last executing test programs: 2m3.963183147s ago: executing program 3 (id=25768): unshare(0x2c020400) r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x0, 0x0, 0x19f}, &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x10, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0\x00', 0x44, 0x842, 0x23456}) io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0) 2m3.713762609s ago: executing program 3 (id=25771): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d096471908"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGDEVINFO(r1, 0x801c4803, &(0x7f0000000100)=""/172) 2m1.822864813s ago: executing program 3 (id=25793): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000840)={0x44, &(0x7f00000005c0)={0x20, 0x10, 0x4, "7c103142"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000340)={0x34, &(0x7f0000000140)={0x0, 0x13, 0x4, "ad389f72"}, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x20, 0x1, 0x1, 0xa6}, 0x0}) 1m59.343534092s ago: executing program 3 (id=25819): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0) 1m58.409802553s ago: executing program 3 (id=25833): syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0xbea, &(0x7f00000007c0)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x83c0550b, 0x0) 1m57.730706409s ago: executing program 3 (id=25841): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x1e, 0x5, 0x1}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009d02"]) 1m57.268311698s ago: executing program 32 (id=25841): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x1e, 0x5, 0x1}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009d02"]) 5.322439407s ago: executing program 2 (id=27082): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r0) close(r0) faccessat2(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x200) 5.110439163s ago: executing program 2 (id=27086): r0 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x6, 0x13580, 0x0, 0x130}, &(0x7f0000000140), &(0x7f0000000000)) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x0, 0x3, 0x7, 0x0, 0x0) 5.101973546s ago: executing program 0 (id=27087): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) 4.869238144s ago: executing program 0 (id=27090): symlink(&(0x7f0000001780)='./file0\x00', &(0x7f00000017c0)='./file0\x00') r0 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x114df, 0x0, 0x1, 0x89}, &(0x7f00000003c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780}) io_uring_enter(r0, 0x3516, 0xaddf, 0x2, 0x0, 0x1517f) 4.655184787s ago: executing program 2 (id=27093): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xbd, 0x16, 0xf, 0x40, 0x8086, 0x110, 0xbfad, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x12, 0x24}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x44, &(0x7f00000005c0)={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.579481058s ago: executing program 5 (id=27094): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000940)={{0x0, 0x2000, 0x0, 0xffff}, 'syz0\x00'}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x12) ioctl$UI_DEV_CREATE(r0, 0x5501) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x12, 0x4, 0x1}, 0x18) 4.560576534s ago: executing program 4 (id=27095): mkdir(&(0x7f00000022c0)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x24000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/../file0\x00', 0x101) 4.350627237s ago: executing program 4 (id=27096): syz_usb_connect(0x0, 0x0, 0x0, 0x0) syz_usb_connect$cdc_ncm(0x3, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x25, &(0x7f00000006c0)=@string={0x25, 0x3, "959eb153cb62b3fd309b09731d20bad2e8d9ac34a7d7ba23b96280e066f14b1b7cd10d"}}]}) r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0x0, 0xfffffaef, 0x0, 0x0, 0x0, "1eebb05412e0acba6e32e41a75222702bd994e"}) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000380)='\n', 0x160a}], 0x1) 4.230270891s ago: executing program 0 (id=27097): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x3d18, 0x4) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000000)=0x800, 0x4) recvmmsg(r0, &(0x7f0000005f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 4.212675492s ago: executing program 5 (id=27098): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb5, 0x40, 0x33, 0x40, 0x1a86, 0x7522, 0x3536, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe4, 0xd6, 0x24}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000340)={0x0, 0xf, 0x2, "3ad5"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 4.037516404s ago: executing program 1 (id=27099): r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) fcntl$setlease(r0, 0x400, 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x3e) close_range(r0, 0xffffffffffffffff, 0x0) 3.726334902s ago: executing program 1 (id=27100): mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r0, 0x11, 0xa, 0x0, &(0x7f0000000200)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3) 3.712531787s ago: executing program 1 (id=27101): ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) geteuid() r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000027c00000400fc80a72601801e13d0801512"], 0x26c0}}, 0x4010) 3.529381256s ago: executing program 1 (id=27102): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, 0x1c) r1 = socket$inet6(0xa, 0x80002, 0x0) bind$inet6(r1, &(0x7f00000003c0)={0xa, 0x4e20, 0x7, @ipv4={'\x00', '\xff\xff', @remote}, 0x80ad}, 0x1c) 3.394255832s ago: executing program 4 (id=27103): ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405668, &(0x7f0000000000)={0x2, 0x1, 0x1, "4a37f6c000190000000000000020000000000000000000000100", 0x31435641}) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x54) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x10, &(0x7f0000000280)={r2, 0x8}, 0x8) 3.393903992s ago: executing program 1 (id=27104): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000001f) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0x8000003d) close_range(r0, r1, 0x0) 3.326879073s ago: executing program 4 (id=27105): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x0, 0x2}) madvise(&(0x7f0000706000/0x4000)=nil, 0x4000, 0x4) 3.31791023s ago: executing program 1 (id=27106): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f00000000c0)={0x2, 0x200, 0xd}) 3.1982149s ago: executing program 0 (id=27107): socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="05030200000000001c0012800b0001006d616373656300000c000280050003000f00000008000500", @ANYRES32=r0], 0x44}}, 0x8000) sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0) 3.183000738s ago: executing program 0 (id=27108): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x18b801, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="1201000000000020ac050f0222000182830109022400010100000009040000020301020009210005000122000009058103", @ANYRESHEX], 0x0) syz_open_dev$evdev(&(0x7f0000000380), 0x4, 0x181800) syz_usb_disconnect(r1) close_range(r0, 0xffffffffffffffff, 0x0) 2.982109687s ago: executing program 2 (id=27109): r0 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x80015b12, 0x0) 2.370263706s ago: executing program 4 (id=27110): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000004c0)={{0x12, 0x1, 0x141, 0x30, 0xf5, 0x69, 0x20, 0x5ac, 0x219, 0xf072, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x55, 0x7, 0x1, 0x3, 0x49, 0x2, 0x0, [], [{{0x9, 0x5, 0x82, 0x3, 0x400, 0x0, 0x33, 0x81}}]}}]}}]}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="6c000000020601010000000140000000010000000c000780"], 0x6c}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000540)={0x0, 0x8c7c8f6744f0b74e, 0x8, "d4a911bb11e39d2e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000080)=ANY=[]) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 2.011609149s ago: executing program 5 (id=27111): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x1, 0x0, 0xd66, 0xf5ffffff}, 0x0) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.867034326s ago: executing program 5 (id=27112): getdents(0xffffffffffffffff, 0x0, 0x0) r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) read(r0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$uac1(0x0, 0x94, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902820003010000000904000000010100000a24010000000201020c24020000000000000000000904010000010200000904010101010200000724010000000009050109000000000007250101000000090402000001020000090402010101ff0f0009240202000000000007240100000110090582"], 0x0) 1.042418612s ago: executing program 2 (id=27113): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0) accept4(r1, 0x0, 0x0, 0x0) 821.8661ms ago: executing program 2 (id=27114): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000140)={r2, 0x0, 0x8, 0xaf0a, 0xe, 0x3c50, 0x0, 0xfffffffc, {0x0, @in={{0x2, 0x4e20, @remote}}, 0x2, 0xffffff2d, 0x3, 0x38de, 0x7}}, &(0x7f0000000200)=0xb0) 480.399607ms ago: executing program 4 (id=27115): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000001400)={'filter\x00', 0x4}, 0x64) 479.57644ms ago: executing program 5 (id=27125): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/zoneinfo\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000000)={0x1e00, 0x0, 0xffffffff, 0x0, 0x10, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"}) 2.153151ms ago: executing program 0 (id=27116): bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0900000007000000000001"], 0x50) r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01) r1 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x800) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 0s ago: executing program 5 (id=27127): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x10000) ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, "0400"}) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000000)) kernel console output (not intermixed with test programs): /syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1605.231366][T27750] input: syz1 as /devices/virtual/input/input196 [ 1605.271527][ T30] audit: type=1326 audit(1746311980.563:6095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27738 comm="syz.2.25176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1605.381513][ T30] audit: type=1326 audit(1746311980.563:6096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27738 comm="syz.2.25176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1605.463953][ T30] audit: type=1326 audit(1746311980.563:6097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27738 comm="syz.2.25176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=42 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1605.539555][ T30] audit: type=1326 audit(1746311980.563:6098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27738 comm="syz.2.25176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1605.654050][T27758] netlink: 28 bytes leftover after parsing attributes in process `syz.2.25184'. [ 1605.700838][T27758] netlink: 'syz.2.25184': attribute type 7 has an invalid length. [ 1605.713782][T27758] netlink: 'syz.2.25184': attribute type 8 has an invalid length. [ 1605.743062][T27758] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25184'. [ 1606.996891][T18789] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 1607.166428][T18789] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1607.198316][T18789] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1607.227241][T18789] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1607.237339][T18789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1607.245384][T18789] usb 3-1: SerialNumber: syz [ 1607.481372][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.495211][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.500840][T18789] usb 3-1: 0:2 : does not exist [ 1607.509533][T27784] netlink: 'syz.0.25197': attribute type 12 has an invalid length. [ 1607.543450][T18789] usb 3-1: unit 55 not found! [ 1607.618215][T18789] usb 3-1: USB disconnect, device number 58 [ 1607.726847][T12424] udevd[12424]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1608.698346][T27807] syzkaller1: entered promiscuous mode [ 1608.715190][T27807] syzkaller1: entered allmulticast mode [ 1609.444993][T27822] vivid-000: disconnect [ 1609.464574][T27822] vivid-000: reconnect [ 1609.775582][ C0] hrtimer: interrupt took 82741 ns [ 1610.297230][T27842] syzkaller1: entered promiscuous mode [ 1610.302797][T27842] syzkaller1: entered allmulticast mode [ 1610.814242][T27854] netlink: 80 bytes leftover after parsing attributes in process `syz.0.25225'. [ 1611.119043][T27859] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 1611.411785][T27865] loop6: detected capacity change from 0 to 63 [ 1611.762431][T27875] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1612.327342][T27893] netlink: 4 bytes leftover after parsing attributes in process `syz.4.25243'. [ 1612.557260][T27898] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25245'. [ 1612.751011][T27900] netlink: 4 bytes leftover after parsing attributes in process `syz.4.25246'. [ 1612.781862][T27900] netlink: 190 bytes leftover after parsing attributes in process `syz.4.25246'. [ 1612.923273][T27907] netlink: 28 bytes leftover after parsing attributes in process `syz.3.25249'. [ 1612.951865][T27907] netlink: 'syz.3.25249': attribute type 7 has an invalid length. [ 1613.010968][T27907] netlink: 'syz.3.25249': attribute type 8 has an invalid length. [ 1613.082596][T27907] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25249'. [ 1613.872261][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 1613.872280][ T30] audit: type=1326 audit(1746311989.553:6103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27937 comm="syz.0.25264" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1613.944520][ T30] audit: type=1326 audit(1746311989.553:6104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27937 comm="syz.0.25264" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1613.975015][ T30] audit: type=1326 audit(1746311989.583:6105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27937 comm="syz.0.25264" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1614.023534][ T30] audit: type=1326 audit(1746311989.583:6106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27937 comm="syz.0.25264" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1614.080717][ T30] audit: type=1326 audit(1746311989.583:6107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27937 comm="syz.0.25264" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1614.141954][ T30] audit: type=1326 audit(1746311989.593:6108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27937 comm="syz.0.25264" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1614.215702][ T30] audit: type=1326 audit(1746311989.623:6109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27937 comm="syz.0.25264" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1614.277982][ T30] audit: type=1326 audit(1746311989.623:6110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27937 comm="syz.0.25264" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1614.345779][ T30] audit: type=1326 audit(1746311989.653:6111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27937 comm="syz.0.25264" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1614.397620][ T30] audit: type=1326 audit(1746311989.653:6112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27937 comm="syz.0.25264" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1614.458943][T27954] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25270'. [ 1614.510493][T27954] netlink: 12 bytes leftover after parsing attributes in process `syz.2.25270'. [ 1615.040828][T27976] Context (ID=0x1) not attached to queue pair (handle=0x500:0x2) [ 1615.485944][T27998] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1615.655805][ T24] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 1615.825827][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 1615.843478][ T24] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1615.874758][ T24] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1615.895012][ T24] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1615.922679][ T24] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1615.946148][ T24] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1615.961378][ T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1615.977775][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1616.225741][ T1206] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 1616.262055][ T24] usb 4-1: usb_control_msg returned -32 [ 1616.275842][ T24] usbtmc 4-1:16.0: can't read capabilities [ 1616.389177][ T1206] usb 3-1: Using ep0 maxpacket: 8 [ 1616.407234][ T1206] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 1616.428591][ T1206] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 1616.455797][ T1206] usb 3-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3 [ 1616.464832][ T1206] usb 3-1: Product: syz [ 1616.474328][ T1206] usb 3-1: Manufacturer: syz [ 1616.484530][ T1206] usb 3-1: SerialNumber: syz [ 1616.502979][ T1206] usb 3-1: config 0 descriptor?? [ 1616.520332][ T1206] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 1617.336763][ T1206] gspca_zc3xx: reg_w_i err -71 [ 1617.928036][ T1206] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 1617.934622][ T1206] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 1617.948966][ T1206] usb 