last executing test programs: 2.933095451s ago: executing program 1 (id=2202): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002f40)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xb}, 0x1c, 0x0}}], 0x1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$EVIOCRMFF(r0, 0xc0085504, &(0x7f0000000000)) 2.248839971s ago: executing program 3 (id=2219): listxattr(&(0x7f00000000c0)='./file0\x00', 0x0, 0xffffffffffffff4b) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000200)={0x0, 0x100, 0x9, 0x3, 0x10ce, 0x5, 0xc30f, 0xb, {0x0, @in={{0x2, 0x4e24, @multicast2}}, 0xd2, 0x40000080, 0x9b, 0x84}}, &(0x7f00000000c0)=0xb0) 2.109271128s ago: executing program 1 (id=2222): r0 = syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x7495, 0x0, 0x2, 0x1f7}, &(0x7f0000000380)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = socket$l2tp(0x2, 0x2, 0x73) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f00000000c0)=@in={0x2, 0x4e21, @multicast1}, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1) 2.095019594s ago: executing program 2 (id=2223): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r0, 0x5) r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100000, 0x8) flock(r1, 0x2) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/locks\x00', 0x0, 0x0) read$char_usb(r2, &(0x7f00000030c0)=""/4110, 0x100e) 1.87862026s ago: executing program 0 (id=2224): pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000140)) fcntl$setpipe(r1, 0x407, 0x0) read$FUSE(r0, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r1, &(0x7f00000003c0)={0x90, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x3}}}, 0x90) 1.795612871s ago: executing program 1 (id=2225): timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_settime(r0, 0x1, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) timer_create(0x7, &(0x7f0000000780)={0x0, 0x3f, 0x0, @thr={0x0, 0x0}}, &(0x7f00000007c0)=0x0) clock_gettime(0x0, &(0x7f0000000800)={0x0, 0x0}) timer_settime(r1, 0x1, &(0x7f0000000840)={{r2, r3+10000000}, {0x0, 0x989680}}, 0x0) rt_sigaction(0x3f, &(0x7f0000000940)={&(0x7f00000008c0)="c46279340cdbc4c261ad9a0c000000c4c2d503f264430fae54bcc0660f638d9b540000c482c5ac2c566742d0430366f30fbae70040d9fa90", 0x40000001, 0x0, {[0x40]}}, 0x0, 0x8, &(0x7f0000000a80)) 1.79164383s ago: executing program 0 (id=2226): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x5, 0x4}, {0x10000002, 0x7}], 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r3, 0x4) 1.602667691s ago: executing program 0 (id=2228): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x2b}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000005fdb2971dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359ca9daf3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae682acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da30000bce645451b851111dd98ac4d8da9317c2c082020e0b2d6340809000000000000008e053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456521cffdef93e29f10f4a11f0cfbfc0ff976b20fe"], &(0x7f0000000080)='GPL\x00', 0x0, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @fallback, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00'], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/14], 0x22) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 1.602473075s ago: executing program 1 (id=2229): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2001}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 1.518246529s ago: executing program 1 (id=2230): setgroups(0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) setregid(0x0, 0xee01) r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$tcp_congestion(r0, 0x0, 0xee0000) 1.406554017s ago: executing program 0 (id=2232): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000001c) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0x1a) r2 = open(&(0x7f0000000100)='./file1\x00', 0x141242, 0x1b4) write$tcp_mem(r2, &(0x7f00000002c0)={0x101, 0x20, 0x17fffffff, 0x20, 0xfffffffffffffff9}, 0x48) 1.323054849s ago: executing program 1 (id=2233): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @main=@item_4={0x3, 0x0, 0x9, "b2938f8d"}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @global=@item_4={0x3, 0x1, 0x5, "a90da1f6"}, @local=@item_4={0x3, 0x2, 0x0, "00000400"}]}}, 0x0}, 0x0) syz_open_dev$evdev(&(0x7f00000004c0), 0x40, 0x0) syz_usb_disconnect(r0) 1.308632679s ago: executing program 4 (id=2234): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f00000001c0)={r2, @in={{0x2, 0x4e23, @empty}}}, 0x90) 1.210590561s ago: executing program 0 (id=2235): r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e25, 0x100, @local, 0xfffffffb}}, 0x24) r1 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.210404615s ago: executing program 3 (id=2236): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x2) mkdir(&(0x7f0000000040)='./bus\x00', 0x149) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]}) r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') pread64(r0, &(0x7f0000000400)=""/207, 0xcf, 0x4eb) 1.12250856s ago: executing program 2 (id=2237): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, 0x0, &(0x7f0000000380)) read$FUSE(r0, &(0x7f000000c400)={0x2020}, 0x2020) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 1.05285149s ago: executing program 3 (id=2238): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f0000000240)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000005c0)=""/6, 0x6, 0xfffc, 0x3, 0x0, 0x0, 0xc07}}, 0x120) r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000040)={0x0, 0xdfd2, 0x10100, 0x1, 0x16}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0) write$UHID_DESTROY(r0, &(0x7f0000000200), 0x4) 1.035846033s ago: executing program 4 (id=2239): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r2) getcwd(&(0x7f0000000140)=""/178, 0xb2) 979.945974ms ago: executing program 2 (id=2240): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fedbdf2505000000080009000200000008000c00aa0a0000060001000500000008000b0004000000050005"], 0x3c}, 0x1, 0x0, 0x0, 0x20006911}, 0xb0) 835.954328ms ago: executing program 4 (id=2241): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r1, 0x0, &(0x7f0000000000/0x1000)=nil, 0x1000, 0x5}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000540)={0xff02, 0x8, r2, 0x0, 0x2fff, 0x2, &(0x7f00000000c0)="7a16", 0x4}) 634.668733ms ago: executing program 4 (id=2242): r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000300)={r3, 0x0, 0x9, 0x0, 0x0, [0x0, 0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000000)={0x0, 0x43, 0x3f, 0x30315559, 0x1, [r4, 0x0, r5], [0x3f, 0x0, 0x80, 0x1fffe], [0x0, 0xdaf, 0xfffffffe], [0x2]}) 616.717764ms ago: executing program 0 (id=2243): r0 = syz_clone(0x2340080, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x60b, 0x500a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x5, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000040)='ns/mnt\x00') 586.443069ms ago: executing program 2 (id=2244): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000003280)=[{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="8d5bade142cdc9bc871491e5a8e39840", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x8c0}], 0x1, 0xc844) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 502.713317ms ago: executing program 4 (id=2245): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x1, 0x0, 0xfffff034}, {0x6, 0x0, 0x0, 0x4}]}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000080)=0x9, 0x4) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @mcast2, 0x4}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 501.956142ms ago: executing program 3 (id=2246): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/vmstat\x00', 0x0, 0x0) r1 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r0, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r1, 0xfd0, 0x4c1, 0x43, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x8871b000) 266.661711ms ago: executing program 2 (id=2247): r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x4, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0xffffffac, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4) sendmmsg$inet6(r0, &(0x7f0000002600)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="a132", 0x2}], 0x1}}], 0x1, 0x1) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000003c0)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000480)=""/209, 0xd1, 0x0, &(0x7f0000000240)=""/17, 0x11}, &(0x7f0000000400)=0x40) 205.02072ms ago: executing program 3 (id=2248): mkdir(&(0x7f00000002c0)='./file0\x00', 0x4) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) lseek(r0, 0x0, 0x4) 83.944832ms ago: executing program 2 (id=2249): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000100)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r1, 0x0) ioctl$TCSETS(r0, 0x8926, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7ff, 0x0, "5dee000000594000"}) 32.05294ms ago: executing program 4 (id=2250): readlink(0x0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) 0s ago: executing program 3 (id=2251): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x400, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x20480d4) accept4$rose(r1, &(0x7f0000000140)=@full={0xb, @dev, @bcast, 0x0, [@null, @netrom, @default, @remote, @null, @null]}, 0x0, 0x800) kernel console output (not intermixed with test programs): gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 102.042093][ T6011] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 102.042190][ T6010] netlink: 24 bytes leftover after parsing attributes in process `syz.2.46'. [ 102.266805][ T6016] capability: warning: `syz.2.48' uses 32-bit capabilities (legacy support in use) [ 102.331802][ T6022] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 102.408017][ T9] plantronics 0003:047F:FFFF.0001: reserved main item tag 0xd [ 102.473661][ T9] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 102.545428][ T9] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 102.728811][ T1211] usb 4-1: USB disconnect, device number 3 [ 102.809586][ T1679] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 102.915014][ T6040] binder: 6038:6040 ioctl c0306201 2000000003c0 returned -22 [ 102.959298][ T1679] usb 2-1: Using ep0 maxpacket: 32 [ 102.972362][ T1679] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 102.984926][ T1679] usb 2-1: config 0 has no interface number 0 [ 102.994758][ T1679] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 103.014489][ T1679] usb 2-1: config 0 interface 85 has no altsetting 0 [ 103.028643][ T1679] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 103.037899][ T1679] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.046027][ T1679] usb 2-1: Product: syz [ 103.050519][ T1679] usb 2-1: Manufacturer: syz [ 103.055165][ T1679] usb 2-1: SerialNumber: syz [ 103.063064][ T1679] usb 2-1: config 0 descriptor?? [ 103.481202][ T1679] appletouch 2-1:0.85: Geyser mode initialized. [ 103.493958][ T1679] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input7 [ 103.766494][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 103.766512][ T30] audit: type=1326 audit(1748384798.526:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f216892ab39 code=0x7ffc0000 [ 103.855335][ T30] audit: type=1326 audit(1748384798.526:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 103.905493][ T5910] usb 2-1: USB disconnect, device number 3 [ 103.929831][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.978794][ T30] audit: type=1326 audit(1748384798.526:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 104.041607][ T6063] sp0: Synchronizing with TNC [ 104.062511][ T30] audit: type=1326 audit(1748384798.526:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 104.084308][ T30] audit: type=1326 audit(1748384798.526:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 104.105582][ C0] vkms_vblank_simulate: vblank timer overrun [ 104.120531][ T30] audit: type=1326 audit(1748384798.526:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 104.141794][ C0] vkms_vblank_simulate: vblank timer overrun [ 104.149468][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.164623][ T30] audit: type=1326 audit(1748384798.526:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f216892ab39 code=0x7ffc0000 [ 104.193021][ T30] audit: type=1326 audit(1748384798.526:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 104.194969][ T5910] appletouch 2-1:0.85: input: appletouch disconnected [ 104.216943][ T30] audit: type=1326 audit(1748384798.526:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f216892ab39 code=0x7ffc0000 [ 104.264960][ T30] audit: type=1326 audit(1748384798.526:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 104.289461][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.350006][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 105.339268][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 105.509180][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 105.523586][ T10] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 105.546867][ T10] usb 5-1: config 0 has no interface number 0 [ 105.561151][ T10] usb 5-1: config 0 interface 184 has no altsetting 0 [ 105.581410][ T10] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 105.608047][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.627750][ T10] usb 5-1: Product: syz [ 105.642287][ T10] usb 5-1: Manufacturer: syz [ 105.655616][ T10] usb 5-1: SerialNumber: syz [ 105.690803][ T10] usb 5-1: config 0 descriptor?? [ 105.698722][ T10] smsc75xx v1.0.0 [ 106.135975][ T6124] GUP no longer grows the stack in syz.1.93 (6124): 200000004000-200000008000 (200000002000) [ 106.189186][ T6124] CPU: 0 UID: 0 PID: 6124 Comm: syz.1.93 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 106.189217][ T6124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.189237][ T6124] Call Trace: [ 106.189246][ T6124] [ 106.189260][ T6124] dump_stack_lvl+0x189/0x250 [ 106.189303][ T6124] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.189333][ T6124] ? __pfx__printk+0x10/0x10 [ 106.189363][ T6124] ? find_vma+0xe7/0x160 [ 106.189407][ T6124] __get_user_pages+0x2a96/0x30c0 [ 106.189473][ T6124] ? __pfx___get_user_pages+0x10/0x10 [ 106.189513][ T6124] get_user_pages_remote+0x2f9/0xaa0 [ 106.189542][ T6124] ? __pfx_mtree_load+0x10/0x10 [ 106.189574][ T6124] ? __pfx_get_user_pages_remote+0x10/0x10 [ 106.189615][ T6124] __access_remote_vm+0x215/0x5f0 [ 106.189657][ T6124] ? __pfx___access_remote_vm+0x10/0x10 [ 106.189691][ T6124] ? alloc_pages_noprof+0xbe/0x190 [ 106.189727][ T6124] proc_pid_cmdline_read+0x440/0x840 [ 106.189759][ T6124] ? __asan_memset+0x22/0x50 [ 106.189790][ T6124] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 106.189826][ T6124] ? rw_verify_area+0x258/0x650 [ 106.189857][ T6124] vfs_readv+0x5a5/0x840 [ 106.189874][ T6124] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 106.189911][ T6124] ? __pfx_vfs_readv+0x10/0x10 [ 106.189947][ T6124] ? __fget_files+0x2a/0x420 [ 106.189983][ T6124] ? __fget_files+0x3a0/0x420 [ 106.190012][ T6124] ? __fget_files+0x2a/0x420 [ 106.190053][ T6124] __x64_sys_preadv+0x197/0x2a0 [ 106.190086][ T6124] ? __pfx___x64_sys_preadv+0x10/0x10 [ 106.190139][ T6124] ? rcu_is_watching+0x15/0xb0 [ 106.190171][ T6124] ? do_syscall_64+0xbe/0x3b0 [ 106.190207][ T6124] do_syscall_64+0xfa/0x3b0 [ 106.190231][ T6124] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.190255][ T6124] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.190275][ T6124] ? clear_bhb_loop+0x60/0xb0 [ 106.190300][ T6124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.190321][ T6124] RIP: 0033:0x7ff616b8e969 [ 106.190348][ T6124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.190366][ T6124] RSP: 002b:00007ff617a47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 106.190395][ T6124] RAX: ffffffffffffffda RBX: 00007ff616db5fa0 RCX: 00007ff616b8e969 [ 106.190410][ T6124] RDX: 0000000000000001 RSI: 0000200000000d00 RDI: 0000000000000003 [ 106.190421][ T6124] RBP: 00007ff616c10ab1 R08: 0000000000000200 R09: 0000000000000000 [ 106.190432][ T6124] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 106.190442][ T6124] R13: 0000000000000000 R14: 00007ff616db5fa0 R15: 00007fffd71fee48 [ 106.190468][ T6124] [ 106.458264][ C0] vkms_vblank_simulate: vblank timer overrun [ 106.527960][ T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 106.538852][ T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 106.555474][ T6131] netlink: 'syz.3.95': attribute type 11 has an invalid length. [ 106.757192][ T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 106.768110][ T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 106.777965][ T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 106.795500][ T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 106.805523][ T10] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71 [ 106.820528][ T10] usb 5-1: USB disconnect, device number 2 [ 107.127711][ T6150] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.489911][ T6168] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 109.407756][ T6221] input: syz1 as /devices/virtual/input/input9 [ 109.965916][ T6237] input: syz0 as /devices/virtual/input/input10 [ 110.025837][ T6239] Zero length message leads to an empty skb [ 110.742933][ T6257] warning: `syz.2.148' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 111.105823][ T1679] kernel write not supported for file /vcs (pid: 1679 comm: kworker/1:2) [ 111.879464][ T5137] Bluetooth: hci4: command 0x0405 tx timeout [ 111.984654][ T6293] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 112.116728][ T6296] netlink: 'syz.1.167': attribute type 11 has an invalid length. [ 112.128920][ T6296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.167'. [ 112.219943][ T6301] loop8: detected capacity change from 0 to 7 [ 112.237441][ T6301] Dev loop8: unable to read RDB block 7 [ 112.254423][ T6301] loop8: AHDI p3 [ 112.274620][ T6301] loop8: partition table partially beyond EOD, truncated [ 112.484663][ T6314] netlink: 16 bytes leftover after parsing attributes in process `syz.4.175'. [ 113.017812][ T6327] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 113.428250][ T6337] syz.0.184 uses obsolete (PF_INET,SOCK_PACKET) [ 113.644940][ T6340] Driver unsupported XDP return value 0 on prog (id 21) dev N/A, expect packet loss! [ 113.836645][ T6344] use of bytesused == 0 is deprecated and will be removed in the future, [ 113.848744][ T6344] use the actual size instead. [ 114.070938][ T6352] ======================================================= [ 114.070938][ T6352] WARNING: The mand mount option has been deprecated and [ 114.070938][ T6352] and is ignored by this kernel. Remove the mand [ 114.070938][ T6352] option from the mount to silence this warning. [ 114.070938][ T6352] ======================================================= [ 114.106062][ C0] vkms_vblank_simulate: vblank timer overrun [ 114.839442][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 115.019295][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 115.019701][ T6390] netlink: 176 bytes leftover after parsing attributes in process `syz.3.209'. [ 115.035825][ T9] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 115.049615][ T9] usb 1-1: config 0 has no interface number 0 [ 115.060377][ T9] usb 1-1: config 0 interface 184 has no altsetting 0 [ 115.071631][ T9] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 115.084415][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.149557][ T9] usb 1-1: Product: syz [ 115.159198][ T9] usb 1-1: Manufacturer: syz [ 115.169349][ T9] usb 1-1: SerialNumber: syz [ 115.183743][ T9] usb 1-1: config 0 descriptor?? [ 115.203170][ T9] smsc75xx v1.0.0 [ 116.099463][ T1679] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 116.178845][ T6423] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 116.217335][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 116.239170][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 116.259543][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 116.259647][ T1679] usb 4-1: Using ep0 maxpacket: 16 [ 116.280848][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 116.298393][ T1679] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 116.308425][ T1679] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.309320][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 116.328658][ T1679] usb 4-1: Product: syz [ 116.333795][ T1679] usb 4-1: Manufacturer: syz [ 116.345391][ T1679] usb 4-1: SerialNumber: syz [ 116.352977][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 116.369442][ T1679] usb 4-1: config 0 descriptor?? [ 116.376763][ T9] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 116.405366][ T9] usb 1-1: USB disconnect, device number 3 [ 116.802880][ T1679] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 116.830273][ T1679] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 116.843822][ T5137] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 116.855318][ T5137] CPU: 0 UID: 0 PID: 5137 Comm: kworker/u9:1 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 116.855347][ T5137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.855362][ T5137] Workqueue: hci3 hci_rx_work [ 116.855394][ T5137] Call Trace: [ 116.855403][ T5137] [ 116.855413][ T5137] dump_stack_lvl+0x189/0x250 [ 116.855449][ T5137] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.855478][ T5137] ? __pfx__printk+0x10/0x10 [ 116.855513][ T5137] ? kernfs_path_from_node+0x2b/0x260 [ 116.855533][ T5137] ? kernfs_path_from_node+0x2b/0x260 [ 116.855551][ T5137] ? kernfs_path_from_node+0x2b/0x260 [ 116.855572][ T5137] ? kernfs_path_from_node+0x216/0x260 [ 116.855595][ T5137] sysfs_create_dir_ns+0x259/0x280 [ 116.855631][ T5137] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 116.855666][ T5137] ? do_raw_spin_unlock+0x122/0x240 [ 116.855703][ T5137] kobject_add_internal+0x59f/0xb40 [ 116.855742][ T5137] kobject_add+0x155/0x220 [ 116.855774][ T5137] ? __pfx_kobject_add+0x10/0x10 [ 116.855803][ T5137] ? _raw_spin_unlock+0x28/0x50 [ 116.855828][ T5137] ? get_device_parent+0x366/0x3a0 [ 116.855854][ T5137] device_add+0x408/0xb50 [ 116.855879][ T5137] hci_conn_add_sysfs+0xd5/0x1e0 [ 116.855908][ T5137] le_conn_complete_evt+0xc3a/0x1220 [ 116.855956][ T5137] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 116.855990][ T5137] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 116.856014][ T5137] ? __asan_memcpy+0x40/0x70 [ 116.856040][ T5137] ? __pfx___mutex_lock+0x10/0x10 [ 116.856066][ T5137] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 116.856091][ T5137] ? skb_pull_data+0xfb/0x200 [ 116.856128][ T5137] hci_le_conn_complete_evt+0x187/0x450 [ 116.856168][ T5137] hci_event_packet+0x7a2/0x1270 [ 116.856201][ T5137] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 116.856234][ T5137] ? __pfx_hci_event_packet+0x10/0x10 [ 116.856263][ T5137] ? kcov_remote_start+0x4d3/0x7f0 [ 116.856283][ T5137] ? local_clock_noinstr+0xe0/0xe0 [ 116.856315][ T5137] ? hci_send_to_monitor+0xd7/0x4f0 [ 116.856340][ T5137] hci_rx_work+0x46a/0xe80 [ 116.856377][ T5137] ? process_scheduled_works+0x9ec/0x17a0 [ 116.856406][ T5137] process_scheduled_works+0xadb/0x17a0 [ 116.856466][ T5137] ? __pfx_process_scheduled_works+0x10/0x10 [ 116.856512][ T5137] worker_thread+0x8a0/0xda0 [ 116.856543][ T5137] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 116.856573][ T5137] ? __kthread_parkme+0x7b/0x200 [ 116.856613][ T5137] kthread+0x711/0x8a0 [ 116.856635][ T5137] ? __pfx_worker_thread+0x10/0x10 [ 116.856662][ T5137] ? __pfx_kthread+0x10/0x10 [ 116.856683][ T5137] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.856704][ T5137] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.856724][ T5137] ? __pfx_kthread+0x10/0x10 [ 116.856745][ T5137] ret_from_fork+0x3fc/0x770 [ 116.856773][ T5137] ? __pfx_ret_from_fork+0x10/0x10 [ 116.856805][ T5137] ? __switch_to_asm+0x39/0x70 [ 116.856821][ T5137] ? __switch_to_asm+0x33/0x70 [ 116.856837][ T5137] ? __pfx_kthread+0x10/0x10 [ 116.856857][ T5137] ret_from_fork_asm+0x1a/0x30 [ 116.856894][ T5137] [ 116.856956][ T5137] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 116.866115][ T1679] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 116.869742][ T5137] Bluetooth: hci3: failed to register connection device [ 116.948886][ T1679] usb 4-1: media controller created [ 117.208063][ T6409] dtv5100: wlen = 0, aborting. [ 117.252061][ T1679] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 117.292707][ T1679] zl10353_read_register: readreg error (reg=127, ret==0) [ 117.306567][ T1679] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 117.314999][ T1679] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 117.327399][ T1679] usb 4-1: USB disconnect, device number 4 [ 117.394424][ T1679] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 117.948028][ T1211] kernel write not supported for file bpf-prog (pid: 1211 comm: kworker/0:2) [ 118.219235][ T1211] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 118.410353][ T1211] usb 4-1: Using ep0 maxpacket: 16 [ 118.431576][ T1211] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 118.445458][ T1211] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.455988][ T1211] usb 4-1: Product: syz [ 118.461671][ T1211] usb 4-1: Manufacturer: syz [ 118.467392][ T1211] usb 4-1: SerialNumber: syz [ 118.514228][ T1211] usb 4-1: config 0 descriptor?? [ 118.559238][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 118.730212][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 118.743078][ T10] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 118.758686][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.771758][ T10] usb 1-1: config 0 descriptor?? [ 118.938875][ T1211] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 118.956324][ T1211] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 118.968435][ T1211] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 118.980980][ T1211] usb 4-1: media controller created [ 118.989811][ T5137] Bluetooth: hci3: command tx timeout [ 118.995889][ T10] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 119.012227][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 119.042846][ T1211] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 119.054191][ T10] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 119.069813][ T10] usb 1-1: media controller created [ 119.110129][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 119.140802][ T6515] netlink: 32 bytes leftover after parsing attributes in process `syz.1.264'. [ 119.159644][ T1211] zl10353_read_register: readreg error (reg=127, ret==0) [ 119.173295][ T5910] IPVS: starting estimator thread 0... [ 119.173642][ T1211] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 119.196554][ T6496] dtv5100: wlen = 0, aborting. [ 119.208632][ T1211] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 119.221138][ T10] az6027: usb out operation failed. (-71) [ 119.236624][ T10] az6027: usb out operation failed. (-71) [ 119.246407][ T1211] usb 4-1: USB disconnect, device number 5 [ 119.252914][ T10] stb0899_attach: Driver disabled by Kconfig [ 119.269321][ T10] az6027: no front-end attached [ 119.269321][ T10] [ 119.269623][ T6517] IPVS: using max 24 ests per chain, 57600 per kthread [ 119.284755][ T10] az6027: usb out operation failed. (-71) [ 119.299337][ T10] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 119.323011][ T1211] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 119.341422][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input11 [ 119.369871][ T10] dvb-usb: schedule remote query interval to 400 msecs. [ 119.382842][ T10] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 119.397093][ T10] usb 1-1: USB disconnect, device number 4 [ 119.457260][ T6522] pim6reg1: entered promiscuous mode [ 119.463748][ T6522] pim6reg1: entered allmulticast mode [ 119.467993][ T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 120.170358][ T6526] netlink: 264 bytes leftover after parsing attributes in process `syz.4.269'. [ 120.197215][ T6526] netlink: 16 bytes leftover after parsing attributes in process `syz.4.269'. [ 120.469750][ T1211] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 120.645258][ T1211] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 120.668805][ T1211] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 120.686502][ T1211] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 120.700761][ T1211] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 120.709465][ T1211] usb 4-1: SerialNumber: syz [ 120.928395][ T1211] usb 4-1: 0:2 : does not exist [ 120.966135][ T1211] usb 4-1: USB disconnect, device number 6 [ 121.276709][ T6584] netlink: 'syz.1.294': attribute type 10 has an invalid length. [ 121.286809][ T6584] syz_tun: entered promiscuous mode [ 121.326441][ T6584] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 121.355169][ T6587] netlink: 4 bytes leftover after parsing attributes in process `syz.1.294'. [ 123.037661][ T6648] 9pnet: p9_errstr2errno: server reported unknown error [ 123.339196][ T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 123.460039][ T6666] block nbd4: server does not support multiple connections per device. [ 123.473019][ T6665] block nbd4: shutting down sockets [ 123.501972][ T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 123.539543][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 123.562856][ T43] kernel write not supported for file /156/attr/exec (pid: 43 comm: kworker/1:1) [ 123.569105][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 123.592300][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 123.607345][ T10] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 123.616582][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.628988][ T10] usb 2-1: config 0 descriptor?? [ 123.636067][ T6650] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 123.797611][ T6682] netlink: 4 bytes leftover after parsing attributes in process `syz.0.334'. [ 124.112552][ T10] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd [ 124.131355][ T10] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 124.148600][ T10] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 124.257929][ T6700] trusted_key: syz.2.342 sent an empty control message without MSG_MORE. [ 124.383314][ T30] kauditd_printk_skb: 104 callbacks suppressed [ 124.383331][ T30] audit: type=1326 audit(1748384819.146:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6703 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 124.411451][ T30] audit: type=1326 audit(1748384819.156:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6703 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 124.434509][ T30] audit: type=1326 audit(1748384819.156:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6703 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 124.494964][ T10] usb 2-1: USB disconnect, device number 4 [ 124.529579][ T30] audit: type=1326 audit(1748384819.176:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6703 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 124.695246][ T1211] hid-generic 0005:16C0:5505.0003: unknown main item tag 0x0 [ 124.706561][ T1211] hid-generic 0005:16C0:5505.0003: hidraw0: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 124.771694][ T30] audit: type=1326 audit(1748384819.536:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6707 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7fc00000 [ 125.029094][ T6725] netlink: 72 bytes leftover after parsing attributes in process `syz.4.353'. [ 125.421426][ T30] audit: type=1326 audit(1748384820.176:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6707 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f18d4b8e969 code=0x7fc00000 [ 125.830995][ T6750] netlink: 'syz.2.365': attribute type 10 has an invalid length. [ 125.849974][ T6750] netlink: 40 bytes leftover after parsing attributes in process `syz.2.365'. [ 125.882888][ T6750] dummy0: entered promiscuous mode [ 125.894533][ T6750] bridge0: port 3(dummy0) entered blocking state [ 125.906305][ T6750] bridge0: port 3(dummy0) entered disabled state [ 125.918769][ T6750] dummy0: entered allmulticast mode [ 125.946282][ T6750] bridge0: port 3(dummy0) entered blocking state [ 125.953059][ T6750] bridge0: port 3(dummy0) entered forwarding state [ 126.151772][ T6760] syz.0.368 (6760) used greatest stack depth: 19768 bytes left [ 126.289493][ T5910] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 126.446598][ T5910] usb 5-1: Using ep0 maxpacket: 32 [ 126.457528][ T5910] usb 5-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 126.477101][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.477146][ T6779] tun0: tun_chr_ioctl cmd 1074025675 [ 126.498786][ T5910] usb 5-1: config 0 descriptor?? [ 126.500439][ T6779] tun0: persist enabled [ 126.511321][ T6779] tun0: tun_chr_ioctl cmd 1074025675 [ 126.515866][ T5910] gspca_main: sq930x-2.14.0 probing 041e:403c [ 126.521946][ T6779] tun0: persist disabled [ 126.847476][ T6792] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 126.859396][ T6792] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 127.015279][ T6797] netlink: 277 bytes leftover after parsing attributes in process `syz.1.385'. [ 127.418873][ T6810] netlink: 4 bytes leftover after parsing attributes in process `syz.1.391'. [ 127.441985][ T6810] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.451423][ T6810] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.460330][ T6810] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.469284][ T6810] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.515039][ T6810] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 127.524590][ T6810] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 127.534161][ T6810] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 127.543204][ T6810] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 127.558975][ T5910] gspca_sq930x: ucbus_write failed -71 [ 127.565971][ T5910] sq930x 5-1:0.0: probe with driver sq930x failed with error -71 [ 127.586660][ T5910] usb 5-1: USB disconnect, device number 3 [ 129.106722][ T24] kernel write not supported for file /184/net/ip_vs_stats (pid: 24 comm: kworker/1:0) [ 129.158721][ T6880] syzkaller1: entered promiscuous mode [ 129.169214][ T6880] syzkaller1: entered allmulticast mode [ 129.249404][ T6884] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input13 [ 129.592463][ T6900] netlink: 'syz.2.433': attribute type 3 has an invalid length. [ 129.611076][ T6900] netlink: 'syz.2.433': attribute type 1 has an invalid length. [ 129.618772][ T6900] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.433'. [ 130.137060][ T6918] netlink: 'syz.1.441': attribute type 11 has an invalid length. [ 130.312558][ T6925] input: syz0 as /devices/virtual/input/input14 [ 130.498654][ T6937] team_slave_0: entered promiscuous mode [ 130.504628][ T6937] team_slave_1: entered promiscuous mode [ 130.512063][ T6937] vlan2: entered promiscuous mode [ 130.517148][ T6937] team0: entered promiscuous mode [ 130.629627][ T6941] netlink: 12 bytes leftover after parsing attributes in process `syz.1.452'. [ 131.159189][ T5910] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 131.325917][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.346634][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.374039][ T5910] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 131.390339][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.418270][ T5910] usb 5-1: config 0 descriptor?? [ 131.509261][ T1211] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 131.669676][ T1211] usb 4-1: Using ep0 maxpacket: 16 [ 131.678529][ T1211] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 131.713954][ T1211] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 131.732432][ T1211] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 131.744173][ T1211] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.755032][ T1211] usb 4-1: Product: syz [ 131.761524][ T1211] usb 4-1: Manufacturer: syz [ 131.766286][ T1211] usb 4-1: SerialNumber: syz [ 131.775316][ T1211] usb 4-1: config 0 descriptor?? [ 131.786534][ T1211] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 131.798031][ T1211] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 131.853586][ T5910] playstation 0003:054C:0DF2.0004: unknown main item tag 0x0 [ 131.861378][ T5910] playstation 0003:054C:0DF2.0004: unknown main item tag 0x0 [ 131.868913][ T5910] playstation 0003:054C:0DF2.0004: unknown main item tag 0x0 [ 131.877118][ T5910] playstation 0003:054C:0DF2.0004: unknown main item tag 0x0 [ 131.884723][ T5910] playstation 0003:054C:0DF2.0004: unknown main item tag 0x0 [ 131.896955][ T5910] playstation 0003:054C:0DF2.0004: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0 [ 131.969211][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 132.055385][ T5910] playstation 0003:054C:0DF2.0004: Invalid reportID received, expected 9 got 0 [ 132.064611][ T5910] playstation 0003:054C:0DF2.0004: Failed to retrieve DualSense pairing info: -22 [ 132.075394][ T5910] playstation 0003:054C:0DF2.0004: Failed to get MAC address from DualSense [ 132.086785][ T5910] playstation 0003:054C:0DF2.0004: Failed to create dualsense. [ 132.098210][ T5910] playstation 0003:054C:0DF2.0004: probe with driver playstation failed with error -22 [ 132.139147][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 132.146401][ T9] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 132.156535][ T9] usb 2-1: config 0 has no interface number 0 [ 132.163235][ T9] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 132.179441][ T9] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 132.199122][ T9] usb 2-1: config 0 interface 41 has no altsetting 0 [ 132.210880][ T6996] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 132.218727][ T6996] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 132.228345][ T9] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 132.237854][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.242276][ T6996] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 132.246024][ T9] usb 2-1: Product: syz [ 132.258199][ T9] usb 2-1: Manufacturer: syz [ 132.264649][ T9] usb 2-1: SerialNumber: syz [ 132.272974][ T9] usb 2-1: config 0 descriptor?? [ 132.275106][ T6996] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 132.279441][ T6989] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 132.291546][ T6989] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 132.309433][ T6996] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 132.325216][ T5910] usb 5-1: USB disconnect, device number 4 [ 132.340394][ T6996] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 132.354336][ T6996] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 132.360826][ T6996] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 132.368164][ T6996] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 132.384428][ T6996] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 132.391871][ T6996] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 132.396691][ T1211] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 132.408293][ T1211] em28xx 4-1:0.0: Config register raw data: 0x15 [ 132.409348][ T6996] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 132.427414][ T6996] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 132.436113][ T6996] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 132.442722][ T6996] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 132.454875][ T6996] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 132.508828][ T6989] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 132.517231][ T6989] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 132.608093][ T1211] em28xx 4-1:0.0: AC97 chip type couldn't be determined [ 132.616222][ T1211] em28xx 4-1:0.0: No AC97 audio processor [ 132.634691][ T1211] usb 4-1: USB disconnect, device number 7 [ 132.647155][ T1211] em28xx 4-1:0.0: Disconnecting em28xx [ 132.647696][ T7001] netlink: 12 bytes leftover after parsing attributes in process `syz.0.479'. [ 132.668757][ T1211] em28xx 4-1:0.0: Freeing device [ 132.845616][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.852861][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.953874][ T7011] netlink: 'syz.2.485': attribute type 1 has an invalid length. [ 133.348994][ T9] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 133.379707][ T9] usb 2-1: USB disconnect, device number 5 [ 133.738084][ T7045] af_packet: tpacket_rcv: packet too big, clamped from 39 to 4294967272. macoff=96 [ 134.119185][ T7061] syzkaller1: entered promiscuous mode [ 134.124764][ T7061] syzkaller1: entered allmulticast mode [ 134.189617][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 134.351934][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 134.355661][ T7071] netlink: 4 bytes leftover after parsing attributes in process `syz.0.514'. [ 134.429152][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 134.430148][ T5137] Bluetooth: hci2: command 0x0c1a tx timeout [ 134.509388][ T5137] Bluetooth: hci4: command 0x0405 tx timeout [ 134.668559][ T7077] netlink: 'syz.0.518': attribute type 1 has an invalid length. [ 134.838665][ T7077] bond1: entered promiscuous mode [ 134.849846][ T7077] 8021q: adding VLAN 0 to HW filter on device bond1 [ 134.950473][ T7081] 8021q: adding VLAN 0 to HW filter on device bond2 [ 134.991118][ T7081] bond1: (slave bond2): making interface the new active one [ 135.019834][ T7081] bond2: entered promiscuous mode [ 135.030551][ T7081] bond1: (slave bond2): Enslaving as an active interface with an up link [ 135.394324][ T7102] ALSA: mixer_oss: invalid OSS volume '' [ 135.656366][ T7112] Trying to write to read-only block-device nullb0 [ 136.015469][ T7128] netlink: 'syz.4.537': attribute type 10 has an invalid length. [ 136.024986][ T7128] netlink: 55 bytes leftover after parsing attributes in process `syz.4.537'. [ 136.269431][ T5137] Bluetooth: hci0: command 0x0c1a tx timeout [ 136.429237][ T5137] Bluetooth: hci1: command 0x0c1a tx timeout [ 136.483312][ T7148] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 136.514308][ T5137] Bluetooth: hci2: command 0x0c1a tx timeout [ 136.520897][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 136.580173][ T5910] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 136.589330][ T5137] Bluetooth: hci4: command 0x0405 tx timeout [ 136.669716][ T9] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 136.763363][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.789097][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.798891][ T5910] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 136.812328][ T5910] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 136.823624][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.834879][ T5910] usb 1-1: config 0 descriptor?? [ 136.854486][ T9] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 136.875542][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.886618][ T9] usb 5-1: config 0 descriptor?? [ 136.920962][ T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 136.953430][ T7161] netlink: 60 bytes leftover after parsing attributes in process `syz.3.552'. [ 137.089570][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 137.113032][ T10] usb 2-1: config index 0 descriptor too short (expected 65316, got 36) [ 137.140629][ T10] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 137.159333][ T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 137.166923][ T7169] netlink: 16 bytes leftover after parsing attributes in process `syz.2.556'. [ 137.168306][ T10] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.187926][ T7169] netlink: 8 bytes leftover after parsing attributes in process `syz.2.556'. [ 137.196095][ T10] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.213110][ T10] usb 2-1: config 0 interface 0 has no altsetting 0 [ 137.216470][ T7169] netlink: 16 bytes leftover after parsing attributes in process `syz.2.556'. [ 137.223303][ T10] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 137.244207][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.256766][ T10] usb 2-1: config 0 descriptor?? [ 137.264210][ T5910] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 137.289699][ T5910] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 137.688140][ T10] hid (null): unknown global tag 0x12 [ 137.704112][ T10] hid (null): report_id 660415670 is invalid [ 137.713653][ T10] hid (null): unknown global tag 0xd [ 137.721529][ T10] hid (null): report_id 3636381312 is invalid [ 137.728776][ T10] hid (null): unknown global tag 0xe [ 137.744466][ T10] hid (null): global environment stack underflow [ 137.753937][ T10] hid (null): invalid report_size 15733 [ 137.763074][ T10] hid (null): global environment stack underflow [ 137.775926][ T10] hid (null): invalid report_size 59091 [ 137.784469][ T10] hid (null): unknown global tag 0xe [ 137.795502][ T10] hid (null): invalid report_size 659322949 [ 137.804895][ T10] hid (null): invalid report_size 40509 [ 137.811728][ T10] hid (null): report_id 49840 is invalid [ 137.945109][ T9] pegasus 5-1:0.0: probe with driver pegasus failed with error -71 [ 137.962316][ T9] usb 5-1: USB disconnect, device number 5 [ 137.998841][ T43] usb 2-1: USB disconnect, device number 6 [ 138.350015][ T5137] Bluetooth: hci0: command 0x0c1a tx timeout [ 138.431897][ T7188] Bluetooth: hci4: Opcode 0x0401 failed: -4 [ 138.459262][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 138.509561][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 138.513802][ T5137] Bluetooth: hci1: command 0x0c1a tx timeout [ 138.589180][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 138.596713][ T5137] Bluetooth: hci2: command 0x0c1a tx timeout [ 138.669196][ T5137] Bluetooth: hci4: command 0x0405 tx timeout [ 139.390387][ T43] usb 1-1: USB disconnect, device number 5 [ 140.448710][ T7250] vcan0: tx drop: invalid da for name 0xfffffffffffffffc [ 140.669685][ T5137] Bluetooth: hci3: command 0x0c1a tx timeout [ 140.759342][ T5137] Bluetooth: hci4: command 0x0405 tx timeout [ 140.981245][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 141.158193][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 141.178746][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 141.200975][ T10] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 141.217073][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 141.246700][ T10] usb 1-1: SerialNumber: syz [ 141.299275][ T1211] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 141.459086][ T1211] usb 4-1: Using ep0 maxpacket: 8 [ 141.476656][ T1211] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 141.492220][ T10] usb 1-1: 0:2 : does not exist [ 141.509158][ T1211] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.517208][ T1211] usb 4-1: Product: syz [ 141.528472][ T1211] usb 4-1: Manufacturer: syz [ 141.552781][ T1211] usb 4-1: SerialNumber: syz [ 141.557794][ T10] usb 1-1: USB disconnect, device number 6 [ 141.583220][ T1211] usb 4-1: config 0 descriptor?? [ 141.606157][ T1211] gspca_main: se401-2.14.0 probing 047d:5003 [ 141.864596][ T7296] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 142.008300][ T1211] gspca_se401: Frame size: 0x0 1/16th janggu [ 142.212743][ T1211] input: se401 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input15 [ 142.283078][ T1211] usb 4-1: USB disconnect, device number 8 [ 142.438801][ T7316] Bluetooth: MGMT ver 1.23 [ 142.729497][ T43] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 142.956419][ T43] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 142.995739][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.026356][ T43] usb 2-1: Product: syz [ 143.044517][ T43] usb 2-1: Manufacturer: syz [ 143.076949][ T43] usb 2-1: SerialNumber: syz [ 143.108729][ T43] usb 2-1: config 0 descriptor?? [ 143.138030][ T43] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 144.029426][ T5910] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 144.201609][ T24] usb 2-1: USB disconnect, device number 7 [ 144.209135][ T5910] usb 1-1: Using ep0 maxpacket: 32 [ 144.223220][ T5910] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 144.237759][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.251571][ T5910] usb 1-1: config 0 descriptor?? [ 144.266490][ T5910] gspca_main: sunplus-2.14.0 probing 041e:400b [ 145.273395][ T5910] gspca_sunplus: reg_w_riv err -71 [ 145.279844][ T5910] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 145.295452][ T5910] usb 1-1: USB disconnect, device number 7 [ 145.296252][ T7411] netlink: 60 bytes leftover after parsing attributes in process `syz.2.663'. [ 145.339164][ T7411] netlink: 60 bytes leftover after parsing attributes in process `syz.2.663'. [ 145.479610][ T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 145.649172][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 145.656103][ T24] usb 2-1: config 0 interface 0 has no altsetting 0 [ 145.665415][ T24] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 145.674712][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.682930][ T24] usb 2-1: Product: syz [ 145.687107][ T24] usb 2-1: Manufacturer: syz [ 145.692079][ T24] usb 2-1: SerialNumber: syz [ 145.698978][ T24] usb 2-1: config 0 descriptor?? [ 146.121373][ T24] gs_usb 2-1:0.0: Configuring for 3 interfaces [ 146.538373][ T24] gs_usb 2-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 146.626634][ T24] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -71 [ 146.666185][ T24] usb 2-1: USB disconnect, device number 8 [ 146.687358][ T7448] netlink: 512 bytes leftover after parsing attributes in process `syz.4.682'. [ 146.719149][ T1679] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 146.891460][ T1679] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 146.906803][ T1679] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 146.929343][ T1679] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 146.938565][ T1679] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.185993][ T1679] usb 1-1: usb_control_msg returned -32 [ 147.207936][ T1679] usbtmc 1-1:16.0: can't read capabilities [ 147.319501][ T1679] IPVS: starting estimator thread 0... [ 147.324197][ T7467] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 147.429221][ T7469] IPVS: using max 26 ests per chain, 62400 per kthread [ 147.514819][ T7475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.694'. [ 147.557815][ T7478] netlink: 8 bytes leftover after parsing attributes in process `syz.4.695'. [ 147.599704][ T1211] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 147.792501][ T1211] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.817348][ T1211] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 147.836521][ T1211] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 147.848471][ T1211] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.864708][ T1211] usb 2-1: config 0 descriptor?? [ 148.080748][ T43] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 148.251318][ T43] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 148.285679][ T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 148.291138][ T1211] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 148.321730][ T1211] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 148.333103][ T43] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 148.347730][ T1211] plantronics 0003:047F:FFFF.0007: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 148.360234][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 148.360261][ T43] usb 4-1: SerialNumber: syz [ 148.378809][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.393287][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.401188][ T7504] binder: 7503:7504 ioctl c0306201 2000000003c0 returned -14 [ 148.553314][ T24] usb 2-1: USB disconnect, device number 9 [ 148.585651][ T43] usb 4-1: 0:2 : does not exist [ 148.617231][ T43] usb 4-1: USB disconnect, device number 9 [ 149.516278][ T1679] usb 1-1: USB disconnect, device number 8 [ 149.526199][ T43] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 149.701385][ T43] usb 5-1: config 0 has no interfaces? [ 149.727418][ T43] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 149.738513][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.770228][ T43] usb 5-1: config 0 descriptor?? [ 149.783727][ T7533] netlink: 24 bytes leftover after parsing attributes in process `syz.0.720'. [ 149.850064][ T7537] loop6: detected capacity change from 0 to 524287999 [ 150.169265][ T1211] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 150.205268][ T7519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.215503][ T7519] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.226417][ T10] usb 5-1: USB disconnect, device number 6 [ 150.335401][ T1211] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 150.344715][ T1211] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.352850][ T1211] usb 1-1: Product: syz [ 150.357087][ T1211] usb 1-1: Manufacturer: syz [ 150.361938][ T1211] usb 1-1: SerialNumber: syz [ 150.368850][ T1211] usb 1-1: config 0 descriptor?? [ 151.396947][ T1211] usb 1-1: f81604_read: reg: 100f failed: -EPROTO [ 151.420933][ T1211] usb 1-1: f81604_read: reg: 200f failed: -EPROTO [ 151.424793][ T1211] usb 1-1: USB disconnect, device number 9 [ 151.447434][ T1211] usb 1-1: f81604_read: reg: 100f failed: -ENODEV [ 151.484852][ T1211] usb 1-1: f81604_read: reg: 200f failed: -ENODEV [ 151.671772][ T30] audit: type=1326 audit(1748384846.436:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7562 comm="syz.4.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7fc00000 [ 152.375267][ T7593] batadv0: entered promiscuous mode [ 152.406628][ T7593] macsec1: entered allmulticast mode [ 152.426405][ T7593] batadv0: entered allmulticast mode [ 152.445892][ T7593] batadv0: left allmulticast mode [ 152.454179][ T7593] batadv0: left promiscuous mode [ 152.730441][ T7608] netlink: 24 bytes leftover after parsing attributes in process `syz.4.754'. [ 153.079333][ T1211] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 153.233141][ T7629] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 153.251221][ T1211] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.263630][ T7629] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 153.269155][ T1211] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 153.303862][ T7629] overlayfs: conflicting lowerdir path [ 153.311457][ T1211] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.332197][ T1211] usb 2-1: config 0 descriptor?? [ 153.511862][ T7637] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 153.760132][ T1211] keytouch 0003:0926:3333.0008: fixing up Keytouch IEC report descriptor [ 153.788691][ T1211] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0008/input/input17 [ 153.927191][ T1211] keytouch 0003:0926:3333.0008: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 154.398968][ T1679] usb 2-1: USB disconnect, device number 10 [ 154.583031][ T7673] netlink: 4 bytes leftover after parsing attributes in process `syz.3.785'. [ 154.608131][ T7673] bond_slave_0: entered promiscuous mode [ 154.614192][ T7673] bond_slave_1: entered promiscuous mode [ 154.624304][ T7673] macvlan2: entered promiscuous mode [ 154.629932][ T7673] bond0: entered promiscuous mode [ 154.642265][ T7673] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 155.269244][ T1211] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 155.339234][ T1679] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 155.432548][ T1211] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 155.441986][ T1211] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.454535][ T1211] usb 4-1: config 0 descriptor?? [ 155.462921][ T1211] cp210x 4-1:0.0: cp210x converter detected [ 155.491608][ T1679] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 155.501973][ T1679] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.513441][ T1679] usb 2-1: config 0 descriptor?? [ 155.521542][ T1679] cp210x 2-1:0.0: cp210x converter detected [ 155.738854][ T7700] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 155.749315][ T5893] IPVS: starting estimator thread 0... [ 155.849270][ T7702] IPVS: using max 29 ests per chain, 69600 per kthread [ 155.899874][ T7704] netlink: 16 bytes leftover after parsing attributes in process `syz.4.797'. [ 155.942448][ T1679] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 155.983378][ T1679] usb 2-1: cp210x converter now attached to ttyUSB0 [ 156.005715][ T7706] syzkaller1: entered promiscuous mode [ 156.015744][ T7706] syzkaller1: entered allmulticast mode [ 156.099340][ T1211] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 156.107331][ T1211] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 156.126604][ T1211] usb 4-1: cp210x converter now attached to ttyUSB1 [ 156.144159][ T1211] usb 4-1: USB disconnect, device number 10 [ 156.154428][ T1211] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1 [ 156.167807][ T1211] cp210x 4-1:0.0: device disconnected [ 156.186739][ T1679] usb 2-1: USB disconnect, device number 11 [ 156.203076][ T1679] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 156.269721][ T1679] cp210x 2-1:0.0: device disconnected [ 157.339126][ T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 157.509207][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 157.517023][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.538456][ T9] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 157.581200][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 157.596275][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.639753][ T9] usb 4-1: Product: syz [ 157.643977][ T9] usb 4-1: Manufacturer: syz [ 157.648597][ T9] usb 4-1: SerialNumber: syz [ 157.898843][ T9] cdc_ncm 4-1:1.0: bind() failure [ 157.963783][ T9] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 157.985557][ T9] cdc_ncm 4-1:1.1: bind() failure [ 158.006173][ T9] usb 4-1: USB disconnect, device number 11 [ 158.407143][ T30] audit: type=1326 audit(1748384853.166:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7756 comm="syz.2.