last executing test programs: 6.295715836s ago: executing program 0 (id=8336): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) r1 = syz_io_uring_setup(0x1110, &(0x7f0000000140)={0x0, 0x4, 0x400}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x440000, 0x1, 0x1}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 5.679818649s ago: executing program 0 (id=8345): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000000)={0x48, 0x2, r1}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000300)={0xc, r1}) ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r0, 0x3b71, &(0x7f0000002180)={0x20, 0x2, 0x0, 0x2, 0x852b}) 5.385258115s ago: executing program 0 (id=8350): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x3) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000040), 0x4) 5.103322266s ago: executing program 0 (id=8351): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000040)="b9", 0x1, 0x0, &(0x7f0000000080)={0xa, 0x0, 0xfffffffd, @private2, 0x400}, 0x1c) listen(r0, 0x100101) r1 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100), &(0x7f0000000180)=0x4) 4.143325144s ago: executing program 0 (id=8362): r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f00000000c0)=ANY=[]) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000340)=[0x2a, 0xf0]) 3.251811766s ago: executing program 4 (id=8369): sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000130a030000a8180000000000000002000000a1bb84ebaf4a845c5e5d7a2743e79d8994bfeb0ac2142269a7e2a2f6051557ab9d54d23bfb3bfefe943446cf4a5024a5e9cb1a9d2b1ede47bbccd87dc6e8efb9b3ff1ab931ed21ebb25b6a3c0886c8e5da1f8e9fa29feb614451d1a6f410e62ec6981355a04c51b419d724b14c"], 0x14}}, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000034709d405f0530c2acb60109030109021200010000000009040000"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000dc0)={0x2c, &(0x7f0000000240)=ANY=[@ANYBLOB="000901000000af89"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000300)=ANY=[], 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.900356655s ago: executing program 1 (id=8388): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000100)=@usbdevfs_connect={0xa}) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3) syz_clone(0x410c2000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.881087856s ago: executing program 2 (id=8389): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x40820}, 0x0) writev(r0, &(0x7f0000000040), 0x2) close(r0) 1.784089155s ago: executing program 2 (id=8390): r0 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x40, 0x0) lseek(r0, 0x2004, 0x0) 1.391897184s ago: executing program 1 (id=8392): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000180)=@newtclass={0x24, 0x28, 0x100, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xb, 0x7}, {0x9, 0xe}, {0xb, 0xfff3}}}, 0x24}}, 0x4000040) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10) pivot_root(0x0, &(0x7f0000000180)='./file0\x00') sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840) 1.288198206s ago: executing program 4 (id=8394): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 1.204220362s ago: executing program 3 (id=8395): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000a0000180000000001000000b7080000000000007baa00fe00000000b51a0200000000007b"], &(0x7f0000000300)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) 1.099462131s ago: executing program 1 (id=8396): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r1, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0xd6, 0x1c, 0xd, 0x5, 0x401, 0xfff5, 0xa, 0x0, 0x52, 0x8000, 0x7e9, 0x401, 0x9aa1, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r1, r2], 0x2, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000340)={0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b14fea7a1316b81525ccf0f8b91fd2eddb851ba62b00d87337407214ea270251"}}) 1.015456566s ago: executing program 0 (id=8397): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b04, 0x0) 970.583987ms ago: executing program 4 (id=8398): unshare(0x22020600) r0 = io_uring_setup(0x2ae0, &(0x7f00000001c0)={0x0, 0x3ffffffc, 0x0, 0x2, 0x9f}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = epoll_create1(0x80000) epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0) 841.881292ms ago: executing program 3 (id=8399): connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) 772.013693ms ago: executing program 2 (id=8400): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf3, 0xfffffffb, 0x39, 0x747d5e13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x80, 0x800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x0, 0x1ff, 0x8000, 0x0, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0xa, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x404, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x1000, 0x80000001, 0x4, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x47, 0x0, 0x3, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x8, 0x956, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x6, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e2, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x20000002, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a8, 0x2, 0x40, 0x409, 0x3, 0x4, 0x4, 0x10, 0x4, 0x0, 0x7fff, 0x2, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x133, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) readv(r0, &(0x7f0000001240)=[{0x0}, {&(0x7f00000012c0)=""/41, 0x29}], 0x2) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) 730.854974ms ago: executing program 1 (id=8401): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x24060400) r1 = getpgid(0x0) r2 = syz_pidfd_open(r1, 0x0) pidfd_getfd(r2, r0, 0x0) 729.910738ms ago: executing program 4 (id=8402): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r2, 0x84, 0x9, &(0x7f0000001200)=""/4129, &(0x7f0000000000)=0x1021) 717.848797ms ago: executing program 3 (id=8403): r0 = signalfd(0xffffffffffffffff, 0x0, 0x0) fsync(r0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x8000, 0x9005}, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000200)={@random="e90c610faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x3, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0xc, 0x100}}}}}}}, 0x0) 579.230564ms ago: executing program 4 (id=8404): timer_create(0x0, &(0x7f0000000200)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000180)={0x0, 0x0, 0xfffffffd}) 549.274858ms ago: executing program 1 (id=8405): mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000640)=[{0x8d, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0) 459.302552ms ago: executing program 3 (id=8406): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000200)={0x0, r1}) 457.720446ms ago: executing program 2 (id=8407): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x1, 0x0, 0x101, 0x0, 0x4, 0x4a, 0x9}, 0x1c) 307.452926ms ago: executing program 3 (id=8408): r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) r2 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88000) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001280)={r0, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x0, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000000000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}}) 263.424288ms ago: executing program 2 (id=8409): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000a00)=ANY=[@ANYBLOB="20000000150a0309"], 0x20}, 0x1, 0x0, 0x0, 0x8009}, 0x0) close(r0) 205.435793ms ago: executing program 4 (id=8410): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e23, @rand_addr=0x64010102}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000280)={r2, @in6={{0xa, 0x4e22, 0x4, @empty, 0x1}}, 0x6}, &(0x7f0000000040)=0x90) 204.587841ms ago: executing program 1 (id=8411): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x5) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000480)={0x56, 0xfffe, 0x0, {0x0, 0x1}, {0x80, 0x2}, @const={0x0, {0x8, 0x0, 0xfffc}}}) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250) 92.744181ms ago: executing program 3 (id=8412): r0 = fanotify_init(0x202, 0x400) r1 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x105cc6, 0x0, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000300)=""/99, 0x63}], 0x2, 0x4, 0x1}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 0s ago: executing program 2 (id=8413): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x38b000, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000000)='7', 0x1, 0x0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) kernel console output (not intermixed with test programs): firmware upload part1 [ 571.997290][ T5905] Registered device nBox DVB-T Dongle [ 572.014346][ T5905] usb 2-1: USB disconnect, device number 71 [ 572.085030][ T5905] Unregistered device nBox DVB-T Dongle [ 572.109056][ T5905] as10x_usb: device has been disconnected [ 572.212071][ T5937] usb 3-1: USB disconnect, device number 75 [ 573.272628][ T5937] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 573.306418][T20283] netlink: 14 bytes leftover after parsing attributes in process `syz.0.6431'. [ 573.435103][ T5937] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 86, changing to 10 [ 573.467833][ T5937] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 573.481942][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 573.514618][ T5937] usb 3-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 573.564023][ T5937] usb 3-1: config 0 interface 0 has no altsetting 0 [ 573.582367][ T5937] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 573.601992][ T5937] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.657994][ T5937] usb 3-1: config 0 descriptor?? [ 573.911407][T20299] netlink: 'syz.1.6438': attribute type 11 has an invalid length. [ 573.926667][T20274] netlink: 'syz.2.6426': attribute type 1 has an invalid length. [ 573.935725][T20274] netlink: 7718 bytes leftover after parsing attributes in process `syz.2.6426'. [ 573.983786][ T5937] usbhid 3-1:0.0: can't add hid device: -71 [ 574.002204][ T5937] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 574.044389][ T5937] usb 3-1: USB disconnect, device number 76 [ 575.253639][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 575.623483][T20360] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6465'. [ 575.642005][T20364] vxcan1: tx address claim with dlc 0 [ 576.033143][ T5906] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 576.210648][ T5906] usb 2-1: Using ep0 maxpacket: 8 [ 576.220790][ T5906] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 576.245849][ T5906] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 576.257194][ T5906] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 576.280461][ T5906] usb 2-1: config 250 has no interface number 0 [ 576.286809][ T5906] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 576.307379][ T5906] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 576.319106][ T5906] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 576.334736][ T5906] usb 2-1: config 250 interface 228 has no altsetting 0 [ 576.346430][ T5906] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 576.362356][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 576.371838][ T5906] usb 2-1: Product: syz [ 576.376138][ T5906] usb 2-1: SerialNumber: syz [ 576.396841][ T5906] hub 2-1:250.228: bad descriptor, ignoring hub [ 576.406425][ T5906] hub 2-1:250.228: probe with driver hub failed with error -5 [ 576.602592][ T5906] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 72 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 576.683819][T20393] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6478'. [ 576.841523][T20397] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 576.898334][ C1] usblp0: nonzero read bulk status received: -71 [ 576.931129][ T5898] usb 2-1: USB disconnect, device number 72 [ 576.957870][ T5898] usblp0: removed [ 577.025720][T20405] tmpfs: Unknown parameter 'r%Ҵ\wӠR(4;a; [ 577.025720][T20405] MUg6&x@2<5ʍ2TZ5wVU]TmPZ<M;xY9]gŞn;O훌u [ 577.025720][T20405] ~^>Ƥr&Dq.;쀯<2AU' [ 577.051972][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.115671][T20442] @: renamed from vlan0 (while UP) [ 578.613637][T20463] Attempt to restore checkpoint with obsolete wellknown handles [ 578.623916][ T5885] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 578.759994][ T5937] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 578.788303][T20469] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 578.793570][ T5885] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 578.813572][ T5885] usb 5-1: config 0 has no interface number 0 [ 578.837670][ T5885] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 578.860472][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.869058][ T5885] usb 5-1: Product: syz [ 578.879571][ T5885] usb 5-1: Manufacturer: syz [ 578.893688][ T5885] usb 5-1: SerialNumber: syz [ 578.909699][ T5885] usb 5-1: config 0 descriptor?? [ 578.929898][ T5937] usb 4-1: Using ep0 maxpacket: 32 [ 578.936899][ T5937] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 578.954605][ T5937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.988813][ T5937] usb 4-1: config 0 descriptor?? [ 579.130995][ T5885] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 579.161150][ T5885] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 579.193296][ T5885] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 579.224686][ T5937] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 579.231893][ T5885] usb 5-1: media controller created [ 579.260866][ T5937] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 579.315862][ T5885] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 579.352601][ T5937] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 579.375353][ T5937] usb 4-1: media controller created [ 579.430477][ T5885] i2c i2c-2: ec100: i2c rd failed=-71 reg=33 [ 579.444555][ T5937] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 579.519992][ T5937] az6027: usb out operation failed. (-71) [ 579.536129][ T5937] az6027: usb out operation failed. (-71) [ 579.556265][ T5937] stb0899_attach: Driver disabled by Kconfig [ 579.565281][ T5885] usb 5-1: USB disconnect, device number 62 [ 579.572029][ T5937] az6027: no front-end attached [ 579.572029][ T5937] [ 579.600475][ T5937] az6027: usb out operation failed. (-71) [ 579.617790][ T5937] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 579.648232][ T5937] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input48 [ 579.685967][ T5937] dvb-usb: schedule remote query interval to 400 msecs. [ 579.720815][ T5937] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 579.751281][ T5937] usb 4-1: USB disconnect, device number 70 [ 579.822686][ T5937] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 579.950019][ T5898] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 580.151981][ T5898] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 580.164062][ T5898] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 580.206257][ T5898] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 580.222775][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.260644][ T5898] usb 2-1: Product: syz [ 580.264936][ T5898] usb 2-1: Manufacturer: syz [ 580.269585][ T5898] usb 2-1: SerialNumber: syz [ 580.540680][T20488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 580.580360][T20488] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 580.623535][ T5898] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 580.670315][ T5898] usb 2-1: USB disconnect, device number 73 [ 581.170174][ T5898] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 581.359934][ T5898] usb 2-1: Using ep0 maxpacket: 8 [ 581.372472][ T5898] usb 2-1: config index 0 descriptor too short (expected 301, got 72) [ 581.389983][ T5898] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 581.419963][ T5898] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 581.439907][ T5898] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 581.459856][ T5898] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 581.480041][ T5898] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 581.501442][ T5898] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 581.522083][ T5898] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 581.541504][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.794408][ T5898] usb 2-1: usb_control_msg returned -71 [ 581.813563][ T5898] usbtmc 2-1:16.0: can't read capabilities [ 581.830434][ T5898] usbtmc 2-1:16.0: Failed to submit iin_urb [ 581.846754][ T5898] usbtmc 2-1:16.0: probe with driver usbtmc failed with error -90 [ 581.893219][ T5898] usb 2-1: USB disconnect, device number 74 [ 