3-1: USB disconnect, device number 59 [ 1618.426570][ T1206] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 1618.439352][T13228] usb 4-1: USB disconnect, device number 70 [ 1618.595854][ T1206] usb 3-1: Using ep0 maxpacket: 32 [ 1618.613057][ T1206] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1618.633372][ T1206] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1618.644033][ T1206] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1618.656273][ T1206] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1618.684574][ T1206] usb 3-1: config 0 descriptor?? [ 1618.714627][T28071] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25322'. [ 1618.724493][T28071] netlink: 32 bytes leftover after parsing attributes in process `syz.1.25322'. [ 1618.742063][T28071] gtp1: entered promiscuous mode [ 1618.747396][T28071] gtp1: entered allmulticast mode [ 1619.139204][ T1206] savu 0003:1E7D:2D5A.010B: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 1619.185815][T13228] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 1619.346587][T13228] usb 5-1: Using ep0 maxpacket: 8 [ 1619.356586][T13228] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 1619.364882][T13228] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1619.385644][ T24] usb 3-1: USB disconnect, device number 60 [ 1619.402278][T13228] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1619.416650][T13228] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1619.427887][T13228] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1619.444110][T13228] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1619.454167][T13228] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1619.690612][T13228] usb 5-1: usb_control_msg returned -32 [ 1619.699450][T13228] usbtmc 5-1:16.0: can't read capabilities [ 1620.772695][T28121] input: syz1 as /devices/virtual/input/input197 [ 1621.664800][T28147] loop2: detected capacity change from 0 to 7 [ 1621.689351][T12424] Dev loop2: unable to read RDB block 7 [ 1621.699570][T12424] loop2: unable to read partition table [ 1621.724185][T12424] loop2: partition table beyond EOD, truncated [ 1621.752065][T28147] Dev loop2: unable to read RDB block 7 [ 1621.776060][T28147] loop2: unable to read partition table [ 1621.789952][T28147] loop2: partition table beyond EOD, truncated [ 1621.802405][T28147] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1621.983520][T13228] usb 5-1: USB disconnect, device number 77 [ 1623.378524][T28188] ipvlan2: entered promiscuous mode [ 1623.416739][T28188] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 1623.440605][T28188] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1623.978543][T28207] syzkaller1: entered promiscuous mode [ 1623.984244][T28207] syzkaller1: entered allmulticast mode [ 1624.057347][T28209] syzkaller1: entered promiscuous mode [ 1624.062888][T28209] syzkaller1: entered allmulticast mode [ 1624.185659][ T24] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 1624.257183][ T30] kauditd_printk_skb: 89 callbacks suppressed [ 1624.257202][ T30] audit: type=1326 audit(1746311999.943:6202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28214 comm="syz.4.25383" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1624.291502][ T30] audit: type=1326 audit(1746311999.943:6203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28214 comm="syz.4.25383" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1624.387663][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1624.418746][ T30] audit: type=1326 audit(1746311999.973:6204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28214 comm="syz.4.25383" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1624.428903][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1624.530171][ T30] audit: type=1326 audit(1746311999.973:6205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28214 comm="syz.4.25383" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1624.547180][ T24] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1624.575868][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1624.586492][ T24] usb 3-1: SerialNumber: syz [ 1624.716614][ T30] audit: type=1326 audit(1746311999.973:6206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28214 comm="syz.4.25383" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1624.739448][ T30] audit: type=1326 audit(1746312000.003:6207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28214 comm="syz.4.25383" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1624.761637][ C1] vkms_vblank_simulate: vblank timer overrun [ 1624.801772][ T30] audit: type=1326 audit(1746312000.003:6208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28214 comm="syz.4.25383" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000 [ 1624.856551][ T24] usb 3-1: 0:2 : does not exist [ 1624.887651][ T30] audit: type=1326 audit(1746312000.003:6209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28214 comm="syz.4.25383" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000 [ 1624.909955][ C1] vkms_vblank_simulate: vblank timer overrun [ 1624.929689][ T24] usb 3-1: USB disconnect, device number 61 [ 1624.978958][T12424] udevd[12424]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1625.006533][ T30] audit: type=1326 audit(1746312000.003:6210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28214 comm="syz.4.25383" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000 [ 1625.106483][ T30] audit: type=1326 audit(1746312000.003:6211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28214 comm="syz.4.25383" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000 [ 1626.747549][T28268] input: syz0 as /devices/virtual/input/input198 [ 1627.255190][T28281] netlink: 8 bytes leftover after parsing attributes in process `syz.4.25408'. [ 1628.333619][T28311] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25421'. [ 1628.357267][T28311] netlink: 104 bytes leftover after parsing attributes in process `syz.3.25421'. [ 1628.385190][T28311] netlink: 104 bytes leftover after parsing attributes in process `syz.3.25421'. [ 1628.498379][ T1327] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1628.639300][ T1327] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1628.930153][ T1327] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1629.479544][T18789] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1629.591447][T12829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1629.602783][T12829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1629.612573][T12829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1629.621583][T12829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1629.636319][T12829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1629.675822][T18789] usb 5-1: Using ep0 maxpacket: 32 [ 1629.713178][T18789] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 1629.784698][T18789] usb 5-1: config 0 has no interface number 0 [ 1629.824623][T18789] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1629.885694][T18789] usb 5-1: config 0 interface 85 has no altsetting 0 [ 1629.916847][T18789] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1629.948861][ T1327] batadv1: left promiscuous mode [ 1629.954029][ T1327] bridge0: port 1(batadv1) entered disabled state [ 1629.970992][T18789] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1629.993816][T18789] usb 5-1: Product: syz [ 1630.020595][T18789] usb 5-1: Manufacturer: syz [ 1630.037346][T18789] usb 5-1: SerialNumber: syz [ 1630.059800][T18789] usb 5-1: config 0 descriptor?? [ 1630.093506][ T1327] tipc: Resetting bearer [ 1630.692661][T18789] appletouch 5-1:0.85: Geyser mode initialized. [ 1630.692959][ T1327] tipc: Disabling bearer [ 1630.724246][T18789] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input199 [ 1630.998725][T18789] usb 5-1: USB disconnect, device number 78 [ 1631.076261][T18789] appletouch 5-1:0.85: input: appletouch disconnected [ 1631.715438][ T1327] team0: Port device bridge6 removed [ 1631.721773][T23562] Bluetooth: hci0: command tx timeout [ 1631.783770][ T1327] bond1 (unregistering): Released all slaves [ 1631.836094][ T1327] bond0 (unregistering): left allmulticast mode [ 1631.845050][ T1327] bond5 (unregistering): left allmulticast mode [ 1631.856049][ T1327] bond0 (unregistering): left promiscuous mode [ 1631.862455][ T1327] bond5 (unregistering): left promiscuous mode [ 1631.933778][ T1327] bond0 (unregistering): (slave bond5): Releasing backup interface [ 1631.984038][ T1327] bond0 (unregistering): Released all slaves [ 1632.339224][T28395] netlink: 12 bytes leftover after parsing attributes in process `syz.4.25450'. [ 1632.361507][ T1327] bond2 (unregistering): Released all slaves [ 1632.632588][ T1327] bond3 (unregistering): Released all slaves [ 1632.648437][ T1327] bond4 (unregistering): Released all slaves [ 1632.849659][ T1327] bond5 (unregistering): Released all slaves [ 1633.111889][ T1327] : left promiscuous mode [ 1633.132314][T28400] netlink: 'syz.2.25453': attribute type 11 has an invalid length. [ 1633.256788][ T1327] tipc: Disabling bearer [ 1633.334055][ T1327] tipc: Left network mode [ 1633.392987][ T1327] IPVS: stopping backup sync thread 11215 ... [ 1633.802075][T23562] Bluetooth: hci0: command tx timeout [ 1634.197663][T28341] chnl_net:caif_netlink_parms(): no params data found [ 1634.207239][ T30] kauditd_printk_skb: 216 callbacks suppressed [ 1634.207259][ T30] audit: type=1326 audit(1746312009.893:6428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28445 comm="syz.0.25468" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x0 [ 1634.796734][ T24] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 1634.884155][T28341] bridge0: port 1(bridge_slave_0) entered blocking state [ 1634.903903][T28341] bridge0: port 1(bridge_slave_0) entered disabled state [ 1634.944845][T28341] bridge_slave_0: entered allmulticast mode [ 1634.960800][T28341] bridge_slave_0: entered promiscuous mode [ 1634.975848][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 1634.989385][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1635.012178][T28341] bridge0: port 2(bridge_slave_1) entered blocking state [ 1635.025034][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1635.054898][T28341] bridge0: port 2(bridge_slave_1) entered disabled state [ 1635.062614][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1635.062646][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1635.074087][ T24] usb 4-1: config 0 descriptor?? [ 1635.084840][T28341] bridge_slave_1: entered allmulticast mode [ 1635.096236][T28341] bridge_slave_1: entered promiscuous mode [ 1635.163650][ T24] hub 4-1:0.0: USB hub found [ 1635.353133][ T24] hub 4-1:0.0: 1 port detected [ 1635.426567][ T1327] batadv0: left promiscuous mode [ 1635.509716][ T1327] veth1_to_batadv: left promiscuous mode [ 1635.515620][ T1327] veth1_vlan: left promiscuous mode [ 1635.773441][ T24] usb 4-1: USB disconnect, device number 71 [ 1635.876733][T23562] Bluetooth: hci0: command tx timeout [ 1637.491610][T28341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1637.549427][T28341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1637.812870][T28341] team0: Port device team_slave_0 added [ 1637.916641][T28341] team0: Port device team_slave_1 added [ 1637.965460][T23562] Bluetooth: hci0: command tx timeout [ 1638.181129][T28341] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1638.210174][T28341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1638.274703][T28341] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1638.328567][T28341] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1638.341426][T28341] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1638.408843][T28341] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1638.523417][ T1327] IPVS: stop unused estimator thread 0... [ 1638.802495][T28341] hsr_slave_0: entered promiscuous mode [ 1638.836568][T28341] hsr_slave_1: entered promiscuous mode [ 1638.843011][T28341] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1638.906793][T28341] Cannot create hsr debugfs directory [ 1641.828050][T28341] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1641.874820][T28341] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1641.928183][T28341] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1642.015718][T28341] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1642.044774][T28582] loop2: detected capacity change from 0 to 7 [ 1642.105827][T28582] Dev loop2: unable to read RDB block 7 [ 1642.111488][T28582] loop2: AHDI p2 p3 [ 1642.115454][T28582] loop2: partition table partially beyond EOD, truncated [ 1642.204162][T28582] loop2: p3 start 335544320 is beyond EOD, truncated [ 1642.384724][T28341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1642.463359][T28341] 8021q: adding VLAN 0 to HW filter on device team0 [ 1642.572204][ T3528] bridge0: port 1(bridge_slave_0) entered blocking state [ 1642.579458][ T3528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1642.621598][ T3528] bridge0: port 2(bridge_slave_1) entered blocking state [ 1642.628965][ T3528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1642.970830][T28341] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1643.328557][T28341] veth0_vlan: entered promiscuous mode [ 1643.355432][T28341] veth1_vlan: entered promiscuous mode [ 1643.465300][T28341] veth0_macvtap: entered promiscuous mode [ 1643.510595][T28341] veth1_macvtap: entered promiscuous mode [ 1643.549200][T28341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1643.588242][T28341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1643.631273][T28341] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1643.685456][T28341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1643.735319][T28341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1643.767321][T28341] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1643.814381][T28341] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1643.851299][T28341] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1643.861946][T28341] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1643.894631][T28341] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1643.924086][T28620] syzkaller1: entered promiscuous mode [ 1643.946742][T28620] syzkaller1: entered allmulticast mode [ 1644.106280][T18789] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 1644.269782][T18789] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1644.302272][T18789] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1644.340093][T18789] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1644.356743][T18789] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1644.369130][T28341] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 1644.385455][T18789] usb 4-1: Product: syz [ 1644.395679][T18789] usb 4-1: Manufacturer: syz [ 1644.400360][T18789] usb 4-1: SerialNumber: syz [ 1644.417324][T28341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1644.437963][T18789] usb 4-1: config 0 descriptor?? [ 1644.472138][ T1327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1644.485285][T18789] usb 4-1: selecting invalid altsetting 0 [ 1644.532133][ T1327] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1644.739861][T18789] usb 4-1: USB disconnect, device number 72 [ 1644.870002][T20889] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1644.936098][T20889] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1646.616735][T28639] usb 5-1: new full-speed USB device number 79 using dummy_hcd [ 1646.792666][T28639] usb 5-1: config 0 has an invalid interface number: 41 but max is 0 [ 1646.817187][T28639] usb 5-1: config 0 has no interface number 0 [ 1646.833995][T28639] usb 5-1: config 0 interface 41 has no altsetting 0 [ 1646.854543][T28639] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1646.874184][T28639] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1646.892696][T28639] usb 5-1: Product: syz [ 1646.908802][T28639] usb 5-1: Manufacturer: syz [ 1646.925973][T28639] usb 5-1: SerialNumber: syz [ 1646.955584][T28639] usb 5-1: config 0 descriptor?? [ 1647.991474][T28639] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71 [ 1648.024175][T28639] usb 5-1: USB disconnect, device number 79 [ 1649.045668][T18789] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 1649.255825][T18789] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1649.286526][T18789] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1649.331779][T18789] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1649.351525][T18789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1649.388982][T18789] usb 3-1: SerialNumber: syz [ 1649.425869][T28780] syzkaller1: entered promiscuous mode [ 1649.431783][T28780] syzkaller1: entered allmulticast mode [ 1649.652052][T18789] usb 3-1: 0:2 : does not exist [ 1649.727593][T18789] usb 3-1: USB disconnect, device number 62 [ 1650.002786][T12424] udevd[12424]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1650.181566][T28793] kvm: user requested TSC rate below hardware speed [ 1652.026689][ T5823] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 1652.221673][ T5823] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1652.245591][ T5823] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1652.317149][ T5823] usb 5-1: config 0 descriptor?? [ 1652.355509][ T5823] cp210x 