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa24172ab39 code=0x7ffc0000 [ 158.434358][ T5873] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 158.492647][ T30] audit: type=1326 audit(1748384853.166:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7756 comm="syz.2.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa24178e969 code=0x7ffc0000 [ 158.516086][ T5873] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 158.550748][ T5873] usb 3-1: USB disconnect, device number 2 [ 158.566850][ T30] audit: type=1326 audit(1748384853.166:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7756 comm="syz.2.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa24178e969 code=0x7ffc0000 [ 158.657740][ T30] audit: type=1326 audit(1748384853.166:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7756 comm="syz.2.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa24172ab39 code=0x7ffc0000 [ 158.713723][ T30] audit: type=1326 audit(1748384853.166:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7756 comm="syz.2.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa24178e969 code=0x7ffc0000 [ 158.736788][ T30] audit: type=1326 audit(1748384853.166:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7756 comm="syz.2.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa24178e969 code=0x7ffc0000 [ 158.758386][ T30] audit: type=1326 audit(1748384853.166:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7756 comm="syz.2.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa24178e969 code=0x7ffc0000 [ 158.780086][ T30] audit: type=1326 audit(1748384853.166:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7756 comm="syz.2.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa24172ab39 code=0x7ffc0000 [ 158.807109][ T30] audit: type=1326 audit(1748384853.166:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7756 comm="syz.2.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa24172ab39 code=0x7ffc0000 [ 158.843914][ T30] audit: type=1326 audit(1748384853.166:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7756 comm="syz.2.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa24172ab39 code=0x7ffc0000 [ 159.047519][ T7792] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 159.319256][ T1211] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 159.489210][ T1211] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 159.513152][ T1211] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 159.532928][ T1211] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 159.560063][ T1211] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 159.595393][ T1211] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 159.628444][ T1211] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.652927][ T1211] usb 4-1: config 0 descriptor?? [ 159.669721][ T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 159.849159][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 159.869600][ T9] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 159.889693][ T9] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 159.909320][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 159.923101][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 159.941844][ T5893] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 159.949623][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.957687][ T9] usb 1-1: Product: syz [ 159.977347][ T9] usb 1-1: Manufacturer: syz [ 159.989151][ T9] usb 1-1: SerialNumber: syz [ 160.094557][ T1211] plantronics 0003:047F:FFFF.0009: ignoring exceeding usage max [ 160.111380][ T5893] usb 5-1: Using ep0 maxpacket: 32 [ 160.126529][ T5893] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 160.140357][ T1211] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 160.148355][ T5893] usb 5-1: config 0 has no interface number 0 [ 160.156423][ T5893] usb 5-1: config 0 interface 184 has no altsetting 0 [ 160.171036][ T5893] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 160.180638][ T1211] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 160.193877][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.210957][ T5893] usb 5-1: Product: syz [ 160.215566][ T5893] usb 5-1: Manufacturer: syz [ 160.220287][ T5893] usb 5-1: SerialNumber: syz [ 160.228550][ T5893] usb 5-1: config 0 descriptor?? [ 160.247153][ T5893] smsc75xx v1.0.0 [ 160.407540][ T9] usb 1-1: 0:2 : does not exist [ 160.435360][ T9] usb 1-1: USB disconnect, device number 10 [ 160.867006][ T5893] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 160.883402][ T7849] mmap: syz.2.860 (7849) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 160.903065][ T5893] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 161.125028][ T5893] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 161.144684][ T5893] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 161.164614][ T5893] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 161.190028][ T5893] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71 [ 161.215833][ T5893] usb 5-1: USB disconnect, device number 7 [ 161.844028][ T7876] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.872'. [ 161.956496][ T7880] loop0: detected capacity change from 0 to 1 [ 161.988690][ T5818] Dev loop0: unable to read RDB block 1 [ 162.019258][ T5818] loop0: unable to read partition table [ 162.026224][ T5818] loop0: partition table beyond EOD, truncated [ 162.056860][ T7880] Dev loop0: unable to read RDB block 1 [ 162.091856][ T7880] loop0: unable to read partition table [ 162.100070][ T7880] loop0: partition table beyond EOD, truncated [ 162.125821][ T7880] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 162.125821][ T7880] ) failed (rc=-5) [ 162.197879][ T24] usb 4-1: USB disconnect, device number 12 [ 162.205550][ T7887] netlink: 'syz.0.877': attribute type 1 has an invalid length. [ 162.242016][ T7887] netlink: 4 bytes leftover after parsing attributes in process `syz.0.877'. [ 164.129175][ T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 164.249435][ T5873] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 164.298646][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 164.318346][ T24] usb 4-1: config 1 has no interface number 0 [ 164.345339][ T24] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.400220][ T24] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 164.422033][ T24] usb 4-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 164.445585][ T5873] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 164.456290][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.469680][ T24] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 164.500151][ T5873] usb 5-1: config 0 descriptor?? [ 164.505295][ T24] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 164.543791][ T5873] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 164.573457][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 164.590307][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.618870][ T24] usb 4-1: Product: syz [ 164.628951][ T24] usb 4-1: Manufacturer: syz [ 164.656022][ T24] usb 4-1: SerialNumber: syz [ 164.845887][ T7988] batadv_slave_1: entered promiscuous mode [ 164.863168][ T7987] batadv_slave_1: left promiscuous mode [ 164.888101][ T7953] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 164.950346][ T5873] gspca_cpia1: usb_control_msg 03, error -32 [ 164.957268][ T5873] cpia1 5-1:0.0: unexpected state after lo power cmd: 00 [ 164.995189][ T7992] syzkaller1: entered promiscuous mode [ 165.007101][ T7992] syzkaller1: entered allmulticast mode [ 165.171304][ T5873] gspca_cpia1: usb_control_msg 01, error -32 [ 165.179485][ T5873] gspca_cpia1: usb_control_msg 01, error -71 [ 165.187312][ T5873] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0) [ 165.220044][ T5873] usb 5-1: USB disconnect, device number 8 [ 165.320953][ T8006] netlink: 8 bytes leftover after parsing attributes in process `syz.1.929'. [ 165.513210][ T7953] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 165.527348][ T24] cdc_ncm 4-1:1.1: bind() failure [ 165.560943][ T8018] syzkaller1: entered promiscuous mode [ 165.566589][ T8018] syzkaller1: entered allmulticast mode [ 165.774072][ T5873] usb 4-1: USB disconnect, device number 13 [ 166.114619][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 166.114637][ T30] audit: type=1326 audit(1748384860.876:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8036 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 166.189243][ T30] audit: type=1326 audit(1748384860.876:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8036 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 166.250972][ T30] audit: type=1326 audit(1748384860.916:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8036 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 166.343236][ T30] audit: type=1326 audit(1748384860.916:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8036 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 166.424344][ T30] audit: type=1326 audit(1748384860.916:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8036 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 166.525783][ T30] audit: type=1326 audit(1748384860.916:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8036 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 166.551457][ T8044] vlan2: entered promiscuous mode [ 166.552640][ T30] audit: type=1326 audit(1748384860.916:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8036 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 166.556518][ T8044] macvtap0: entered promiscuous mode [ 166.609328][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 166.619161][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 166.635584][ T30] audit: type=1326 audit(1748384860.926:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8036 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 166.698872][ T30] audit: type=1326 audit(1748384860.926:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8036 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 166.813920][ T30] audit: type=1326 audit(1748384860.926:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8036 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f18d4b2ab39 code=0x7ffc0000 [ 166.836301][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 167.267809][ T8066] loop7: detected capacity change from 0 to 7 [ 167.287583][ T8066] loop7: [POWERTEC] p1 [ 167.309353][ T8066] loop7: p1 start 2048061705 is beyond EOD, truncated [ 167.862540][ T8093] netlink: 28 bytes leftover after parsing attributes in process `syz.0.966'. [ 167.872121][ T8093] netlink: 'syz.0.966': attribute type 7 has an invalid length. [ 167.896862][ T8093] netlink: 'syz.0.966': attribute type 8 has an invalid length. [ 167.906012][ T8093] netlink: 4 bytes leftover after parsing attributes in process `syz.0.966'. [ 167.933446][ T8093] erspan0: entered promiscuous mode [ 167.945003][ T1211] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 167.949639][ T8093] gretap0: entered promiscuous mode [ 167.978529][ T8093] erspan0: left promiscuous mode [ 167.994110][ T8093] gretap0: left promiscuous mode [ 168.059136][ T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 168.109172][ T1211] usb 5-1: Using ep0 maxpacket: 8 [ 168.124999][ T1211] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 168.145240][ T1211] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 168.158979][ T1211] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 168.170828][ T1211] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 168.185308][ T1211] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 168.195486][ T1211] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.219306][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 168.226111][ T9] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 168.234570][ T9] usb 2-1: config 0 has no interface number 0 [ 168.240835][ T9] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 168.252322][ T9] usb 2-1: config 0 interface 85 has no altsetting 0 [ 168.263794][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 168.273443][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.281787][ T9] usb 2-1: Product: syz [ 168.286006][ T9] usb 2-1: Manufacturer: syz [ 168.290811][ T9] usb 2-1: SerialNumber: syz [ 168.298636][ T9] usb 2-1: config 0 descriptor?? [ 168.416944][ T1211] usb 5-1: GET_CAPABILITIES returned 0 [ 168.422746][ T1211] usbtmc 5-1:16.0: can't read capabilities [ 168.634986][ T24] usb 5-1: USB disconnect, device number 9 [ 168.929382][ T9] appletouch 2-1:0.85: Geyser mode initialized. [ 168.948064][ T9] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input18 [ 169.016781][ T8113] veth0: entered promiscuous mode [ 169.023880][ T8113] netlink: 4 bytes leftover after parsing attributes in process `syz.2.977'. [ 169.171562][ T8117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.979'. [ 169.176761][ T1679] usb 2-1: USB disconnect, device number 12 [ 169.211467][ T1679] appletouch 2-1:0.85: input: appletouch disconnected [ 171.209989][ T8212] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 171.705705][ T8226] input: syz1 as /devices/virtual/input/input19 [ 172.914365][ T8283] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1034'. [ 