582.251099][T20551] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 582.776991][T20570] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 582.805574][T20563] syz.4.6553 (20563): drop_caches: 2 [ 582.827443][T20563] syz.4.6553 (20563): drop_caches: 2 [ 583.642450][T20602] netlink: 'syz.2.6570': attribute type 4 has an invalid length. [ 584.022078][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 584.022097][ T30] audit: type=1326 audit(1749913813.204:3925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20614 comm="syz.0.6576" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0fcd38e929 code=0x0 [ 584.132664][T20619] QAT: Invalid ioctl 1075883590 [ 584.153000][T20619] QAT: Invalid ioctl 1075883590 [ 584.164407][T20619] QAT: Invalid ioctl 1075883590 [ 584.169456][T20619] QAT: Invalid ioctl 1075883590 [ 584.189181][T20619] QAT: Invalid ioctl 1075883590 [ 584.203460][T20619] QAT: Invalid ioctl 1075883590 [ 584.222995][T20619] QAT: Invalid ioctl 1075883590 [ 584.246018][T20619] QAT: Invalid ioctl 1075883590 [ 584.271950][T20619] QAT: Invalid ioctl 1075883590 [ 584.293095][T20619] QAT: Invalid ioctl 1075883590 [ 584.362858][T20626] C: renamed from team_slave_0 (while UP) [ 584.382422][T20626] netlink: 'syz.2.6581': attribute type 4 has an invalid length. [ 584.435691][T20626] netlink: 152 bytes leftover after parsing attributes in process `syz.2.6581'. [ 584.475564][T20626] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 584.758669][T20638] veth0_to_bridge: entered promiscuous mode [ 584.775887][T20636] veth0_to_bridge: left promiscuous mode [ 585.235177][T20647] sctp: [Deprecated]: syz.1.6591 (pid 20647) Use of int in max_burst socket option. [ 585.235177][T20647] Use struct sctp_assoc_value instead [ 586.042681][T20680] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6607'. [ 586.082974][T20680] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 586.122289][T20680] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 586.146852][T20680] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 586.156238][T20680] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 586.163701][ T5905] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 586.353007][ T5905] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.378166][ T5905] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 586.389463][ T5905] usb 5-1: config 1 has no interface number 0 [ 586.404198][ T5905] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.416230][ T5905] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 586.447581][ T5905] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 586.462510][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.482919][ T5905] usb 5-1: Product: syz [ 586.491628][ T5905] usb 5-1: Manufacturer: syz [ 586.500814][ T5905] usb 5-1: SerialNumber: syz [ 586.840019][ T5885] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 586.992560][ T5885] usb 3-1: Using ep0 maxpacket: 32 [ 587.004763][ T5885] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 587.014419][ T5885] usb 3-1: config 0 has no interface number 0 [ 587.025983][ T5885] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 587.036142][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.047458][ T5885] usb 3-1: Product: syz [ 587.052147][ T5885] usb 3-1: Manufacturer: syz [ 587.056874][ T5885] usb 3-1: SerialNumber: syz [ 587.068235][ T5885] usb 3-1: config 0 descriptor?? [ 587.079651][ T5885] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 587.291755][ T5885] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 587.318228][ T5885] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 587.347065][ T5905] cdc_ncm 5-1:1.1: bind() failure [ 587.365201][T20722] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 587.389462][ T5905] usb 5-1: USB disconnect, device number 63 [ 587.756067][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 587.769021][ T5885] usb 3-1: USB disconnect, device number 77 [ 587.797072][ T5885] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 587.843054][ T5885] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 587.872764][ T5885] quatech2 3-1:0.51: device disconnected [ 588.086498][T20744] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6637'. [ 588.420158][T20756] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6641'. [ 589.543689][T20786] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6651'. [ 592.905842][T20885] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6696'. [ 593.072334][T20891] tipc: Started in network mode [ 593.085216][T20891] tipc: Node identity ff, cluster identity 4711 [ 593.103331][T20891] tipc: Enabling of bearer rejected, failed to enable media [ 593.557564][T20918] netlink: 'syz.3.6712': attribute type 7 has an invalid length. [ 593.763971][T20929] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6718'. [ 593.773274][T20929] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6718'. [ 593.780212][ T5905] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 593.786882][T20929] netlink: 'syz.4.6718': attribute type 19 has an invalid length. [ 593.838920][T20930] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 593.850399][T20930] syzkaller1: linktype set to 6 [ 593.956193][ T5905] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 593.990046][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.029915][ T5905] usb 3-1: config 0 descriptor?? [ 594.038740][ T5905] cp210x 3-1:0.0: cp210x converter detected [ 594.152618][T20939] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6722'. [ 594.164188][T20939] netlink: 'syz.0.6722': attribute type 6 has an invalid length. [ 594.175128][T20939] netlink: 'syz.0.6722': attribute type 5 has an invalid length. [ 594.184609][T20939] netlink: 'syz.0.6722': attribute type 4 has an invalid length. [ 594.199904][ T5830] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 594.362238][ T5830] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 594.374380][ T5830] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.399184][ T5830] usb 4-1: config 0 descriptor?? [ 594.413214][ T5830] cp210x 4-1:0.0: cp210x converter detected [ 594.460000][ T5905] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 594.497019][ T5905] usb 3-1: cp210x converter now attached to ttyUSB0 [ 594.686499][ T5905] usb 3-1: USB disconnect, device number 78 [ 594.714658][ T5905] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 594.751239][ T5905] cp210x 3-1:0.0: device disconnected [ 594.823651][ T5830] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 594.873259][ T5830] usb 4-1: cp210x converter now attached to ttyUSB0 [ 595.056571][T20961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6733'. [ 595.081178][ T5905] usb 4-1: USB disconnect, device number 71 [ 595.096988][ T5905] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 595.123527][ T5905] cp210x 4-1:0.0: device disconnected [ 595.583086][ T30] audit: type=1326 audit(1749913824.754:3926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20951 comm="syz.1.6728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90598e929 code=0x7fc00000 [ 595.868148][T20993] loop6: detected capacity change from 0 to 524287999 [ 596.103049][ T5906] usb 4-1: new full-speed USB device number 72 using dummy_hcd [ 596.189887][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 596.329898][ T5898] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 596.364336][ T5906] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 596.408876][ T5906] usb 4-1: config 0 interface 0 has no altsetting 0 [ 596.559903][ T5898] usb 5-1: Using ep0 maxpacket: 8 [ 596.590116][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 596.609780][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 596.853477][ T5898] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 596.862713][ T5906] usb 4-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.00 [ 596.872148][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.882893][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.892070][ T5898] usb 5-1: Product: syz [ 596.896403][ T5898] usb 5-1: Manufacturer: syz [ 597.138062][ T5906] usb 4-1: config 0 descriptor?? [ 597.146581][ T5898] usb 5-1: SerialNumber: syz [ 597.154287][T20990] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 597.184204][ T5898] usb 5-1: config 0 descriptor?? [ 