5-1:0.0: cp210x converter detected [ 1652.601469][ T30] audit: type=1326 audit(1746312028.273:6429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28867 comm="syz.0.25579" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1652.705997][ T30] audit: type=1326 audit(1746312028.273:6430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28867 comm="syz.0.25579" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1652.766027][ T5823] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1652.790292][ T30] audit: type=1326 audit(1746312028.273:6431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28867 comm="syz.0.25579" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1652.878065][ T30] audit: type=1326 audit(1746312028.273:6432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28867 comm="syz.0.25579" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1653.008275][ T30] audit: type=1326 audit(1746312028.273:6433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28867 comm="syz.0.25579" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1653.037049][ T5823] usb 5-1: cp210x converter now attached to ttyUSB0 [ 1653.089668][ T30] audit: type=1326 audit(1746312028.283:6434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28867 comm="syz.0.25579" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1653.234931][ T30] audit: type=1326 audit(1746312028.283:6435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28867 comm="syz.0.25579" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf707e558 code=0x7ffc0000 [ 1653.250676][ T5823] usb 5-1: USB disconnect, device number 80 [ 1653.311558][ T5823] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1653.393967][ T30] audit: type=1326 audit(1746312028.283:6436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28867 comm="syz.0.25579" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1653.417917][ T5823] cp210x 5-1:0.0: device disconnected [ 1653.493444][ T30] audit: type=1326 audit(1746312028.283:6437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28867 comm="syz.0.25579" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x7ffc0000 [ 1653.558707][ T30] audit: type=1326 audit(1746312028.283:6438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28867 comm="syz.0.25579" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf707e558 code=0x7ffc0000 [ 1654.065782][ T5823] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 1654.228524][ T5823] usb 3-1: Using ep0 maxpacket: 32 [ 1654.241172][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1654.277157][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1654.310705][ T5823] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1654.339109][ T5823] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1654.367397][ T5823] usb 3-1: config 0 descriptor?? [ 1654.963010][ T5823] savu 0003:1E7D:2D5A.010C: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 1655.180895][ T5823] usb 3-1: USB disconnect, device number 63 [ 1655.424139][T28926] input: syz1 as /devices/virtual/input/input200 [ 1655.675072][T28934] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 1655.694504][T28934] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 1656.870581][T28971] netlink: 'syz.3.25623': attribute type 10 has an invalid length. [ 1656.909868][T28971] syz_tun: entered promiscuous mode [ 1657.009681][T28976] batadv_slave_0: entered promiscuous mode [ 1657.042593][T28974] batadv_slave_0: left promiscuous mode [ 1657.086547][T28978] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25626'. [ 1657.127107][T28978] netlink: 104 bytes leftover after parsing attributes in process `syz.2.25626'. [ 1657.150680][T28978] netlink: 104 bytes leftover after parsing attributes in process `syz.2.25626'. [ 1657.900994][T29015] netlink: 16 bytes leftover after parsing attributes in process `syz.0.25640'. [ 1657.916638][T29015] bridge0: port 2(bridge_slave_1) entered disabled state [ 1658.596001][ T24] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 1658.766271][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 1658.779809][ T24] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 1658.801857][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1658.830325][ T24] usb 3-1: Product: syz [ 1658.834563][ T24] usb 3-1: Manufacturer: syz [ 1658.854999][ T24] usb 3-1: SerialNumber: syz [ 1658.868213][ T24] usb 3-1: config 0 descriptor?? [ 1658.890126][ T24] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 1658.937823][ T24] usb 3-1: Detected FT-X [ 1659.062150][T29041] syzkaller1: entered promiscuous mode [ 1659.072075][T29041] syzkaller1: entered allmulticast mode [ 1659.112736][ T24] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1659.550758][ T24] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1659.770004][ T24] usb 3-1: USB disconnect, device number 64 [ 1659.806616][ T24] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1659.845365][ T24] ftdi_sio 3-1:0.0: device disconnected [ 1660.367332][T29065] input: syz1 as /devices/virtual/input/input201 [ 1660.436647][ T24] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 1660.598836][ T24] usb 4-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 1660.625605][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1660.657582][ T24] usb 4-1: config 0 descriptor?? [ 1660.883627][ T24] kaweth 4-1:0.0: Firmware present in device. [ 1660.937830][T29077] netlink: 92 bytes leftover after parsing attributes in process `syz.2.25666'. [ 1661.029288][T29079] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 1661.060271][T29079] netlink: 4 bytes leftover after parsing attributes in process `syz.1.25668'. [ 1661.096752][ T24] kaweth 4-1:0.0: Statistics collection: 0 [ 1661.102662][ T24] kaweth 4-1:0.0: Multicast filter limit: 0 [ 1661.114470][ T24] kaweth 4-1:0.0: MTU: 0 [ 1661.126868][ T24] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00 [ 1661.144497][T29079] net veth1_virt_wifi virt_wifi0 (unregistering): left promiscuous mode [ 1661.468932][T29083] syz.2.25669 (29083): drop_caches: 2 [ 1661.709439][ T24] kaweth 4-1:0.0: Error setting receive filter [ 1661.726347][ T24] kaweth 4-1:0.0: probe with driver kaweth failed with error -5 [ 1661.748626][ T24] usb 4-1: USB disconnect, device number 73 [ 1664.418805][T29184] netlink: 16 bytes leftover after parsing attributes in process `syz.4.25714'. [ 1664.604254][T29180] syz.1.25712 (29180): drop_caches: 2 [ 1664.747164][T13228] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 1664.825401][T29196] netlink: 12 bytes leftover after parsing attributes in process `syz.4.25719'. [ 1664.857712][T29196] vlan3: entered promiscuous mode [ 1664.863940][T29196] hsr0: entered promiscuous mode [ 1664.916212][T13228] usb 4-1: Using ep0 maxpacket: 16 [ 1664.932708][T13228] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 1664.943885][T13228] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1664.954736][T13228] usb 4-1: Product: syz [ 1664.975440][T13228] usb 4-1: Manufacturer: syz [ 1664.996869][T13228] usb 4-1: SerialNumber: syz [ 1665.008782][T13228] usb 4-1: config 0 descriptor?? [ 1665.031351][T13228] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1665.053950][T13228] usb 4-1: Detected FT-X [ 1665.231863][T13228] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1665.400186][ T30] kauditd_printk_skb: 122 callbacks suppressed [ 1665.400205][ T30] audit: type=1326 audit(1746312041.083:6561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29212 comm="syz.0.25726" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x0 [ 1665.665087][T13228] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1665.884707][T13228] usb 4-1: USB disconnect, device number 74 [ 1665.918230][T13228] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1665.937160][T13228] ftdi_sio 4-1:0.0: device disconnected [ 1667.277332][T29272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25753'. [ 1667.290530][T29272] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 1667.303857][T29272] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1668.748890][ T5879] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 1668.920285][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.926934][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1668.936867][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1668.951764][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1668.962630][ T5879] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1668.976676][ T5879] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1668.986161][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1669.007643][ T5879] usb 4-1: config 0 descriptor?? [ 1669.198808][T29338] tun0: tun_chr_ioctl cmd 1074025675 [ 1669.204259][T29338] tun0: persist enabled [ 1669.210013][T29338] tun0: tun_chr_ioctl cmd 1074025675 [ 1669.215479][T29338] tun0: persist disabled [ 1669.447366][ T5879] plantronics 0003:047F:FFFF.010D: reserved main item tag 0xd [ 1669.465637][ T5879] plantronics 0003:047F:FFFF.010D: unknown main item tag 0x0 [ 1669.475499][ T5879] plantronics 0003:047F:FFFF.010D: No inputs registered, leaving [ 1669.506731][ T5879] plantronics 0003:047F:FFFF.010D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1669.751555][ T5823] usb 4-1: USB disconnect, device number 75 [ 1670.418783][T29365] ipvlan2: entered promiscuous mode [ 1670.702213][T29375] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 1670.709360][ T5879] IPVS: starting estimator thread 0... [ 1670.742052][ T5823] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 1670.771094][ T30] audit: type=1326 audit(1746312046.453:6562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29383 comm="syz.2.25802" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1670.816315][T29381] IPVS: using max 25 ests per chain, 60000 per kthread [ 1670.828862][ T30] audit: type=1326 audit(1746312046.483:6563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29383 comm="syz.2.25802" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1670.899083][ T30] audit: type=1326 audit(1746312046.483:6564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29383 comm="syz.2.25802" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1670.940286][ T30] audit: type=1326 audit(1746312046.483:6565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29383 comm="syz.2.25802" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1670.941414][T29388] netlink: 48 bytes leftover after parsing attributes in process `syz.2.25804'. [ 1670.966454][ T5823] usb 4-1: Using ep0 maxpacket: 32 [ 1671.003701][ T30] audit: type=1326 audit(1746312046.483:6566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29383 comm="syz.2.25802" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1671.025805][ C0] vkms_vblank_simulate: vblank timer overrun [ 1671.049148][ T5823] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 1671.063954][ T5823] usb 4-1: config 0 has no interface number 0 [ 1671.073876][ T30] audit: type=1326 audit(1746312046.483:6567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29383 comm="syz.2.25802" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1671.104583][ T5823] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1671.114927][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1671.123339][ T30] audit: type=1326 audit(1746312046.483:6568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29383 comm="syz.2.25802" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1671.155624][ T5823] usb 4-1: Product: syz [ 1671.159896][ T5823] usb 4-1: Manufacturer: syz [ 1671.164525][ T5823] usb 4-1: SerialNumber: syz [ 1671.177156][ T30] audit: type=1326 audit(1746312046.483:6569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29383 comm="syz.2.25802" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1671.205285][ T5823] usb 4-1: config 0 descriptor?? [ 1671.216519][ T5823] smsc95xx v2.0.0 [ 1671.226626][ T30] audit: type=1326 audit(1746312046.483:6570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29383 comm="syz.2.25802" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1671.255488][ T30] audit: type=1326 audit(1746312046.483:6571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29383 comm="syz.2.25802" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 1671.405912][T13228] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 1671.571745][T13228] usb 5-1: config 0 has no interfaces? [ 1671.581020][T13228] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1671.606381][T13228] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1671.634569][T13228] usb 5-1: config 0 descriptor?? [ 1671.887461][T29392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1671.918942][T29392] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1671.964048][T29392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1671.992114][T29392] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1672.022810][T13228] usb 5-1: USB disconnect, device number 81 [ 1672.246883][ T5823] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71 [ 1672.264511][ T5823] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 1672.278277][ T5823] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 1672.292503][ T5823] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 1672.305916][ T5823] usb 4-1: USB disconnect, device number 76 [ 1672.480172][T13228] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 1672.637922][T13228] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1672.651247][T13228] usb 5-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40 [ 1672.661313][T13228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1672.669651][T13228] usb 5-1: Product: syz [ 1672.673877][T13228] usb 5-1: Manufacturer: syz [ 1672.679889][T13228] usb 5-1: SerialNumber: syz [ 1672.693770][T13228] usb 5-1: selecting invalid altsetting 1 [ 1672.736369][ T5879] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 1672.893502][T13228] cdc_ncm 5-1:1.0: bind() failure [ 1672.912743][T13228] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1672.964709][T13228] snd-usb-audio 5-1:1.1: probe with driver snd-usb-audio failed with error -22 [ 1672.978157][T13228] usb 5-1: USB disconnect, device number 82 [ 1673.015424][T18567] udevd[18567]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1673.408990][ T5879] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1673.437903][ T5879] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1673.505718][ T5879] usb 3-1: can't read configurations, error -71 [ 1673.581445][T29439] loop6: detected capacity change from 0 to 63 [ 1674.545460][ T3549] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1674.586873][ T3549] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1674.627093][ T3549] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1674.645810][ T3549] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 1674.796078][ T5823] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1674.807936][ T3549] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1674.825859][ T3549] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1674.837434][ T3549] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1674.848748][ T3549] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 1674.988678][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1675.005839][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1675.025327][ T3549] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1675.037620][ T5823] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1675.052592][ T3549] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1675.063823][ T5823] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1675.073361][ T3549] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1675.090337][ T5823] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1675.102859][ T3549] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 1675.136823][ T5823] usb 3-1: config 0 descriptor?? [ 1675.258785][ T3549] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1675.269768][T29486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.25849'. [ 1675.273155][T29486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.25849'. [ 1675.288806][ T3549] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1675.288894][ T3549] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1675.288945][ T3549] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 1675.554454][ T5823] plantronics 0003:047F:FFFF.010E: No inputs registered, leaving [ 1675.614923][T12829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1675.626854][T12829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1675.642443][T12829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1675.650259][ T5823] plantronics 0003:047F:FFFF.010E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1675.662974][ T5879] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 1675.674663][T12829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1675.683241][T12829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1675.779068][ T3549] veth1_to_bridge: left allmulticast mode [ 1675.784935][ T3549] veth1_to_bridge: left promiscuous mode [ 1675.796719][ T3549] bridge0: port 3(veth1_to_bridge) entered disabled state [ 1675.810112][ T3549] batadv1: left allmulticast mode [ 1675.815659][ T3549] batadv1: left promiscuous mode [ 