173.648094][ T8318] loop6: detected capacity change from 0 to 524287999 [ 173.659858][ T8318] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x8800 phys_seg 3 prio class 0 [ 173.669877][ T8318] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x8800 phys_seg 3 prio class 0 [ 174.111283][ T5137] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 175.799196][ T5873] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 175.972802][ T5873] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 175.991753][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 176.008963][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 176.036809][ T5873] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 176.067194][ T5873] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 176.086843][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.110909][ T5873] usb 4-1: config 0 descriptor?? [ 176.124680][ T8365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1070'. [ 176.239288][ T5897] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 176.419144][ T5897] usb 5-1: Using ep0 maxpacket: 8 [ 176.430757][ T5897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.449073][ T5897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.469113][ T5897] usb 5-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 176.478228][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.512610][ T5897] usb 5-1: config 0 descriptor?? [ 176.550931][ T5873] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 176.567019][ T5873] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 176.586958][ T5873] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 176.843654][ T1211] usb 4-1: USB disconnect, device number 14 [ 176.928474][ T5897] logitech 0003:046D:C24F.000B: unbalanced collection at end of report description [ 176.950139][ T5897] logitech 0003:046D:C24F.000B: parse failed [ 176.960568][ T5897] logitech 0003:046D:C24F.000B: probe with driver logitech failed with error -22 [ 177.138971][ T1211] usb 5-1: USB disconnect, device number 10 [ 177.488793][ T8388] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 177.513943][ T8388] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.522913][ T8388] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.159431][ T5873] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 178.339313][ T5873] usb 5-1: Using ep0 maxpacket: 8 [ 178.346825][ T5873] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 178.356034][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.372230][ T5873] pvrusb2: Hardware description: Terratec Grabster AV400 [ 178.380725][ T5873] pvrusb2: ********** [ 178.384730][ T5873] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 178.397398][ T5873] pvrusb2: Important functionality might not be entirely working. [ 178.405379][ T5873] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 178.416840][ T5873] pvrusb2: ********** [ 178.571014][ T2345] pvrusb2: Invalid write control endpoint [ 178.625084][ T2345] pvrusb2: Invalid write control endpoint [ 178.631087][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 178.644375][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 178.652021][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 178.662239][ T2345] pvrusb2: Device being rendered inoperable [ 178.671168][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 178.678432][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 178.689564][ T2345] pvrusb2: Attached sub-driver cx25840 [ 178.695202][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 178.710369][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 178.772955][ T8403] pvrusb2: Attempted to execute control transfer when device not ok [ 178.786911][ T9] usb 5-1: USB disconnect, device number 11 [ 179.913256][ T8475] input: syz0 as /devices/virtual/input/input20 [ 181.410251][ T5910] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 181.429591][ T1211] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 181.569586][ T5910] usb 5-1: Using ep0 maxpacket: 32 [ 181.577267][ T5910] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 181.610482][ T1211] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 181.632378][ T5910] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 181.639386][ T1211] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.655854][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.662232][ T1211] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 181.674816][ T5910] usb 5-1: Product: syz [ 181.699131][ T5910] usb 5-1: Manufacturer: syz [ 181.703790][ T5910] usb 5-1: SerialNumber: syz [ 181.704976][ T1211] usb 2-1: New USB device found, idVendor=046d, idProduct=c30a, bcdDevice= 0.00 [ 181.722442][ T1211] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.734914][ T5910] usb 5-1: config 0 descriptor?? [ 181.737159][ T1211] usb 2-1: config 0 descriptor?? [ 182.163529][ T1211] logitech 0003:046D:C30A.000C: unknown main item tag 0x0 [ 182.174063][ T1211] logitech 0003:046D:C30A.000C: unknown main item tag 0x0 [ 182.183452][ T1211] logitech 0003:046D:C30A.000C: unknown main item tag 0x0 [ 182.191789][ T1211] logitech 0003:046D:C30A.000C: unknown main item tag 0x0 [ 182.199581][ T1211] logitech 0003:046D:C30A.000C: unknown main item tag 0x0 [ 182.210125][ T1211] logitech 0003:046D:C30A.000C: hidraw0: USB HID vff.ff Device [HID 046d:c30a] on usb-dummy_hcd.1-1/input0 [ 182.394872][ T1211] usb 2-1: USB disconnect, device number 13 [ 182.645139][ T8569] netlink: 'syz.3.1155': attribute type 1 has an invalid length. [ 182.684223][ T8569] bond1: entered allmulticast mode [ 182.690167][ T8569] 8021q: adding VLAN 0 to HW filter on device bond1 [ 182.713085][ T8571] bond1: (slave ip6gretap1): making interface the new active one [ 182.721674][ T8571] ip6gretap1: entered allmulticast mode [ 182.728140][ T8571] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 183.425690][ T8601] overlayfs: failed to clone upperpath [ 183.797388][ T8617] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1178'. [ 184.233051][ T5910] usb 5-1: USB disconnect, device number 12 [ 184.990173][ T5137] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 184.991272][ T51] Bluetooth: hci5: command 0x1003 tx timeout [ 185.229471][ T8657] vlan2: entered promiscuous mode [ 185.235028][ T8657] bond0: entered promiscuous mode [ 185.244811][ T8657] bond_slave_0: entered promiscuous mode [ 185.260021][ T8657] bond_slave_1: entered promiscuous mode [ 185.941538][ T8683] overlayfs: failed to clone upperpath [ 186.929576][ T8712] netlink: 'syz.2.1215': attribute type 10 has an invalid length. [ 186.963290][ T8712] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1215'. [ 187.056269][ T8712] team0: Port device geneve0 added [ 187.861962][ T30] kauditd_printk_skb: 68 callbacks suppressed [ 187.861982][ T30] audit: type=1326 audit(1748384882.626:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8745 comm="syz.3.1227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f121ab8e969 code=0x7ffc0000 [ 187.967808][ T30] audit: type=1326 audit(1748384882.626:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8745 comm="syz.3.1227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f121ab8e969 code=0x7ffc0000 [ 188.076351][ T30] audit: type=1326 audit(1748384882.656:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8745 comm="syz.3.1227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f121ab8e969 code=0x7ffc0000 [ 188.148133][ T30] audit: type=1326 audit(1748384882.656:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8745 comm="syz.3.1227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f121ab8e969 code=0x7ffc0000 [ 188.199125][ T30] audit: type=1326 audit(1748384882.656:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8745 comm="syz.3.1227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f121ab8e969 code=0x7ffc0000 [ 188.245575][ T30] audit: type=1326 audit(1748384882.676:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8745 comm="syz.3.1227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f121ab8e969 code=0x7ffc0000 [ 188.275933][ T30] audit: type=1326 audit(1748384882.676:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8745 comm="syz.3.1227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f121ab8e969 code=0x7ffc0000 [ 188.354399][ T30] audit: type=1326 audit(1748384882.676:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8745 comm="syz.3.1227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f121ab85927 code=0x7ffc0000 [ 188.376101][ C0] vkms_vblank_simulate: vblank timer overrun [ 188.447522][ T30] audit: type=1326 audit(1748384882.676:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8745 comm="syz.3.1227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f121ab2ab39 code=0x7ffc0000 [ 188.504863][ T30] audit: type=1326 audit(1748384882.676:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8745 comm="syz.3.1227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f121ab85927 code=0x7ffc0000 [ 188.526354][ C0] vkms_vblank_simulate: vblank timer overrun [ 189.250761][ T5873] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 189.409426][ T5873] usb 5-1: Using ep0 maxpacket: 16 [ 189.423881][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 189.454142][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 189.477652][ T5873] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 189.503553][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.520369][ T5873] usb 5-1: config 0 descriptor?? [ 190.560398][ T5873] letsketch 0003:6161:4D15.000D: Device info: 꿨 [ 190.798518][ T5873] usb 5-1: Max retries (5) exceeded reading string descriptor 201 [ 190.822682][ T5873] letsketch 0003:6161:4D15.000D: probe with driver letsketch failed with error -71 [ 190.852292][ T5873] usb 5-1: USB disconnect, device number 13 [ 191.546942][ T8874] netlink: 'syz.0.1283': attribute type 4 has an invalid length. [ 191.627790][ T8874] netlink: 'syz.0.1283': attribute type 4 has an invalid length. [ 192.165603][ T8892] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 192.883920][ C0] IPv4: Oversized IP packet from 172.20.20.10 [ 193.182067][ T8933] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 193.646669][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 194.189610][ T5137] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 194.189650][ T51] Bluetooth: hci5: command 0x1003 tx timeout [ 194.278643][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.285120][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.532523][ T8966] team0: entered promiscuous mode [ 194.537796][ T8966] team_slave_0: entered promiscuous mode [ 194.548105][ T8966] team_slave_1: entered promiscuous mode [ 194.563478][ T8966] batadv_slave_0: entered promiscuous mode [ 194.579780][ T8965] batadv_slave_0: left promiscuous mode [ 194.587850][ T8965] team0: left promiscuous mode [ 194.598020][ T8965] team_slave_0: left promiscuous mode [ 194.608407][ T8965] team_slave_1: left promiscuous mode [ 194.950046][ T8979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1329'. [ 195.619139][ T5910] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 195.794829][ T5910] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.826654][ T5910] usb 4-1: config 0 interface 0 has no altsetting 0 [ 195.845659][ T5910] usb 4-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 195.872537][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.929118][ T5910] usb 4-1: Product: syz [ 195.933345][ T5910] usb 4-1: Manufacturer: syz [ 195.958345][ T5910] usb 4-1: SerialNumber: syz [ 196.006140][ T5910] usb 4-1: config 0 descriptor?? [ 196.052668][ T5910] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 196.074256][ T5910] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 196.102246][ T5910] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 196.124418][ T5910] usb 4-1: media controller created [ 196.258549][ T5910] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 196.343808][ T9011] 9pnet: p9_errstr2errno: server reported unknown error @$  [ 196.504201][ T5910] DVB: Unable to find symbol tda10046_attach() [ 196.518814][ T5910] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 196.549141][ T5910] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 196.643197][ T9017] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1346'. [ 197.242380][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 197.291192][ T9043] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1357'. [ 197.424628][ T5910] dvb_usb_m920x 4-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 197.460227][ T5910] usb 4-1: USB disconnect, device number 15 [ 197.553820][ T9051] dummy0: left allmulticast mode [ 197.559342][ T9051] bridge0: port 3(dummy0) entered disabled state [ 197.576862][ T9051] bridge_slave_0: left allmulticast mode [ 197.586906][ T9051] bridge_slave_0: left promiscuous mode [ 197.594489][ T9051] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.608658][ T9054] netlink: 'syz.2.1362': attribute type 10 has an invalid length. [ 197.622836][ T9051] bridge_slave_1: left allmulticast mode [ 197.628542][ T9051] bridge_slave_1: left promiscuous mode [ 197.635239][ T9051] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.654605][ T9051] bond0: (slave bond_slave_0): Releasing backup interface [ 197.666764][ T9051] bond0: (slave bond_slave_1): Releasing backup interface [ 197.691190][ T9051] team0: Port device team_slave_0 removed [ 197.702674][ T9051] team0: Port device team_slave_1 removed [ 197.710524][ T9051] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 197.719119][ T5873] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 197.726920][ T9051] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 197.748913][ T9051] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 197.757075][ T9051] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 197.798534][ T9051] team0: Port device geneve0 removed [ 197.845679][ T9054] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 197.909413][ T5873] usb 2-1: Using ep0 maxpacket: 32 [ 197.916745][ T5873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.928323][ T5873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 197.939258][ T5873] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 