597.425652][ T5898] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 597.606912][ T5906] hid (null): global environment stack underflow [ 597.643945][ T5906] hid (null): global environment stack underflow [ 597.664191][ T5906] hid (null): report_id 0 is invalid [ 597.674433][ T5906] hid (null): global environment stack underflow [ 597.684456][ T5906] hid (null): report_id 0 is invalid [ 597.694596][ T5906] hid (null): report_id 0 is invalid [ 597.707353][ T5906] hid (null): global environment stack underflow [ 597.745437][ T5906] uclogic 0003:28BD:0078.0080: interface is invalid, ignoring [ 597.793553][ T5906] usb 4-1: USB disconnect, device number 72 [ 598.021179][ T5898] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 598.050636][ T5898] usb 5-1: USB disconnect, device number 64 [ 599.345947][ T30] audit: type=1326 audit(1749913828.524:3927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21078 comm="syz.2.6785" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f39ebb8e929 code=0x0 [ 599.919951][ T5937] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 600.093548][ T5937] usb 5-1: Using ep0 maxpacket: 8 [ 600.108062][ T5937] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 600.125241][ T5937] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.175769][ T5937] usb 5-1: config 0 descriptor?? [ 600.420036][ T5937] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 601.020177][ T5937] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 601.044645][ T5937] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 601.082822][ T5937] asix 5-1:0.0: probe with driver asix failed with error -71 [ 601.113616][ T5937] usb 5-1: USB disconnect, device number 65 [ 601.125889][T21128] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6807'. [ 601.646446][T21150] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6818'. [ 602.117887][T21171] macvlan1: entered promiscuous mode [ 602.136461][T21171] macvlan1: left promiscuous mode [ 602.211521][ T5830] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 602.379960][ T5830] usb 4-1: Using ep0 maxpacket: 8 [ 602.396969][ T5830] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 602.409190][ T5830] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.426741][ T5830] usb 4-1: config 0 descriptor?? [ 602.442056][T15716] af_packet: tpacket_rcv: packet too big, clamped from 38 to 4294967286. macoff=82 [ 602.665365][ T5830] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 602.870064][ T5937] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 603.046748][ T5937] usb 5-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 603.075532][ T5937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.099934][ T5937] usb 5-1: Product: syz [ 603.104205][ T5937] usb 5-1: Manufacturer: syz [ 603.129321][ T5937] usb 5-1: SerialNumber: syz [ 603.155964][ T5937] usb 5-1: config 0 descriptor?? [ 603.165722][ T5937] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 603.279609][T21205] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6844'. [ 603.292360][ T5830] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 603.310489][ T5830] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9 [ 603.340427][ T5830] asix 4-1:0.0: probe with driver asix failed with error -71 [ 603.369155][ T5830] usb 4-1: USB disconnect, device number 73 [ 603.790151][ T5885] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 603.986468][ T5885] usb 3-1: Using ep0 maxpacket: 16 [ 603.997098][ T5885] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 604.019907][ T5885] usb 3-1: config 0 has no interface number 0 [ 604.023776][ T5905] usb 5-1: USB disconnect, device number 66 [ 604.032438][ T5885] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 604.061714][ T5885] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 604.101686][ T5885] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 604.123981][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.152890][ T5885] usb 3-1: config 0 descriptor?? [ 604.504203][T21252] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 604.783027][ T5885] input: HID 28bd:0071 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0071.0081/input/input49 [ 604.893001][ T5885] input: HID 28bd:0071 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0071.0081/input/input50 [ 604.955222][ T5885] uclogic 0003:28BD:0071.0081: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.2-1/input1 [ 605.017356][ T5885] usb 3-1: USB disconnect, device number 79 [ 605.136096][T21269] fido_id[21269]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 605.472896][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 605.958954][T21295] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 606.004536][T21295] bridge0: port 3(syz_tun) entered disabled state [ 606.011653][T21295] bridge0: port 2(bridge_slave_1) entered disabled state [ 606.020838][T21295] bridge0: port 1(bridge_slave_0) entered disabled state [ 606.120644][ T1163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 606.130035][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 606.890430][T21323] input: syz0 as /devices/virtual/input/input51 [ 606.930106][ T838] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 607.109841][ T838] usb 3-1: Using ep0 maxpacket: 8 [ 607.131926][ T838] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 607.150104][ T838] usb 3-1: config 0 has no interface number 0 [ 607.168555][ T838] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 607.200393][ T838] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 607.218144][ T838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.240781][T21329] netlink: 'syz.1.6899': attribute type 1 has an invalid length. [ 607.258034][ T838] usb 3-1: config 0 descriptor?? [ 607.297702][ T838] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 607.521936][ T5885] usb 3-1: USB disconnect, device number 80 [ 607.709966][ T5830] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 607.749866][ T838] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 607.859882][ T5830] usb 2-1: Using ep0 maxpacket: 16 [ 607.877383][ T5830] usb 2-1: unable to get BOS descriptor or descriptor too short [ 607.891279][ T5830] usb 2-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 39, changing to 9 [ 607.909905][ T5830] usb 2-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 1024 [ 607.922208][ T5830] usb 2-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 607.951796][ T5830] usb 2-1: config 1 interface 0 has no altsetting 0 [ 607.958782][ T838] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 607.969534][ T838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.990053][ T838] usb 5-1: Product: syz [ 607.994817][ T838] usb 5-1: Manufacturer: syz [ 608.000927][ T838] usb 5-1: SerialNumber: syz [ 608.006907][ T5830] usb 2-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 608.021557][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.029634][ T5830] usb 2-1: Product: syz [ 608.035530][ T838] usb 5-1: config 0 descriptor?? [ 608.050434][ T5830] usb 2-1: Manufacturer: syz [ 608.055710][ T5830] usb 2-1: SerialNumber: syz [ 608.092463][T21334] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 608.301001][ T5885] usb 5-1: USB disconnect, device number 67 [ 608.351275][ T5830] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input52 [ 608.709860][ T5906] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 608.869968][ T5906] usb 3-1: Using ep0 maxpacket: 16 [ 608.881661][ T5906] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 608.917221][ T5906] usb 3-1: config 0 has no interface number 0 [ 608.934345][ T5906] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 608.971817][ T5906] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 608.991454][ T5906] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 609.000582][ T5191] bcm5974 2-1:1.0: could not read from device [ 609.001288][ T5830] usb 2-1: USB disconnect, device number 75 [ 609.016615][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.025860][ T5191] bcm5974 2-1:1.0: could not read from device [ 609.051527][ T5906] usb 3-1: config 0 descriptor?? [ 609.076378][ T5852] bcm5974 2-1:1.0: could not read from device [ 609.109363][ T5191] bcm5974 2-1:1.0: could not read from device [ 609.312628][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 