1675.821686][ T3549] bridge0: port 2(batadv1) entered disabled state [ 1675.832449][ T3549] team0: left allmulticast mode [ 1675.837799][ T5879] usb 5-1: Using ep0 maxpacket: 16 [ 1675.843396][ T3549] geneve0: left allmulticast mode [ 1675.844733][ T5823] usb 3-1: USB disconnect, device number 67 [ 1675.851274][ T3549] team0: left promiscuous mode [ 1675.863809][ T5879] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1675.873290][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1675.881918][ T3549] geneve0: left promiscuous mode [ 1675.890691][ T3549] bridge0: port 1(team0) entered disabled state [ 1675.902452][ T5879] usb 5-1: config 0 descriptor?? [ 1675.914254][ T5879] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1676.346965][T29508] netlink: 20 bytes leftover after parsing attributes in process `syz.1.25852'. [ 1676.682489][ T3549] xfrm0 (unregistering): left allmulticast mode [ 1676.947325][ T3549] team0: Port device geneve0 removed [ 1676.957038][ T5879] gspca_sonixj: reg_w1 err -71 [ 1676.991589][ T5879] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 1677.012209][ T5879] usb 5-1: USB disconnect, device number 83 [ 1677.543075][ T3549] bond1 (unregistering): Released all slaves [ 1677.560248][ T3549] bond2 (unregistering): Released all slaves [ 1677.599445][ T3549] bond0 (unregistering): (slave bond5): Releasing active interface [ 1677.608605][ T3549] bond0 (unregistering): Released all slaves [ 1677.625439][ T3549] bond3 (unregistering): Released all slaves [ 1677.642361][ T3549] bond4 (unregistering): Released all slaves [ 1677.722757][T12829] Bluetooth: hci3: command tx timeout [ 1677.861951][ T3549] bond5 (unregistering): Released all slaves [ 1678.233797][T29528] netlink: 'syz.2.25859': attribute type 4 has an invalid length. [ 1679.009571][T29495] chnl_net:caif_netlink_parms(): no params data found [ 1679.372937][T29495] bridge0: port 1(bridge_slave_0) entered blocking state [ 1679.382875][T29495] bridge0: port 1(bridge_slave_0) entered disabled state [ 1679.392107][T29495] bridge_slave_0: entered allmulticast mode [ 1679.402576][T29495] bridge_slave_0: entered promiscuous mode [ 1679.423356][T29495] bridge0: port 2(bridge_slave_1) entered blocking state [ 1679.431962][T29495] bridge0: port 2(bridge_slave_1) entered disabled state [ 1679.440948][T29495] bridge_slave_1: entered allmulticast mode [ 1679.450046][T29495] bridge_slave_1: entered promiscuous mode [ 1679.458954][T29582] tun0: tun_chr_ioctl cmd 1074025675 [ 1679.465322][T29582] tun0: persist enabled [ 1679.499443][T29582] tun0: tun_chr_ioctl cmd 1074025675 [ 1679.509682][T29582] tun0: persist enabled [ 1679.554440][T29495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1679.582628][T29495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1679.741137][ T3549] tipc: Disabling bearer [ 1679.750948][ T3549] tipc: Disabling bearer [ 1679.775939][ T3549] tipc: Left network mode [ 1679.793548][T29495] team0: Port device team_slave_0 added [ 1679.805648][T12829] Bluetooth: hci3: command tx timeout [ 1679.821221][T29495] team0: Port device team_slave_1 added [ 1679.999159][T29495] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1680.026631][T29495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1680.081958][T29495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1680.269223][T29495] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1680.294128][T29495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1680.403880][T29495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1681.062712][T29630] loop6: detected capacity change from 0 to 63 [ 1681.084119][T29495] hsr_slave_0: entered promiscuous mode [ 1681.097903][T12424] Buffer I/O error on dev loop6, logical block 0, async page read [ 1681.116170][T12424] Buffer I/O error on dev loop6, logical block 0, async page read [ 1681.136084][T29495] hsr_slave_1: entered promiscuous mode [ 1681.143801][T29495] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1681.152701][T12424] Buffer I/O error on dev loop6, logical block 0, async page read [ 1681.177634][T12424] Buffer I/O error on dev loop6, logical block 0, async page read [ 1681.190987][T29495] Cannot create hsr debugfs directory [ 1681.201314][T12424] Buffer I/O error on dev loop6, logical block 0, async page read [ 1681.880368][T12829] Bluetooth: hci3: command tx timeout [ 1682.241148][ T3549] veth0_macvtap: left allmulticast mode [ 1682.271114][ T3549] veth0_macvtap: left promiscuous mode [ 1682.337408][ T5879] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 1682.515652][ T5879] usb 5-1: Using ep0 maxpacket: 8 [ 1682.522535][ T5879] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1682.550428][ T5879] usb 5-1: config 0 has no interface number 0 [ 1682.557364][ T5879] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1682.574307][ T5879] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1682.590274][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1682.607102][ T5879] usb 5-1: config 0 descriptor?? [ 1682.630181][ T5879] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1682.869417][ T5823] usb 5-1: USB disconnect, device number 84 [ 1683.016049][ T5879] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1683.075487][T29683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25904'. [ 1683.096863][T29683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25904'. [ 1683.190773][ T5879] usb 3-1: Using ep0 maxpacket: 16 [ 1683.205417][ T5879] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1683.224507][ T5879] usb 3-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 39, changing to 9 [ 1683.240518][ T5879] usb 3-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 1024 [ 1683.253918][ T5879] usb 3-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1683.267650][ T5879] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1683.277056][ T5879] usb 3-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 1683.286637][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1683.295392][ T5879] usb 3-1: Product: syz [ 1683.305606][ T5879] usb 3-1: Manufacturer: syz [ 1683.310247][ T5879] usb 3-1: SerialNumber: syz [ 1683.341604][T29679] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1683.584555][ T5879] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input203 [ 1683.845963][T13228] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 1683.957289][T12829] Bluetooth: hci3: command tx timeout [ 1683.997534][T13228] usb 5-1: Using ep0 maxpacket: 16 [ 1684.020513][T13228] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1684.046436][T13228] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1684.070491][T13228] usb 5-1: can't read configurations, error -71 [ 1684.147166][T29495] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1684.199815][T29495] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1684.224957][ T1206] usb 3-1: USB disconnect, device number 68 [ 1684.224957][ C1] bcm5974 3-1:1.0: trackpad urb failed: -19 [ 1684.259828][ T5187] bcm5974 3-1:1.0: could not read from device [ 1684.268059][T29495] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1684.363084][T29495] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1684.743995][ T3549] IPVS: stop unused estimator thread 0... [ 1684.885009][T29495] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1684.964575][T29711] netlink: 28 bytes leftover after parsing attributes in process `syz.4.25915'. [ 1684.990066][T29495] 8021q: adding VLAN 0 to HW filter on device team0 [ 1684.997154][T29711] netlink: 'syz.4.25915': attribute type 7 has an invalid length. [ 1685.019478][T29711] netlink: 'syz.4.25915': attribute type 8 has an invalid length. [ 1685.057962][T29711] netlink: 8 bytes leftover after parsing attributes in process `syz.4.25915'. [ 1685.207971][ T3528] bridge0: port 1(bridge_slave_0) entered blocking state [ 1685.215135][ T3528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1685.362732][ T3549] bridge0: port 2(bridge_slave_1) entered blocking state [ 1685.370071][ T3549] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1685.888897][T29495] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1686.115134][T29495] veth0_vlan: entered promiscuous mode [ 1686.168286][T29495] veth1_vlan: entered promiscuous mode [ 1686.237811][T29747] netlink: 8 bytes leftover after parsing attributes in process `syz.4.25925'. [ 1686.359244][T29495] veth0_macvtap: entered promiscuous mode [ 1686.431032][T29495] veth1_macvtap: entered promiscuous mode [ 1686.508200][T29495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1686.537875][T29751] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1686.559556][T29495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1686.592400][T29495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1686.643916][T29495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1686.691656][T29495] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1686.800900][T29495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1686.834068][T29495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1686.884861][T29495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1686.925606][T29495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1686.969943][T29495] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1687.065285][T29495] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1687.112382][T29495] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1687.141521][T29495] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1687.177588][T29495] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1687.484039][T29495] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 1687.547086][T29495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1687.581800][ T3549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1687.608809][ T3549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1687.737131][T15780] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1687.766081][T15780] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1687.825834][T29787] netlink: 132 bytes leftover after parsing attributes in process `syz.4.25937'. [ 1688.728176][T29817] syzkaller1: entered promiscuous mode [ 1688.733740][T29817] syzkaller1: entered allmulticast mode [ 1690.348075][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 1690.348092][ T30] audit: type=1326 audit(1746312066.033:6576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29867 comm="syz.4.25963" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1690.562271][ T30] audit: type=1326 audit(1746312066.063:6577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29867 comm="syz.4.25963" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000 [ 1690.584491][ C0] vkms_vblank_simulate: vblank timer overrun [ 1690.694606][ T30] audit: type=1326 audit(1746312066.063:6578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29867 comm="syz.4.25963" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1690.716944][ C0] vkms_vblank_simulate: vblank timer overrun [ 1690.778543][ T30] audit: type=1326 audit(1746312066.063:6579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29867 comm="syz.4.25963" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1690.800750][ C0] vkms_vblank_simulate: vblank timer overrun [ 1690.914026][ T30] audit: type=1326 audit(1746312066.063:6580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29867 comm="syz.4.25963" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1690.999564][ T30] audit: type=1326 audit(1746312066.063:6581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29867 comm="syz.4.25963" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000 [ 1691.105028][ T30] audit: type=1326 audit(1746312066.063:6582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29867 comm="syz.4.25963" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1691.214009][ T30] audit: type=1326 audit(1746312066.063:6583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29867 comm="syz.4.25963" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1691.274147][ T30] audit: type=1326 audit(1746312066.063:6584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29867 comm="syz.4.25963" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000 [ 1691.298082][ T30] audit: type=1326 audit(1746312066.063:6585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29867 comm="syz.4.25963" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 1691.737092][T29919] syzkaller1: entered promiscuous mode [ 1691.742643][T29919] syzkaller1: entered allmulticast mode [ 1691.846053][T29922] netlink: 12 bytes leftover after parsing attributes in process `syz.4.25981'. [ 1692.713431][T29951] input: syz0 as /devices/virtual/input/input204 [ 1692.965489][T29960] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25994'. [ 1694.138465][T30014] sctp: [Deprecated]: syz.2.26017 (pid 30014) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1694.138465][T30014] Use struct sctp_sack_info instead [ 1694.648620][T30034] netlink: 8 bytes leftover after parsing attributes in process `syz.1.26028'. [ 1694.975712][T18789] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 1695.147150][T18789] usb 5-1: config 0 has no interfaces? [ 1695.152912][T18789] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1695.182462][T18789] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1695.202285][T18789] usb 5-1: config 0 descriptor?? [ 1695.440730][T30041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1695.461668][T30041] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1695.486656][T30041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1695.508391][T30041] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1695.520808][T18789] usb 5-1: USB disconnect, device number 87 [ 1695.868902][T30078] input input205: cannot allocate more than FF_MAX_EFFECTS effects [ 1695.976365][T18789] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 1696.055972][T13228] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1696.128231][T18789] usb 5-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x7C, changing to 0xC [ 1696.140027][T18789] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1696.155304][T18789] usb 5-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40 [ 1696.165208][T18789] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1696.173394][T18789] usb 5-1: Product: syz [ 1696.177744][T18789] usb 5-1: Manufacturer: syz [ 1696.182515][T18789] usb 5-1: SerialNumber: syz [ 1696.221668][T13228] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1696.234731][T13228] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1696.253397][T13228] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1696.275972][T13228] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1696.288158][T13228] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1696.303669][T13228] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1696.313788][T13228] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1696.334262][T13228] usb 3-1: Product: syz [ 1696.342577][T13228] usb 3-1: Manufacturer: syz [ 1696.355125][T13228] cdc_wdm 3-1:1.0: skipping garbage [ 1696.371465][T13228] cdc_wdm 3-1:1.0: skipping garbage [ 1696.382969][T13228] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1696.389802][T13228] cdc_wdm 3-1:1.0: Unknown control protocol [ 1696.404043][T18789] cdc_ncm 5-1:1.0: bind() failure [ 1696.563797][T18789] usb 5-1: USB disconnect, device number 88 [ 1696.630004][T12426] udevd[12426]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1696.688973][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1696.695644][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1696.704153][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1696.710811][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1696.717779][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1696.724435][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1696.731377][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1696.738052][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1696.744459][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1696.751016][ T5823] usb 3-1: USB disconnect, device number 69 [ 1696.751086][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1696.763090][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1697.976197][T30137] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26064'. [ 1699.421462][T30189] input: syz1 as /devices/virtual/input/input206 [ 1699.829233][ T5823] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 1699.995696][ T5823] usb 3-1: Using ep0 maxpacket: 8 [ 1700.014647][ T5823] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1700.031274][ T5823] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1700.145744][ T5823] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1700.175629][ T5823] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1700.205697][ T5823] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1700.258290][ T5823] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1700.268259][ T5823] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1700.316061][ T5823] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1700.349194][ T5823] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1700.394695][ T5823] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1700.450783][ T5823] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1700.475801][ T5823] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1700.522907][ T5823] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1700.570298][ T5823] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1700.596321][ T5823] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1700.683591][T30220] binder: 30218:30220 ioctl c0306201 80000480 returned -14 [ 1700.690918][ T5823] usb 3-1: string descriptor 0 read error: -22 [ 1700.691072][ T5823] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1700.738234][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1700.851303][ T5823] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1700.907802][T30225] netlink: 'syz.0.26097': attribute type 10 has an invalid length. [ 1700.958357][T30225] veth0_vlan: entered allmulticast mode [ 1701.038222][T30225] veth0_vlan: left promiscuous mode [ 1701.090255][T30225] veth0_vlan: entered promiscuous mode [ 1701.139967][T30225] team0: Device veth0_vlan failed to register rx_handler [ 1701.223433][ T5823] usb 3-1: USB disconnect, device number 70 [ 1702.103076][T30255] bridge0: port 2(bridge_slave_1) entered disabled state [ 1702.110919][T30255] bridge0: port 1(bridge_slave_0) entered disabled state [ 1702.481891][T30255] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1702.530708][T30255] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1702.866034][T30255] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1702.901488][T30255] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1702.912090][T30255] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1702.928961][T30255] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1703.241811][T30278] netlink: 4 bytes leftover after parsing attributes in process `syz.4.26114'. [ 1705.876449][T12829] Bluetooth: hci1: command 0x0406 tx timeout [ 1705.887861][T30303] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 1706.759131][T30303] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1706.801719][T30303] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1706.814422][T30303] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1706.824084][T30303] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1706.839995][T30303] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1706.849166][T30303] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1706.858422][T30303] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1707.961109][T12829] Bluetooth: hci1: command 0x0406 tx timeout [ 1708.498093][ T30] kauditd_printk_skb: 56 callbacks suppressed [ 1708.498114][ T30] audit: type=1326 audit(1746312084.173:6642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30512 comm="syz.0.26179" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e539 code=0x0 [ 1708.742749][T30522] lo: entered promiscuous mode [ 1708.745746][ T5879] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 1708.766524][T30522] lo: entered allmulticast mode [ 1708.776783][T30521] lo: left allmulticast mode [ 1708.781499][T30521] lo: left promiscuous mode [ 1708.837492][T12829] Bluetooth: hci0: command 0x0c1a tx timeout [ 1708.926508][T12829] Bluetooth: hci3: command 0x0c1a tx timeout [ 1708.929385][ T5879] usb 5-1: Using ep0 maxpacket: 8 [ 1708.956100][ T5879] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 1708.964398][ T5879] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1709.041323][ T5879] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1709.068839][ T5879] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1709.088252][ T5879] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1709.146482][ T5879] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1709.171171][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1709.420661][ T5879] usb 5-1: usb_control_msg returned -32 [ 1709.433201][T30541] netlink: 4 bytes leftover after parsing attributes in process `syz.5.26191'. [ 1709.438578][ T5879] usbtmc 5-1:16.0: can't read capabilities [ 1709.613231][ T5879] IPVS: starting estimator thread 0... [ 1709.720497][T30547] IPVS: using max 27 ests per chain, 64800 per kthread [ 1709.861143][T30554] usbtmc 5-1:16.0: INITIATE_CLEAR returned 0 [ 1710.057902][ T24] usb 5-1: USB disconnect, device number 89 [ 1710.124078][T30556] bridge0: port 2(bridge_slave_1) entered disabled state [ 1710.131878][T30556] bridge0: port 1(bridge_slave_0) entered disabled state [ 1710.679643][T30556] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1710.763470][T30556] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1710.916041][T12829] Bluetooth: hci0: command 0x0c1a tx timeout [ 1710.996090][T12829] Bluetooth: hci3: command 0x0c1a tx timeout [ 1711.636654][T30556] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1711.672895][T30556] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1711.719236][T30556] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1711.785087][T30556] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1712.264573][T30556] ipvlan2: left promiscuous mode [ 1712.353865][T30622] netlink: 'syz.5.26215': attribute type 1 has an invalid length. [ 1712.432809][T30622] (unnamed net_device) (uninitialized): option mode: invalid value (119) [ 1712.995632][T12829] Bluetooth: hci0: command 0x0c1a tx timeout [ 1713.078379][T12829] Bluetooth: hci3: command 0x0c1a tx timeout [ 1713.265637][T30573] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 1713.439135][T30573] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1713.460076][T30573] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1713.480742][T30660] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1713.490859][T30573] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1713.520105][T30573] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1713.545771][T30573] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1713.577573][T30573] usb 5-1: config 0 descriptor?? [ 1713.945471][T30676] netlink: 8 bytes leftover after parsing attributes in process `syz.5.26241'. [ 1713.974361][T30676] vlan2: entered allmulticast mode [ 1713.986588][T30676] gretap0: entered allmulticast mode [ 1714.011597][T30573] plantronics 0003:047F:FFFF.010F: unknown main item tag 0x0 [ 1714.036838][T30573] plantronics 0003:047F:FFFF.010F: unknown main item tag 0x0 [ 1714.046678][T30573] plantronics 0003:047F:FFFF.010F: unknown main item tag 0x0 [ 1714.054513][T30573] plantronics 0003:047F:FFFF.010F: unknown main item tag 0x0 [ 1714.062951][T30573] plantronics 0003:047F:FFFF.010F: unknown main item tag 0x0 [ 1714.071634][T30573] plantronics 0003:047F:FFFF.010F: unknown main item tag 0x0 [ 1714.099449][T30573] plantronics 0003:047F:FFFF.010F: No inputs registered, leaving [ 1714.139713][T30573] plantronics 0003:047F:FFFF.010F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1714.358878][T30573] usb 5-1: USB disconnect, device number 90 [ 1714.679584][T30698] sctp: [Deprecated]: syz.1.26249 (pid 30698) Use of int in max_burst socket option. [ 1714.679584][T30698] Use struct sctp_assoc_value instead [ 1714.973520][ T30] audit: type=1326 audit(1746312090.653:6643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30706 comm="syz.4.26251" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709e539 code=0x0 [ 1716.992506][T30754] ALSA: seq fatal error: cannot create timer (-19) [ 1717.134360][T30762] usb usb8: usbfs: process 30762 (syz.5.26272) did not claim interface 0 before use [ 1717.984077][T30794] netlink: 4 bytes leftover after parsing attributes in process `syz.4.26285'. [ 1717.994066][T30794] netlink: 4 bytes leftover after parsing attributes in process `syz.4.26285'. [ 1718.614252][ T30] audit: type=1326 audit(1746312094.293:6644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30817 comm="syz.2.26296" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be539 code=0x0 [ 1719.617888][T30835] netlink: 4 bytes leftover after parsing attributes in process `syz.5.26301'. [ 1720.705100][ T30] audit: type=1804 audit(1746312096.383:6645): pid=30864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.26313" name="/" dev="pidfs" ino=63068 res=1 errno=0 [ 1721.006115][T13228] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 1721.093112][T30880] netlink: 20 bytes leftover after parsing attributes in process `syz.2.26320'. [ 1721.168103][T13228] usb 5-1: Using ep0 maxpacket: 32 [ 1721.190808][T13228] usb 5-1: config 0 has no interfaces? [ 1721.219524][T13228] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1721.239289][T13228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1721.268958][T13228] usb 5-1: Product: syz [ 1721.283533][T13228] usb 5-1: Manufacturer: syz [ 1721.299476][T13228] usb 5-1: SerialNumber: syz [ 1721.324642][T13228] usb 5-1: config 0 descriptor?? [ 1721.581565][T30573] usb 5-1: USB disconnect, device number 91 [ 1721.717276][T30897] bond0: option arp_interval: invalid value (18446744073709551615) [ 1721.735168][T30897] bond0: option arp_interval: allowed values 0 - 2147483647 [ 1723.300233][T30936] unknown channel width for channel at 909000KHz? [ 1723.476015][ T30] audit: type=1326 audit(1746312099.153:6646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30944 comm="syz.1.26349" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1723.506482][T30945] netlink: 136 bytes leftover after parsing attributes in process `syz.5.26348'. [ 1723.522572][T30945] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1723.535847][ T30] audit: type=1326 audit(1746312099.153:6647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30944 comm="syz.1.26349" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1723.571699][ T30] audit: type=1326 audit(1746312099.153:6648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30944 comm="syz.1.26349" exe="/root/syz-executor" sig=0 arch=40000003 syscall=434 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1723.602009][ T30] audit: type=1326 audit(1746312099.153:6649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30944 comm="syz.1.26349" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1723.634825][ T30] audit: type=1326 audit(1746312099.153:6650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30944 comm="syz.1.26349" exe="/root/syz-executor" sig=0 arch=40000003 syscall=438 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1723.664174][ T30] audit: type=1326 audit(1746312099.163:6651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30944 comm="syz.1.26349" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1723.686512][ C0] vkms_vblank_simulate: vblank timer overrun [ 1723.701470][ T30] audit: type=1326 audit(1746312099.163:6652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30944 comm="syz.1.26349" exe="/root/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1723.732698][ T30] audit: type=1326 audit(1746312099.163:6653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30944 comm="syz.1.26349" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1723.754891][ C0] vkms_vblank_simulate: vblank timer overrun [ 1723.781729][ T30] audit: type=1326 audit(1746312099.163:6654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30944 comm="syz.1.26349" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1723.803945][ C0] vkms_vblank_simulate: vblank timer overrun [ 1725.471610][T31023] io-wq is not configured for unbound workers [ 1725.935670][T30573] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1726.125639][T30573] usb 3-1: Using ep0 maxpacket: 8 [ 1726.143070][T30573] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1726.161124][T30573] usb 3-1: config 0 has no interface number 0 [ 1726.183820][T30573] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1726.207581][T30573] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1726.221958][T30573] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1726.261701][T30573] usb 3-1: config 0 descriptor?? [ 1726.320229][T30573] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1727.562948][T30581] usb 3-1: USB disconnect, device number 71 [ 1728.610400][T31115] netlink: 12 bytes leftover after parsing attributes in process `syz.4.26422'. [ 1729.396210][T30573] usb 5-1: new full-speed USB device number 92 using dummy_hcd [ 1729.588028][T30573] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1729.619938][T30573] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1729.655772][T30573] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 1729.679662][T30573] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1729.689921][T30573] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1729.709944][T30573] usb 5-1: Product: syz [ 1729.727532][T30573] usb 5-1: Manufacturer: syz [ 1729.751086][T30573] usb 5-1: SerialNumber: syz [ 1729.769685][T30573] usb 5-1: config 0 descriptor?? [ 1729.787991][T31134] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1729.795382][T31134] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1729.817529][T30573] usb 5-1: ucan: probing device on interface #0 [ 1729.937329][T31161] IPv6: NLM_F_CREATE should be specified when creating new route [ 1730.096691][T31163] input: syz1 as /devices/virtual/input/input207 [ 1730.172564][T31169] input: syz0 as /devices/virtual/input/input208 [ 1730.183659][T31169] input: failed to attach handler leds to device input208, error: -6 [ 1730.361131][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.370204][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.409328][T31174] netlink: 12 bytes leftover after parsing attributes in process `syz.1.26447'. [ 1730.458262][T30573] ucan 5-1:0.0 can0: registered device [ 1730.644494][T30573] ucan 5-1:0.0 can0: firmware string: œ–Æ0…¥ [ 1730.876260][T30573] usb 5-1: USB disconnect, device number 92 [ 1731.472653][T31216] syzkaller1: entered promiscuous mode [ 1731.484371][T31216] syzkaller1: entered allmulticast mode [ 1731.665665][T30573] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 1731.853474][T30573] usb 3-1: Using ep0 maxpacket: 32 [ 1731.889099][T30573] usb 3-1: config 0 has an invalid interface number: 126 but max is 0 [ 1731.918396][T30573] usb 3-1: config 0 has no interface number 0 [ 1731.924582][T30573] usb 3-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1731.948469][T30575] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1731.986564][T30573] usb 3-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 1732.003652][T30573] usb 3-1: config 0 interface 126 has no altsetting 0 [ 1732.023873][T30573] usb 3-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 1732.034025][T30573] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1732.050057][T30573] usb 3-1: Product: syz [ 1732.054285][T30573] usb 3-1: Manufacturer: syz [ 1732.083324][T30573] usb 3-1: SerialNumber: syz [ 1732.107250][T30573] usb 3-1: config 0 descriptor?? [ 1732.127817][T30575] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1732.160648][T31218] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1732.185618][T30575] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1732.199460][T31218] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1732.207158][T30571] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1732.223571][T30575] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1732.255722][T30575] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1732.285422][T30575] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1732.312139][T30575] usb 5-1: config 0 descriptor?? [ 1732.375600][T30571] usb 6-1: Using ep0 maxpacket: 8 [ 1732.387356][T30571] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 1732.405657][T30571] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1732.436052][T30571] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1732.461741][T30571] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1732.472761][T30571] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1732.487570][T30571] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1732.497193][T30571] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1732.630738][T30573] ir_usb 3-1:0.126: IR Dongle converter detected [ 1732.729584][T30571] usb 6-1: usb_control_msg returned -32 [ 1732.735413][T30571] usbtmc 6-1:16.0: can't read capabilities [ 1732.754048][T30575] plantronics 0003:047F:FFFF.0110: reserved main item tag 0xd [ 1732.783306][T30575] plantronics 0003:047F:FFFF.0110: No inputs registered, leaving [ 1732.816824][T30575] plantronics 0003:047F:FFFF.0110: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1732.850711][T30573] usb 3-1: IR Dongle converter now attached to ttyUSB0 [ 1732.954227][T30581] usb 5-1: USB disconnect, device number 93 [ 1733.061408][T13228] usb 3-1: USB disconnect, device number 72 [ 1733.078402][T13228] ir-usb ttyUSB0: IR Dongle converter now disconnected from ttyUSB0 [ 1733.093438][T13228] ir_usb 3-1:0.126: device disconnected [ 1733.311395][T30573] usb 6-1: USB disconnect, device number 2 [ 1734.366619][T30573] usb 5-1: new full-speed USB device number 94 using dummy_hcd [ 1734.567974][T30573] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1734.585867][T30573] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1734.601936][T30573] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1734.636942][T30573] usb 5-1: config 0 descriptor?? [ 1734.653370][T31283] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1735.137118][T30573] elan 