197.948385][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.967384][ T5873] usb 2-1: config 0 descriptor?? [ 197.976136][ T9062] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1365'. [ 198.409312][ T5873] ft260 0003:0403:6030.000E: unknown main item tag 0x0 [ 198.588081][ T5873] ft260 0003:0403:6030.000E: chip code: 0000 0000 [ 198.679284][ T5910] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 198.789356][ T5873] ft260 0003:0403:6030.000E: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0 [ 198.839209][ T5910] usb 4-1: Using ep0 maxpacket: 8 [ 198.846714][ T5910] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 198.859121][ T5910] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 198.868312][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.881987][ T5910] usb 4-1: config 0 descriptor?? [ 198.891010][ T5910] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 199.191127][ T5873] ft260 0003:0403:6030.000E: failed to retrieve status: -71 [ 199.204095][ T5873] ft260 0003:0403:6030.000E: failed to reset I2C controller: -71 [ 199.222868][ T9100] Invalid ELF header magic: != ELF [ 199.237684][ T5873] usb 2-1: USB disconnect, device number 14 [ 199.295253][ T9102] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 200.109609][ T5910] gspca_vc032x: reg_w err -71 [ 200.117136][ T5910] vc032x 4-1:0.0: probe with driver vc032x failed with error -71 [ 200.140510][ T5910] usb 4-1: USB disconnect, device number 16 [ 201.702050][ T5137] Bluetooth: hci0: unexpected event for opcode 0x2040 [ 201.800907][ T9201] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 202.059118][ T5897] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 202.217458][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 202.217485][ T30] audit: type=1804 audit(1748384896.976:324): pid=9219 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1436" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="ramfs" ino=22300 res=1 errno=0 [ 202.311956][ T5897] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 202.321506][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.336698][ T5897] usb 5-1: config 0 descriptor?? [ 202.634954][ T9232] Invalid source name [ 202.657488][ T9232] UBIFS error (pid: 9232): cannot open "./file0", error -22 [ 203.302341][ T9263] cgroup: Unknown subsys name 'cpuset' [ 203.580462][ T5897] pegasus 5-1:0.0: can't reset MAC [ 203.587809][ T5897] pegasus 5-1:0.0: probe with driver pegasus failed with error -5 [ 203.615308][ T5897] usb 5-1: USB disconnect, device number 14 [ 203.679164][ T1211] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 203.787864][ T9287] netlink: 372 bytes leftover after parsing attributes in process `syz.0.1468'. [ 203.851012][ T1211] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 203.869806][ T1211] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 203.882969][ T1211] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.903675][ T1211] usb 4-1: config 0 descriptor?? [ 203.953211][ T9293] 9pnet_fd: Insufficient options for proto=fd [ 204.320052][ T1211] keytouch 0003:0926:3333.000F: fixing up Keytouch IEC report descriptor [ 204.348554][ T1211] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.000F/input/input21 [ 204.440695][ T1211] keytouch 0003:0926:3333.000F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 205.270172][ T9324] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1485'. [ 205.623595][ T9333] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1489'. [ 205.649547][ T9333] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1489'. [ 206.357758][ T9352] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1497'. [ 206.470168][ T24] usb 4-1: USB disconnect, device number 17 [ 206.854621][ T9378] netlink: 'syz.4.1509': attribute type 1 has an invalid length. [ 206.865327][ T9378] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1509'. [ 206.919343][ T24] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 207.043480][ T1211] libceph: connect (1)[c::]:6789 error -101 [ 207.051163][ T9384] relay: one or more items not logged [item size (56) > sub-buffer size (9)] [ 207.066949][ T1211] libceph: mon0 (1)[c::]:6789 connect error [ 207.099197][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 207.108782][ T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 207.128193][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 207.149601][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 207.159712][ T1211] libceph: connect (1)[c::]:6789 error -101 [ 207.181746][ T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 207.183835][ T1211] libceph: mon0 (1)[c::]:6789 connect error [ 207.193368][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.206413][ T24] usb 4-1: Product: syz [ 207.210678][ T24] usb 4-1: Manufacturer: syz [ 207.215300][ T24] usb 4-1: SerialNumber: syz [ 207.391778][ T1211] libceph: connect (1)[c::]:6789 error -101 [ 207.402622][ T1211] libceph: mon0 (1)[c::]:6789 connect error [ 207.454644][ T24] usb 4-1: 0:2 : does not exist [ 207.495594][ T1211] libceph: connect (1)[c::]:6789 error -101 [ 207.512395][ T1211] libceph: mon0 (1)[c::]:6789 connect error [ 207.514423][ T24] usb 4-1: USB disconnect, device number 18 [ 207.802839][ T9382] ceph: No mds server is up or the cluster is laggy [ 207.809976][ T9389] ceph: No mds server is up or the cluster is laggy [ 208.527676][ T9440] Bluetooth: hci0: invalid length 0, exp 2 for type 2 [ 209.196620][ T9467] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1546'. [ 209.198312][ T9465] netlink: 'syz.1.1547': attribute type 4 has an invalid length. [ 209.831038][ T9492] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1558'. [ 209.856248][ T9492] netlink: zone id is out of range [ 209.863892][ T30] audit: type=1326 audit(1748384904.626:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9493 comm="syz.1.1559" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff616b8e969 code=0x0 [ 209.869294][ T9492] netlink: zone id is out of range [ 209.963824][ T9492] netlink: zone id is out of range [ 209.986898][ T9492] netlink: zone id is out of range [ 210.009430][ T9492] netlink: zone id is out of range [ 210.028589][ T9492] netlink: zone id is out of range [ 210.052347][ T9492] netlink: zone id is out of range [ 210.077860][ T9492] netlink: zone id is out of range [ 210.099389][ T9492] netlink: zone id is out of range [ 210.118886][ T9492] netlink: zone id is out of range [ 210.967750][ T9519] 8021q: adding VLAN 0 to HW filter on device bond1 [ 210.991991][ T9519] bridge0: port 3(bond1) entered blocking state [ 210.998550][ T9519] bridge0: port 3(bond1) entered disabled state [ 211.028704][ T9519] bond1: entered allmulticast mode [ 211.036092][ T9519] bond1: entered promiscuous mode [ 211.044812][ T9519] bridge0: port 3(bond1) entered blocking state [ 211.049194][ T5910] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 211.051275][ T9519] bridge0: port 3(bond1) entered forwarding state [ 211.200913][ T5910] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 211.228910][ T5910] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 211.250303][ T1211] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 211.250955][ T5910] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 211.286519][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 211.295837][ T5910] usb 4-1: SerialNumber: syz [ 211.394725][ T9537] 9pnet_fd: Insufficient options for proto=fd [ 211.429225][ T1211] usb 5-1: Using ep0 maxpacket: 16 [ 211.441267][ T1211] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.456202][ T1211] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 211.484118][ T1211] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 211.503597][ T1211] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 211.513081][ T1211] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.516920][ T5910] usb 4-1: 0:2 : does not exist [ 211.534544][ T1211] usb 5-1: config 0 descriptor?? [ 211.574233][ T5910] usb 4-1: USB disconnect, device number 19 [ 211.792076][ T8180] bridge0: port 3(bond1) entered disabled state [ 211.880479][ T30] audit: type=1326 audit(1748384906.646:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9553 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 211.905021][ T30] audit: type=1326 audit(1748384906.646:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9553 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 211.928391][ T30] audit: type=1326 audit(1748384906.676:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9553 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 211.954786][ T1211] HID 045e:07da: Invalid code 65791 type 1 [ 211.962909][ T30] audit: type=1326 audit(1748384906.676:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9553 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 211.992610][ T1211] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0010/input/input22 [ 211.999126][ T30] audit: type=1326 audit(1748384906.676:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9553 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 212.014879][ T1211] microsoft 0003:045E:07DA.0010: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 212.034787][ T30] audit: type=1326 audit(1748384906.696:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9553 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 212.065719][ T30] audit: type=1326 audit(1748384906.696:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9553 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 212.088213][ T30] audit: type=1326 audit(1748384906.696:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9553 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 212.110094][ T30] audit: type=1326 audit(1748384906.696:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9553 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18d4b8e969 code=0x7ffc0000 [ 212.164787][ T5910] usb 5-1: USB disconnect, device number 15 [ 213.304916][ T9587] IPVS: Scheduler module ip_vs_sip not found [ 214.250254][ T5910] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 214.412273][ T5910] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 214.428086][ T5910] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 214.463980][ T5910] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 214.479124][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.510759][ T9628] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 214.519747][ T1679] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 214.535171][ T5910] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 214.683127][ T1679] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.701363][ T1679] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 214.718615][ T1679] usb 5-1: New USB device strings: Mfr=32, Product=0, SerialNumber=9 [ 214.759358][ T1679] usb 5-1: Manufacturer: syz [ 214.764052][ T1679] usb 5-1: SerialNumber: syz [ 214.788704][ T1679] usb 5-1: config 0 descriptor?? [ 214.788712][ T9655] netlink: 'syz.0.1628': attribute type 10 has an invalid length. [ 214.818058][ T1211] usb 4-1: USB disconnect, device number 20 [ 214.871783][ T9655] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 214.891016][ T9652] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.975822][ T9660] cgroup: fork rejected by pids controller in /syz1 [ 215.040623][ T1679] usb 5-1: USB disconnect, device number 16 [ 216.598428][T11338] netlink: 'syz.3.1641': attribute type 1 has an invalid length. [ 216.612002][T11338] netlink: 248 bytes leftover after parsing attributes in process `syz.3.1641'. [ 216.625049][T11338] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.723098][ T5897] usb 2-1: new low-speed USB device number 15 using dummy_hcd [ 216.911258][ T5897] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 216.930718][ T5897] usb 2-1: config 0 has no interface number 0 [ 216.945008][ T5897] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 216.977089][ T5897] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 217.050672][ T5897] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 217.079173][ T5897] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 217.103547][ T5897] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 217.145573][ T5897] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 217.195413][ T5897] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 217.209853][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.229795][ T5897] usb 2-1: config 0 descriptor?? [ 217.235918][T11332] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 217.251518][T11332] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 217.272823][ T5897] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 217.286796][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 217.286815][ T30] audit: type=1326 audit(1748384912.046:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11356 comm="syz.3.1649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f121ab8e969 code=0x0 [ 217.340256][T11359] net_ratelimit: 75 callbacks suppressed [ 217.340272][T11359] netlink: zone id is out of range [ 217.356113][T11359] netlink: del zone limit has 4 unknown bytes [ 217.511612][ T5897] usb 2-1: USB disconnect, device number 15 [ 217.530042][ T5897] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 218.537118][T11385] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1662'. [ 219.601569][T11419] netlink: 8 bytes leftover after parsing attributes in process `wޣ'. [ 219.796828][T11423] bridge0: port 3(erspan0) entered blocking state [ 219.814238][T11423] bridge0: port 3(erspan0) entered disabled state [ 219.839561][T11423] erspan0: entered allmulticast mode [ 219.905657][T11423] erspan0: entered promiscuous mode [ 219.930442][T11423] bridge0: port 3(erspan0) entered blocking state [ 219.937420][T11423] bridge0: port 3(erspan0) entered forwarding state [ 219.993487][T11424] erspan0: left allmulticast mode [ 220.002352][T11424] erspan0: left promiscuous mode [ 220.029733][T11424] bridge0: port 3(erspan0) entered disabled state [ 221.367280][T11471] netlink: 'syz.1.1696': attribute type 1 has an invalid length. [ 221.383814][T11471] netlink: 'syz.1.1696': attribute type 4 has an invalid length. [ 221.407985][T11471] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1696'. [ 