609.687516][ T5906] uclogic 0003:28BD:0071.0082: pen parameters not found [ 609.704342][ T5906] uclogic 0003:28BD:0071.0082: interface is invalid, ignoring [ 609.740898][ T5906] usb 3-1: USB disconnect, device number 81 [ 609.770213][ T5905] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 609.940983][ T5905] usb 5-1: Using ep0 maxpacket: 8 [ 609.959053][ T5905] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 609.967716][ T5905] usb 5-1: config 179 has no interface number 0 [ 609.975724][ T5905] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 609.990116][ T5905] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 610.003632][ T5905] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 610.027165][ T5905] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 610.039259][ T5905] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 610.056383][ T5905] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 610.082315][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.120207][T21384] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 610.524148][ T5906] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input53 [ 610.604335][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 610.779582][ T5905] usb 5-1: USB disconnect, device number 68 [ 610.779646][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 610.793985][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 610.818597][ T5905] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 611.026315][T21422] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6940'. [ 611.700444][ T5905] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 611.870963][ T3508] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 611.879361][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 611.896020][ T5905] usb 5-1: Using ep0 maxpacket: 32 [ 611.906559][ T5905] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 611.915618][ T5905] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 611.936197][ T5905] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 611.969861][ T5905] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 611.993463][ T5905] usb 5-1: config 0 interface 0 has no altsetting 0 [ 612.025261][ T5905] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 612.049901][ T5905] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 612.068732][ T5905] usb 5-1: Product: syz [ 612.078873][ T5905] usb 5-1: Manufacturer: syz [ 612.087457][ T5905] usb 5-1: SerialNumber: syz [ 612.103034][ T5905] usb 5-1: config 0 descriptor?? [ 612.121473][ T5905] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 612.153563][ T5905] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 612.383424][ T5905] usb 5-1: USB disconnect, device number 69 [ 612.409147][ T5905] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 612.913857][T21494] blkio.reset_stats is deprecated [ 613.665662][T21525] loop8: detected capacity change from 0 to 1 [ 613.692021][T21525] Dev loop8: unable to read RDB block 1 [ 613.704183][T21525] loop8: unable to read partition table [ 613.714208][T21525] loop8: partition table beyond EOD, truncated [ 613.723032][T21525] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 614.579867][ T5830] usb 3-1: new low-speed USB device number 82 using dummy_hcd [ 614.675799][ T5905] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 614.736432][ T5830] usb 3-1: unable to get BOS descriptor or descriptor too short [ 614.754003][T15956] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 614.783196][ T5830] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 614.805271][ T5830] usb 3-1: can't read configurations, error -71 [ 614.840639][ T5905] usb 5-1: Using ep0 maxpacket: 32 [ 614.856215][ T5905] usb 5-1: config 0 interface 0 has no altsetting 0 [ 614.864525][ T5905] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 614.886079][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.909402][ T5905] usb 5-1: config 0 descriptor?? [ 614.929894][T15956] usb 4-1: Using ep0 maxpacket: 32 [ 614.948317][T15956] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 614.963576][T15956] usb 4-1: config 0 has no interface number 0 [ 614.977139][T15956] usb 4-1: config 0 interface 2 has no altsetting 0 [ 614.988936][T15956] usb 4-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 614.999098][T15956] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.010467][T15956] usb 4-1: Product: syz [ 615.014839][T15956] usb 4-1: Manufacturer: syz [ 615.019518][T15956] usb 4-1: SerialNumber: syz [ 615.035789][T15956] usb 4-1: config 0 descriptor?? [ 615.263513][T15956] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 615.358606][ T5905] corsair-cpro 0003:1B1C:0C10.0083: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.4-1/input0 [ 615.558440][T15956] usb 4-1: invalid MIDI in EP 0 [ 615.629494][T15956] snd-usb-audio 4-1:0.2: probe with driver snd-usb-audio failed with error -22 [ 615.664071][T15956] usb 4-1: USB disconnect, device number 74 [ 615.674684][T21574] netlink: 200 bytes leftover after parsing attributes in process `syz.1.7010'. [ 615.731338][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 615.736556][ T5905] corsair-cpro 0003:1B1C:0C10.0083: probe with driver corsair-cpro failed with error -71 [ 615.791099][ T1163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 615.816184][ T5905] usb 5-1: USB disconnect, device number 70 [ 616.119303][T21586] netlink: 1 bytes leftover after parsing attributes in process `syz.2.7015'. [ 616.850080][ T5905] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 617.010024][ T5905] usb 5-1: Using ep0 maxpacket: 16 [ 617.024265][ T5905] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 617.034780][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 617.045969][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 617.058194][ T5905] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 617.068407][ T5905] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 617.084011][ T5905] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 617.094668][ T5905] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 617.103220][ T5905] usb 5-1: Manufacturer: syz [ 617.110184][T15956] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 617.121504][ T5905] usb 5-1: config 0 descriptor?? [ 617.289951][T15956] usb 3-1: Using ep0 maxpacket: 16 [ 617.300235][T15956] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 617.308769][T15956] usb 3-1: config 0 has no interface number 0 [ 617.315529][T15956] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 617.326433][T15956] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 617.377743][T15956] usb 3-1: config 0 interface 41 has no altsetting 0 [ 617.394112][T15956] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 617.429395][T15956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.451892][T15956] usb 3-1: Product: syz [ 617.456142][T15956] usb 3-1: Manufacturer: syz [ 617.470032][ T5905] rc_core: IR keymap rc-hauppauge not found [ 617.480498][ T5905] Registered IR keymap rc-empty [ 617.485560][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.496223][T15956] usb 3-1: SerialNumber: syz [ 617.519626][T15956] usb 3-1: config 0 descriptor?? [ 617.533529][T21623] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 617.549982][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.556194][T21623] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 617.578054][ T5905] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 617.620054][ T5905] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input54 [ 617.633029][ T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 617.641669][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 617.645073][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.684852][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.729931][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.749982][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.772578][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.797043][T21623] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 617.810090][T21623] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 