0003:04F3:0755.0111: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0 [ 1735.314724][T30573] usb 5-1: USB disconnect, device number 94 [ 1735.432299][T31326] loop2: detected capacity change from 0 to 7 [ 1735.447404][ T5847] Dev loop2: unable to read RDB block 7 [ 1735.453072][ T5847] loop2: unable to read partition table [ 1735.468456][ T5847] loop2: partition table beyond EOD, truncated [ 1735.480768][T31326] Dev loop2: unable to read RDB block 7 [ 1735.514233][T31326] loop2: unable to read partition table [ 1735.532112][T31326] loop2: partition table beyond EOD, truncated [ 1735.540009][T31326] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1736.250160][ T30] kauditd_printk_skb: 80 callbacks suppressed [ 1736.250180][ T30] audit: type=1326 audit(1746312111.933:6735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31349 comm="syz.5.26510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb7558 code=0x7ffc0000 [ 1736.371047][T31356] syzkaller1: entered promiscuous mode [ 1736.409730][T31356] syzkaller1: entered allmulticast mode [ 1736.422411][ T30] audit: type=1326 audit(1746312111.933:6736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31349 comm="syz.5.26510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb7558 code=0x7ffc0000 [ 1736.444835][ C1] vkms_vblank_simulate: vblank timer overrun [ 1736.463753][ T30] audit: type=1326 audit(1746312111.933:6737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31349 comm="syz.5.26510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb7558 code=0x7ffc0000 [ 1736.492690][ T30] audit: type=1326 audit(1746312111.933:6738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31349 comm="syz.5.26510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb7558 code=0x7ffc0000 [ 1736.546047][ T30] audit: type=1326 audit(1746312111.933:6739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31349 comm="syz.5.26510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb7558 code=0x7ffc0000 [ 1736.589416][ T30] audit: type=1326 audit(1746312111.933:6740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31349 comm="syz.5.26510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb7558 code=0x7ffc0000 [ 1736.611588][ C1] vkms_vblank_simulate: vblank timer overrun [ 1736.704722][ T30] audit: type=1326 audit(1746312111.933:6741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31349 comm="syz.5.26510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb7558 code=0x7ffc0000 [ 1736.727061][ C1] vkms_vblank_simulate: vblank timer overrun [ 1736.779233][ T30] audit: type=1326 audit(1746312111.933:6742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31349 comm="syz.5.26510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb7558 code=0x7ffc0000 [ 1736.913328][ T30] audit: type=1326 audit(1746312111.933:6743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31349 comm="syz.5.26510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb7558 code=0x7ffc0000 [ 1736.986040][ T30] audit: type=1326 audit(1746312111.933:6744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31349 comm="syz.5.26510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb7558 code=0x7ffc0000 [ 1737.596612][T31375] gretap0: entered promiscuous mode [ 1737.627938][T31375] batman_adv: batadv0: Adding interface: macvlan2 [ 1737.642197][T31375] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1737.672930][T31375] batman_adv: batadv0: Interface activated: macvlan2 [ 1738.803356][T31421] netlink: 'syz.2.26538': attribute type 29 has an invalid length. [ 1738.815369][T31421] netlink: 'syz.2.26538': attribute type 29 has an invalid length. [ 1738.837564][T31421] netlink: 600 bytes leftover after parsing attributes in process `syz.2.26538'. [ 1739.345814][T31445] input: syz1 as /devices/virtual/input/input210 [ 1739.634346][T31456] input: syz1 as /devices/virtual/input/input211 [ 1740.309309][T31480] input: syz0 as /devices/virtual/input/input212 [ 1740.332795][T31480] input: failed to attach handler leds to device input212, error: -6 [ 1741.613484][T31521] input: syz0 as /devices/virtual/input/input213 [ 1741.836455][T31531] netlink: 4 bytes leftover after parsing attributes in process `syz.5.26587'. [ 1741.846759][T31527] syzkaller1: entered promiscuous mode [ 1741.852641][T31527] syzkaller1: entered allmulticast mode [ 1741.874591][T31531] macvlan2: entered promiscuous mode [ 1741.892936][T31531] bond0: entered promiscuous mode [ 1741.899608][T31531] bond_slave_0: entered promiscuous mode [ 1741.906103][T31531] bond_slave_1: entered promiscuous mode [ 1741.923029][T31531] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1742.459052][T13228] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 1742.636414][T13228] usb 5-1: Using ep0 maxpacket: 32 [ 1742.650564][T13228] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1742.775606][T13228] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1742.800990][T13228] usb 5-1: config 0 descriptor?? [ 1742.836269][T13228] gspca_main: sunplus-2.14.0 probing 041e:400b [ 1742.955119][T31567] netlink: 8 bytes leftover after parsing attributes in process `syz.5.26601'. [ 1742.994588][T31567] macvlan0: entered promiscuous mode [ 1743.030281][T31567] batadv_slave_1: entered promiscuous mode [ 1743.064635][T31567] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 1743.094568][T31567] Cannot create hsr debugfs directory [ 1743.364203][T31576] macvlan3: entered promiscuous mode [ 1743.382422][T31576] bridge0: entered promiscuous mode [ 1743.422451][T31577] macvlan4: entered promiscuous mode [ 1743.644657][T13228] gspca_sunplus: reg_w_riv err -71 [ 1743.657598][T13228] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 1743.676781][T13228] usb 5-1: USB disconnect, device number 95 [ 1743.745929][T31584] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 1744.330335][T31602] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26616'. [ 1744.384644][ T30] kauditd_printk_skb: 464 callbacks suppressed [ 1744.384663][ T30] audit: type=1800 audit(1746312120.063:7209): pid=31606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.26618" name="bus" dev="tmpfs" ino=19402 res=0 errno=0 [ 1744.523296][T31602] bond0: (slave bond_slave_0): Releasing backup interface [ 1744.840313][T31612] netlink: 'syz.0.26622': attribute type 16 has an invalid length. [ 1744.863739][T31612] netlink: 64138 bytes leftover after parsing attributes in process `syz.0.26622'. [ 1745.038299][ T30] audit: type=1326 audit(1746312120.723:7210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31621 comm="syz.5.26625" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb7539 code=0x0 [ 1745.066565][T31625] netlink: 8 bytes leftover after parsing attributes in process `syz.0.26624'. [ 1745.086860][T31625] netlink: 4 bytes leftover after parsing attributes in process `syz.0.26624'. [ 1745.359283][T31639] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1747.234059][T31681] netlink: 8 bytes leftover after parsing attributes in process `syz.1.26648'. [ 1747.244428][T31681] netlink: 'syz.1.26648': attribute type 18 has an invalid length. [ 1747.254594][T31681] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26648'. [ 1747.442314][T31690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26652'. [ 1747.453748][T31690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26652'. [ 1747.544644][T31693] input: syz0 as /devices/virtual/input/input214 [ 1748.714800][T31713] block device autoloading is deprecated and will be removed. [ 1748.855697][T13228] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 1749.028770][T13228] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1749.041418][T13228] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1749.061425][T13228] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 1749.071116][T13228] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1749.085037][T13228] usb 5-1: config 0 descriptor?? [ 1749.594571][T13228] hid-led 0003:0FC5:B080.0112: unknown main item tag 0x0 [ 1749.938750][T13228] hid-led 0003:0FC5:B080.0112: hidraw0: USB HID v0.00 Device [HID 0fc5:b080] on usb-dummy_hcd.4-1/input0 [ 1749.998394][T13228] hid-led 0003:0FC5:B080.0112: Delcom Visual Signal Indicator G2 initialized [ 1750.203493][T30573] usb 5-1: USB disconnect, device number 96 [ 1752.275791][T30573] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 1752.475258][T30573] usb 3-1: config 0 has too many interfaces: 129, using maximum allowed: 32 [ 1752.489279][T30573] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 129 [ 1752.518964][T30573] usb 3-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 1752.556448][T30573] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1752.573370][T30573] usb 3-1: Product: syz [ 1752.589173][T30573] usb 3-1: Manufacturer: syz [ 1752.593846][T30573] usb 3-1: SerialNumber: syz [ 1752.616428][T30573] usb 3-1: config 0 descriptor?? [ 1752.765952][T13228] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 1752.925716][T13228] usb 5-1: Using ep0 maxpacket: 16 [ 1752.951147][T13228] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 1752.964257][T13228] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 1752.983280][T13228] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 1752.992036][T13228] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 1753.014060][T13228] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1753.032398][T13228] usb 5-1: config 0 has no interface number 0 [ 1753.045657][T13228] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 1753.076070][T13228] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 1753.095587][T13228] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1753.116190][T13228] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1753.149928][T13228] usb 5-1: config 0 interface 125 has no altsetting 0 [ 1753.161256][T13228] usb 5-1: config 0 interface 125 has no altsetting 2 [ 1753.180770][T13228] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 1753.202667][T13228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1753.221087][T13228] usb 5-1: Product: syz [ 1753.231212][T13228] usb 5-1: Manufacturer: syz [ 1753.237563][T13228] usb 5-1: SerialNumber: syz [ 1753.254852][T13228] usb 5-1: config 0 descriptor?? [ 1753.263969][T13228] usb 5-1: selecting invalid altsetting 2 [ 1753.267408][T30573] mos7840 3-1:0.0: required endpoints missing [ 1753.296096][T30573] usb 3-1: USB disconnect, device number 73 [ 1753.772110][T31854] loop8: detected capacity change from 0 to 8 [ 1753.783998][T31854] Dev loop8: unable to read RDB block 8 [ 1753.792323][T31854] loop8: unable to read partition table [ 1753.798605][T31854] loop8: partition table beyond EOD, truncated [ 1753.821373][T31854] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 1753.938242][T31856] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26721'. [ 1754.282722][T13228] get_1284_register timeout [ 1754.287978][ C1] usb 5-1: async_complete: urb error -71 [ 1754.319064][T13228] uss720 5-1:0.125: probe with driver uss720 failed with error -5 [ 1754.362371][T13228] usb 5-1: USB disconnect, device number 97 [ 1755.093743][T31886] input: syz0 as /devices/virtual/input/input215 [ 1755.112920][T31886] input: failed to attach handler leds to device input215, error: -6 [ 1755.187662][T30581] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 1755.347004][T30581] usb 3-1: Using ep0 maxpacket: 16 [ 1755.366140][T30581] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1755.380078][T30581] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1755.390674][T30581] usb 3-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1755.404927][T30581] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1755.412393][T30581] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 1755.422210][T30581] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1755.445089][T30581] usb 3-1: config 0 descriptor?? [ 1755.596128][T30573] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1755.766515][T30573] usb 6-1: Using ep0 maxpacket: 8 [ 1755.777786][T30573] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 1755.789101][T30573] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1755.805110][T30573] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1755.820582][T30573] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1755.835344][T30573] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1755.863023][T30573] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1755.887101][T30573] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1755.948662][T30581] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5010.0113/input/input216 [ 1756.085417][T30581] kye 0003:0458:5010.0113: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0 [ 1756.151618][T30573] usb 6-1: usb_control_msg returned -32 [ 1756.160565][T31915] syzkaller1: entered promiscuous mode [ 1756.183251][T30573] usbtmc 6-1:16.0: can't read capabilities [ 1756.216842][T31915] syzkaller1: entered allmulticast mode [ 1756.303558][T31917] sctp: [Deprecated]: syz.1.26747 (pid 31917) Use of int in maxseg socket option. [ 1756.303558][T31917] Use struct sctp_assoc_value instead [ 1757.111542][ C1] kye 0003:0458:5010.0113: usb_submit_urb(ctrl) failed: -1 [ 1757.124571][T13228] usb 3-1: USB disconnect, device number 74 [ 1757.855111][T31956] Invalid logical block size (1) [ 1757.944320][T31958] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 1757.950901][T31958] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1757.961052][T31958] vhci_hcd vhci_hcd.0: Device attached [ 1757.974012][T31958] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(5) [ 1757.980578][T31958] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1757.991378][T31958] vhci_hcd vhci_hcd.0: Device attached [ 1758.002078][T31958] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(7) [ 1758.008622][T31958] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1758.017030][T31958] vhci_hcd vhci_hcd.0: Device attached [ 1758.031060][T31958] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(9) [ 1758.037616][T31958] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1758.047930][T31958] vhci_hcd vhci_hcd.0: Device attached [ 1758.058164][T31958] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(11) [ 1758.064959][T31958] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1758.076460][T31958] vhci_hcd vhci_hcd.0: Device attached [ 1758.084150][T31967] vhci_hcd: connection closed [ 1758.085231][ T53] vhci_hcd: stop threads [ 1758.095662][T31965] vhci_hcd: connection closed [ 1758.095742][T31963] vhci_hcd: connection closed [ 1758.100517][T31961] vhci_hcd: connection closed [ 1758.105472][T31959] vhci_hcd: connection closed [ 1758.111084][ T53] vhci_hcd: release socket [ 1758.122797][ T53] vhci_hcd: disconnect device [ 1758.130303][ T53] vhci_hcd: stop threads [ 1758.134706][ T53] vhci_hcd: release socket [ 1758.139542][T30573] vhci_hcd: vhci_device speed not set [ 1758.151164][ T53] vhci_hcd: disconnect device [ 1758.157192][ T53] vhci_hcd: stop threads [ 1758.161479][ T53] vhci_hcd: release socket [ 1758.166654][ T53] vhci_hcd: disconnect device [ 1758.171647][ T53] vhci_hcd: stop threads [ 1758.176950][ T53] vhci_hcd: release socket [ 1758.181445][ T53] vhci_hcd: disconnect device [ 1758.186587][ T53] vhci_hcd: stop threads [ 1758.190862][ T53] vhci_hcd: release socket [ 1758.195357][ T53] vhci_hcd: disconnect device [ 1758.206554][T30573] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 1758.214160][T30573] usb 37-1: enqueue for inactive port 0 [ 1758.287196][T30573] vhci_hcd: vhci_device speed not set [ 1758.376234][T13228] usb 6-1: USB disconnect, device number 3 [ 1759.366985][T32002] ALSA: seq fatal error: cannot create timer (-19) [ 1759.679076][ T30] audit: type=1326 audit(1746312135.363:7211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32015 comm="syz.5.26785" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb7539 code=0x0 [ 1761.148992][T32065] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 1761.155584][T32065] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1761.209415][T32068] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(6) [ 1761.215993][T32068] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1761.229287][T32068] vhci_hcd vhci_hcd.0: Device attached [ 1761.257711][T32065] vhci_hcd vhci_hcd.0: Device attached [ 1761.268985][T32068] vhci_hcd vhci_hcd.0: pdev(5) rhport(2) sockfd(8) [ 1761.275565][T32068] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1761.286317][T32068] vhci_hcd vhci_hcd.0: Device attached [ 1761.323582][T32065] vhci_hcd vhci_hcd.0: pdev(5) rhport(3) sockfd(5) [ 1761.330170][T32065] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1761.339330][T32065] vhci_hcd vhci_hcd.0: Device attached [ 1761.351314][T32065] vhci_hcd vhci_hcd.0: pdev(5) rhport(4) sockfd(11) [ 1761.357965][T32065] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1761.374919][T32065] vhci_hcd vhci_hcd.0: Device attached [ 1761.391517][T32075] vhci_hcd: connection closed [ 1761.393453][T32071] vhci_hcd: connection closed [ 1761.399112][ T1327] vhci_hcd: stop threads [ 1761.399258][T32073] vhci_hcd: connection closed [ 1761.408354][T13228] vhci_hcd: vhci_device speed not set [ 1761.414489][ T1327] vhci_hcd: release socket [ 1761.426118][T32069] vhci_hcd: connection closed [ 1761.429729][T32066] vhci_hcd: connection closed [ 1761.437341][ T1327] vhci_hcd: disconnect device [ 1761.454947][ T1327] vhci_hcd: stop threads [ 1761.465043][ T1327] vhci_hcd: release socket [ 1761.476486][T13228] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 1761.476610][ T1327] vhci_hcd: disconnect device [ 1761.486898][T32067] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 1761.502491][ T1327] vhci_hcd: stop threads [ 1761.519171][ T1327] vhci_hcd: release socket [ 1761.552402][ T1327] vhci_hcd: disconnect device [ 1761.576287][ T1327] vhci_hcd: stop threads [ 1761.580684][ T1327] vhci_hcd: release socket [ 1761.596219][ T1327] vhci_hcd: disconnect device [ 1761.601231][ T1327] vhci_hcd: stop threads [ 1761.612536][ T1327] vhci_hcd: release socket [ 1761.617368][ T1327] vhci_hcd: disconnect device [ 1762.487555][T32112] netlink: 'syz.2.26822': attribute type 13 has an invalid length. [ 1762.528457][T32112] batman_adv: batadv0: Interface deactivated: wlan0 [ 1762.586673][T32112] veth1_macvtap: left allmulticast mode [ 1762.627736][T32112] veth1_to_batadv: left promiscuous mode [ 1763.722407][T32155] netlink: 40 bytes leftover after parsing attributes in process `syz.2.26842'. [ 1763.734487][T32155] netlink: 20 bytes leftover after parsing attributes in process `syz.2.26842'. [ 1763.755119][T32155] netlink: 40 bytes leftover after parsing attributes in process `syz.2.26842'. [ 1763.765442][T32155] netlink: 20 bytes leftover after parsing attributes in process `syz.2.26842'. [ 1764.896419][T32197] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 1764.903014][T32197] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1764.915243][T32197] vhci_hcd vhci_hcd.0: Device attached [ 1764.932805][T32197] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(5) [ 1764.939403][T32197] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1764.988543][T32202] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(8) [ 1764.995125][T32202] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1765.024223][T32206] sctp: [Deprecated]: syz.5.26859 (pid 32206) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1765.024223][T32206] Use struct sctp_sack_info instead [ 1765.029802][T32197] vhci_hcd vhci_hcd.0: Device attached [ 1765.044231][T32202] vhci_hcd vhci_hcd.0: Device attached [ 1765.085788][T30575] vhci_hcd: vhci_device speed not set [ 1765.091632][T32207] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(11) [ 1765.098267][T32207] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1765.125757][T32207] vhci_hcd vhci_hcd.0: Device attached [ 1765.177925][T30575] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 1765.231176][T32197] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(7) [ 1765.237761][T32197] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1765.262978][T32197] vhci_hcd vhci_hcd.0: Device attached [ 1765.278747][T32212] vhci_hcd: connection closed [ 1765.278853][T32203] vhci_hcd: connection closed [ 1765.279300][T32208] vhci_hcd: connection closed [ 1765.288444][ T3549] vhci_hcd: stop threads [ 1765.288703][T32200] vhci_hcd: connection closed [ 1765.293170][ T3549] vhci_hcd: release socket [ 1765.297448][T32198] vhci_hcd: connection reset by peer [ 1765.348821][ T3549] vhci_hcd: disconnect device [ 1765.365126][ T3549] vhci_hcd: stop threads [ 1765.385666][ T3549] vhci_hcd: release socket [ 1765.393681][ T3549] vhci_hcd: disconnect device [ 1765.424993][ T3549] vhci_hcd: stop threads [ 1765.437266][ T3549] vhci_hcd: release socket [ 1765.446034][ T3549] vhci_hcd: disconnect device [ 1765.456260][ T3549] vhci_hcd: stop threads [ 1765.462185][ T3549] vhci_hcd: release socket [ 1765.510926][ T3549] vhci_hcd: disconnect device [ 1765.535998][ T3549] vhci_hcd: stop threads [ 1765.545854][ T3549] vhci_hcd: release socket [ 1765.556978][ T3549] vhci_hcd: disconnect device [ 1766.585958][T13228] vhci_hcd: vhci_device speed not set [ 1766.618455][T32234] loop2: detected capacity change from 0 to 7 [ 1766.640474][T32234] Dev loop2: unable to read RDB block 7 [ 1766.686183][T32234] loop2: unable to read partition table [ 1766.722739][T32234] loop2: partition table beyond EOD, truncated [ 1766.739379][T32234] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1767.165853][T30581] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 1767.345677][T30581] usb 3-1: Using ep0 maxpacket: 8 [ 1767.356336][T30581] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 1767.364874][T30581] usb 3-1: config 179 has no interface number 0 [ 1767.386082][T30581] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1767.399187][T30581] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1767.425554][T30581] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1767.445543][T30581] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 1767.465558][T30581] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1767.505978][T30581] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1767.515089][T30581] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1767.535302][T32239] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1767.789038][T30581] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input217 [ 1767.990215][T32239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1768.006284][T32239] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1768.229289][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1768.229294][T30573] usb 3-1: USB disconnect, device number 75 [ 1768.229341][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1768.834215][T32281] netlink: 32 bytes leftover after parsing attributes in process `syz.2.26889'. [ 1768.857456][T32281] netlink: 32 bytes leftover after parsing attributes in process `syz.2.26889'. [ 1770.266460][T30575] vhci_hcd: vhci_device speed not set [ 1770.447509][T32319] macvlan4: entered promiscuous mode [ 1770.485777][T32319] bridge0: entered promiscuous mode [ 1770.567943][T32319] macvlan5: entered promiscuous mode [ 1770.888698][T32329] kvm: kvm [32328]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010000) = 0x79a38c48ff000000 [ 1771.150560][T32338] sctp: [Deprecated]: syz.2.26912 (pid 32338) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1771.150560][T32338] Use struct sctp_sack_info instead [ 1772.095072][T32355] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26919'. [ 1772.604208][T32369] openvswitch: netlink: IPv4 tun info is not correct [ 1774.804138][T32441] input: syz1 as /devices/virtual/input/input218 [ 1774.826463][T30581] usb 3-1: new full-speed USB device number 76 using dummy_hcd [ 1774.931480][T13228] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1775.000626][T30581] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 1775.032062][T30581] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1775.097712][T30581] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 1775.109578][T30581] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 1775.120732][T13228] usb 6-1: Using ep0 maxpacket: 8 [ 1775.127768][T13228] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 1775.136787][T30581] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1775.150414][T13228] usb 6-1: config 0 has no interface number 0 [ 1775.166459][T13228] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1775.177796][T30581] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1775.184611][T13228] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1775.195018][T13228] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1775.206135][T30581] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1775.217646][T30581] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1775.228232][T13228] usb 6-1: config 0 descriptor?? [ 1775.233469][T30581] usb 3-1: Product: syz [ 1775.241753][T30581] usb 3-1: Manufacturer: syz [ 1775.248306][T13228] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1775.259406][T30581] usb 3-1: SerialNumber: syz [ 1775.267015][T30581] usb 3-1: config 0 descriptor?? [ 1775.278377][T32430] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1775.290282][T30581] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1775.302577][T30581] ldusb 3-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 1775.327754][T30575] usb 5-1: new full-speed USB device number 98 using dummy_hcd [ 1775.438268][T32455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.26965'. [ 1775.497672][T30575] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 1775.520377][T30575] usb 5-1: config 0 has no interface number 0 [ 1775.531097][T30575] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1775.550334][T30575] usb 5-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid maxpacket 65535, setting to 64 [ 1775.584222][T30575] usb 5-1: config 0 interface 113 has no altsetting 0 [ 1775.612646][T30575] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1775.639035][T30575] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1775.650339][T30575] usb 5-1: Product: syz [ 1775.654562][T30575] usb 5-1: Manufacturer: syz [ 1775.660342][T30575] usb 5-1: SerialNumber: syz [ 1775.670661][T30575] usb 5-1: config 0 descriptor?? [ 1775.683778][T32449] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 1775.700910][ C0] usb 5-1: NFC: Urb failure (status -71) [ 1775.712617][ C0] usb 5-1: NFC: Urb failure (status -71) [ 1775.721428][T30575] usb 5-1: NFC: Unable to get FW version [ 1775.747170][T30575] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -71 [ 1775.905038][T30575] usb 5-1: USB disconnect, device number 98 [ 1776.526110][T13228] usb 6-1: USB disconnect, device number 4 [ 1776.534242][T30581] usb 3-1: USB disconnect, device number 76 [ 1776.559862][T30581] ldusb 3-1:0.0: LD USB Device #1 now disconnected [ 1778.266267][T32481] netlink: 'syz.5.26975': attribute type 13 has an invalid length. [ 1779.614335][T32498] loop6: detected capacity change from 0 to 7 [ 1779.639660][T32498] Dev loop6: unable to read RDB block 7 [ 1779.657594][T32498] loop6: unable to read partition table [ 1779.663625][T32498] loop6: partition table beyond EOD, truncated [ 1779.676534][T32481] bond0: left promiscuous mode [ 1779.681575][T32498] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1779.696364][T32481] bond_slave_0: left promiscuous mode [ 1779.707261][T32481] bond_slave_1: left promiscuous mode [ 1779.740784][T32481] bridge0: left promiscuous mode [ 1781.508862][T32555] xfrm1: left allmulticast mode [ 1784.351867][T32656] netlink: 4 bytes leftover after parsing attributes in process `syz.1.27051'. [ 1784.558218][T32661] syzkaller1: entered promiscuous mode [ 1784.563806][T32661] syzkaller1: entered allmulticast mode [ 1784.964646][T32673] syzkaller1: entered promiscuous mode [ 1784.998046][T32673] syzkaller1: entered allmulticast mode [ 1785.050822][T32673] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 348 [ 1785.835595][T13228] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 1786.012704][T13228] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1786.052290][T13228] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1786.079629][T13228] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1786.120106][T13228] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1786.142034][T13228] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1786.181675][T13228] usb 5-1: config 0 descriptor?? [ 1786.646916][T13228] plantronics 0003:047F:FFFF.0114: reserved main item tag 0xd [ 1786.671312][T13228] plantronics 0003:047F:FFFF.0114: No inputs registered, leaving [ 1786.726055][T13228] plantronics 0003:047F:FFFF.0114: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1786.975902][T30575] usb 5-1: USB disconnect, device number 99 [ 1787.217337][T32743] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1787.709216][T32757] input: syz0 as /devices/virtual/input/input220 [ 1787.866460][T30575] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1787.953587][T32760] [U] [ 1787.992971][T32760] [U] [ 1787.996222][T32760] [U] [ 1787.998957][T32760] [U] [ 1788.003129][T32760] [U] [ 1788.005864][T32760] [U] [ 1788.008579][T32760] [U] [ 1788.011278][T32760] [U] [ 1788.040100][T32760] [U] [ 1788.042868][T32760] [U] [ 1788.045587][T32760] [U] [ 1788.093243][T32759] [U] [ 1788.098640][T30575] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 1788.118670][T30575] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1788.160236][T30575] usb 3-1: config 0 descriptor?? [ 1788.172363][T30575] gspca_main: spca508-2.14.0 probing 8086:0110 [ 1788.286011][T13228] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1788.381850][T30575] gspca_spca508: reg_read err -32 [ 1788.394783][T30575] gspca_spca508: reg_read err -32 [ 1788.402351][T30575] gspca_spca508: reg_read err -32 [ 1788.470727][T13228] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1788.485224][T13228] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1788.493417][T13228] usb 6-1: Product: syz [ 1788.501026][T13228] usb 6-1: Manufacturer: syz [ 1788.506542][T13228] usb 6-1: SerialNumber: syz [ 1788.522197][T13228] usb 6-1: config 0 descriptor?? [ 1788.530127][ T304] netlink: zone id is out of range [ 1788.539602][ T304] netlink: del zone limit has 4 unknown bytes [ 1788.548845][T13228] ch341 6-1:0.0: ch341-uart converter detected [ 1788.624633][T30575] gspca_spca508: reg_read err -71 [ 1788.644711][T30575] gspca_spca508: reg write: error -71 [ 1788.653952][T30575] spca508 3-1:0.0: probe with driver spca508 failed with error -71 [ 1788.679568][T30575] usb 3-1: USB disconnect, device number 77 [ 1788.748642][ T308] sctp: [Deprecated]: syz.4.27103 (pid 308) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1788.748642][ T308] Use struct sctp_sack_info instead [ 1789.426482][T30575] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 1789.570139][T13228] usb 6-1: failed to send control message: -71 [ 1789.583805][T13228] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 1789.595834][T30575] usb 3-1: Using ep0 maxpacket: 8 [ 1789.596768][T13228] usb 6-1: USB disconnect, device number 5 [ 1789.611189][T13228] ch341 6-1:0.0: device disconnected [ 1789.619274][T30575] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 1789.632507][T30575] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1789.643939][T30575] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1789.654361][T30575] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1789.664958][T30575] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1789.705564][T30575] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1789.714899][T30575] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1789.941398][T30575] usb 3-1: usb_control_msg returned -32 [ 1789.947558][T30575] usbtmc 3-1:16.0: can't read capabilities [ 1789.995927][T30581] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 1790.155782][T30581] usb 5-1: Using ep0 maxpacket: 32 [ 1790.163346][T30581] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 1790.173491][T30581] usb 5-1: config 0 has no interface number 0 [ 1790.179790][T30581] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1790.190907][T30581] usb 5-1: config 0 interface 85 has no altsetting 0 [ 1790.200550][T30581] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1790.209917][T30581] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1790.219359][T30581] usb 5-1: Product: syz [ 1790.223664][T30581] usb 5-1: Manufacturer: syz [ 1790.229214][T30581] usb 5-1: SerialNumber: syz [ 1790.237243][T30581] usb 5-1: config 0 descriptor?? [ 1790.506227][T13228] usb 3-1: USB disconnect, device number 78 [ 1790.546434][T30575] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1790.706913][T30575] usb 6-1: Using ep0 maxpacket: 16 [ 1790.715098][T30575] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1790.724333][T30575] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1790.735247][T30575] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1790.744645][T30575] usb 6-1: config 1 has no interface number 1 [ 1790.750985][T30575] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1790.764522][T30575] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1790.780889][T30575] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1790.790686][T30575] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1790.803115][T30575] usb 6-1: Product: syz [ 1790.807910][T30575] usb 6-1: Manufacturer: syz [ 1790.812557][T30575] usb 6-1: SerialNumber: syz [ 1790.860542][T30581] appletouch 5-1:0.85: Geyser mode initialized. [ 1790.869958][T30581] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input221 [ 1791.060871][T30575] usb 6-1: USB disconnect, device number 6 [ 1791.105797][T30573] usb 5-1: USB disconnect, device number 100 [ 1791.171943][T30573] appletouch 5-1:0.85: input: appletouch disconnected [ 1791.878685][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.885243][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1792.187410][ T346] [ 1792.189796][ T346] ===================================================== [ 1792.196751][ T346] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1792.204244][ T346] 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 Not tainted [ 1792.211395][ T346] ----------------------------------------------------- [ 1792.218361][ T346] syz.0.27116/346 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1792.226107][ T346] ffff88807de8bc90 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1792.234870][ T346] [ 1792.234870][ T346] and this task is already holding: [ 1792.242261][ T346] ffff888032c27028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1792.252050][ T346] which would create a new lock dependency: [ 1792.257952][ T346] (&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1792.266075][ T346] [ 1792.266075][ T346] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1792.275613][ T346] (&client->buffer_lock){..