222.162155][T11493] netlink: 'syz.2.1703': attribute type 4 has an invalid length. [ 222.204697][T11493] netlink: 'syz.2.1703': attribute type 4 has an invalid length. [ 222.913623][T11523] netlink: 'syz.1.1717': attribute type 1 has an invalid length. [ 222.992600][T11523] bond2: entered promiscuous mode [ 223.007064][T11523] 8021q: adding VLAN 0 to HW filter on device bond2 [ 223.084842][T11525] bond2: (slave bridge1): making interface the new active one [ 223.105542][T11525] bridge1: entered promiscuous mode [ 223.117154][T11525] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 223.553167][ T30] audit: type=1326 audit(1748384918.306:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11553 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 223.606871][ T30] audit: type=1326 audit(1748384918.306:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11553 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 223.683447][ T30] audit: type=1326 audit(1748384918.306:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11553 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f216898d2d0 code=0x7ffc0000 [ 223.694339][T11560] overlayfs: failed to clone upperpath [ 223.737961][ T30] audit: type=1326 audit(1748384918.346:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11553 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 223.762625][ T30] audit: type=1326 audit(1748384918.346:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11553 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 223.801401][ T30] audit: type=1326 audit(1748384918.346:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11553 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 223.825975][ T30] audit: type=1326 audit(1748384918.346:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11553 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 223.848618][ T30] audit: type=1326 audit(1748384918.346:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11553 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7ffc0000 [ 224.114804][T11573] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 224.539176][ T1679] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 224.691919][ T1679] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 224.713989][ T1679] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.728025][ T1679] usb 4-1: config 0 descriptor?? [ 224.748962][ T1679] cp210x 4-1:0.0: cp210x converter detected [ 224.973424][ T1679] usb 4-1: cp210x converter now attached to ttyUSB0 [ 225.188572][ T5910] usb 4-1: USB disconnect, device number 21 [ 225.206755][ T5910] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 225.234928][ T5910] cp210x 4-1:0.0: device disconnected [ 225.472554][T11615] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1754'. [ 226.805332][T11665] netlink: 51 bytes leftover after parsing attributes in process `syz.3.1776'. [ 227.359122][ T1679] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 227.511373][ T1679] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 227.547213][ T1679] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 227.577581][ T1679] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 227.592436][ T1679] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 227.605732][ T1679] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 227.621839][ T1679] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.635324][ T1679] usb 4-1: config 0 descriptor?? [ 228.006121][ T30] audit: type=1326 audit(1748384922.766:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11694 comm="syz.4.1792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216898e969 code=0x7fc00000 [ 228.058761][ T1679] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving [ 228.084342][ T1679] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 228.641472][ T30] audit: type=1326 audit(1748384923.406:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11694 comm="syz.4.1792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f216892ab39 code=0x7fc00000 [ 228.884241][ T5893] usb 4-1: USB disconnect, device number 22 [ 230.179291][ T1679] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 230.342283][ T1679] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 230.364692][ T1679] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 230.380233][T11743] 9pnet_fd: Insufficient options for proto=fd [ 230.382021][ T1679] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 230.405908][ T1679] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.421064][ T1679] usb 4-1: Product: syz [ 230.425307][ T1679] usb 4-1: Manufacturer: syz [ 230.449431][ T1679] usb 4-1: SerialNumber: syz [ 230.457239][ T1679] usb 4-1: config 0 descriptor?? [ 230.464491][T11727] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 230.474716][T11727] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 230.701861][T11727] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 230.709522][T11727] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 231.124621][ T1679] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 231.749225][ T1679] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): Error reading MODE_CTRL [ 231.783160][ T1679] usb 4-1: USB disconnect, device number 23 [ 232.038332][T11777] syzkaller1: entered promiscuous mode [ 232.044432][T11777] syzkaller1: entered allmulticast mode [ 232.248128][T11782] netlink: 'syz.4.1829': attribute type 1 has an invalid length. [ 232.407842][T11788] vxcan1: tx drop: invalid da for name 0x0000000000000001 [ 232.476213][T11791] input: syz0 as /devices/virtual/input/input24 [ 232.522728][T11792] ipvlan2: entered promiscuous mode [ 232.538920][T11792] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 233.180123][ T5893] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 233.352482][ T5893] usb 4-1: Using ep0 maxpacket: 16 [ 233.399366][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 233.420362][ T5893] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 233.439316][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.462275][ T5893] usb 4-1: config 0 descriptor?? [ 233.526072][T11837] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1854'. [ 233.627511][T11841] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 233.880935][ T5893] hid-multitouch 0003:1FD2:6007.0012: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0 [ 234.098526][ T5910] usb 4-1: USB disconnect, device number 24 [ 234.134300][T11853] Invalid ELF header magic: != ELF [ 234.141888][T11853] Invalid ELF header magic: != ELF [ 235.212200][T11898] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1879'. [ 235.221479][T11898] netlink: 'syz.3.1879': attribute type 1 has an invalid length. [ 236.446288][T11946] loop3: detected capacity change from 0 to 1 [ 236.462597][T11946] Dev loop3: unable to read RDB block 1 [ 236.477980][T11946] loop3: unable to read partition table [ 236.526874][T11946] loop3: partition table beyond EOD, truncated [ 236.539102][T11946] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 237.010203][T11972] 9pnet: p9_errstr2errno: server reported unknown error HID v0.00 Device [syz1] on syz0 [ 263.164042][ T1211] usb 2-1: config 0 descriptor?? [ 263.618519][ T1211] HID 045e:07da: Invalid code 65791 type 1 [ 263.664195][ T1211] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0014/input/input26 [ 263.733959][ T1211] microsoft 0003:045E:07DA.0014: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 263.815912][ T1211] usb 2-1: USB disconnect, device number 21 [ 263.862629][T12751] netlink: 'syz.4.2250': attribute type 1 has an invalid length. [ 263.878225][T12751] netlink: 16150 bytes leftover after parsing attributes in process `syz.4.2250'. [ 263.887820][T12753] ================================================================== [ 263.895942][T12753] BUG: KASAN: use-after-free in __crypto_shash_import+0x26a/0x2a0 [ 263.904307][T12753] Write of size 1 at addr ffff88817aade347 by task syz.3.2251/12753 [ 263.912382][T12753] [ 263.914740][T12753] CPU: 1 UID: 0 PID: 12753 Comm: syz.3.2251 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 263.914771][T12753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.914787][T12753] Call Trace: [ 263.914795][T12753] [ 263.914803][T12753] dump_stack_lvl+0x189/0x250 [ 263.914833][T12753] ? __virt_addr_valid+0x1c8/0x5c0 [ 263.914860][T12753] ? rcu_is_watching+0x15/0xb0 [ 263.914881][T12753] ? __kasan_check_byte+0x12/0x40 [ 263.914907][T12753] ? __pfx_dump_stack_lvl+0x10/0x10 [ 263.914930][T12753] ? rcu_is_watching+0x15/0xb0 [ 263.914951][T12753] ? lock_release+0x4b/0x3e0 [ 263.914972][T12753] ? __virt_addr_valid+0x1c8/0x5c0 [ 263.914997][T12753] ? __virt_addr_valid+0x4a5/0x5c0 [ 263.915023][T12753] print_report+0xd2/0x2b0 [ 263.915043][T12753] ? __crypto_shash_import+0x26a/0x2a0 [ 263.915059][T12753] kasan_report+0x118/0x150 [ 263.915082][T12753] ? __local_bh_enable_ip+0x12d/0x1c0 [ 263.915106][T12753] ? __crypto_shash_import+0x26a/0x2a0 [ 263.915126][T12753] __crypto_shash_import+0x26a/0x2a0 [ 263.915145][T12753] crypto_shash_import+0x84/0x230 [ 263.915164][T12753] hash_accept+0x1fb/0x280 [ 263.915188][T12753] do_accept+0x48c/0x680 [ 263.915210][T12753] ? __pfx_do_accept+0x10/0x10 [ 263.915238][T12753] __sys_accept4+0x11c/0x1c0 [ 263.915258][T12753] ? __pfx___sys_accept4+0x10/0x10 [ 263.915277][T12753] ? rcu_is_watching+0x15/0xb0 [ 263.915302][T12753] __x64_sys_accept4+0x9a/0xb0 [ 263.915322][T12753] do_syscall_64+0xfa/0x3b0 [ 263.915342][T12753] ? lockdep_hardirqs_on+0x9c/0x150 [ 263.915362][T12753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.915378][T12753] ? clear_bhb_loop+0x60/0xb0 [ 263.915398][T12753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.915415][T12753] RIP: 0033:0x7f121ab8e969 [ 263.915431][T12753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.915448][T12753] RSP: 002b:00007f121b98d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 263.915467][T12753] RAX: ffffffffffffffda RBX: 00007f121adb5fa0 RCX: 00007f121ab8e969 [ 263.915481][T12753] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004 [ 263.915492][T12753] RBP: 00007f121ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 263.915503][T12753] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000 [ 263.915514][T12753] R13: 0000000000000000 R14: 00007f121adb5fa0 R15: 00007ffd9a0a2008 [ 263.915535][T12753] [ 263.915541][T12753] [ 264.159489][T12753] The buggy address belongs to the physical page: [ 264.165912][T12753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17aade [ 264.174788][T12753] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff) [ 264.182008][T12753] raw: 057ff00000000000 ffffea0005eab788 ffffea0005eab788 0000000000000000 [ 264.190605][T12753] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 264.199196][T12753] page dumped because: kasan: bad access detected [ 264.205642][T12753] page_owner info is not present (never set?) [ 264.211719][T12753] [ 264.214043][T12753] Memory state around the buggy address: [ 264.219685][T12753] ffff88817aade200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 264.227750][T12753] ffff88817aade280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 264.235823][T12753] >ffff88817aade300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 264.243900][T12753] ^ [ 264.250062][T12753] ffff88817aade380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 264.258135][T12753] ffff88817aade400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 264.266202][T12753] ================================================================== [ 264.309177][T12753] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 264.316451][T12753] CPU: 0 UID: 0 PID: 12753 Comm: syz.3.2251 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 264.328175][T12753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 264.338238][T12753] Call Trace: [ 264.341535][T12753] [ 264.344512][T12753] dump_stack_lvl+0x99/0x250 [ 264.349151][T12753] ? __asan_memcpy+0x40/0x70 [ 264.353770][T12753] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.359001][T12753] ? __pfx__printk+0x10/0x10 [ 264.363620][T12753] panic+0x2db/0x790 [ 264.367558][T12753] ? __pfx_panic+0x10/0x10 [ 264.372016][T12753] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 264.377931][T12753] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 264.384283][T12753] ? print_memory_metadata+0x314/0x400 [ 264.389767][T12753] ? __crypto_shash_import+0x26a/0x2a0 [ 264.395235][T12753] check_panic_on_warn+0x89/0xb0 [ 264.400198][T12753] ? __crypto_shash_import+0x26a/0x2a0 [ 264.405671][T12753] end_report+0x78/0x160 [ 264.409939][T12753] kasan_report+0x129/0x150 [ 264.414458][T12753] ? __local_bh_enable_ip+0x12d/0x1c0 [ 264.419871][T12753] ? __crypto_shash_import+0x26a/0x2a0 [ 264.425343][T12753] __crypto_shash_import+0x26a/0x2a0 [ 264.430656][T12753] crypto_shash_import+0x84/0x230 [ 264.435703][T12753] hash_accept+0x1fb/0x280 [ 264.440144][T12753] do_accept+0x48c/0x680 [ 264.444412][T12753] ? __pfx_do_accept+0x10/0x10 [ 264.449206][T12753] __sys_accept4+0x11c/0x1c0 [ 264.453811][T12753] ? __pfx___sys_accept4+0x10/0x10 [ 264.458931][T12753] ? rcu_is_watching+0x15/0xb0 [ 264.463720][T12753] __x64_sys_accept4+0x9a/0xb0 [ 264.468495][T12753] do_syscall_64+0xfa/0x3b0 [ 264.473008][T12753] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.478238][T12753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.484334][T12753] ? clear_bhb_loop+0x60/0xb0 [ 264.489032][T12753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.494954][T12753] RIP: 0033:0x7f121ab8e969 [ 264.499385][T12753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.519098][T12753] RSP: 002b:00007f121b98d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 264.527535][T12753] RAX: ffffffffffffffda RBX: 00007f121adb5fa0 RCX: 00007f121ab8e969 [ 264.535516][T12753] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004 [ 264.543504][T12753] RBP: 00007f121ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 264.551484][T12753] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000 [ 264.559460][T12753] R13: 0000000000000000 R14: 00007f121adb5fa0 R15: 00007ffd9a0a2008 [ 264.567460][T12753] [ 264.570745][T12753] Kernel Offset: disabled [ 264.575080][T12753] Rebooting in 86400 seconds..