617.819971][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.860339][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.900462][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.930051][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.933558][T21652] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7044'. [ 617.950956][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 617.956326][T21652] vlan4: entered allmulticast mode [ 617.963767][T21652] bridge_slave_0: entered allmulticast mode [ 617.982551][ T5905] mceusb 5-1:0.0: Registered with mce emulator interface version 1 [ 617.993675][ T5905] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 618.015715][ T5905] usb 5-1: USB disconnect, device number 71 [ 618.079916][ T5906] usb 4-1: new full-speed USB device number 75 using dummy_hcd [ 618.231357][T15956] CoreChips 3-1:0.41: probe with driver CoreChips failed with error -71 [ 618.259310][T15956] usb 3-1: USB disconnect, device number 84 [ 618.279942][ T5906] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 618.310276][ T5906] usb 4-1: config 0 has no interface number 0 [ 618.338085][ T5906] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 618.356658][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.367366][ T5906] usb 4-1: Product: syz [ 618.374615][ T5906] usb 4-1: Manufacturer: syz [ 618.379500][ T5906] usb 4-1: SerialNumber: syz [ 618.402574][ T5906] usb 4-1: config 0 descriptor?? [ 619.096118][T21676] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7056'. [ 619.195373][T21677] Set syz1 is full, maxelem 1038 reached [ 619.225299][ T5906] usb 4-1: Firmware version (0.0) predates our first public release. [ 619.245422][ T5906] usb 4-1: Please update to version 0.2 or newer [ 619.320195][ T5906] usb 4-1: USB disconnect, device number 75 [ 620.251607][T21717] input: syz0 as /devices/virtual/input/input55 [ 620.482254][T21725] tmpfs: Unknown parameter 'r%Ҵ\wӠR(4;a; [ 620.482254][T21725] MUg6&x@2<5ʍ2TZ5wVU]TmPZ<M;xY9]gŞn;O훌u [ 620.482254][T21725] ~^>Ƥr&Dq.;쀯<2AU,00000000000000000000003' [ 621.437474][T21772] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 621.459907][ T5906] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 621.471517][T15716] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 621.570893][T21778] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 621.653359][ T5906] usb 5-1: Using ep0 maxpacket: 32 [ 621.667955][ T5906] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 621.686235][ T5906] usb 5-1: config 0 has no interface number 0 [ 621.694239][ T5906] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 621.705678][ T5906] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 621.717608][ T5906] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 621.734379][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.762511][ T5906] usb 5-1: config 0 descriptor?? [ 622.251404][T21805] netem: unknown loss type 0 [ 622.260149][T21805] netem: change failed [ 622.389595][ T5906] uclogic 0003:28BD:0094.0084: pen parameters not found [ 622.419505][ T5906] uclogic 0003:28BD:0094.0084: interface is invalid, ignoring [ 622.605882][T21824] vivid-001: ================= START STATUS ================= [ 622.614303][ T5885] usb 5-1: USB disconnect, device number 72 [ 622.622560][T21824] vivid-001: Radio HW Seek Mode: Bounded [ 622.630665][T21824] vivid-001: Radio Programmable HW Seek: false [ 622.637226][T21824] vivid-001: RDS Rx I/O Mode: Block I/O [ 622.646503][T21824] vivid-001: Generate RBDS Instead of RDS: false [ 622.655770][T21824] vivid-001: RDS Reception: true [ 622.662487][T21824] vivid-001: RDS Program Type: 0 inactive [ 622.668567][T21824] vivid-001: RDS PS Name: inactive [ 622.675671][ T5830] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 622.685426][T21824] vivid-001: RDS Radio Text: inactive [ 622.699676][T21824] vivid-001: RDS Traffic Announcement: false inactive [ 622.708827][T21824] vivid-001: RDS Traffic Program: false inactive [ 622.717105][T21824] vivid-001: RDS Music: false inactive [ 622.722841][T21824] vivid-001: ================== END STATUS ================== [ 622.839934][ T5830] usb 2-1: Using ep0 maxpacket: 8 [ 622.855816][ T5830] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 622.869395][ T5830] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 622.891158][ T5830] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 622.924339][ T5830] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 622.945957][ T5830] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 622.972125][ T5830] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 622.979626][ T5830] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 623.014066][ T5830] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 623.051428][ T5830] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 623.080093][ T5830] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 623.095998][ T5830] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 623.103753][ T5830] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 623.118962][ T5830] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 623.172001][ T5830] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 623.187405][ T5830] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 623.213007][ T5830] usb 2-1: string descriptor 0 read error: -22 [ 623.250252][ T5830] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 623.269829][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.332241][ T5830] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 623.390319][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 623.398780][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 623.675766][ T24] usb 2-1: USB disconnect, device number 76 [ 624.884470][T21882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 624.900600][T21882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 624.909022][T21882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 624.921692][T21882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 624.931013][T21882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 624.939492][T21882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 625.845407][T21908] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7158'. [ 627.289131][ T30] audit: type=1326 audit(1749913856.464:3928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21966 comm="syz.2.7184" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f39ebb8e929 code=0x0 [ 628.113083][T21999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7200'. [ 628.123128][T21999] net_ratelimit: 1821 callbacks suppressed [ 628.123146][T21999] openvswitch: netlink: nsh attribute has 1 unknown bytes. [ 628.144000][T21999] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 628.479928][ T5906] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 628.662597][ T5906] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 628.680246][ T5906] usb 3-1: config 0 has no interface number 0 [ 628.686446][ T5906] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 628.702097][ T5906] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 628.712464][ T5906] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 628.726366][ T5906] usb 3-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 628.740421][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.753733][ T5906] usb 3-1: config 0 descriptor?? [ 628.873901][T22033] netlink: 280 bytes leftover after parsing attributes in process `syz.3.7215'. [ 629.415997][ T5906] input: HID 28bd:0042 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0042.0085/input/input56 [ 629.489195][ T5906] uclogic 0003:28BD:0042.0085: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.2-1/input1 [ 629.644505][ T5906] usb 3-1: USB disconnect, device number 85 [ 629.761343][T22052] fido_id[22052]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 629.796754][T22056] GUP no longer grows the stack in syz.4.7225 (22056): 200000004000-20000000a000 (200000001000) [ 629.809191][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.815761][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.860840][T22056] CPU: 1 UID: 0 PID: 22056 Comm: syz.4.7225 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 629.860882][T22056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 629.860906][T22056] Call Trace: [ 629.860919][T22056] [ 629.860931][T22056] dump_stack_lvl+0x189/0x250 [ 629.860980][T22056] ? __pfx_dump_stack_lvl+0x10/0x10 [ 