-.}-{3:3} [ 1792.275643][ T346] [ 1792.275643][ T346] ... which became SOFTIRQ-irq-safe at: [ 1792.288882][ T346] lock_acquire+0x120/0x360 [ 1792.293486][ T346] _raw_spin_lock+0x2e/0x40 [ 1792.298077][ T346] evdev_pass_values+0xb9/0xbd0 [ 1792.303379][ T346] evdev_events+0x1e6/0x340 [ 1792.307985][ T346] input_pass_values+0x285/0x890 [ 1792.313020][ T346] input_event_dispose+0x3e5/0x6b0 [ 1792.318231][ T346] input_event+0x8c/0xc0 [ 1792.322574][ T346] xpad360_process_packet+0x480/0xb30 [ 1792.328045][ T346] xpad_irq_in+0x187/0x2500 [ 1792.332638][ T346] __usb_hcd_giveback_urb+0x417/0x690 [ 1792.338102][ T346] dummy_timer+0x862/0x4550 [ 1792.342700][ T346] __hrtimer_run_queues+0x529/0xc60 [ 1792.348002][ T346] hrtimer_run_softirq+0x187/0x2b0 [ 1792.353219][ T346] handle_softirqs+0x283/0x870 [ 1792.358095][ T346] __irq_exit_rcu+0xca/0x1f0 [ 1792.362781][ T346] irq_exit_rcu+0x9/0x30 [ 1792.367109][ T346] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1792.372870][ T346] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1792.378963][ T346] finish_task_switch+0x26b/0x950 [ 1792.384093][ T346] __schedule+0x16ea/0x4cd0 [ 1792.388704][ T346] schedule+0x165/0x360 [ 1792.392957][ T346] schedule_timeout+0x12b/0x270 [ 1792.397908][ T346] rcu_gp_fqs_loop+0x301/0x1540 [ 1792.402854][ T346] rcu_gp_kthread+0x99/0x390 [ 1792.407543][ T346] kthread+0x70e/0x8a0 [ 1792.411705][ T346] ret_from_fork+0x4b/0x80 [ 1792.416214][ T346] ret_from_fork_asm+0x1a/0x30 [ 1792.421087][ T346] [ 1792.421087][ T346] to a SOFTIRQ-irq-unsafe lock: [ 1792.428122][ T346] (tasklist_lock){.+.+}-{3:3} [ 1792.428157][ T346] [ 1792.428157][ T346] ... which became SOFTIRQ-irq-unsafe at: [ 1792.440824][ T346] ... [ 1792.440837][ T346] lock_acquire+0x120/0x360 [ 1792.448114][ T346] _raw_read_lock+0x36/0x50 [ 1792.452716][ T346] __do_wait+0xde/0x740 [ 1792.456991][ T346] do_wait+0x1f8/0x520 [ 1792.461249][ T346] kernel_wait+0xab/0x170 [ 1792.465686][ T346] call_usermodehelper_exec_work+0xbe/0x230 [ 1792.471698][ T346] process_scheduled_works+0xadb/0x17a0 [ 1792.477368][ T346] worker_thread+0x8a0/0xda0 [ 1792.482049][ T346] kthread+0x70e/0x8a0 [ 1792.486211][ T346] ret_from_fork+0x4b/0x80 [ 1792.490720][ T346] ret_from_fork_asm+0x1a/0x30 [ 1792.495577][ T346] [ 1792.495577][ T346] other info that might help us debug this: [ 1792.495577][ T346] [ 1792.505823][ T346] Chain exists of: [ 1792.505823][ T346] &client->buffer_lock --> &new->fa_lock --> tasklist_lock [ 1792.505823][ T346] [ 1792.518971][ T346] Possible interrupt unsafe locking scenario: [ 1792.518971][ T346] [ 1792.527309][ T346] CPU0 CPU1 [ 1792.532712][ T346] ---- ---- [ 1792.538084][ T346] lock(tasklist_lock); [ 1792.542346][ T346] local_irq_disable(); [ 1792.549104][ T346] lock(&client->buffer_lock); [ 1792.556581][ T346] lock(&new->fa_lock); [ 1792.563353][ T346] [ 1792.566809][ T346] lock(&client->buffer_lock); [ 1792.571840][ T346] [ 1792.571840][ T346] *** DEADLOCK *** [ 1792.571840][ T346] [ 1792.579981][ T346] 7 locks held by syz.0.27116/346: [ 1792.585100][ T346] #0: ffff888029171118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 1792.594280][ T346] #1: ffff88801bbb6230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 [ 1792.604399][ T346] #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 [ 1792.614077][ T346] #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 1792.623674][ T346] #4: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 1792.632848][ T346] #5: ffff888032c27028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1792.643166][ T346] #6: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1792.652280][ T346] [ 1792.652280][ T346] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1792.662705][ T346] -> (&client->buffer_lock){..-.}-{3:3} { [ 1792.668476][ T346] IN-SOFTIRQ-W at: [ 1792.672465][ T346] lock_acquire+0x120/0x360 [ 1792.678637][ T346] _raw_spin_lock+0x2e/0x40 [ 1792.684799][ T346] evdev_pass_values+0xb9/0xbd0 [ 1792.691314][ T346] evdev_events+0x1e6/0x340 [ 1792.697581][ T346] input_pass_values+0x285/0x890 [ 1792.704197][ T346] input_event_dispose+0x3e5/0x6b0 [ 1792.710990][ T346] input_event+0x8c/0xc0 [ 1792.716937][ T346] xpad360_process_packet+0x480/0xb30 [ 1792.723982][ T346] xpad_irq_in+0x187/0x2500 [ 1792.730343][ T346] __usb_hcd_giveback_urb+0x417/0x690 [ 1792.737395][ T346] dummy_timer+0x862/0x4550 [ 1792.743563][ T346] __hrtimer_run_queues+0x529/0xc60 [ 1792.750429][ T346] hrtimer_run_softirq+0x187/0x2b0 [ 1792.757244][ T346] handle_softirqs+0x283/0x870 [ 1792.763768][ T346] __irq_exit_rcu+0xca/0x1f0 [ 1792.770020][ T346] irq_exit_rcu+0x9/0x30 [ 1792.775923][ T346] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1792.783214][ T346] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1792.790855][ T346] finish_task_switch+0x26b/0x950 [ 1792.797540][ T346] __schedule+0x16ea/0x4cd0 [ 1792.803709][ T346] schedule+0x165/0x360 [ 1792.809519][ T346] schedule_timeout+0x12b/0x270 [ 1792.816037][ T346] rcu_gp_fqs_loop+0x301/0x1540 [ 1792.822583][ T346] rcu_gp_kthread+0x99/0x390 [ 1792.828836][ T346] kthread+0x70e/0x8a0 [ 1792.834561][ T346] ret_from_fork+0x4b/0x80 [ 1792.840634][ T346] ret_from_fork_asm+0x1a/0x30 [ 1792.847054][ T346] INITIAL USE at: [ 1792.850965][ T346] lock_acquire+0x120/0x360 [ 1792.857047][ T346] _raw_spin_lock+0x2e/0x40 [ 1792.863123][ T346] evdev_pass_values+0xb9/0xbd0 [ 1792.869555][ T346] evdev_events+0x1e6/0x340 [ 1792.875640][ T346] input_pass_values+0x285/0x890 [ 1792.882267][ T346] input_event_dispose+0x330/0x6b0 [ 1792.888949][ T346] input_inject_event+0x1fe/0x320 [ 1792.895545][ T346] evdev_write+0x2fc/0x480 [ 1792.901537][ T346] vfs_write+0x27b/0xa90 [ 1792.907350][ T346] ksys_write+0x145/0x250 [ 1792.913257][ T346] __do_fast_syscall_32+0xb4/0x110 [ 1792.919946][ T346] do_fast_syscall_32+0x34/0x80 [ 1792.926393][ T346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1792.934309][ T346] } [ 1792.936814][ T346] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 1792.945095][ T346] [ 1792.945095][ T346] the dependencies between the lock to be acquired [ 1792.945107][ T346] and SOFTIRQ-irq-unsafe lock: [ 1792.958656][ T346] -> (tasklist_lock){.+.+}-{3:3} { [ 1792.963994][ T346] HARDIRQ-ON-R at: [ 1792.968159][ T346] lock_acquire+0x120/0x360 [ 1792.974698][ T346] _raw_read_lock+0x36/0x50 [ 1792.981256][ T346] __do_wait+0xde/0x740 [ 1792.987431][ T346] do_wait+0x1f8/0x520 [ 1792.993506][ T346] kernel_wait+0xab/0x170 [ 1792.999844][ T346] call_usermodehelper_exec_work+0xbe/0x230 [ 1793.007753][ T346] process_scheduled_works+0xadb/0x17a0 [ 1793.015308][ T346] worker_thread+0x8a0/0xda0 [ 1793.021898][ T346] kthread+0x70e/0x8a0 [ 1793.027998][ T346] ret_from_fork+0x4b/0x80 [ 1793.034418][ T346] ret_from_fork_asm+0x1a/0x30 [ 1793.041188][ T346] SOFTIRQ-ON-R at: [ 1793.045384][ T346] lock_acquire+0x120/0x360 [ 1793.051921][ T346] _raw_read_lock+0x36/0x50 [ 1793.058528][ T346] __do_wait+0xde/0x740 [ 1793.064696][ T346] do_wait+0x1f8/0x520 [ 1793.070779][ T346] kernel_wait+0xab/0x170 [ 1793.077128][ T346] call_usermodehelper_exec_work+0xbe/0x230 [ 1793.085127][ T346] process_scheduled_works+0xadb/0x17a0 [ 1793.092685][ T346] worker_thread+0x8a0/0xda0 [ 1793.099302][ T346] kthread+0x70e/0x8a0 [ 1793.105401][ T346] ret_from_fork+0x4b/0x80 [ 1793.111831][ T346] ret_from_fork_asm+0x1a/0x30 [ 1793.118605][ T346] INITIAL USE at: [ 1793.122679][ T346] lock_acquire+0x120/0x360 [ 1793.129108][ T346] _raw_write_lock_irq+0xa2/0xf0 [ 1793.135972][ T346] copy_process+0x21d5/0x3b80 [ 1793.142571][ T346] kernel_clone+0x21e/0x870 [ 1793.149003][ T346] user_mode_thread+0xdd/0x140 [ 1793.155689][ T346] rest_init+0x23/0x300 [ 1793.161783][ T346] start_kernel+0x470/0x4f0 [ 1793.168208][ T346] x86_64_start_reservations+0x2a/0x30 [ 1793.175594][ T346] x86_64_start_kernel+0x66/0x70 [ 1793.182454][ T346] common_startup_64+0x13e/0x147 [ 1793.189333][ T346] INITIAL READ USE at: [ 1793.193847][ T346] lock_acquire+0x120/0x360 [ 1793.200711][ T346] _raw_read_lock+0x36/0x50 [ 1793.207564][ T346] __do_wait+0xde/0x740 [ 1793.214099][ T346] do_wait+0x1f8/0x520 [ 1793.220630][ T346] kernel_wait+0xab/0x170 [ 1793.227322][ T346] call_usermodehelper_exec_work+0xbe/0x230 [ 1793.235593][ T346] process_scheduled_works+0xadb/0x17a0 [ 1793.243611][ T346] worker_thread+0x8a0/0xda0 [ 1793.250558][ T346] kthread+0x70e/0x8a0 [ 1793.256980][ T346] ret_from_fork+0x4b/0x80 [ 1793.263844][ T346] ret_from_fork_asm+0x1a/0x30 [ 1793.270963][ T346] } [ 1793.273635][ T346] ... key at: [] tasklist_lock+0x18/0x40 [ 1793.281549][ T346] ... acquired at: [ 1793.285532][ T346] lock_acquire+0x120/0x360 [ 1793.290223][ T346] _raw_read_lock+0x36/0x50 [ 1793.294903][ T346] send_sigurg+0x12b/0x420 [ 1793.299505][ T346] sk_send_sigurg+0x6c/0x2e0 [ 1793.304266][ T346] queue_oob+0x3d9/0x4e0 [ 1793.308689][ T346] unix_stream_sendmsg+0xa41/0xb60 [ 1793.313976][ T346] __sock_sendmsg+0x219/0x270 [ 1793.318840][ T346] ____sys_sendmsg+0x52d/0x830 [ 1793.323781][ T346] ___sys_sendmsg+0x21f/0x2a0 [ 1793.328639][ T346] __sys_sendmmsg+0x28e/0x430 [ 1793.333525][ T346] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1793.339268][ T346] __do_fast_syscall_32+0xb4/0x110 [ 1793.344660][ T346] do_fast_syscall_32+0x34/0x80 [ 1793.349727][ T346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1793.356242][ T346] [ 1793.358568][ T346] -> (&f_owner->lock){....}-{3:3} { [ 1793.363897][ T346] INITIAL USE at: [ 1793.367881][ T346] lock_acquire+0x120/0x360 [ 1793.374135][ T346] _raw_write_lock_irq+0xa2/0xf0 [ 1793.380819][ T346] __f_setown+0x67/0x370 [ 1793.386898][ T346] generic_setlease+0xd5d/0x1240 [ 1793.393604][ T346] fcntl_setlease+0x3a2/0x4c0 [ 1793.400019][ T346] do_fcntl+0x6a0/0x1910 [ 1793.406002][ T346] do_compat_fcntl64+0x484/0x720 [ 1793.412699][ T346] __do_fast_syscall_32+0xb4/0x110 [ 1793.419568][ T346] do_fast_syscall_32+0x34/0x80 [ 1793.426174][ T346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1793.434254][ T346] INITIAL READ USE at: [ 1793.438707][ T346] lock_acquire+0x120/0x360 [ 1793.445410][ T346] _raw_read_lock_irqsave+0xaf/0x100 [ 1793.452870][ T346] send_sigio+0x38/0x370 [ 1793.459304][ T346] dnotify_handle_event+0x169/0x440 [ 1793.466692][ T346] fsnotify+0x1814/0x1a80 [ 1793.473206][ T346] fsnotify_access+0x22b/0x2a0 [ 1793.480149][ T346] iterate_dir+0x600/0x770 [ 1793.486746][ T346] __se_sys_getdents64+0xe4/0x260 [ 1793.493950][ T346] __do_fast_syscall_32+0xb4/0x110 [ 1793.501267][ T346] do_fast_syscall_32+0x34/0x80 [ 1793.508297][ T346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1793.516807][ T346] } [ 1793.519389][ T346] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1793.528369][ T346] ... acquired at: [ 1793.532531][ T346] lock_acquire+0x120/0x360 [ 1793.537231][ T346] _raw_read_lock_irqsave+0xaf/0x100 [ 1793.542700][ T346] send_sigio+0x38/0x370 [ 1793.547139][ T346] kill_fasync+0x24d/0x4d0 [ 1793.551740][ T346] lease_break_callback+0x26/0x30 [ 1793.556942][ T346] __break_lease+0x6a2/0x1620 [ 1793.561802][ T346] do_dentry_open+0xd62/0x1970 [ 1793.566748][ T346] vfs_open+0x3b/0x340 [ 1793.570999][ T346] path_openat+0x2ee5/0x3830 [ 1793.575768][ T346] do_filp_open+0x1fa/0x410 [ 1793.580456][ T346] do_sys_openat2+0x121/0x1c0 [ 1793.585319][ T346] __ia32_compat_sys_openat+0x131/0x160 [ 1793.591075][ T346] __do_fast_syscall_32+0xb4/0x110 [ 1793.596408][ T346] do_fast_syscall_32+0x34/0x80 [ 1793.601448][ T346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1793.608046][ T346] [ 1793.610419][ T346] -> (&new->fa_lock){....}-{3:3} { [ 1793.615561][ T346] INITIAL USE at: [ 1793.619464][ T346] lock_acquire+0x120/0x360 [ 1793.625541][ T346] _raw_write_lock_irq+0xa2/0xf0 [ 1793.632047][ T346] fasync_remove_entry+0xf1/0x1c0 [ 1793.638653][ T346] lease_modify+0x1ca/0x3c0 [ 1793.644731][ T346] locks_remove_file+0x4bf/0xea0 [ 1793.651232][ T346] __fput+0x3ab/0xa70 [ 1793.656816][ T346] task_work_run+0x1d1/0x260 [ 1793.662999][ T346] resume_user_mode_work+0x5e/0x80 [ 1793.669697][ T346] syscall_exit_to_user_mode+0x9a/0x120 [ 1793.676820][ T346] __do_fast_syscall_32+0xc1/0x110 [ 1793.683510][ T346] do_fast_syscall_32+0x34/0x80 [ 1793.689940][ T346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1793.697845][ T346] INITIAL READ USE at: [ 1793.702217][ T346] lock_acquire+0x120/0x360 [ 1793.708729][ T346] _raw_read_lock_irqsave+0xaf/0x100 [ 1793.716047][ T346] kill_fasync+0x199/0x4d0 [ 1793.724161][ T346] mousedev_write+0x8f9/0x950 [ 1793.731073][ T346] vfs_write+0x27b/0xa90 [ 1793.737341][ T346] ksys_write+0x145/0x250 [ 1793.743679][ T346] __do_fast_syscall_32+0xb4/0x110 [ 1793.750801][ T346] do_fast_syscall_32+0x34/0x80 [ 1793.757695][ T346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1793.766032][ T346] } [ 1793.768536][ T346] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1793.777328][ T346] ... acquired at: [ 1793.781132][ T346] lock_acquire+0x120/0x360 [ 1793.785859][ T346] _raw_read_lock_irqsave+0xaf/0x100 [ 1793.791335][ T346] kill_fasync+0x199/0x4d0 [ 1793.795942][ T346] evdev_pass_values+0x627/0xbd0 [ 1793.801068][ T346] evdev_events+0x1e6/0x340 [ 1793.805751][ T346] input_pass_values+0x285/0x890 [ 1793.810872][ T346] input_event_dispose+0x330/0x6b0 [ 1793.816249][ T346] input_inject_event+0x1fe/0x320 [ 1793.821464][ T346] evdev_write+0x2fc/0x480 [ 1793.826071][ T346] vfs_write+0x27b/0xa90 [ 1793.830490][ T346] ksys_write+0x145/0x250 [ 1793.835014][ T346] __do_fast_syscall_32+0xb4/0x110 [ 1793.840311][ T346] do_fast_syscall_32+0x34/0x80 [ 1793.845341][ T346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1793.851853][ T346] [ 1793.854882][ T346] [ 1793.854882][ T346] stack backtrace: [ 1793.860775][ T346] CPU: 1 UID: 0 PID: 346 Comm: syz.0.27116 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) [ 1793.860804][ T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1793.860820][ T346] Call Trace: [ 1793.860830][ T346] [ 1793.860838][ T346] dump_stack_lvl+0x189/0x250 [ 1793.860867][ T346] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1793.860891][ T346] ? __pfx__printk+0x10/0x10 [ 1793.860911][ T346] validate_chain+0x1f05/0x2140 [ 1793.860936][ T346] __lock_acquire+0xaac/0xd20 [ 1793.860961][ T346] ? kill_fasync+0x199/0x4d0 [ 1793.860986][ T346] lock_acquire+0x120/0x360 [ 1793.861008][ T346] ? kill_fasync+0x199/0x4d0 [ 1793.861039][ T346] ? __lock_acquire+0xaac/0xd20 [ 1793.861065][ T346] _raw_read_lock_irqsave+0xaf/0x100 [ 1793.861082][ T346] ? kill_fasync+0x199/0x4d0 [ 1793.861107][ T346] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1793.861123][ T346] ? do_raw_spin_lock+0x121/0x290 [ 1793.861145][ T346] kill_fasync+0x199/0x4d0 [ 1793.861169][ T346] ? kill_fasync+0x53/0x4d0 [ 1793.861195][ T346] evdev_pass_values+0x627/0xbd0 [ 1793.861222][ T346] ? evdev_pass_values+0x5e1/0xbd0 [ 1793.861248][ T346] evdev_events+0x1e6/0x340 [ 1793.861271][ T346] ? evdev_events+0x79/0x340 [ 1793.861295][ T346] ? input_pass_values+0x8d/0x890 [ 1793.861316][ T346] input_pass_values+0x285/0x890 [ 1793.861341][ T346] ? input_handle_event+0x70c/0xf30 [ 1793.861361][ T346] input_event_dispose+0x330/0x6b0 [ 1793.861381][ T346] input_inject_event+0x1fe/0x320 [ 1793.861400][ T346] ? input_inject_event+0xbc/0x320 [ 1793.861420][ T346] evdev_write+0x2fc/0x480 [ 1793.861443][ T346] ? wake_up_q+0xca/0x110 [ 1793.861470][ T346] ? __pfx_evdev_write+0x10/0x10 [ 1793.861494][ T346] ? bpf_lsm_file_permission+0x9/0x20 [ 1793.861515][ T346] ? security_file_permission+0x75/0x290 [ 1793.861541][ T346] ? rw_verify_area+0x258/0x650 [ 1793.861558][ T346] ? __pfx_evdev_write+0x10/0x10 [ 1793.861582][ T346] vfs_write+0x27b/0xa90 [ 1793.861602][ T346] ? __pfx_vfs_write+0x10/0x10 [ 1793.861620][ T346] ? __fget_files+0x2a/0x420 [ 1793.861642][ T346] ? __fget_files+0x2a/0x420 [ 1793.861662][ T346] ? __fget_files+0x3a0/0x420 [ 1793.861683][ T346] ? __fget_files+0x2a/0x420 [ 1793.861706][ T346] ksys_write+0x145/0x250 [ 1793.861723][ T346] ? rcu_is_watching+0x15/0xb0 [ 1793.861749][ T346] ? __pfx_ksys_write+0x10/0x10 [ 1793.861767][ T346] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 1793.861788][ T346] ? lockdep_hardirqs_on+0x9c/0x150 [ 1793.861806][ T346] __do_fast_syscall_32+0xb4/0x110 [ 1793.861830][ T346] do_fast_syscall_32+0x34/0x80 [ 1793.861851][ T346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1793.861872][ T346] RIP: 0023:0xf707e539 [ 1793.861888][ T346] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1793.861903][ T346] RSP: 002b:00000000f506e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1793.861921][ T346] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 1793.861933][ T346] RDX: 0000000000002250 RSI: 0000000000000000 RDI: 0000000000000000 [ 1793.861943][ T346] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1793.861953][ T346] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1793.861964][ T346] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1793.861980][ T346]