s ago: executing program 5 (id=20585): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 556.031649ms ago: executing program 6 (id=20586): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc1}}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000001010101000000000000000002000000040001801800028014000180080001007f00000108000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0) 499.902985ms ago: executing program 0 (id=20587): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401"], 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card3/oss_mixer\x00', 0x260601, 0x0) syz_usb_control_io(r0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) 204.894194ms ago: executing program 6 (id=20588): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) splice(r1, &(0x7f0000000040), r0, 0x0, 0x800000000ff, 0x0) 69.107316ms ago: executing program 6 (id=20589): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) move_mount(0xffffffffffffffff, 0x0, r0, 0x0, 0x46) 0s ago: executing program 5 (id=20590): bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0900000007000000000001"], 0x50) r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01) r1 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x800) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) kernel console output (not intermixed with test programs): er parsing attributes in process `syz.2.18472'. [ 1376.030588][T15296] netlink: 104 bytes leftover after parsing attributes in process `syz.2.18472'. [ 1376.044163][T15296] netlink: 104 bytes leftover after parsing attributes in process `syz.2.18472'. [ 1376.481561][T15317] kvm_intel: kvm [15316]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x7e02 [ 1376.813632][T15223] chnl_net:caif_netlink_parms(): no params data found [ 1376.845927][ T9871] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1377.025823][ T9871] usb 3-1: Using ep0 maxpacket: 16 [ 1377.051813][ T9871] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1377.108420][ T9871] usb 3-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 39, changing to 9 [ 1377.133746][ T9871] usb 3-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 1024 [ 1377.157151][ T9871] usb 3-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1377.173908][ T9871] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1377.184836][ T9871] usb 3-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 1377.238450][ T9871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1377.261545][ T9871] usb 3-1: Product: syz [ 1377.267954][ T9871] usb 3-1: Manufacturer: syz [ 1377.276052][ T9871] usb 3-1: SerialNumber: syz [ 1377.305569][T15319] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1377.334687][T15223] bridge0: port 1(bridge_slave_0) entered blocking state [ 1377.362276][T15223] bridge0: port 1(bridge_slave_0) entered disabled state [ 1377.385699][T15223] bridge_slave_0: entered allmulticast mode [ 1377.388071][ T5832] Bluetooth: hci4: command tx timeout [ 1377.402115][T15223] bridge_slave_0: entered promiscuous mode [ 1377.433251][T15223] bridge0: port 2(bridge_slave_1) entered blocking state [ 1377.445478][T12311] IPVS: stop unused estimator thread 0... [ 1377.469140][T15223] bridge0: port 2(bridge_slave_1) entered disabled state [ 1377.512289][T15223] bridge_slave_1: entered allmulticast mode [ 1377.546225][T15223] bridge_slave_1: entered promiscuous mode [ 1377.565111][ T9871] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input181 [ 1377.841084][ T30] kauditd_printk_skb: 91 callbacks suppressed [ 1377.841103][ T30] audit: type=1326 audit(1746108971.132:4835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15337 comm="syz.5.18487" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1377.881158][ T30] audit: type=1326 audit(1746108971.172:4836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15337 comm="syz.5.18487" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1377.920776][ T30] audit: type=1326 audit(1746108971.172:4837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15337 comm="syz.5.18487" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1377.950196][T15223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1377.962294][ T30] audit: type=1326 audit(1746108971.172:4838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15337 comm="syz.5.18487" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1377.995935][ T30] audit: type=1326 audit(1746108971.172:4839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15337 comm="syz.5.18487" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1378.036892][ T30] audit: type=1326 audit(1746108971.172:4840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15337 comm="syz.5.18487" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1378.064846][ T30] audit: type=1326 audit(1746108971.172:4841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15337 comm="syz.5.18487" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1378.090448][ T30] audit: type=1326 audit(1746108971.172:4842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15337 comm="syz.5.18487" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1378.122591][T15223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1378.150904][ T30] audit: type=1326 audit(1746108971.172:4843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15337 comm="syz.5.18487" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1378.213815][ T30] audit: type=1326 audit(1746108971.172:4844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15337 comm="syz.5.18487" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1378.303077][ T9871] usb 3-1: USB disconnect, device number 77 [ 1378.303114][ C0] bcm5974 3-1:1.0: trackpad urb failed: -19 [ 1378.337834][T32459] bcm5974 3-1:1.0: could not read from device [ 1378.548497][T15223] team0: Port device team_slave_0 added [ 1378.568010][T15223] team0: Port device team_slave_1 added [ 1378.651080][T15223] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1378.676917][T15223] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1378.715588][T15223] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1378.730615][T15223] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1378.746662][T15223] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1378.807706][T15223] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1378.971396][T15223] hsr_slave_0: entered promiscuous mode [ 1379.007140][T15223] hsr_slave_1: entered promiscuous mode [ 1379.023922][T15223] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1379.032641][T15223] Cannot create hsr debugfs directory [ 1379.475871][ T5832] Bluetooth: hci4: command tx timeout [ 1379.789560][T15223] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1379.817066][T15223] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1379.844233][T15223] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1379.901113][T15223] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1379.947045][T14754] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 1380.105883][T14754] usb 6-1: Using ep0 maxpacket: 16 [ 1380.117589][T14754] usb 6-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1380.120889][T15223] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1380.139446][T14754] usb 6-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1380.159622][T14754] usb 6-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1380.191719][T14754] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1380.197290][T15223] 8021q: adding VLAN 0 to HW filter on device team0 [ 1380.205456][T14754] usb 6-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 1380.218771][T12311] bridge0: port 1(bridge_slave_0) entered blocking state [ 1380.225960][T12311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1380.233027][T14754] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1380.252176][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 1380.259358][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1380.271186][T14754] usb 6-1: config 0 descriptor?? [ 1380.393999][T15223] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1380.536285][T15223] veth0_vlan: entered promiscuous mode [ 1380.539962][T15421] input: syz0 as /devices/virtual/input/input182 [ 1380.562004][T15421] input: failed to attach handler leds to device input182, error: -6 [ 1380.584748][T15223] veth1_vlan: entered promiscuous mode [ 1380.761798][T15223] veth0_macvtap: entered promiscuous mode [ 1380.765299][T14754] input: HID 0458:5010 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5010.00E1/input/input183 [ 1380.813181][T15223] veth1_macvtap: entered promiscuous mode [ 1380.886315][T14754] kye 0003:0458:5010.00E1: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.5-1/input0 [ 1380.905229][T15223] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1380.954545][T15223] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1381.064200][T15223] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1381.105903][T15223] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1381.114679][T15223] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1381.155764][T15223] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1381.332611][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1381.358400][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1381.454660][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1381.497110][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1381.546281][ T5832] Bluetooth: hci4: command tx timeout [ 1381.888544][ C0] kye 0003:0458:5010.00E1: usb_submit_urb(ctrl) failed: -1 [ 1382.275899][T15464] input: syz0 as /devices/virtual/input/input184 [ 1382.306983][T15464] input: failed to attach handler leds to device input184, error: -6 [ 1382.692319][ T9871] usb 6-1: USB disconnect, device number 38 [ 1383.032773][T15497] netlink: 80 bytes leftover after parsing attributes in process `syz.5.18533'. [ 1383.386572][T15515] syzkaller1: entered promiscuous mode [ 1383.409863][T15515] syzkaller1: entered allmulticast mode [ 1384.895969][T14998] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 1385.080001][T14771] IPVS: starting estimator thread 0... [ 1385.086820][T14998] usb 6-1: Using ep0 maxpacket: 8 [ 1385.103362][T14998] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 1385.132621][T14998] usb 6-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 1385.152868][T14998] usb 6-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3 [ 1385.167993][T15594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18565'. [ 1385.173125][T14998] usb 6-1: Product: syz [ 1385.194540][T14998] usb 6-1: Manufacturer: syz [ 1385.195892][T15590] IPVS: using max 28 ests per chain, 67200 per kthread [ 1385.204649][T14998] usb 6-1: SerialNumber: syz [ 1385.226200][T14998] usb 6-1: config 0 descriptor?? [ 1385.242386][T14998] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 1385.483680][ T30] kauditd_printk_skb: 227 callbacks suppressed [ 1385.483698][ T30] audit: type=1326 audit(1746108978.772:5072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15605 comm="syz.2.18571" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1385.540980][ T30] audit: type=1326 audit(1746108978.812:5073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15605 comm="syz.2.18571" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1385.616935][ T30] audit: type=1326 audit(1746108978.812:5074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15605 comm="syz.2.18571" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1385.675555][ T30] audit: type=1326 audit(1746108978.812:5075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15605 comm="syz.2.18571" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1385.722614][ T30] audit: type=1326 audit(1746108978.812:5076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15605 comm="syz.2.18571" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1385.766416][ T30] audit: type=1326 audit(1746108978.812:5077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15605 comm="syz.2.18571" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1385.842294][ T30] audit: type=1326 audit(1746108978.822:5078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15605 comm="syz.2.18571" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e558 code=0x7ffc0000 [ 1385.961118][ T30] audit: type=1326 audit(1746108978.822:5079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15605 comm="syz.2.18571" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1386.059762][ T30] audit: type=1326 audit(1746108978.822:5080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15605 comm="syz.2.18571" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1386.092427][T14998] gspca_zc3xx: reg_w_i err -71 [ 1386.115475][ T30] audit: type=1326 audit(1746108978.822:5081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15605 comm="syz.2.18571" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e558 code=0x7ffc0000 [ 1386.695915][T14998] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 1386.723402][T14998] gspca_zc3xx 6-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 1386.764577][T14998] usb 6-1: USB disconnect, device number 39 [ 1386.857513][T15659] tun0: tun_chr_ioctl cmd 1074025675 [ 1386.862901][T15659] tun0: persist enabled [ 1386.872167][T15659] tun0: tun_chr_ioctl cmd 1074025675 [ 1386.886666][T15659] tun0: persist enabled [ 1387.312598][T15687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18597'. [ 1387.354215][T15687] netlink: 277 bytes leftover after parsing attributes in process `syz.2.18597'. [ 1387.375849][T15687] netlink: 277 bytes leftover after parsing attributes in process `syz.2.18597'. [ 1391.025832][T14998] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 1391.176630][T14998] usb 3-1: Using ep0 maxpacket: 8 [ 1391.182957][T14998] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 1391.193333][T14998] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1391.203138][T14998] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1391.213141][T14998] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1391.223239][T14998] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1391.238409][T14998] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1391.247805][T14998] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1391.469075][T14998] usb 3-1: usb_control_msg returned -32 [ 1391.474844][T14998] usbtmc 3-1:16.0: can't read capabilities [ 1391.755660][T15816] netlink: 8 bytes leftover after parsing attributes in process `syz.5.18653'. [ 1391.764880][T15816] netlink: 'syz.5.18653': attribute type 9 has an invalid length. [ 1391.780001][T15816] macvlan2: entered allmulticast mode [ 1391.785488][T15816] mac80211_hwsim hwsim25 wlan0: entered allmulticast mode [ 1393.055903][T14998] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 1393.159324][T15868] netlink: 'syz.6.18668': attribute type 1 has an invalid length. [ 1393.169511][T15868] (unnamed net_device) (uninitialized): option mode: invalid value (119) [ 1393.217848][T14998] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1393.233534][T14998] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1393.245422][T14998] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1393.265818][T14998] usb 6-1: Product: syz [ 1393.270016][T14998] usb 6-1: Manufacturer: syz [ 1393.275160][T14998] usb 6-1: SerialNumber: syz [ 1393.512017][T14998] usblp 6-1:1.0: usblp1: USB Unidirectional printer dev 40 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1393.754338][T14998] usb 6-1: USB disconnect, device number 40 [ 1393.782335][T14998] usblp1: removed [ 1393.812083][ T10] usb 3-1: USB disconnect, device number 78 [ 1394.346277][ T10] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 1394.518954][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1394.530172][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1394.540863][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1394.553934][ T10] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1394.563906][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1394.575049][ T10] usb 3-1: config 0 descriptor?? [ 1394.727913][ T30] kauditd_printk_skb: 123 callbacks suppressed [ 1394.727931][ T30] audit: type=1326 audit(1746108988.022:5205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15886 comm="syz.6.18677" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7fc00000 [ 1395.012836][ T10] plantronics 0003:047F:FFFF.00E2: reserved main item tag 0xd [ 1395.027168][ T10] plantronics 0003:047F:FFFF.00E2: No inputs registered, leaving [ 1395.062089][ T10] plantronics 0003:047F:FFFF.00E2: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1395.353936][ T10] usb 3-1: USB disconnect, device number 79 [ 1397.065154][T14997] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 1397.234159][T14997] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1397.272281][T14997] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1397.300696][T14997] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1397.338220][T14997] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1397.350099][T16015] netlink: 'syz.2.18718': attribute type 10 has an invalid length. [ 1397.372359][T14997] usb 6-1: SerialNumber: syz [ 1397.411212][T16015] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1397.454583][T16015] batadv0: entered allmulticast mode [ 1397.530836][T16015] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1397.541072][T16019] bond0: entered promiscuous mode [ 1397.559514][T16019] batadv0: entered promiscuous mode [ 1397.603516][T14997] usb 6-1: 0:2 : does not exist [ 1397.645802][T14997] usb 6-1: USB disconnect, device number 41 [ 1397.719618][ T6235] udevd[6235]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1398.707239][ T30] audit: type=1326 audit(1746108991.992:5206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16072 comm="syz.6.18735" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fe1539 code=0x0 [ 1398.875826][T14998] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 1399.035797][T14998] usb 6-1: Using ep0 maxpacket: 32 [ 1399.042727][T14998] usb 6-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 1399.062464][T14998] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1399.082083][T14998] usb 6-1: config 0 descriptor?? [ 1399.095024][T14998] gspca_main: sq930x-2.14.0 probing 041e:403c [ 1400.120189][T14998] gspca_sq930x: ucbus_write failed -71 [ 1400.126994][T14998] sq930x 6-1:0.0: probe with driver sq930x failed with error -71 [ 1400.138707][T14998] usb 6-1: USB disconnect, device number 42 [ 1401.472612][T16187] input: syz0 as /devices/virtual/input/input186 [ 1401.775838][T16196] input: syz1 as /devices/virtual/input/input187 [ 1401.816917][T16198] syzkaller1: entered promiscuous mode [ 1401.822519][T16198] syzkaller1: entered allmulticast mode [ 1402.234974][T16206] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18773'. [ 1402.261207][T16206] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18773'. [ 1402.801230][T16214] veth0_to_bridge: entered promiscuous mode [ 1402.810331][T16213] veth0_to_bridge: left promiscuous mode [ 1403.826687][T16242] loop6: detected capacity change from 0 to 63 [ 1403.860050][T16242] buffer_io_error: 1 callbacks suppressed [ 1403.860067][T16242] Buffer I/O error on dev loop6, logical block 0, async page read [ 1403.924440][T16242] Buffer I/O error on dev loop6, logical block 1, async page read [ 1403.951990][T16242] Buffer I/O error on dev loop6, logical block 2, async page read [ 1403.977117][T16242] Buffer I/O error on dev loop6, logical block 3, async page read [ 1404.024354][T16242] Buffer I/O error on dev loop6, logical block 0, async page read [ 1404.053809][T16242] Buffer I/O error on dev loop6, logical block 1, async page read [ 1404.084618][T16242] Buffer I/O error on dev loop6, logical block 2, async page read [ 1404.121223][T16242] Buffer I/O error on dev loop6, logical block 3, async page read [ 1404.170700][ T6235] Buffer I/O error on dev loop6, logical block 0, async page read [ 1404.200749][ T6235] Buffer I/O error on dev loop6, logical block 1, async page read [ 1405.298232][T16263] input: syz1 as /devices/virtual/input/input189 [ 1405.752608][T16276] input: syz1 as /devices/virtual/input/input190 [ 1405.905522][T16282] netlink: 236 bytes leftover after parsing attributes in process `syz.1.18805'. [ 1406.143084][T16297] netlink: 88 bytes leftover after parsing attributes in process `syz.2.18812'. [ 1406.152555][T16297] tipc: Started in network mode [ 1406.159392][T16297] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 1406.168509][T16297] tipc: Enabling of bearer rejected, failed to enable media [ 1406.615868][T14771] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 1406.787729][T14771] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1406.803418][T14771] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1406.819998][T14771] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1406.834763][T14771] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1406.849731][T14771] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1406.862915][T14771] usb 6-1: config 0 descriptor?? [ 1406.899002][T16330] netlink: 'syz.2.18829': attribute type 10 has an invalid length. [ 1406.910519][T16330] syz_tun: entered promiscuous mode [ 1406.921016][T16330] syz_tun: entered allmulticast mode [ 1406.927442][T16330] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1407.281728][T14771] plantronics 0003:047F:FFFF.00E3: reserved main item tag 0xd [ 1407.295280][T14771] plantronics 0003:047F:FFFF.00E3: No inputs registered, leaving [ 1407.313409][T14771] plantronics 0003:047F:FFFF.00E3: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1407.569425][T14754] usb 6-1: USB disconnect, device number 43 [ 1407.921634][T16351] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18837'. [ 1407.933917][T16351] netlink: 104 bytes leftover after parsing attributes in process `syz.1.18837'. [ 1407.946917][T16351] netlink: 104 bytes leftover after parsing attributes in process `syz.1.18837'. [ 1407.990246][ T30] audit: type=1326 audit(1746109001.282:5207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.2.18838" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e558 code=0x7ffc0000 [ 1408.031980][ T30] audit: type=1326 audit(1746109001.282:5208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.2.18838" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1408.054127][ C1] vkms_vblank_simulate: vblank timer overrun [ 1408.065585][ T30] audit: type=1326 audit(1746109001.282:5209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.2.18838" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e558 code=0x7ffc0000 [ 1408.120994][ T30] audit: type=1326 audit(1746109001.282:5210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.2.18838" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1408.147165][ T30] audit: type=1326 audit(1746109001.282:5211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.2.18838" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e558 code=0x7ffc0000 [ 1408.176404][ T30] audit: type=1326 audit(1746109001.282:5212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.2.18838" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1408.209379][ T30] audit: type=1326 audit(1746109001.282:5213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.2.18838" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e558 code=0x7ffc0000 [ 1408.247701][ T30] audit: type=1326 audit(1746109001.282:5214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.2.18838" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e558 code=0x7ffc0000 [ 1408.276780][ T30] audit: type=1326 audit(1746109001.282:5215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.2.18838" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1408.300038][ T30] audit: type=1326 audit(1746109001.282:5216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.2.18838" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e558 code=0x7ffc0000 [ 1408.690807][T16370] vivid-001: disconnect [ 1408.718027][T16368] vivid-001: reconnect [ 1408.816083][ T9873] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1408.988651][ T9873] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1408.995591][ T9873] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 1409.005157][ T9873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1409.038260][ T9873] usb 3-1: config 0 descriptor?? [ 1409.177449][T14997] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 1409.338080][T14997] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1409.365792][T14997] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1409.386481][T14997] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1409.402504][T14997] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1409.412213][T14997] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1409.425315][T14997] usb 6-1: config 0 descriptor?? [ 1409.869757][T14997] plantronics 0003:047F:FFFF.00E4: reserved main item tag 0xd [ 1409.897024][T14997] plantronics 0003:047F:FFFF.00E4: No inputs registered, leaving [ 1409.920494][T14997] plantronics 0003:047F:FFFF.00E4: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1410.093817][ T9873] video4linux radio48: keene_cmd_set failed (-71) [ 1410.110456][ T9873] radio-keene 3-1:0.0: V4L2 device registered as radio48 [ 1410.124707][ T9873] usb 3-1: USB disconnect, device number 80 [ 1410.165420][T14997] usb 6-1: USB disconnect, device number 44 [ 1410.560135][T16412] bridge0: entered promiscuous mode [ 1410.565585][T16412] macvlan2: entered promiscuous mode [ 1410.580988][T16412] macvlan3: entered promiscuous mode [ 1411.225945][ T9873] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1411.391170][ T9873] usb 3-1: Using ep0 maxpacket: 8 [ 1411.408504][ T9873] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1411.419076][ T9873] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1411.432743][ T9873] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1411.446422][ T9873] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1411.458962][ T9873] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1411.472755][ T9873] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1411.482959][ T9873] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1411.494797][ T9873] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1411.507728][ T9873] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1411.519297][ T9873] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1411.532981][ T9873] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1411.541112][ T9873] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1411.552956][ T9873] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1411.565064][ T9873] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1411.577206][ T9873] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1411.594862][ T9873] usb 3-1: string descriptor 0 read error: -22 [ 1411.601661][ T9873] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1411.611974][ T9873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1411.633525][ T9873] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1411.867002][ T9873] usb 3-1: USB disconnect, device number 81 [ 1412.113100][T16446] netlink: 8 bytes leftover after parsing attributes in process `syz.5.18877'. [ 1412.389934][T16453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18880'. [ 1412.446238][ T9871] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 1412.463781][T16455] bond0: option arp_interval: invalid value (18446744073709551615) [ 1412.472538][T16455] bond0: option arp_interval: allowed values 0 - 2147483647 [ 1412.606026][ T9871] usb 6-1: Using ep0 maxpacket: 8 [ 1412.623155][ T9871] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1412.638991][ T9871] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1412.659744][ T9871] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1412.674296][ T9871] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1412.705123][ T9871] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1412.741781][ T9871] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1412.750920][ T9871] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1412.775800][ T9871] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1412.800317][ T9871] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1412.814773][ T9871] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1412.832954][ T9871] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1412.840946][ T9871] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1412.872980][ T9871] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1412.892703][T16466] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18885'. [ 1412.905091][ T9871] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1412.925176][ T9871] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1412.951642][ T9871] usb 6-1: string descriptor 0 read error: -22 [ 1412.958955][ T9871] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1412.971609][ T9871] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1413.024113][ T9871] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1413.377068][T14997] usb 6-1: USB disconnect, device number 45 [ 1414.125810][T14997] usb 3-1: new full-speed USB device number 82 using dummy_hcd [ 1414.291118][T14997] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1414.315321][T14997] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 1414.333039][T14997] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 1414.344644][T14997] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1414.377945][T14997] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1414.397804][T14997] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 1414.414168][T14997] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 1414.424536][T14997] usb 3-1: Product: syz [ 1414.430194][T14997] usb 3-1: Manufacturer: syz [ 1414.434984][T14997] usb 3-1: SerialNumber: syz [ 1414.455053][T14997] usb 3-1: config 0 descriptor?? [ 1414.708139][T14997] radio-si470x 3-1:0.0: DeviceID=0x726e ChipID=0x6500 [ 1414.916590][T14997] radio-si470x 3-1:0.0: software version 114, hardware version 110 [ 1415.124302][T14997] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 1415.140693][T14997] radio-si470x 3-1:0.0: submitting int urb failed (-90) [ 1415.154359][T14997] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 1415.164994][T14997] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -22 [ 1415.210754][T14997] usb 3-1: USB disconnect, device number 82 [ 1415.396511][ T9871] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 1415.419689][T16530] lo: entered promiscuous mode [ 1415.425169][T16530] lo: entered allmulticast mode [ 1415.431785][T16529] lo: left allmulticast mode [ 1415.436612][T16529] lo: left promiscuous mode [ 1415.550758][ T9871] usb 6-1: Using ep0 maxpacket: 8 [ 1415.562485][ T9871] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 1415.575911][ T9871] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1415.591046][ T9871] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1415.604277][ T9871] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1415.615133][ T9871] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1415.628888][ T9871] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1415.638398][ T9871] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1415.713083][T16536] tipc: Started in network mode [ 1415.726051][T16536] tipc: Node identity ac14140f, cluster identity 4711 [ 1415.734329][T16536] tipc: Enabling of bearer rejected, failed to enable media [ 1415.764041][ T30] kauditd_printk_skb: 116 callbacks suppressed [ 1415.764057][ T30] audit: type=1326 audit(1746109009.052:5333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16537 comm="syz.2.18916" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x0 [ 1415.833721][T16540] loop8: detected capacity change from 0 to 1 [ 1415.858830][ T6235] Dev loop8: unable to read RDB block 1 [ 1415.864452][ T6235] loop8: unable to read partition table [ 1415.870342][ T9871] usb 6-1: usb_control_msg returned -32 [ 1415.876042][ T9871] usbtmc 6-1:16.0: can't read capabilities [ 1415.882937][ T6235] loop8: partition table beyond EOD, truncated [ 1415.899518][T16540] Dev loop8: unable to read RDB block 1 [ 1415.906956][T16540] loop8: unable to read partition table [ 1415.912843][T16540] loop8: partition table beyond EOD, truncated [ 1415.922361][T16540] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1416.464118][T14754] usb 6-1: USB disconnect, device number 46 [ 1417.395803][T14754] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 1417.557898][T14754] usb 6-1: config 0 has no interfaces? [ 1417.563448][T14754] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1417.572745][T14754] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1417.583881][T14754] usb 6-1: config 0 descriptor?? [ 1417.808820][T14997] usb 6-1: USB disconnect, device number 47 [ 1418.156324][T14754] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 1418.255851][T14997] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 1418.308351][T14754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1418.319558][T14754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1418.329630][T14754] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1418.343527][T14754] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1418.352698][T14754] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1418.363053][T14754] usb 3-1: config 0 descriptor?? [ 1418.415805][T14997] usb 6-1: Using ep0 maxpacket: 16 [ 1418.423114][T14997] usb 6-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1418.434989][T14997] usb 6-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1418.448173][T14997] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1418.454847][T14997] usb 6-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 1418.464765][T14997] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1418.476025][T14997] usb 6-1: config 0 descriptor?? [ 1418.781328][T14754] plantronics 0003:047F:FFFF.00E5: reserved main item tag 0xd [ 1418.791220][T14754] plantronics 0003:047F:FFFF.00E5: No inputs registered, leaving [ 1418.809978][T14754] plantronics 0003:047F:FFFF.00E5: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1418.894863][T14997] logitech-djreceiver 0003:046D:C71F.00E6: hidraw1: USB HID v4.13 Device [HID 046d:c71f] on usb-dummy_hcd.5-1/input0 [ 1419.088427][T14997] usb 3-1: USB disconnect, device number 83 [ 1419.110744][T16616] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 1419.117405][T16616] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1419.136950][ T9873] usb 6-1: USB disconnect, device number 48 [ 1419.145100][T16616] vhci_hcd vhci_hcd.0: Device attached [ 1419.162835][T16616] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(5) [ 1419.169393][T16616] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1419.178569][T16616] vhci_hcd vhci_hcd.0: Device attached [ 1419.195246][T16616] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(7) [ 1419.201791][T16616] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1419.210226][T16616] vhci_hcd vhci_hcd.0: Device attached [ 1419.219324][T16616] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(9) [ 1419.225862][T16616] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1419.233931][T16616] vhci_hcd vhci_hcd.0: Device attached [ 1419.257598][T16616] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(11) [ 1419.264216][T16616] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1419.300735][T16616] vhci_hcd vhci_hcd.0: Device attached [ 1419.326067][T14998] vhci_hcd: vhci_device speed not set [ 1419.328146][T16619] vhci_hcd: connection closed [ 1419.331542][T16617] vhci_hcd: connection closed [ 1419.331606][T16625] vhci_hcd: connection closed [ 1419.336402][T16623] vhci_hcd: connection closed [ 1419.338517][T20620] vhci_hcd: stop threads [ 1419.358799][T20620] vhci_hcd: release socket [ 1419.363808][T20620] vhci_hcd: disconnect device [ 1419.382964][T16627] vhci_hcd: connection closed [ 1419.387438][T20620] vhci_hcd: stop threads [ 1419.398818][T20620] vhci_hcd: release socket [ 1419.403328][T20620] vhci_hcd: disconnect device [ 1419.412801][T20620] vhci_hcd: stop threads [ 1419.417467][T14998] usb 35-1: new full-speed USB device number 4 using vhci_hcd [ 1419.425273][T16618] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 1419.431488][T20620] vhci_hcd: release socket [ 1419.436153][T20620] vhci_hcd: disconnect device [ 1419.440959][T20620] vhci_hcd: stop threads [ 1419.445197][T20620] vhci_hcd: release socket [ 1419.449980][T20620] vhci_hcd: disconnect device [ 1419.457887][T20620] vhci_hcd: stop threads [ 1419.462298][T20620] vhci_hcd: release socket [ 1419.467261][T20620] vhci_hcd: disconnect device [ 1419.923891][T16646] netlink: 4 bytes leftover after parsing attributes in process `syz.5.18961'. [ 1419.940612][T16646] netlink: 277 bytes leftover after parsing attributes in process `syz.5.18961'. [ 1419.954133][T16646] netlink: 277 bytes leftover after parsing attributes in process `syz.5.18961'. [ 1420.426340][T16667] kvm: kvm [16666]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x23 [ 1422.589134][ T5832] Bluetooth: hci4: command 0x0c1a tx timeout [ 1422.597194][T16670] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 1422.991504][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.006710][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.464388][T16670] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1423.480005][T16670] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1423.859624][T16730] netlink: 28 bytes leftover after parsing attributes in process `syz.5.18997'. [ 1423.874928][T16730] netlink: 'syz.5.18997': attribute type 7 has an invalid length. [ 1423.883719][T16730] netlink: 'syz.5.18997': attribute type 8 has an invalid length. [ 1423.892852][T16730] netlink: 8 bytes leftover after parsing attributes in process `syz.5.18997'. [ 1424.108865][T16739] loop8: detected capacity change from 0 to 8 [ 1424.130022][T32459] Dev loop8: unable to read RDB block 8 [ 1424.135851][T32459] loop8: unable to read partition table [ 1424.141785][T32459] loop8: partition table beyond EOD, truncated [ 1424.156782][T16739] Dev loop8: unable to read RDB block 8 [ 1424.162487][T16739] loop8: unable to read partition table [ 1424.176447][T16739] loop8: partition table beyond EOD, truncated [ 1424.188211][T16739] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1424.348272][T16747] syzkaller1: entered promiscuous mode [ 1424.354766][T16747] syzkaller1: entered allmulticast mode [ 1424.497820][T14998] vhci_hcd: vhci_device speed not set [ 1424.667602][ T5832] Bluetooth: hci4: command 0x0c1a tx timeout [ 1426.746450][ T5832] Bluetooth: hci4: command 0x0c1a tx timeout [ 1427.708818][T16810] syzkaller1: entered promiscuous mode [ 1427.756203][T16810] syzkaller1: entered allmulticast mode [ 1428.032758][T16825] veth1_to_bond: entered allmulticast mode [ 1428.042213][T16825] veth1_to_bond: left allmulticast mode [ 1429.083213][T16849] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 1429.558893][T16873] input: syz0 as /devices/virtual/input/input195 [ 1431.915927][T14771] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 1432.087452][T14771] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 1432.106094][T14771] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1432.116650][T14771] usb 6-1: config 220 has an invalid descriptor of length 102, skipping remainder of the config [ 1432.127466][T14771] usb 6-1: config 220 has no interface number 2 [ 1432.133788][T14771] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1432.148666][T14771] usb 6-1: config 220 interface 0 has no altsetting 0 [ 1432.155576][T14771] usb 6-1: config 220 interface 76 has no altsetting 0 [ 1432.162664][T14771] usb 6-1: config 220 interface 1 has no altsetting 0 [ 1432.173182][T14771] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1432.182784][T14771] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1432.198640][T14771] usb 6-1: Product: syz [ 1432.202863][T14771] usb 6-1: Manufacturer: syz [ 1432.207913][T14771] usb 6-1: SerialNumber: syz [ 1432.441818][T14771] usb 6-1: Found UVC 7.01 device syz (8086:0b07) [ 1432.466391][T14771] usb 6-1: No valid video chain found. [ 1432.471956][T14771] usb 6-1: selecting invalid altsetting 0 [ 1432.501981][T14771] usb 6-1: selecting invalid altsetting 0 [ 1432.508731][T14771] usbtest 6-1:220.1: probe with driver usbtest failed with error -22 [ 1432.528214][T14771] usb 6-1: USB disconnect, device number 49 [ 1432.655794][T14997] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 1432.810238][T14997] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1432.822570][T14997] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1432.835034][T14997] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1432.855529][T14997] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1432.877051][T14997] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1432.886494][T14997] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1432.902530][T14997] usb 3-1: config 0 descriptor?? [ 1433.348443][T14997] plantronics 0003:047F:FFFF.00E7: No inputs registered, leaving [ 1433.377045][T14997] plantronics 0003:047F:FFFF.00E7: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1433.631788][T14998] usb 3-1: USB disconnect, device number 84 [ 1433.656014][T16978] [U] [ 1433.659036][T16978] [U] [ 1433.662584][T16978] [U] [ 1433.665302][T16978] [U] [ 1433.675568][T16978] [U] [ 1433.678297][T16978] [U] [ 1433.681030][T16978] [U] [ 1433.683748][T16978] [U] [ 1433.687692][T16978] [U] [ 1433.690429][T16978] [U] [ 1433.693141][T16978] [U] [ 1433.704592][T16977] [U] [ 1434.579456][T17021] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19126'. [ 1434.735966][T14771] usb 3-1: new full-speed USB device number 85 using dummy_hcd [ 1434.917421][T14771] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1434.930535][T14771] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1434.941768][T14771] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1434.953494][T14771] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1434.961973][T14771] usb 3-1: Product: syz [ 1434.966467][T14771] usb 3-1: Manufacturer: syz [ 1434.971067][T14771] usb 3-1: SerialNumber: syz [ 1435.135924][T14998] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 1435.190557][T14771] usb 3-1: 0:2 : does not exist [ 1435.200831][T14771] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 1435.224551][T14771] usb 3-1: USB disconnect, device number 85 [ 1435.255462][ T6235] udevd[6235]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1435.309295][T14998] usb 6-1: Using ep0 maxpacket: 16 [ 1435.320087][T14998] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1435.329541][T14998] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1435.337927][T14998] usb 6-1: Product: syz [ 1435.342101][T14998] usb 6-1: Manufacturer: syz [ 1435.346763][T14998] usb 6-1: SerialNumber: syz [ 1435.353486][T14998] usb 6-1: config 0 descriptor?? [ 1435.584319][T14998] usb 6-1: USB disconnect, device number 50 [ 1436.104715][ T30] audit: type=1804 audit(1746109029.392:5334): pid=17058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.19143" name="/" dev="pidfs" ino=49280 res=1 errno=0 [ 1436.124942][ C0] vkms_vblank_simulate: vblank timer overrun [ 1436.235874][T14998] usb 3-1: new full-speed USB device number 86 using dummy_hcd [ 1436.416510][T14998] usb 3-1: config 0 has an invalid interface number: 113 but max is 0 [ 1436.424734][T14998] usb 3-1: config 0 has no interface number 0 [ 1436.425016][T17066] netlink: 28 bytes leftover after parsing attributes in process `syz.6.19147'. [ 1436.431810][T14771] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 1436.451268][T17066] netlink: 'syz.6.19147': attribute type 7 has an invalid length. [ 1436.464679][T17066] netlink: 'syz.6.19147': attribute type 8 has an invalid length. [ 1436.471935][T14998] usb 3-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1436.476880][T17066] netlink: 8 bytes leftover after parsing attributes in process `syz.6.19147'. [ 1436.493829][T14998] usb 3-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid maxpacket 65535, setting to 64 [ 1436.493857][T14998] usb 3-1: config 0 interface 113 has no altsetting 0 [ 1436.555866][T14998] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1436.564934][T14998] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1436.607701][T14998] usb 3-1: Product: syz [ 1436.611947][T14998] usb 3-1: Manufacturer: syz [ 1436.628826][T14998] usb 3-1: SerialNumber: syz [ 1436.650084][T14998] usb 3-1: config 0 descriptor?? [ 1436.656040][T17054] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1436.670554][ C1] usb 3-1: NFC: Urb failure (status -71) [ 1436.685055][T14771] usb 6-1: Using ep0 maxpacket: 16 [ 1436.696361][ C1] usb 3-1: NFC: Urb failure (status -71) [ 1436.703758][T14771] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1436.715158][T14998] usb 3-1: NFC: Unable to get FW version [ 1436.726274][T14998] pn533_usb 3-1:0.113: probe with driver pn533_usb failed with error -71 [ 1436.736872][T14771] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1436.754219][T14771] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1436.775048][T14771] usb 6-1: config 0 descriptor?? [ 1436.874144][T14998] usb 3-1: USB disconnect, device number 86 [ 1437.207833][T17060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1437.217512][T17060] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1437.233178][T14771] usbhid 6-1:0.0: can't add hid device: -71 [ 1437.239883][T14771] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1437.250482][T14771] usb 6-1: USB disconnect, device number 51 [ 1438.100148][T17117] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 1438.130567][T17117] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 1439.038787][T17157] netlink: 'syz.1.19189': attribute type 10 has an invalid length. [ 1439.058709][T17157] syz_tun: entered promiscuous mode [ 1439.076197][T17157] syz_tun: entered allmulticast mode [ 1439.092783][T17157] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1439.147559][T14754] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 1439.263965][T17168] sctp: [Deprecated]: syz.0.19202 (pid 17168) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1439.263965][T17168] Use struct sctp_sack_info instead [ 1439.325974][T14754] usb 3-1: Using ep0 maxpacket: 32 [ 1439.340206][T14754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1439.359608][ T30] audit: type=1326 audit(1746109032.652:5335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17163 comm="syz.6.19191" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1439.383128][T14754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1439.404396][T14754] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1439.405911][ T30] audit: type=1326 audit(1746109032.652:5336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17163 comm="syz.6.19191" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe1558 code=0x7ffc0000 [ 1439.445086][ T30] audit: type=1326 audit(1746109032.652:5337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17163 comm="syz.6.19191" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1439.455745][T14754] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 1439.485860][ T30] audit: type=1326 audit(1746109032.652:5338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17163 comm="syz.6.19191" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe1558 code=0x7ffc0000 [ 1439.501178][T14754] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1439.513514][ T30] audit: type=1326 audit(1746109032.652:5339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17163 comm="syz.6.19191" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe1558 code=0x7ffc0000 [ 1439.554647][ T30] audit: type=1326 audit(1746109032.652:5340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17163 comm="syz.6.19191" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1439.563926][T14754] usb 3-1: config 0 descriptor?? [ 1439.583530][ T30] audit: type=1326 audit(1746109032.652:5341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17163 comm="syz.6.19191" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe1558 code=0x7ffc0000 [ 1439.614599][ T30] audit: type=1326 audit(1746109032.652:5342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17163 comm="syz.6.19191" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1439.658691][ T30] audit: type=1326 audit(1746109032.652:5343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17163 comm="syz.6.19191" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe1558 code=0x7ffc0000 [ 1439.830630][T17172] netlink: 236 bytes leftover after parsing attributes in process `syz.5.19194'. [ 1440.052764][T17178] syzkaller1: entered promiscuous mode [ 1440.068903][T17178] syzkaller1: entered allmulticast