629.861018][T22056] ? __pfx__printk+0x10/0x10 [ 629.861040][T22056] ? find_vma+0xe7/0x160 [ 629.861077][T22056] __get_user_pages+0x2a60/0x30b0 [ 629.861151][T22056] ? __pfx___get_user_pages+0x10/0x10 [ 629.861185][T22056] ? __gup_longterm_locked+0xbf7/0x15b0 [ 629.861219][T22056] ? down_read_killable+0x1d1/0x350 [ 629.861243][T22056] ? try_get_folio+0x633/0x660 [ 629.861269][T22056] __gup_longterm_locked+0xd66/0x15b0 [ 629.861310][T22056] ? try_grab_folio_fast+0x1be/0x4f0 [ 629.861344][T22056] ? gup_fast_fallback+0x1afc/0x2260 [ 629.861383][T22056] gup_fast_fallback+0x1cd4/0x2260 [ 629.861455][T22056] ? __pfx_gup_fast_fallback+0x10/0x10 [ 629.861487][T22056] ? trace_contention_end+0x39/0x120 [ 629.861512][T22056] ? __mutex_lock+0x330/0xe80 [ 629.861538][T22056] ? is_valid_gup_args+0x11f/0x200 [ 629.861572][T22056] ? get_user_pages_fast+0x4d/0xb0 [ 629.861609][T22056] __iov_iter_get_pages_alloc+0x39a/0xb40 [ 629.861641][T22056] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 629.861668][T22056] ? wait_for_space+0x24d/0x2d0 [ 629.861695][T22056] iov_iter_get_pages2+0x5e/0xa0 [ 629.861721][T22056] __se_sys_vmsplice+0x548/0x10d0 [ 629.861767][T22056] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 629.861794][T22056] ? __pfx_futex_wait+0x10/0x10 [ 629.861900][T22056] ? rcu_is_watching+0x15/0xb0 [ 629.861942][T22056] ? do_syscall_64+0xbe/0x3b0 [ 629.861970][T22056] do_syscall_64+0xfa/0x3b0 [ 629.861991][T22056] ? lockdep_hardirqs_on+0x9c/0x150 [ 629.862025][T22056] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.862049][T22056] ? clear_bhb_loop+0x60/0xb0 [ 629.862077][T22056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.862108][T22056] RIP: 0033:0x7feb1678e929 [ 629.862133][T22056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 629.862155][T22056] RSP: 002b:00007feb17630038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 629.862180][T22056] RAX: ffffffffffffffda RBX: 00007feb169b5fa0 RCX: 00007feb1678e929 [ 629.862199][T22056] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000004 [ 629.862214][T22056] RBP: 00007feb16810b39 R08: 0000000000000000 R09: 0000000000000000 [ 629.862229][T22056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 629.862244][T22056] R13: 0000000000000000 R14: 00007feb169b5fa0 R15: 00007feb16adfa28 [ 629.862280][T22056] [ 630.137112][ C1] vkms_vblank_simulate: vblank timer overrun [ 630.700217][ T5906] usb 2-1: new full-speed USB device number 77 using dummy_hcd [ 630.866656][ T5906] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 630.886299][ T5906] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 630.908923][ T5906] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 630.924478][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 630.935006][ T5906] usb 2-1: Product: syz [ 630.939494][ T5906] usb 2-1: Manufacturer: syz [ 630.951815][ T5906] usb 2-1: SerialNumber: syz [ 631.085264][T22107] netlink: 'syz.0.7249': attribute type 13 has an invalid length. [ 631.184560][ T5906] usb 2-1: 0:2 : does not exist [ 631.205068][ T5906] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 631.275308][ T5906] usb 2-1: USB disconnect, device number 77 [ 631.359533][ T5946] udevd[5946]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 631.924770][T22131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7260'. [ 632.250679][ T5906] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 632.444655][ T5906] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 632.467793][ T5906] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 632.499028][ T5906] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 632.533347][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.571978][T22137] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 632.594144][ T5906] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 632.872265][ T5906] usb 5-1: USB disconnect, device number 73 [ 633.219872][ T5905] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 633.233626][ T5906] IPVS: starting estimator thread 0... [ 633.329905][T22185] IPVS: using max 28 ests per chain, 67200 per kthread [ 633.388662][T22189] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7286'. [ 633.403218][ T5905] usb 3-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 633.419651][ T5905] usb 3-1: config 0 interface 0 has no altsetting 0 [ 633.426819][ T5905] usb 3-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 633.437590][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.457255][ T5905] usb 3-1: config 0 descriptor?? [ 633.572019][T22193] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7288'. [ 633.591824][T22193] bridge0: port 4(vlan0) entered blocking state [ 633.598530][T22193] bridge0: port 4(vlan0) entered disabled state [ 633.607771][T22193] vlan0: entered allmulticast mode [ 633.640720][T22193] bridge0: entered allmulticast mode [ 633.700989][T22193] vlan0: left allmulticast mode [ 633.708417][T22193] bridge0: left allmulticast mode [ 633.894898][ T5905] ntrig 0003:1B96:0009.0086: hidraw0: USB HID v0.00 Device [HID 1b96:0009] on usb-dummy_hcd.2-1/input0 [ 633.919288][T22200] pim6reg: left allmulticast mode [ 634.081144][ T5905] ntrig 0003:1B96:0009.0086: Firmware version: 0.0.0.0.0 (0000 0000) [ 634.296596][ T5905] usb 3-1: USB disconnect, device number 86 [ 634.631915][ T30] audit: type=1326 audit(1749913863.814:3929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22229 comm="syz.3.7304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 634.657697][ T30] audit: type=1326 audit(1749913863.814:3930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22229 comm="syz.3.7304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 634.685158][T22232] netlink: 88 bytes leftover after parsing attributes in process `syz.4.7305'. [ 634.685660][ T30] audit: type=1326 audit(1749913863.814:3931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22229 comm="syz.3.7304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 634.709904][T22232] netlink: 48 bytes leftover after parsing attributes in process `syz.4.7305'. [ 634.722558][ T30] audit: type=1326 audit(1749913863.814:3932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22229 comm="syz.3.7304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 634.750394][ T30] audit: type=1326 audit(1749913863.814:3933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22229 comm="syz.3.7304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 634.773397][ T30] audit: type=1326 audit(1749913863.814:3934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22229 comm="syz.3.7304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 634.855636][ T30] audit: type=1326 audit(1749913863.814:3935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22229 comm="syz.3.7304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 634.896472][ T30] audit: type=1326 audit(1749913863.814:3936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22229 comm="syz.3.7304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 634.923734][ T30] audit: type=1326 audit(1749913863.814:3937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22229 comm="syz.3.7304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 634.948532][ T30] audit: type=1326 audit(1749913863.824:3938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22229 comm="syz.3.7304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 634.997753][T22240] netlink: 92 bytes leftover after parsing attributes in process `syz.2.7309'. [ 635.158869][T22249] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 635.284368][ T5906] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 635.441817][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 635.467024][ T5906] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 635.508377][ T5906] usb 4-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 635.544693][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.571464][ T5906] usb 4-1: config 0 descriptor?? [ 635.850692][T22278] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7326'. [ 635.889585][T22278] vlan0: entered promiscuous mode [ 635.899521][T22278] bridge0: entered promiscuous mode [ 636.012209][ T5906] kye 0003:0458:0138.0087: hidraw0: USB HID v0.00 Device [HID 0458:0138] on usb-dummy_hcd.3-1/input0 [ 636.211408][ T5906] usb 4-1: USB disconnect, device number 76 [ 636.586806][T22301] 