mode [ 1440.194938][T14754] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.00E8/input/input198 [ 1440.313885][T14754] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.00E8/input/input199 [ 1440.477899][T14754] kye 0003:0458:5011.00E8: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.2-1/input0 [ 1440.524323][T14754] usb 3-1: USB disconnect, device number 87 [ 1441.304586][T17217] vivid-000: disconnect [ 1441.317607][T17216] vivid-000: reconnect [ 1442.058978][ T30] kauditd_printk_skb: 110 callbacks suppressed [ 1442.058997][ T30] audit: type=1326 audit(1746109035.342:5454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17244 comm="syz.5.19229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1442.099696][ T30] audit: type=1326 audit(1746109035.352:5455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17244 comm="syz.5.19229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1442.154882][ T30] audit: type=1326 audit(1746109035.352:5456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17244 comm="syz.5.19229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1442.177067][ C0] vkms_vblank_simulate: vblank timer overrun [ 1442.195299][ T30] audit: type=1326 audit(1746109035.352:5457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17244 comm="syz.5.19229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1442.224911][ T30] audit: type=1326 audit(1746109035.352:5458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17244 comm="syz.5.19229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1442.248451][ T30] audit: type=1326 audit(1746109035.352:5459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17244 comm="syz.5.19229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1442.271411][ T30] audit: type=1326 audit(1746109035.352:5460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17244 comm="syz.5.19229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1442.293589][ C0] vkms_vblank_simulate: vblank timer overrun [ 1442.320983][ T30] audit: type=1326 audit(1746109035.352:5461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17244 comm="syz.5.19229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1442.343137][ C0] vkms_vblank_simulate: vblank timer overrun [ 1442.364998][ T30] audit: type=1326 audit(1746109035.352:5462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17244 comm="syz.5.19229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1442.445193][ T30] audit: type=1326 audit(1746109035.352:5463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17244 comm="syz.5.19229" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1442.579528][T17254] netlink: 4 bytes leftover after parsing attributes in process `syz.5.19233'. [ 1443.312604][T17279] input: syz1 as /devices/virtual/input/input200 [ 1443.574298][T17289] syzkaller1: entered promiscuous mode [ 1443.580011][T17289] syzkaller1: entered allmulticast mode [ 1443.705685][T17293] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19251'. [ 1444.767537][T17335] input input201: cannot allocate more than FF_MAX_EFFECTS effects [ 1444.997889][T17343] overlayfs: missing 'lowerdir' [ 1445.529605][T17355] input: syz0 as /devices/virtual/input/input202 [ 1445.867432][T17371] loop2: detected capacity change from 0 to 7 [ 1445.874383][T17371] Dev loop2: unable to read RDB block 7 [ 1445.885596][T17371] loop2: unable to read partition table [ 1445.891656][T17371] loop2: partition table beyond EOD, truncated [ 1445.900687][T17371] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1446.436321][T14997] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 1446.586458][T14997] usb 6-1: Using ep0 maxpacket: 32 [ 1446.606848][T14997] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1446.620196][T14997] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1446.631940][T14997] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1446.640995][T14997] usb 6-1: Product: syz [ 1446.645175][T14997] usb 6-1: Manufacturer: syz [ 1446.653601][T14997] usb 6-1: SerialNumber: syz [ 1446.661866][T14997] usb 6-1: config 0 descriptor?? [ 1447.086461][T14997] gs_usb 6-1:0.0: Configuring for 1 interfaces [ 1447.222138][T17392] loop2: detected capacity change from 0 to 7 [ 1447.236705][T17392] Dev loop2: unable to read RDB block 7 [ 1447.242955][T17392] loop2: AHDI p1 p2 p3 [ 1447.247579][T17392] loop2: partition table partially beyond EOD, truncated [ 1447.254834][T17392] loop2: p1 start 1634624559 is beyond EOD, truncated [ 1447.261939][T17392] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1447.688931][T14997] gs_usb 6-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO) [ 1447.699197][T14997] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -71 [ 1447.713445][T14997] usb 6-1: USB disconnect, device number 52 [ 1448.602128][T17414] loop1: detected capacity change from 0 to 7 [ 1448.618100][T17414] Dev loop1: unable to read RDB block 7 [ 1448.639794][T17414] loop1: AHDI p4 [ 1448.643484][T17414] loop1: partition table partially beyond EOD, truncated [ 1449.160968][ T30] kauditd_printk_skb: 91 callbacks suppressed [ 1449.160984][ T30] audit: type=1326 audit(1746109042.452:5555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17430 comm="syz.1.19308" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x0 [ 1449.166590][T14997] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 1449.228721][T17434] futex_wake_op: syz.0.19309 tries to shift op by 32; fix this program [ 1449.365903][T14997] usb 3-1: Using ep0 maxpacket: 8 [ 1449.374566][T14997] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1449.384333][T14997] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1449.392486][T14997] usb 3-1: Product: syz [ 1449.396821][T14997] usb 3-1: Manufacturer: syz [ 1449.401520][T14997] usb 3-1: SerialNumber: syz [ 1449.412876][T14997] usb 3-1: config 0 descriptor?? [ 1449.682224][T14997] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 1449.810946][T17440] netlink: 136 bytes leftover after parsing attributes in process `syz.0.19311'. [ 1449.820543][T17440] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1450.061268][T17444] netlink: 68 bytes leftover after parsing attributes in process `syz.1.19314'. [ 1450.486383][T14997] usb write operation failed. (-71) [ 1450.503704][T14997] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1450.515402][T14997] dvbdev: DVB: registering new adapter (Terratec H7) [ 1450.534022][T14997] usb 3-1: media controller created [ 1450.543987][T14997] usb read operation failed. (-71) [ 1450.553414][T14997] usb write operation failed. (-71) [ 1450.580126][T14997] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 1450.599043][T14997] usb 3-1: USB disconnect, device number 88 [ 1451.454263][T17498] loop8: detected capacity change from 0 to 8 [ 1451.464830][ T6235] Dev loop8: unable to read RDB block 8 [ 1451.474249][ T6235] loop8: unable to read partition table [ 1451.480872][ T6235] loop8: partition table beyond EOD, truncated [ 1451.499939][T17498] Dev loop8: unable to read RDB block 8 [ 1451.511218][T17498] loop8: unable to read partition table [ 1451.518252][T17498] loop8: partition table beyond EOD, truncated [ 1451.525113][T17498] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1451.757156][ T30] audit: type=1326 audit(1746109045.032:5556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17507 comm="syz.5.19345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1451.838766][ T30] audit: type=1326 audit(1746109045.032:5557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17507 comm="syz.5.19345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1451.890392][ T30] audit: type=1326 audit(1746109045.032:5558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17507 comm="syz.5.19345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1451.963202][ T30] audit: type=1326 audit(1746109045.032:5559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17507 comm="syz.5.19345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1452.044651][ T30] audit: type=1326 audit(1746109045.032:5560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17507 comm="syz.5.19345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1452.106197][ T30] audit: type=1326 audit(1746109045.042:5561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17507 comm="syz.5.19345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1452.138518][ T30] audit: type=1326 audit(1746109045.042:5562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17507 comm="syz.5.19345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1452.181656][ T30] audit: type=1326 audit(1746109045.042:5563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17507 comm="syz.5.19345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f53558 code=0x7ffc0000 [ 1452.207999][ T30] audit: type=1326 audit(1746109045.042:5564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17507 comm="syz.5.19345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1453.048462][T14771] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 1453.223487][T14771] usb 3-1: Using ep0 maxpacket: 8 [ 1453.250004][T14771] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1453.272296][T14771] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1453.296372][T14771] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1453.314243][T14771] usb 3-1: config 0 descriptor?? [ 1453.754001][T14771] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1453.981014][T14997] usb 3-1: USB disconnect, device number 89 [ 1455.925815][T14771] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 1456.087748][T14771] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1456.098856][T14771] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1456.108720][T14771] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1456.125360][T14771] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1456.134618][T14771] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1456.145452][T14771] usb 6-1: config 0 descriptor?? [ 1456.584030][T14771] plantronics 0003:047F:FFFF.00E9: No inputs registered, leaving [ 1456.614658][T14771] plantronics 0003:047F:FFFF.00E9: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1456.812359][T17629] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19399'. [ 1456.894203][T14771] usb 6-1: USB disconnect, device number 53 [ 1456.974942][T17633] syzkaller1: entered promiscuous mode [ 1456.980775][T17633] syzkaller1: entered allmulticast mode [ 1457.419530][T17648] netlink: 52 bytes leftover after parsing attributes in process `syz.1.19408'. [ 1457.490279][T17654] netlink: 'syz.5.19411': attribute type 10 has an invalid length. [ 1457.509740][T17654] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1457.519798][T17654] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1457.585675][T17654] bond0: entered promiscuous mode [ 1457.614140][T17654] batadv0: entered promiscuous mode [ 1457.836404][T14754] usb 3-1: new full-speed USB device number 90 using dummy_hcd [ 1458.010217][T14754] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 1458.021952][T14754] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1458.052909][T14754] usb 3-1: config 0 descriptor?? [ 1458.070064][T14754] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 1458.283559][T17684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.19425'. [ 1458.293621][T14754] gp8psk: usb in 128 operation failed. [ 1458.397464][ T30] kauditd_printk_skb: 61 callbacks suppressed [ 1458.397483][ T30] audit: type=1326 audit(1746109051.692:5626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17685 comm="syz.0.19426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1458.474081][ T30] audit: type=1326 audit(1746109051.692:5627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17685 comm="syz.0.19426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1458.515091][T14754] gp8psk: usb in 146 operation failed. [ 1458.535356][T14754] gp8psk: failed to get FW version [ 1458.555639][T14754] gp8psk: FPGA Version = 173 [ 1458.629885][ T30] audit: type=1326 audit(1746109051.692:5628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17685 comm="syz.0.19426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1458.774542][T14754] gp8psk: usb in 138 operation failed. [ 1458.783811][ T30] audit: type=1326 audit(1746109051.742:5629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17685 comm="syz.0.19426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1458.805760][T14754] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1458.845893][T14754] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 1458.909992][ T30] audit: type=1326 audit(1746109051.742:5630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17685 comm="syz.0.19426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1458.932477][T14754] usb 3-1: USB disconnect, device number 90 [ 1459.064854][ T30] audit: type=1326 audit(1746109051.742:5631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17685 comm="syz.0.19426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000 [ 1459.155311][ T30] audit: type=1326 audit(1746109051.742:5632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17685 comm="syz.0.19426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1459.213729][ T30] audit: type=1326 audit(1746109051.742:5633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17685 comm="syz.0.19426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1459.235873][ C0] vkms_vblank_simulate: vblank timer overrun [ 1459.242699][T14766] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 1459.268030][ T30] audit: type=1326 audit(1746109051.742:5634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17685 comm="syz.0.19426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1459.291139][ T30] audit: type=1326 audit(1746109051.742:5635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17685 comm="syz.0.19426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000 [ 1459.435768][T14766] usb 6-1: Using ep0 maxpacket: 8 [ 1459.453480][T14766] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1459.475515][T14766] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1459.495748][T14766] usb 6-1: Product: syz [ 1459.499965][T14766] usb 6-1: Manufacturer: syz [ 1459.518069][T14766] usb 6-1: SerialNumber: syz [ 1459.541215][T14766] usb 6-1: config 0 descriptor?? [ 1459.568926][T14766] gspca_main: se401-2.14.0 probing 047d:5003 [ 1459.976720][T14766] gspca_se401: Too many frame sizes [ 1460.191660][T14766] usb 6-1: USB disconnect, device number 54 [ 1460.322514][T17725] netlink: 'syz.1.19443': attribute type 16 has an invalid length. [ 1460.331681][T17725] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.19443'. [ 1460.771408][T17748] loop5: detected capacity change from 0 to 4383 [ 1460.807592][ T6235] buffer_io_error: 26 callbacks suppressed [ 1460.807609][ T6235] Buffer I/O error on dev loop5, logical block 547, async page read [ 1460.823157][T17750] loop5: detected capacity change from 4383 to 5423 [ 1460.883982][T32459] Buffer I/O error on dev loop5, logical block 677, async page read [ 1461.003484][ T6235] Buffer I/O error on dev loop5, logical block 677, async page read [ 1461.059030][T17757] netlink: 4 bytes leftover after parsing attributes in process `syz.5.19456'. [ 1461.335871][T14997] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 1461.500064][T14997] usb 3-1: Using ep0 maxpacket: 16 [ 1461.508202][T14997] usb 3-1: config 0 has an invalid interface number: 251 but max is 0 [ 1461.524093][T14997] usb 3-1: config 0 has no interface number 0 [ 1461.552374][T14997] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 1461.591571][T14997] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 1461.614555][T14997] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 1461.650040][T14997] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1461.676265][T14997] usb 3-1: Product: syz [ 1461.680491][T14997] usb 3-1: Manufacturer: syz [ 1461.685123][T14997] usb 3-1: SerialNumber: syz [ 1461.720188][T14997] usb 3-1: config 0 descriptor?? [ 1461.726724][T17759] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1461.733995][T17759] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1461.982213][T17759] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1462.010287][T17759] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1462.249838][ T3551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1462.258823][ T3551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1462.365861][T14771] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 1462.515858][T14771] usb 6-1: Using ep0 maxpacket: 32 [ 1462.524588][T14771] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1462.534724][T14771] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1462.549142][T14771] usb 6-1: config 0 descriptor?? [ 1462.645157][T14997] asix 3-1:0.251 (unnamed net_device) (uninitialized): Invalid PHY address 0x80 [ 1462.760666][T14771] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1462.770052][T14771] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1462.782420][T14771] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1462.789929][T14771] usb 6-1: media controller created [ 1462.809820][T14771] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1462.862732][T14997] usb 3-1: USB disconnect, device number 91 [ 1463.579861][T14771] az6027: usb out operation failed. (-71) [ 1463.585652][T14771] stb0899_attach: Driver disabled by Kconfig [ 1463.606436][T14771] az6027: no front-end attached [ 1463.606436][T14771] [ 1463.614063][T14771] az6027: usb out operation failed. (-71) [ 1463.620967][T14771] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1463.632920][T14771] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input204 [ 1463.647112][T14771] dvb-usb: schedule remote query interval to 400 msecs. [ 1463.654573][T14771] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1463.667991][T14771] usb 6-1: USB disconnect, device number 55 [ 1463.752075][T14771] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1464.308817][T17832] netlink: 92 bytes leftover after parsing attributes in process `syz.2.19491'. [ 1465.468873][T17865] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19514'. [ 1465.485643][T17863] netlink: 'syz.6.19504': attribute type 10 has an invalid length. [ 1465.521516][T17863] syz_tun: entered promiscuous mode [ 1465.539696][ T30] kauditd_printk_skb: 86 callbacks suppressed [ 1465.539713][ T30] audit: type=1804 audit(1746109058.832:5722): pid=17867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.19505" name="/" dev="pidfs" ino=50089 res=1 errno=0 [ 1465.571996][T17863] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1466.017595][T17882] netlink: 52 bytes leftover after parsing attributes in process `syz.6.19511'. [ 1466.476206][T14766] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 1466.635826][T14766] usb 6-1: Using ep0 maxpacket: 32 [ 1466.652588][T14766] usb 6-1: config 0 has an invalid interface number: 108 but max is 0 [ 1466.669962][T14766] usb 6-1: config 0 has no interface number 0 [ 1466.686433][T14766] usb 6-1: config 0 interface 108 has no altsetting 0 [ 1466.699041][T14766] usb 6-1: New USB device found, idVendor=99fa, idProduct=8988, bcdDevice=65.cd [ 1466.713253][T14766] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1466.738633][T14766] usb 6-1: Product: syz [ 1466.742835][T14766] usb 6-1: Manufacturer: syz [ 1466.785721][T14766] usb 6-1: SerialNumber: syz [ 1466.793909][T14766] usb 6-1: config 0 descriptor?? [ 1466.810790][T14766] gspca_main: spca506-2.14.0 probing 99fa:8988 [ 1467.022834][T17890] netlink: 4 bytes leftover after parsing attributes in process `syz.5.19516'. [ 1467.067661][T17890] netlink: 100 bytes leftover after parsing attributes in process `syz.5.19516'. [ 1467.087018][T17890] netlink: 100 bytes leftover after parsing attributes in process `syz.5.19516'. [ 1467.275620][T14766] usb 6-1: USB disconnect, device number 56 [ 1467.583904][T17937] input: syz1 as /devices/virtual/input/input205 [ 1467.885069][T17946] input: syz1 as /devices/virtual/input/input206 [ 1469.022474][T17994] input: syz1 as /devices/virtual/input/input207 [ 1469.294260][T18003] pim6reg: entered allmulticast mode [ 1469.306385][T18003] pim6reg: left allmulticast mode [ 1471.306482][ T5832] Bluetooth: hci4: command 0x0c1a tx timeout [ 1471.308174][T18001] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 1471.740989][T18027] netlink: 8 bytes leftover after parsing attributes in process `syz.5.19576'. [ 1471.906515][T14754] usb 3-1: new full-speed USB device number 92 using dummy_hcd [ 1472.080385][T14754] usb 3-1: config 0 has an invalid interface number: 160 but max is 0 [ 1472.091849][T14754] usb 3-1: config 0 has no interface number 0 [ 1472.105981][T14754] usb 3-1: config 0 interface 160 has no altsetting 0 [ 1472.124953][T14754] usb 3-1: New USB device found, idVendor=a6da, idProduct=1e78, bcdDevice=56.e4 [ 1472.135258][T18039] input: syz0 as /devices/virtual/input/input208 [ 1472.152600][T14754] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1472.182336][T14754] usb 3-1: Product: syz [ 1472.191497][T14754] usb 3-1: Manufacturer: syz [ 1472.201794][T14754] usb 3-1: SerialNumber: syz [ 1472.226913][T14754] usb 3-1: config 0 descriptor?? [ 1472.241895][T14754] usb-storage 3-1:0.160: USB Mass Storage device detected [ 1472.449471][T14754] usb 3-1: USB disconnect, device number 92 [ 1472.825199][T18063] netlink: 'syz.5.19591': attribute type 16 has an invalid length. [ 1472.840648][T18063] netlink: 64138 bytes leftover after parsing attributes in process `syz.5.19591'. [ 1472.868718][T18068] netlink: 4 bytes leftover after parsing attributes in process `syz.6.19593'. [ 1473.227421][T18079] loop2: detected capacity change from 0 to 7 [ 1473.248078][T18079] Dev loop2: unable to read RDB block 7 [ 1473.253704][T18079] loop2: unable to read partition table [ 1473.276649][T18079] loop2: partition table beyond EOD, truncated [ 1473.293042][T18079] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1473.630076][T14771] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 1473.802936][T14771] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1473.820135][T14771] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1473.830859][T14771] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 1473.848174][T14771] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1473.863508][T14771] usb 3-1: config 0 descriptor?? [ 1474.520845][T18112] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1474.727829][T14771] hid-led 0003:27B8:01ED.00EA: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.2-1/input0 [ 1474.777973][T14771] hid-led 0003:27B8:01ED.00EA: ThingM blink(1) initialized [ 1474.874927][T18120] syzkaller1: entered promiscuous mode [ 1474.897940][T18120] syzkaller1: entered allmulticast mode [ 1474.934357][T14997] usb 3-1: USB disconnect, device number 93 [ 1474.956393][ T30] audit: type=1326 audit(1746109068.242:5723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18117 comm="syz.0.19615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000 [ 1475.012635][ T30] audit: type=1326 audit(1746109068.242:5724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18117 comm="syz.0.19615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1475.041240][ T30] audit: type=1326 audit(1746109068.242:5725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18117 comm="syz.0.19615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000 [ 1475.075391][ T30] audit: type=1326 audit(1746109068.242:5726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18117 comm="syz.0.19615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1475.106332][ T30] audit: type=1326 audit(1746109068.242:5727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18117 comm="syz.0.19615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000 [ 1475.129862][ T30] audit: type=1326 audit(1746109068.242:5728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18117 comm="syz.0.19615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1475.152901][ T30] audit: type=1326 audit(1746109068.242:5729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18117 comm="syz.0.19615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000 [ 1475.265776][ T30] audit: type=1326 audit(1746109068.242:5730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18117 comm="syz.0.19615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1475.313774][ T30] audit: type=1326 audit(1746109068.242:5731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18117 comm="syz.0.19615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000 [ 1475.389892][ T30] audit: type=1326 audit(1746109068.242:5732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18117 comm="syz.0.19615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000 [ 1475.672533][T18136] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1476.122522][T18157] netlink: 12 bytes leftover after parsing attributes in process `syz.5.19630'. [ 1476.365530][T18161] bond0: option arp_interval: invalid value (18446744073709551615) [ 1476.375084][T18161] bond0: option arp_interval: allowed values 0 - 2147483647 [ 1478.111482][T18222] loop8: detected capacity change from 0 to 8 [ 1478.126864][T18221] netlink: 136 bytes leftover after parsing attributes in process `syz.6.19662'. [ 1478.139014][T18222] Dev loop8: unable to read RDB block 8 [ 1478.144693][T18222] loop8: unable to read partition table [ 1478.162860][T18221] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1478.182067][T18222] loop8: partition table beyond EOD, truncated [ 1478.213117][T18222] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1478.402174][T18226] sctp: [Deprecated]: syz.6.19664 (pid 18226) Use of int in maxseg socket option. [ 1478.402174][T18226] Use struct sctp_assoc_value instead [ 1478.890209][T18246] fuse: Bad value for 'fd' [ 1479.695657][T18281] input: syz0 as /devices/virtual/input/input209 [ 1479.719346][T18283] netlink: 44 bytes leftover after parsing attributes in process `syz.5.19690'. [ 1482.112152][T18328] syzkaller1: entered promiscuous mode [ 1482.120950][T18328] syzkaller1: entered allmulticast mode [ 1482.619228][T18349] netlink: 'syz.6.19720': attribute type 11 has an invalid length. [ 1483.395318][T18370] loop2: detected capacity change from 0 to 7 [ 1483.407358][ T7407] Dev loop2: unable to read RDB block 7 [ 1483.412959][ T7407] loop2: AHDI p2 p3 [ 1483.417431][ T7407] loop2: partition table partially beyond EOD, truncated [ 1483.424606][ T7407] loop2: p2 size 150995456 extends beyond EOD, truncated [ 1483.440474][T18370] Dev loop2: unable to read RDB block 7 [ 1483.446404][T18370] loop2: AHDI p2 p3 [ 1483.450363][T18370] loop2: partition table partially beyond EOD, truncated [ 1483.458163][T18370] loop2: p2 size 150995456 extends beyond EOD, truncated [ 1483.509778][ T6235] udevd[6235]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 1483.555201][ T6235] udevd[6235]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 1483.703329][T18376] syzkaller1: entered promiscuous mode [ 1483.709814][T18376] syzkaller1: entered allmulticast mode [ 1484.197556][T18390] openvswitch: netlink: IPv4 tun info is not correct [ 1484.431449][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.438040][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1484.648484][T14771] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 1484.693014][T18411] syzkaller1: entered promiscuous mode [ 1484.698635][T18411] syzkaller1: entered allmulticast mode [ 1484.809977][T14771] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1484.845776][T14771] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1484.855458][T14771] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1484.908104][T14771] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1484.926194][T14771] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1484.934303][T14771] usb 6-1: Product: syz [ 1484.949307][T14771] usb 6-1: Manufacturer: syz [ 1484.953945][T14771] usb 6-1: SerialNumber: syz [ 1485.220541][T14771] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 57 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1485.433440][T14997] usb 6-1: USB disconnect, device number 57 [ 1485.648556][T18396] usblp0: removed [ 1486.262764][T18446] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19759'. [ 1486.286722][T18446] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 1486.295078][T18446] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1486.886779][T18475] netlink: 4 bytes leftover after parsing attributes in process `syz.5.19769'. [ 1487.056560][T18478] syzkaller1: entered promiscuous mode [ 1487.062504][T18478] syzkaller1: entered allmulticast mode [ 1487.846275][T18505] netlink: 4 bytes leftover after parsing attributes in process `syz.6.19785'. [ 1488.636668][T18532] openvswitch: netlink: IPv4 tun info is not correct [ 1488.886352][T14754] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 1489.066462][T14754] usb 6-1: Using ep0 maxpacket: 8 [ 1489.103670][T14754] usb 6-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d [ 1489.115944][T14754] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1489.125884][T14754] usb 6-1: Product: syz [ 1489.140134][T14754] usb 6-1: Manufacturer: syz [ 1489.144751][T14754] usb 6-1: SerialNumber: syz [ 1489.160596][T14754] usb 6-1: config 0 descriptor?? [ 1489.174545][T14754] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 1490.182546][T14754] gspca_sonixj: reg_w err -71 [ 1490.193068][T14754] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 1490.221756][T14754] usb 6-1: USB disconnect, device number 58 [ 1490.445889][T14771] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 1490.595908][T14771] usb 3-1: Using ep0 maxpacket: 16 [ 1490.603477][T14771] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1490.615345][T14771] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1490.625198][T14771] usb 3-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00 [ 1490.634355][T14771] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1490.650132][T14771] usb 3-1: config 0 descriptor?? [ 1491.115982][T14771] aquacomputer_d5next 0003:0C70:F00A.00EB: hidraw0: USB HID v0.00 Device [HID 0c70:f00a] on usb-dummy_hcd.2-1/input0 [ 1493.030993][ T9871] usb 3-1: USB disconnect, device number 94 [ 1495.535819][T14771] usb 6-1: new high-speed USB device number 59 using dummy_hcd [ 1495.695972][T14771] usb 6-1: Using ep0 maxpacket: 32 [ 1495.707665][T14771] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 1495.716425][T14771] usb 6-1: config 0 has no interface number 0 [ 1495.724243][T14771] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1495.733548][T14771] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1495.741621][T14771] usb 6-1: Product: syz [ 1495.745907][T14771] usb 6-1: Manufacturer: syz [ 1495.750514][T14771] usb 6-1: SerialNumber: syz [ 1495.757572][T14771] usb 6-1: config 0 descriptor?? [ 1495.765268][T14771] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1496.085393][T14771] usb 6-1: qt2_attach - failed to power on unit: -71 [ 1496.106205][T14771] quatech2 6-1:0.51: probe with driver quatech2 failed with error -71 [ 1496.124801][T14771] usb 6-1: USB disconnect, device number 59 [ 1497.524074][T18732] syzkaller1: entered promiscuous mode [ 1497.536278][T18732] syzkaller1: entered allmulticast mode [ 1498.045791][ T9871] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 1498.146080][T14771] usb 6-1: new high-speed USB device number 60 using dummy_hcd [ 1498.197299][ T9871] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1498.208372][ T9871] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1498.219768][ T9871] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1498.229953][ T9871] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1498.244988][ T9871] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1498.254527][ T9871] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1498.263076][ T9871] usb 3-1: Manufacturer: syz [ 1498.270433][ T9871] usb 3-1: config 0 descriptor?? [ 1498.315787][T14771] usb 6-1: Using ep0 maxpacket: 16 [ 1498.334543][T14771] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1498.361783][T14771] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1498.375477][T14771] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1498.393329][T14771] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1498.406099][T14771] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1498.414869][T14771] usb 6-1: Product: syz [ 1498.431386][T14771] usb 6-1: Manufacturer: syz [ 1498.436979][T14771] usb 6-1: SerialNumber: syz [ 1498.701771][ T9871] appleir 0003:05AC:8243.00EC: unknown main item tag 0x0 [ 1498.710552][ T9871] appleir 0003:05AC:8243.00EC: No inputs registered, leaving [ 1498.726653][ T9871] appleir 0003:05AC:8243.00EC: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 1498.880797][T14771] usb 6-1: 0:2 : does not exist [ 1499.021353][T14766] usb 3-1: USB disconnect, device number 95 [ 1499.515083][T14771] usb 6-1: USB disconnect, device number 60 [ 1500.579687][T14771] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 1500.745855][T14771] usb 3-1: Using ep0 maxpacket: 8 [ 1500.770419][T14771] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1500.803903][T14771] usb 3-1: config 0 has no interface number 0 [ 1500.819885][T14771] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1500.870060][T14771] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1500.879797][T14771] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1500.901192][T14771] usb 3-1: config 0 descriptor?? [ 1500.928925][T14771] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1501.339521][T18826] bond0: left promiscuous mode [ 1501.361160][T18826] batadv0: left promiscuous mode [ 1501.383842][T18830] netlink: 4 bytes leftover after parsing attributes in process `syz.0.19926'. [ 1501.399411][T18826] mac80211_hwsim hwsim25 wlan0: left allmulticast mode [ 1501.430263][T18826] macvlan2: left allmulticast mode [ 1501.931458][ T30] kauditd_printk_skb: 98 callbacks suppressed [ 1501.931516][ T30] audit: type=1326 audit(1746109095.222:5831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18844 comm="syz.1.19933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000 [ 1502.033016][ T30] audit: type=1326 audit(1746109095.232:5832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18844 comm="syz.1.19933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000 [ 1502.111105][ T30] audit: type=1326 audit(1746109095.232:5833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18844 comm="syz.1.19933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000 [ 1502.189571][T14771] usb 3-1: USB disconnect, device number 96 [ 1502.260132][ T30] audit: type=1326 audit(1746109095.232:5834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18844 comm="syz.1.19933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000 [ 1502.373574][ T30] audit: type=1326 audit(1746109095.232:5835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18844 comm="syz.1.19933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000 [ 1502.509788][ T30] audit: type=1326 audit(1746109095.232:5836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18844 comm="syz.1.19933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000 [ 1502.592887][ T30] audit: type=1326 audit(1746109095.252:5837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18844 comm="syz.1.19933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1502.661607][ T30] audit: type=1326 audit(1746109095.252:5838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18844 comm="syz.1.19933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000 [ 1502.765777][ T30] audit: type=1326 audit(1746109095.252:5839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18844 comm="syz.1.19933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000 [ 1502.969716][ T30] audit: type=1326 audit(1746109095.252:5840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18844 comm="syz.1.19933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1504.016060][ T9871] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 1504.180553][ T9871] usb 3-1: Using ep0 maxpacket: 16 [ 1504.203569][ T9871] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1504.233126][ T9871] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1504.254305][ T9871] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1504.274724][ T9871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1504.294562][ T9871] usb 3-1: Product: syz [ 1504.300381][ T9871] usb 3-1: Manufacturer: syz [ 1504.308293][ T9871] usb 3-1: SerialNumber: syz [ 1504.321460][ T9871] usb 3-1: config 0 descriptor?? [ 1504.346618][ T9871] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1504.360688][ T9871] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 1504.847863][T18936] syzkaller1: entered promiscuous mode [ 1504.853462][T18936] syzkaller1: entered allmulticast mode [ 1504.946001][ T9871] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 1504.956714][ T9871] em28xx 3-1:0.0: Config register raw data: 0x56 [ 1505.158337][ T9871] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 1505.165368][ T9871] em28xx 3-1:0.0: No AC97 audio processor [ 1505.200055][ T9871] usb 3-1: USB disconnect, device number 97 [ 1505.217831][ T9871] em28xx 3-1:0.0: Disconnecting em28xx [ 1505.227273][ T9871] em28xx 3-1:0.0: Freeing device [ 1507.228038][T14766] usb 6-1: new high-speed USB device number 61 using dummy_hcd [ 1507.408867][T14766] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1507.441083][T14766] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1507.472478][T14766] usb 6-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 1507.498289][T14766] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1507.528497][T14766] usb 6-1: config 0 descriptor?? [ 1507.733928][T19014] netlink: 44 bytes leftover after parsing attributes in process `syz.6.20009'. [ 1507.966749][T14766] playstation 0003:054C:0DF2.00ED: unknown main item tag 0x0 [ 1508.009585][T14766] playstation 0003:054C:0DF2.00ED: unknown main item tag 0x0 [ 1508.026467][T14766] playstation 0003:054C:0DF2.00ED: unknown main item tag 0x0 [ 1508.054338][T14766] playstation 0003:054C:0DF2.00ED: unknown main item tag 0x0 [ 1508.064151][T14766] playstation 0003:054C:0DF2.00ED: unknown main item tag 0x0 [ 1508.094133][T14766] playstation 0003:054C:0DF2.00ED: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.5-1/input0 [ 1508.197394][T14766] playstation 0003:054C:0DF2.00ED: Invalid reportID received, expected 9 got 0 [ 1508.226293][T14766] playstation 0003:054C:0DF2.00ED: Failed to retrieve DualSense pairing info: -22 [ 1508.235576][T14766] playstation 0003:054C:0DF2.00ED: Failed to get MAC address from DualSense [ 1508.284799][T14766] playstation 0003:054C:0DF2.00ED: Failed to create dualsense. [ 1508.315454][T14766] playstation 0003:054C:0DF2.00ED: probe with driver playstation failed with error -22 [ 1508.424687][ T9871] usb 6-1: USB disconnect, device number 61 [ 1509.212666][T19044] loop8: detected capacity change from 0 to 8 [ 1509.229545][T19044] Dev loop8: unable to read RDB block 8 [ 1509.235158][T19044] loop8: unable to read partition table [ 1509.255977][T19044] loop8: partition table beyond EOD, truncated [ 1509.276614][T19044] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1509.389692][T19048] binder: 19047:19048 ioctl c0306201 0 returned -14 [ 1510.959965][T19115] syzkaller1: entered promiscuous mode [ 1510.965523][T19115] syzkaller1: entered allmulticast mode [ 1511.452784][T19133] loop6: detected capacity change from 0 to 63 [ 1511.473259][ T6235] Buffer I/O error on dev loop6, logical block 0, async page read [ 1511.478418][T19133] Buffer I/O error on dev loop6, logical block 1, async page read [ 1511.489607][T19133] Buffer I/O error on dev loop6, logical block 1, async page read [ 1511.494353][ T6235] Buffer I/O error on dev loop6, logical block 0, async page read [ 1511.509917][ T6235] Buffer I/O error on dev loop6, logical block 0, async page read [ 1511.521400][ T6235] Buffer I/O error on dev loop6, logical block 0, async page read [ 1511.534031][ T6235] Buffer I/O error on dev loop6, logical block 0, async page read [ 1511.542813][ T6235] Buffer I/O error on dev loop6, logical block 0, async page read [ 1511.552103][ T6235] Buffer I/O error on dev loop6, logical block 3, async page read [ 1512.240671][T19159] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20071'. [ 1512.263056][T19159] vlan2: entered allmulticast mode [ 1512.273762][T19159] gretap0: entered allmulticast mode [ 1512.736334][T14997] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 1512.888980][T14997] usb 3-1: Using ep0 maxpacket: 32 [ 1512.928510][T14997] usb 3-1: config 0 has no interfaces? [ 1512.938094][T14997] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1512.956787][T14997] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1512.981137][T14997] usb 3-1: Product: syz [ 1512.995556][T14997] usb 3-1: Manufacturer: syz [ 1513.003459][T14997] usb 3-1: SerialNumber: syz [ 1513.019529][T14997] usb 3-1: config 0 descriptor?? [ 1513.265288][T19176] bond0: Device is already in use. [ 1513.319017][ T9871] usb 3-1: USB disconnect, device number 98 [ 1515.237581][T19248] ALSA: mixer_oss: invalid OSS volume '' [ 1515.262336][ T30] kauditd_printk_skb: 187 callbacks suppressed [ 1515.262352][ T30] audit: type=1326 audit(1746109108.552:6028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19249 comm="syz.2.20111" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1515.331775][ T30] audit: type=1326 audit(1746109108.552:6029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19249 comm="syz.2.20111" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1515.405379][ T30] audit: type=1326 audit(1746109108.552:6030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19249 comm="syz.2.20111" exe="/root/syz-executor" sig=0 arch=40000003 syscall=274 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1515.456541][ T30] audit: type=1326 audit(1746109108.552:6031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19249 comm="syz.2.20111" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1515.484684][ T30] audit: type=1326 audit(1746109108.552:6032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19249 comm="syz.2.20111" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1515.538605][ T30] audit: type=1326 audit(1746109108.552:6033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19249 comm="syz.2.20111" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1515.572206][ T30] audit: type=1326 audit(1746109108.552:6034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19249 comm="syz.2.20111" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1515.660592][ T30] audit: type=1326 audit(1746109108.552:6035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19249 comm="syz.2.20111" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1515.682789][ C1] vkms_vblank_simulate: vblank timer overrun [ 1515.729753][ T30] audit: type=1326 audit(1746109108.552:6036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19249 comm="syz.2.20111" exe="/root/syz-executor" sig=0 arch=40000003 syscall=42 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1515.751848][ C1] vkms_vblank_simulate: vblank timer overrun [ 1515.760864][ T30] audit: type=1326 audit(1746109108.552:6037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19249 comm="syz.2.20111" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000 [ 1515.783018][ C1] vkms_vblank_simulate: vblank timer overrun [ 1516.202310][T14754] usb 6-1: new full-speed USB device number 62 using dummy_hcd [ 1516.390631][T14754] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 1516.409354][T14754] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1516.436435][T19289] loop5: detected capacity change from 0 to 2575 [ 1516.444771][T14754] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 1516.475882][T14754] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 1516.482311][ T6235] Buffer I/O error on dev loop5, logical block 321, async page read [ 1516.499005][T14754] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1516.512593][T19289] loop5: detected capacity change from 2575 to 6519 [ 1516.545103][T14754] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1516.561882][T14754] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1516.577962][T14754] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1516.600398][T14754] usb 6-1: Product: syz [ 1516.604753][T14754] usb 6-1: Manufacturer: syz [ 1516.610353][ T6235] Buffer I/O error on dev loop5, logical block 814, async page read [ 1516.618943][T14754] usb 6-1: SerialNumber: syz [ 1516.649447][T14754] usb 6-1: config 0 descriptor?? [ 1516.664971][T19269] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1516.699236][T14754] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1516.740283][T14754] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1517.161306][T14754] usb 6-1: USB disconnect, device number 62 [ 1517.170040][T14754] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 1517.516594][T19319] netlink: 12 bytes leftover after parsing attributes in process `syz.2.20142'. [ 1517.683980][T19327] netlink: 4 bytes leftover after parsing attributes in process `syz.2.20144'. [ 1517.790313][T19332] loop8: detected capacity change from 0 to 8 [ 1517.799995][T19332] Dev loop8: unable to read RDB block 8 [ 1517.807711][T19332] loop8: unable to read partition table [ 1517.814184][T19332] loop8: partition table beyond EOD, truncated [ 1517.839008][T19332] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1518.416065][ T9871] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 1518.575839][ T9871] usb 3-1: Using ep0 maxpacket: 32 [ 1518.594632][ T9871] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1518.625983][ T9871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1518.634061][ T9871] usb 3-1: Product: syz [ 1518.643384][ T9871] usb 3-1: Manufacturer: syz [ 1518.648535][ T9871] usb 3-1: SerialNumber: syz [ 1518.683272][ T9871] usb 3-1: config 0 descriptor?? [ 1518.702603][ T9871] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1519.736058][ T9871] gspca_ov534_9: reg_w failed -71 [ 1520.027568][ T9871] gspca_ov534_9: Unknown sensor 0000 [ 1520.027661][ T9871] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 1520.062464][ T9871] usb 3-1: USB disconnect, device number 99 [ 1520.201969][T19405] input: syz1 as /devices/virtual/input/input210 [ 1520.557284][T19414] fuse: Bad value for 'fd' [ 1522.196310][ T9871] usb 6-1: new high-speed USB device number 63 using dummy_hcd [ 1522.358073][ T9871] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1522.380239][ T9871] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1522.419114][ T9871] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1522.430600][ T9871] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1522.446134][ T9871] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1522.458156][ T9871] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1522.466517][ T9871] usb 6-1: Manufacturer: syz [ 1522.474234][ T9871] usb 6-1: config 0 descriptor?? [ 1522.905207][ T9871] appleir 0003:05AC:8243.00EE: unknown main item tag 0x0 [ 1522.913748][ T9871] appleir 0003:05AC:8243.00EE: No inputs registered, leaving [ 1522.930930][ T9871] appleir 0003:05AC:8243.00EE: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 1523.178587][ T9871] usb 6-1: USB disconnect, device number 63 [ 1523.191786][T19485] netlink: 12 bytes leftover after parsing attributes in process `syz.2.20213'. [ 1523.223784][T19485] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1523.232672][T19485] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1523.241599][T19485] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1523.250907][T19485] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1523.263828][T19485] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1523.272936][T19485] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1523.282623][T19485] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1523.291866][T19485] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1523.978134][T19501] netlink: 28 bytes leftover after parsing attributes in process `syz.0.20219'. [ 1523.987491][T19501] netlink: 'syz.0.20219': attribute type 7 has an invalid length. [ 1523.998659][T19501] netlink: 'syz.0.20219': attribute type 8 has an invalid length. [ 1524.008925][T19501] netlink: 4 bytes leftover after parsing attributes in process `syz.0.20219'. [ 1524.086208][T14766] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 1524.123319][T19505] sctp: [Deprecated]: syz.0.20221 (pid 19505) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1524.123319][T19505] Use struct sctp_sack_info instead [ 1524.236540][T14766] usb 6-1: Using ep0 maxpacket: 32 [ 1524.250417][T14766] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1524.279043][T14766] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1524.292449][T14766] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1524.302819][T14766] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1524.321610][T14766] usb 6-1: config 0 descriptor?? [ 1524.795993][T19526] syzkaller1: entered promiscuous mode [ 1524.801662][T19526] syzkaller1: entered allmulticast mode [ 1524.815294][T14766] savu 0003:1E7D:2D5A.00EF: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 1525.118719][ T9871] usb 6-1: USB disconnect, device number 64 [ 1525.133253][T19533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20235'. [ 1525.147992][T19533] netlink: 'syz.2.20235': attribute type 18 has an invalid length. [ 1525.160826][T19533] netlink: 4 bytes leftover after parsing attributes in process `syz.2.20235'. [ 1525.330844][T19541] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 1526.995756][ T9871] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 1527.145911][ T9871] usb 6-1: Using ep0 maxpacket: 32 [ 1527.153009][ T9871] usb 6-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1527.162141][ T9871] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1527.172727][ T9871] usb 6-1: config 0 descriptor?? [ 1527.188057][ T9871] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 1528.199932][ T9871] gspca_vc032x: reg_w err -71 [ 1528.216950][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.227854][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.237505][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.242824][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.265817][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.273564][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.296133][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.312736][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.335885][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.350793][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.372789][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.385687][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.404666][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.441549][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.467754][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.492792][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.533460][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.549052][ T9871] gspca_vc032x: I2c Bus Busy Wait 00 [ 1528.571218][ T9871] gspca_vc032x: Unknown sensor... [ 1528.594294][ T9871] vc032x 6-1:0.0: probe with driver vc032x failed with error -22 [ 1528.623822][ T9871] usb 6-1: USB disconnect, device number 65 [ 1529.077963][T19629] syzkaller1: entered promiscuous mode [ 1529.084283][T19629] syzkaller1: entered allmulticast mode [ 1530.085893][T14771] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 1530.298357][T14771] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1530.315764][T14771] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1530.324531][T14771] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1530.336078][T14771] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1530.344317][T14771] usb 6-1: Product: syz [ 1530.355747][T14771] usb 6-1: Manufacturer: syz [ 1530.360442][T14771] usb 6-1: SerialNumber: syz [ 1530.379365][T14771] usb 6-1: config 0 descriptor?? [ 1530.401793][T14771] usb 6-1: selecting invalid altsetting 0 [ 1530.643453][T14771] usb 6-1: USB disconnect, device number 66 [ 1531.516354][T14754] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 1531.680827][ T30] kauditd_printk_skb: 98 callbacks suppressed [ 1531.680844][ T30] audit: type=1326 audit(1746109124.972:6136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19714 comm="syz.1.20317" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x0 [ 1531.722807][T19717] batadv_slave_1: entered promiscuous mode [ 1531.730753][T19717] batadv_slave_1: left promiscuous mode [ 1531.747683][T14754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1531.811600][T14754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1531.821794][T14754] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 1531.834276][T14754] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1531.847575][T14754] usb 3-1: config 0 descriptor?? [ 1531.961593][ T30] audit: type=1326 audit(1746109125.252:6137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19723 comm="syz.5.20320" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1531.989467][ T30] audit: type=1326 audit(1746109125.272:6138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19723 comm="syz.5.20320" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1532.038093][ T30] audit: type=1326 audit(1746109125.272:6139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19723 comm="syz.5.20320" exe="/root/syz-executor" sig=0 arch=40000003 syscall=310 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1532.066736][ T30] audit: type=1326 audit(1746109125.272:6140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19723 comm="syz.5.20320" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1532.090938][ T30] audit: type=1326 audit(1746109125.272:6141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19723 comm="syz.5.20320" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1532.134997][ T30] audit: type=1326 audit(1746109125.272:6142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19723 comm="syz.5.20320" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1532.160265][ T30] audit: type=1326 audit(1746109125.272:6143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19723 comm="syz.5.20320" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1532.183985][ T30] audit: type=1326 audit(1746109125.272:6144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19723 comm="syz.5.20320" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1532.209610][ T30] audit: type=1326 audit(1746109125.272:6145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19723 comm="syz.5.20320" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 1532.289757][T14754] hid-led 0003:0FC5:B080.00F0: unknown main item tag 0x0 [ 1532.752657][T19743] netlink: 28 bytes leftover after parsing attributes in process `syz.1.20328'. [ 1532.764888][T19743] netlink: 28 bytes leftover after parsing attributes in process `syz.1.20328'. [ 1532.780910][T19743] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 1532.792614][T19743] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 1532.886170][T14771] usb 3-1: USB disconnect, device number 100 [ 1533.213539][T19754] syzkaller1: entered promiscuous mode [ 1533.219693][T19754] syzkaller1: entered allmulticast mode [ 1535.416325][T19822] netlink: 4 bytes leftover after parsing attributes in process `syz.2.20362'. [ 1535.438056][T19822] netlink: 32 bytes leftover after parsing attributes in process `syz.2.20362'. [ 1535.447749][T19824] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20363'. [ 1535.486615][T19824] netlink: 4 bytes leftover after parsing attributes in process `syz.0.20363'. [ 1535.641211][T19830] pimreg: entered allmulticast mode [ 1535.786001][T14752] usb 6-1: new full-speed USB device number 67 using dummy_hcd [ 1535.971523][T14752] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1536.001817][T14752] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1536.021030][T14752] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1536.045776][T14752] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1536.053805][T14752] usb 6-1: Product: syz [ 1536.074203][T14752] usb 6-1: Manufacturer: syz [ 1536.103574][T14752] usb 6-1: SerialNumber: syz [ 1536.343426][T14752] usb 6-1: 0:2 : does not exist [ 1536.375381][T14752] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 1536.468722][T14752] usb 6-1: USB disconnect, device number 67 [ 1536.508605][ T6235] udevd[6235]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1537.469466][T19895] kvm: kvm [19894]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010000) = 0x79a38c48ff000000 [ 1538.218766][T19915] netlink: 8 bytes leftover after parsing attributes in process `syz.5.20404'. [ 1538.234740][T19915] vlan2: entered allmulticast mode [ 1538.240802][T19915] gretap0: entered allmulticast mode [ 1540.108681][T19980] netlink: 4 bytes leftover after parsing attributes in process `syz.2.20435'. [ 1540.138729][T19980] netlink: 190 bytes leftover after parsing attributes in process `syz.2.20435'. [ 1540.824658][T20007] sctp: [Deprecated]: syz.2.20449 (pid 20007) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1540.824658][T20007] Use struct sctp_sack_info instead [ 1541.948039][T20058] netlink: 'syz.6.20468': attribute type 29 has an invalid length. [ 1541.972625][T20058] netlink: 'syz.6.20468': attribute type 29 has an invalid length. [ 1541.995130][T20058] netlink: 600 bytes leftover after parsing attributes in process `syz.6.20468'. [ 1542.859195][T20083] syzkaller1: entered promiscuous mode [ 1542.882051][T20083] syzkaller1: entered allmulticast mode [ 1543.537894][T14752] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 1543.717921][T14752] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1543.765987][T14752] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1543.805346][T20106] netlink: 24 bytes leftover after parsing attributes in process `syz.0.20490'. [ 1543.819723][T14752] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1543.865734][T14752] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1543.895360][T14752] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1543.948765][T14752] usb 3-1: config 0 descriptor?? [ 1544.074493][T20113] netlink: 20 bytes leftover after parsing attributes in process `syz.6.20493'. [ 1544.392761][T14752] plantronics 0003:047F:FFFF.00F1: reserved main item tag 0xd [ 1544.433014][T14752] plantronics 0003:047F:FFFF.00F1: No inputs registered, leaving [ 1544.480175][T14752] plantronics 0003:047F:FFFF.00F1: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1545.214487][T20148] input: syz0 as /devices/virtual/input/input211 [ 1545.685203][T20159] netlink: 4 bytes leftover after parsing attributes in process `syz.5.20514'. [ 1545.872265][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1545.882660][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.501348][T14771] hid-generic 0000:0000:0000.00F2: unknown main item tag 0x0 [ 1546.545934][T14771] hid-generic 0000:0000:0000.00F2: hidraw1: HID v0.00 Device [syz1] on syz0 [ 1546.557632][T14754] usb 3-1: USB disconnect, device number 101 [ 1546.778617][T20191] netlink: zone id is out of range [ 1546.798086][T20191] netlink: zone id is out of range [ 1546.803212][T20191] netlink: zone id is out of range [ 1546.835364][T20191] netlink: zone id is out of range [ 1546.840935][T20191] netlink: zone id is out of range [ 1546.848237][T20191] netlink: zone id is out of range [ 1546.854923][T20191] netlink: zone id is out of range [ 1546.865718][T20191] netlink: zone id is out of range [ 1546.871059][T20191] netlink: zone id is out of range [ 1546.878551][T20191] netlink: zone id is out of range [ 1547.675836][T14752] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 1547.886100][T14752] usb 6-1: Using ep0 maxpacket: 32 [ 1547.925760][T14752] usb 6-1: config 0 has an invalid interface number: 89 but max is 0 [ 1547.948917][T14752] usb 6-1: config 0 has no interface number 0 [ 1547.972661][T14752] usb 6-1: config 0 interface 89 altsetting 225 bulk endpoint 0x82 has invalid maxpacket 6 [ 1548.025912][T14752] usb 6-1: config 0 interface 89 has no altsetting 0 [ 1548.110945][T20225] ALSA: seq fatal error: cannot create timer (-19) [ 1548.131765][T14752] usb 6-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68 [ 1548.154804][T14752] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1548.189427][T14752] usb 6-1: Product: syz [ 1548.193627][T14752] usb 6-1: Manufacturer: syz [ 1548.223500][T14752] usb 6-1: SerialNumber: syz [ 1548.276507][T14752] usb 6-1: config 0 descriptor?? [ 1548.292112][T20210] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1548.336485][T20235] Context (ID=0x1) not attached to queue pair (handle=0x500:0x2) [ 1548.355158][T14752] hub 6-1:0.89: bad descriptor, ignoring hub [ 1548.385244][T14752] hub 6-1:0.89: probe with driver hub failed with error -5 [ 1548.407185][T14752] option 6-1:0.89: GSM modem (1-port) converter detected [ 1548.445162][T14752] usb 6-1: GSM modem (1-port) converter now attached to ttyUSB0 [ 1548.459266][T20238] syzkaller1: entered promiscuous mode [ 1548.497683][T20238] syzkaller1: entered allmulticast mode [ 1548.511256][T20240] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 348 [ 1548.800006][ T9871] usb 6-1: USB disconnect, device number 68 [ 1548.854836][ T9871] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0 [ 1548.872476][ T9871] option 6-1:0.89: device disconnected [ 1549.100938][T20253] sctp: [Deprecated]: syz.6.20554 (pid 20253) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1549.100938][T20253] Use struct sctp_sack_info instead [ 1550.621100][T20294] netlink: 28 bytes leftover after parsing attributes in process `syz.2.20571'. [ 1550.639695][T20294] netlink: 'syz.2.20571': attribute type 7 has an invalid length. [ 1550.651341][T20294] netlink: 'syz.2.20571': attribute type 8 has an invalid length. [ 1550.662299][T20294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.20571'. [ 1551.995755][ T9871] usb 3-1: new low-speed USB device number 102 using dummy_hcd [ 1552.159456][ T9871] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 1552.178705][ T9871] usb 3-1: config 0 has no interface number 0 [ 1552.184810][ T9871] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1552.215752][ T9871] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 1552.236172][ T9871] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1552.258600][ T9871] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1552.288565][ T9871] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 1552.310202][ T9871] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1552.344231][ T9871] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1552.357796][ T9871] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1552.386677][ T9871] usb 3-1: config 0 descriptor?? [ 1552.402770][T20324] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1552.415964][T20324] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1552.584237][ T9871] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1552.760085][ T9871] usb 3-1: USB disconnect, device number 102 [ 1552.782708][ T9871] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 1552.983736][T20337] [ 1552.986113][T20337] ===================================================== [ 1552.993029][T20337] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1553.000481][T20337] 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 Not tainted [ 1553.007596][T20337] ----------------------------------------------------- [ 1553.014552][T20337] syz.5.20590/20337 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1553.022370][T20337] ffff88803130e558 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1553.031090][T20337] [ 1553.031090][T20337] and this task is already holding: [ 1553.038449][T20337] ffff88805f576028 (&client->buffer_lock#2){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1553.048422][T20337] which would create a new lock dependency: [ 1553.054308][T20337] (&client->buffer_lock#2){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1553.062593][T20337] [ 1553.062593][T20337] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1553.072037][T20337] (&client->buffer_lock#2){..-.}-{3:3} [ 1553.072070][T20337] [ 1553.072070][T20337] ... which became SOFTIRQ-irq-safe at: [ 1553.085296][T20337] lock_acquire+0x120/0x360 [ 1553.089898][T20337] _raw_spin_lock+0x2e/0x40 [ 1553.094489][T20337] evdev_pass_values+0xb9/0xbd0 [ 1553.099439][T20337] evdev_events+0x1e6/0x340 [ 1553.104032][T20337] input_pass_values+0x285/0x890 [ 1553.109056][T20337] input_event_dispose+0x3e5/0x6b0 [ 1553.114255][T20337] input_event+0x8c/0xc0 [ 1553.118584][T20337] hidinput_hid_event+0x132c/0x1c90 [ 1553.123875][T20337] hid_process_event+0x4be/0x620 [ 1553.128900][T20337] hid_report_raw_event+0xe91/0x16d0 [ 1553.134268][T20337] hid_input_report+0x43e/0x520 [ 1553.139197][T20337] hid_irq_in+0x47e/0x6d0 [ 1553.143610][T20337] __usb_hcd_giveback_urb+0x417/0x690 [ 1553.149077][T20337] dummy_timer+0x862/0x4550 [ 1553.153670][T20337] __hrtimer_run_queues+0x529/0xc60 [ 1553.158962][T20337] hrtimer_run_softirq+0x187/0x2b0 [ 1553.164173][T20337] handle_softirqs+0x283/0x870 [ 1553.169033][T20337] __irq_exit_rcu+0xca/0x1f0 [ 1553.173708][T20337] irq_exit_rcu+0x9/0x30 [ 1553.178029][T20337] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1553.183744][T20337] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1553.189811][T20337] pv_native_safe_halt+0x13/0x20 [ 1553.194842][T20337] default_idle+0x13/0x20 [ 1553.199263][T20337] default_idle_call+0x74/0xb0 [ 1553.204134][T20337] do_idle+0x1e8/0x510 [ 1553.208282][T20337] cpu_startup_entry+0x44/0x60 [ 1553.213133][T20337] rest_init+0x2de/0x300 [ 1553.217471][T20337] start_kernel+0x470/0x4f0 [ 1553.222069][T20337] x86_64_start_reservations+0x2a/0x30 [ 1553.227611][T20337] x86_64_start_kernel+0x66/0x70 [ 1553.232628][T20337] common_startup_64+0x13e/0x147 [ 1553.237656][T20337] [ 1553.237656][T20337] to a SOFTIRQ-irq-unsafe lock: [ 1553.244673][T20337] (tasklist_lock){.+.+}-{3:3} [ 1553.244702][T20337] [ 1553.244702][T20337] ... which became SOFTIRQ-irq-unsafe at: [ 1553.257350][T20337] ... [ 1553.257358][T20337] lock_acquire+0x120/0x360 [ 1553.264515][T20337] _raw_read_lock+0x36/0x50 [ 1553.269099][T20337] __do_wait+0xde/0x740 [ 1553.273336][T20337] do_wait+0x1f8/0x520 [ 1553.277511][T20337] kernel_wait+0xab/0x170 [ 1553.281924][T20337] call_usermodehelper_exec_work+0xbe/0x230 [ 1553.287900][T20337] process_scheduled_works+0xadb/0x17a0 [ 1553.293531][T20337] worker_thread+0x8a0/0xda0 [ 1553.298199][T20337] kthread+0x70e/0x8a0 [ 1553.302351][T20337] ret_from_fork+0x4b/0x80 [ 1553.306846][T20337] ret_from_fork_asm+0x1a/0x30 [ 1553.311686][T20337] [ 1553.311686][T20337] other info that might help us debug this: [ 1553.311686][T20337] [ 1553.321904][T20337] Chain exists of: [ 1553.321904][T20337] &client->buffer_lock#2 --> &new->fa_lock --> tasklist_lock [ 1553.321904][T20337] [ 1553.335373][T20337] Possible interrupt unsafe locking scenario: [ 1553.335373][T20337] [ 1553.343679][T20337] CPU0 CPU1 [ 1553.349036][T20337] ---- ---- [ 1553.354406][T20337] lock(tasklist_lock); [ 1553.358649][T20337] local_irq_disable(); [ 1553.365397][T20337] lock(&client->buffer_lock#2); [ 1553.372944][T20337] lock(&new->fa_lock); [ 1553.379715][T20337] [ 1553.383157][T20337] lock(&client->buffer_lock#2); [ 1553.388357][T20337] [ 1553.388357][T20337] *** DEADLOCK *** [ 1553.388357][T20337] [ 1553.396498][T20337] 7 locks held by syz.5.20590/20337: [ 1553.401778][T20337] #0: ffff8880297aa118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 1553.410932][T20337] #1: ffff88801bfb5230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 [ 1553.421032][T20337] #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 [ 1553.430692][T20337] #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 1553.440272][T20337] #4: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 1553.449419][T20337] #5: ffff88805f576028 (&client->buffer_lock#2){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1553.459784][T20337] #6: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1553.468830][T20337] [ 1553.468830][T20337] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1553.479224][T20337] -> (&client->buffer_lock#2){..-.}-{3:3} { [ 1553.485143][T20337] IN-SOFTIRQ-W at: [ 1553.489121][T20337] lock_acquire+0x120/0x360 [ 1553.495274][T20337] _raw_spin_lock+0x2e/0x40 [ 1553.501419][T20337] evdev_pass_values+0xb9/0xbd0 [ 1553.507921][T20337] evdev_events+0x1e6/0x340 [ 1553.514071][T20337] input_pass_values+0x285/0x890 [ 1553.520674][T20337] input_event_dispose+0x3e5/0x6b0 [ 1553.527435][T20337] input_event+0x8c/0xc0 [ 1553.533325][T20337] hidinput_hid_event+0x132c/0x1c90 [ 1553.540178][T20337] hid_process_event+0x4be/0x620 [ 1553.546759][T20337] hid_report_raw_event+0xe91/0x16d0 [ 1553.553687][T20337] hid_input_report+0x43e/0x520 [ 1553.560183][T20337] hid_irq_in+0x47e/0x6d0 [ 1553.566159][T20337] __usb_hcd_giveback_urb+0x417/0x690 [ 1553.573177][T20337] dummy_timer+0x862/0x4550 [ 1553.579333][T20337] __hrtimer_run_queues+0x529/0xc60 [ 1553.586194][T20337] hrtimer_run_softirq+0x187/0x2b0 [ 1553.592964][T20337] handle_softirqs+0x283/0x870 [ 1553.599377][T20337] __irq_exit_rcu+0xca/0x1f0 [ 1553.605607][T20337] irq_exit_rcu+0x9/0x30 [ 1553.611491][T20337] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1553.618763][T20337] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1553.626388][T20337] pv_native_safe_halt+0x13/0x20 [ 1553.632968][T20337] default_idle+0x13/0x20 [ 1553.638942][T20337] default_idle_call+0x74/0xb0 [ 1553.645349][T20337] do_idle+0x1e8/0x510 [ 1553.651062][T20337] cpu_startup_entry+0x44/0x60 [ 1553.657464][T20337] rest_init+0x2de/0x300 [ 1553.663360][T20337] start_kernel+0x470/0x4f0 [ 1553.669512][T20337] x86_64_start_reservations+0x2a/0x30 [ 1553.676618][T20337] x86_64_start_kernel+0x66/0x70 [ 1553.683199][T20337] common_startup_64+0x13e/0x147 [ 1553.689792][T20337] INITIAL USE at: [ 1553.693685][T20337] lock_acquire+0x120/0x360 [ 1553.699753][T20337] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1553.706509][T20337] evdev_ioctl_handler+0x1969/0x1f10 [ 1553.713371][T20337] __ia32_compat_sys_ioctl+0x551/0x840 [ 1553.720397][T20337] __do_fast_syscall_32+0xb4/0x110 [ 1553.727069][T20337] do_fast_syscall_32+0x34/0x80 [ 1553.733487][T20337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1553.741372][T20337] } [ 1553.743863][T20337] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 1553.752014][T20337] [ 1553.752014][T20337] the dependencies between the lock to be acquired [ 1553.752024][T20337] and SOFTIRQ-irq-unsafe lock: [ 1553.765510][T20337] -> (tasklist_lock){.+.+}-{3:3} { [ 1553.770804][T20337] HARDIRQ-ON-R at: [ 1553.774947][T20337] lock_acquire+0x120/0x360 [ 1553.781444][T20337] _raw_read_lock+0x36/0x50 [ 1553.787956][T20337] __do_wait+0xde/0x740 [ 1553.794103][T20337] do_wait+0x1f8/0x520 [ 1553.800164][T20337] kernel_wait+0xab/0x170 [ 1553.806524][T20337] call_usermodehelper_exec_work+0xbe/0x230 [ 1553.814425][T20337] process_scheduled_works+0xadb/0x17a0 [ 1553.821980][T20337] worker_thread+0x8a0/0xda0 [ 1553.828560][T20337] kthread+0x70e/0x8a0 [ 1553.834630][T20337] ret_from_fork+0x4b/0x80 [ 1553.841050][T20337] ret_from_fork_asm+0x1a/0x30 [ 1553.847814][T20337] SOFTIRQ-ON-R at: [ 1553.851965][T20337] lock_acquire+0x120/0x360 [ 1553.858463][T20337] _raw_read_lock+0x36/0x50 [ 1553.864961][T20337] __do_wait+0xde/0x740 [ 1553.871125][T20337] do_wait+0x1f8/0x520 [ 1553.877205][T20337] kernel_wait+0xab/0x170 [ 1553.883546][T20337] call_usermodehelper_exec_work+0xbe/0x230 [ 1553.891455][T20337] process_scheduled_works+0xadb/0x17a0 [ 1553.899015][T20337] worker_thread+0x8a0/0xda0 [ 1553.905597][T20337] kthread+0x70e/0x8a0 [ 1553.911691][T20337] ret_from_fork+0x4b/0x80 [ 1553.918107][T20337] ret_from_fork_asm+0x1a/0x30 [ 1553.924873][T20337] INITIAL USE at: [ 1553.928940][T20337] lock_acquire+0x120/0x360 [ 1553.935358][T20337] _raw_write_lock_irq+0xa2/0xf0 [ 1553.942204][T20337] copy_process+0x21d5/0x3b80 [ 1553.948785][T20337] kernel_clone+0x21e/0x870 [ 1553.955197][T20337] user_mode_thread+0xdd/0x140 [ 1553.961874][T20337] rest_init+0x23/0x300 [ 1553.967947][T20337] start_kernel+0x470/0x4f0 [ 1553.974363][T20337] x86_64_start_reservations+0x2a/0x30 [ 1553.981731][T20337] x86_64_start_kernel+0x66/0x70 [ 1553.988610][T20337] common_startup_64+0x13e/0x147 [ 1553.995467][T20337] INITIAL READ USE at: [ 1553.999976][T20337] lock_acquire+0x120/0x360 [ 1554.006833][T20337] _raw_read_lock+0x36/0x50 [ 1554.013676][T20337] __do_wait+0xde/0x740 [ 1554.020176][T20337] do_wait+0x1f8/0x520 [ 1554.026589][T20337] kernel_wait+0xab/0x170 [ 1554.033262][T20337] call_usermodehelper_exec_work+0xbe/0x230 [ 1554.041517][T20337] process_scheduled_works+0xadb/0x17a0 [ 1554.049440][T20337] worker_thread+0x8a0/0xda0 [ 1554.056398][T20337] kthread+0x70e/0x8a0 [ 1554.062817][T20337] ret_from_fork+0x4b/0x80 [ 1554.069574][T20337] ret_from_fork_asm+0x1a/0x30 [ 1554.076684][T20337] } [ 1554.079352][T20337] ... key at: [] tasklist_lock+0x18/0x40 [ 1554.087250][T20337] ... acquired at: [ 1554.091221][T20337] lock_acquire+0x120/0x360 [ 1554.095899][T20337] _raw_read_lock+0x36/0x50 [ 1554.100568][T20337] send_sigurg+0x12b/0x420 [ 1554.105159][T20337] sk_send_sigurg+0x6c/0x2e0 [ 1554.109934][T20337] queue_oob+0x3d9/0x4e0 [ 1554.114347][T20337] unix_stream_sendmsg+0xa41/0xb60 [ 1554.119637][T20337] __sock_sendmsg+0x219/0x270 [ 1554.124496][T20337] ____sys_sendmsg+0x52d/0x830 [ 1554.129432][T20337] ___sys_sendmsg+0x21f/0x2a0 [ 1554.134284][T20337] __sys_sendmmsg+0x28e/0x430 [ 1554.139137][T20337] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1554.144864][T20337] __do_fast_syscall_32+0xb4/0x110 [ 1554.150155][T20337] do_fast_syscall_32+0x34/0x80 [ 1554.155176][T20337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1554.161673][T20337] [ 1554.163988][T20337] -> (&f_owner->lock){....}-{3:3} { [ 1554.169295][T20337] INITIAL USE at: [ 1554.173285][T20337] lock_acquire+0x120/0x360 [ 1554.179521][T20337] _raw_write_lock_irq+0xa2/0xf0 [ 1554.186188][T20337] __f_setown+0x67/0x370 [ 1554.192192][T20337] tun_chr_fasync+0x128/0x1a0 [ 1554.198610][T20337] do_fcntl+0x10a8/0x1910 [ 1554.204674][T20337] do_compat_fcntl64+0x484/0x720 [ 1554.211345][T20337] __do_fast_syscall_32+0xb4/0x110 [ 1554.218204][T20337] do_fast_syscall_32+0x34/0x80 [ 1554.224793][T20337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1554.232853][T20337] INITIAL READ USE at: [ 1554.237266][T20337] lock_acquire+0x120/0x360 [ 1554.243944][T20337] _raw_read_lock_irq+0xaa/0xf0 [ 1554.250973][T20337] do_fcntl+0x52c/0x1910 [ 1554.257392][T20337] do_compat_fcntl64+0x484/0x720 [ 1554.264509][T20337] __do_fast_syscall_32+0xb4/0x110 [ 1554.271798][T20337] do_fast_syscall_32+0x34/0x80 [ 1554.278818][T20337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1554.287321][T20337] } [ 1554.289904][T20337] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1554.298836][T20337] ... acquired at: [ 1554.302714][T20337] lock_acquire+0x120/0x360 [ 1554.307402][T20337] _raw_read_lock_irqsave+0xaf/0x100 [ 1554.312856][T20337] send_sigio+0x38/0x370 [ 1554.317280][T20337] kill_fasync+0x24d/0x4d0 [ 1554.321864][T20337] lease_break_callback+0x26/0x30 [ 1554.327059][T20337] __break_lease+0x6a2/0x1620 [ 1554.331912][T20337] do_dentry_open+0xd62/0x1970 [ 1554.336850][T20337] vfs_open+0x3b/0x340 [ 1554.341095][T20337] path_openat+0x2ee5/0x3830 [ 1554.345858][T20337] do_filp_open+0x1fa/0x410 [ 1554.350536][T20337] do_sys_openat2+0x121/0x1c0 [ 1554.355400][T20337] __ia32_compat_sys_openat+0x131/0x160 [ 1554.361139][T20337] __do_fast_syscall_32+0xb4/0x110 [ 1554.366425][T20337] do_fast_syscall_32+0x34/0x80 [ 1554.371446][T20337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1554.377949][T20337] [ 1554.380271][T20337] -> (&new->fa_lock){....}-{3:3} { [ 1554.385405][T20337] INITIAL USE at: [ 1554.389296][T20337] lock_acquire+0x120/0x360 [ 1554.395394][T20337] _raw_write_lock_irq+0xa2/0xf0 [ 1554.401892][T20337] fasync_remove_entry+0xf1/0x1c0 [ 1554.408489][T20337] tun_chr_fasync+0x87/0x1a0 [ 1554.414645][T20337] __fput+0x89f/0xa70 [ 1554.420221][T20337] task_work_run+0x1d1/0x260 [ 1554.426383][T20337] resume_user_mode_work+0x5e/0x80 [ 1554.433062][T20337] syscall_exit_to_user_mode+0x9a/0x120 [ 1554.440181][T20337] __do_fast_syscall_32+0xc1/0x110 [ 1554.446869][T20337] do_fast_syscall_32+0x34/0x80 [ 1554.453288][T20337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1554.461185][T20337] INITIAL READ USE at: [ 1554.465516][T20337] lock_acquire+0x120/0x360 [ 1554.472029][T20337] _raw_read_lock_irqsave+0xaf/0x100 [ 1554.479313][T20337] kill_fasync+0x199/0x4d0 [ 1554.485726][T20337] pipe_release+0x1b2/0x330 [ 1554.492231][T20337] __fput+0x449/0xa70 [ 1554.498238][T20337] fput_close_sync+0x119/0x200 [ 1554.505013][T20337] __ia32_sys_close+0x7f/0x110 [ 1554.511779][T20337] __do_fast_syscall_32+0xb4/0x110 [ 1554.518896][T20337] do_fast_syscall_32+0x34/0x80 [ 1554.525748][T20337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1554.534076][T20337] } [ 1554.536575][T20337] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1554.545255][T20337] ... acquired at: [ 1554.549057][T20337] lock_acquire+0x120/0x360 [ 1554.553759][T20337] _raw_read_lock_irqsave+0xaf/0x100 [ 1554.559227][T20337] kill_fasync+0x199/0x4d0 [ 1554.563814][T20337] evdev_pass_values+0x627/0xbd0 [ 1554.568930][T20337] evdev_events+0x1e6/0x340 [ 1554.573613][T20337] input_pass_values+0x285/0x890 [ 1554.578724][T20337] input_event_dispose+0x330/0x6b0 [ 1554.584004][T20337] input_inject_event+0x1fe/0x320 [ 1554.589200][T20337] evdev_write+0x2fc/0x480 [ 1554.593788][T20337] vfs_write+0x27b/0xa90 [ 1554.598199][T20337] ksys_write+0x145/0x250 [ 1554.602695][T20337] __do_fast_syscall_32+0xb4/0x110 [ 1554.607974][T20337] do_fast_syscall_32+0x34/0x80 [ 1554.613008][T20337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1554.619500][T20337] [ 1554.621810][T20337] [ 1554.621810][T20337] stack backtrace: [ 1554.627690][T20337] CPU: 0 UID: 0 PID: 20337 Comm: syz.5.20590 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 1554.627708][T20337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1554.627718][T20337] Call Trace: [ 1554.627725][T20337] [ 1554.627732][T20337] dump_stack_lvl+0x189/0x250 [ 1554.627756][T20337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1554.627776][T20337] ? __pfx__printk+0x10/0x10 [ 1554.627793][T20337] validate_chain+0x1f05/0x2140 [ 1554.627815][T20337] __lock_acquire+0xaac/0xd20 [ 1554.627835][T20337] ? kill_fasync+0x199/0x4d0 [ 1554.627847][T20337] lock_acquire+0x120/0x360 [ 1554.627865][T20337] ? kill_fasync+0x199/0x4d0 [ 1554.627877][T20337] ? __lock_acquire+0xaac/0xd20 [ 1554.627898][T20337] _raw_read_lock_irqsave+0xaf/0x100 [ 1554.627913][T20337] ? kill_fasync+0x199/0x4d0 [ 1554.627924][T20337] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1554.627937][T20337] ? do_raw_spin_lock+0x121/0x290 [ 1554.627955][T20337] kill_fasync+0x199/0x4d0 [ 1554.627967][T20337] ? kill_fasync+0x53/0x4d0 [ 1554.627979][T20337] evdev_pass_values+0x627/0xbd0 [ 1554.628001][T20337] ? evdev_pass_values+0x5a1/0xbd0 [ 1554.628023][T20337] evdev_events+0x1e6/0x340 [ 1554.628041][T20337] ? evdev_events+0x79/0x340 [ 1554.628059][T20337] ? input_pass_values+0x8d/0x890 [ 1554.628077][T20337] input_pass_values+0x285/0x890 [ 1554.628098][T20337] ? input_handle_event+0x70c/0xf30 [ 1554.628115][T20337] input_event_dispose+0x330/0x6b0 [ 1554.628131][T20337] input_inject_event+0x1fe/0x320 [ 1554.628147][T20337] ? input_inject_event+0xbc/0x320 [ 1554.628163][T20337] evdev_write+0x2fc/0x480 [ 1554.628185][T20337] ? __pfx_evdev_write+0x10/0x10 [ 1554.628205][T20337] ? bpf_lsm_file_permission+0x9/0x20 [ 1554.628223][T20337] ? security_file_permission+0x75/0x290 [ 1554.628245][T20337] ? rw_verify_area+0x258/0x650 [ 1554.628259][T20337] ? __pfx_evdev_write+0x10/0x10 [ 1554.628279][T20337] vfs_write+0x27b/0xa90 [ 1554.628296][T20337] ? __pfx_vfs_write+0x10/0x10 [ 1554.628311][T20337] ? __fget_files+0x2a/0x420 [ 1554.628330][T20337] ? __fget_files+0x2a/0x420 [ 1554.628347][T20337] ? __fget_files+0x3a0/0x420 [ 1554.628368][T20337] ? __fget_files+0x2a/0x420 [ 1554.628389][T20337] ksys_write+0x145/0x250 [ 1554.628405][T20337] ? __pfx_ksys_write+0x10/0x10 [ 1554.628421][T20337] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 1554.628437][T20337] ? lockdep_hardirqs_on+0x9c/0x150 [ 1554.628453][T20337] __do_fast_syscall_32+0xb4/0x110 [ 1554.628472][T20337] do_fast_syscall_32+0x34/0x80 [ 1554.628489][T20337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1554.628506][T20337] RIP: 0023:0xf7f53539 [ 1554.628519][T20337] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1554.628532][T20337] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1554.628549][T20337] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 1554.628559][T20337] RDX: 0000000000002250 RSI: 0000000000000000 RDI: 0000000000000000 [ 1554.628568][T20337] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1554.628576][T20337] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1554.628585][T20337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1554.628598][T20337]