8021q: adding VLAN 0 to HW filter on device bond1 [ 636.597525][T22301] bond0: (slave bond1): Enslaving as an active interface with an up link [ 637.544245][T22344] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7352'. [ 637.659920][ T5905] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 637.680739][T22350] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7355'. [ 637.826313][ T5905] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 637.846067][ T5905] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 637.858100][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.869466][ T5905] usb 5-1: Product: syz [ 637.876538][ T5905] usb 5-1: Manufacturer: syz [ 637.882213][ T5905] usb 5-1: SerialNumber: syz [ 638.010116][ T5906] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 638.119666][T22364] sg_write: data in/out 524252/17 bytes for SCSI command 0x1-- guessing data in; [ 638.119666][T22364] program syz.3.7363 not setting count and/or reply_len properly [ 638.137040][ T5905] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 74 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 638.181821][ T5906] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 638.200292][ T5906] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 638.226930][ T5906] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 638.248677][ T5906] usb 3-1: config 1 has no interface number 0 [ 638.255239][ T5906] usb 3-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 638.267006][ T5906] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 638.285051][ T5906] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 638.304949][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.317052][ T5906] usb 3-1: Product: syz [ 638.321819][ T5906] usb 3-1: Manufacturer: syz [ 638.326785][ T5906] usb 3-1: SerialNumber: syz [ 638.348309][ T5885] usb 5-1: USB disconnect, device number 74 [ 638.373697][ T5885] usblp0: removed [ 638.772798][ T5906] usb 3-1: USB disconnect, device number 87 [ 639.311282][T22414] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7384'. [ 640.492115][ T24] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 640.678770][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 640.700495][ T24] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 640.728012][ T24] usb 5-1: config 0 has no interface number 0 [ 640.743690][ T24] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 640.769840][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 640.793607][ T24] usb 5-1: Product: syz [ 640.798236][ T24] usb 5-1: Manufacturer: syz [ 640.810213][ T24] usb 5-1: SerialNumber: syz [ 640.828705][ T24] usb 5-1: config 0 descriptor?? [ 640.847084][ T24] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 640.917430][T22474] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7406'. [ 641.082614][ T24] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 641.123792][ T24] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 641.484851][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 641.485317][ T5906] usb 5-1: USB disconnect, device number 75 [ 641.523455][ T5906] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 641.576267][ T5906] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 641.600155][ T5906] quatech2 5-1:0.51: device disconnected [ 641.825112][T22494] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 642.004605][ T30] kauditd_printk_skb: 65 callbacks suppressed [ 642.004627][ T30] audit: type=1326 audit(1749913871.184:4004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22501 comm="syz.3.7420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 642.100010][ T30] audit: type=1326 audit(1749913871.184:4005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22501 comm="syz.3.7420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 642.164571][ T30] audit: type=1326 audit(1749913871.194:4006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22501 comm="syz.3.7420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 642.207055][ T30] audit: type=1326 audit(1749913871.194:4007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22501 comm="syz.3.7420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 642.229959][ T30] audit: type=1326 audit(1749913871.194:4008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22501 comm="syz.3.7420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 642.255934][ T30] audit: type=1326 audit(1749913871.194:4009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22501 comm="syz.3.7420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 642.345050][ T5830] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 642.523363][ T5830] usb 3-1: Using ep0 maxpacket: 32 [ 642.557091][ T5830] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 642.575834][ T5830] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.588287][ T5830] usb 3-1: Product: syz [ 642.593431][ T5830] usb 3-1: Manufacturer: syz [ 642.598231][ T5830] usb 3-1: SerialNumber: syz [ 642.607105][ T5830] usb 3-1: config 0 descriptor?? [ 642.618774][ T5830] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 642.874127][ T30] audit: type=1326 audit(1749913872.054:4010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22501 comm="syz.3.7420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 642.934784][ T30] audit: type=1326 audit(1749913872.054:4011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22501 comm="syz.3.7420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 643.074872][T22537] netlink: 'syz.3.7434': attribute type 1 has an invalid length. [ 643.207800][T22543] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) ! [ 643.425528][ T5830] gspca_ov534_9: reg_w failed -71 [ 643.739927][ T5885] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 643.747641][ T5830] gspca_ov534_9: Unknown sensor 0000 [ 643.747744][ T5830] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 643.765530][ T5830] usb 3-1: USB disconnect, device number 88 [ 643.910303][ T5885] usb 5-1: Using ep0 maxpacket: 16 [ 643.917446][ T5885] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 643.939872][ T5885] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 643.948996][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.969561][ T5885] usb 5-1: config 0 descriptor?? [ 643.985782][ T5885] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input57 [ 644.210421][ T5191] bcm5974 5-1:0.0: could not read from device [ 644.226295][ T5885] bcm5974 5-1:0.0: could not read from device [ 644.245903][ T5191] bcm5974 5-1:0.0: could not read from device [ 644.264752][ T5885] input: failed to attach handler mousedev to device input57, error: -5 [ 644.284459][ T5191] bcm5974 5-1:0.0: could not read from device [ 644.298760][ T5885] usb 5-1: USB disconnect, device number 76 [ 644.304972][ T5191] bcm5974 5-1:0.0: could not read from device [ 644.342554][ T5905] usb 3-1: new full-speed USB device number 89 using dummy_hcd [ 644.524639][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 644.545145][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 644.569876][ T5905] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 644.600621][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.631103][ T5905] usb 3-1: config 0 descriptor?? [ 644.716854][T22593] netlink: 'syz.1.7460': attribute type 1 has an invalid length. [ 645.130675][ T5905] isku 0003:1E7D:319C.0088: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.2-1/input0 [ 645.448741][ C0] hrtimer: interrupt took 107244 ns [ 645.552887][ T5885] usb 3-1: USB disconnect, device number 89 [ 645.724293][T22613] @: renamed from vlan0 (while UP) [ 646.451733][T22644] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 647.101600][T22677] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 647.276931][T22683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7497'. [ 647.311859][T22683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7497'. [ 647.824954][T22705] tap0: tun_chr_ioctl cmd 1074025678 [ 647.840979][T22705] tap0: group set to 0 [ 648.565359][T22726] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7516'. [ 648.585321][T22726] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7516'. [ 648.796447][T22736] Context (ID=0x0) not attached to queue pair (handle=0x2:0x0) [ 649.267637][T22759] gretap0: entered promiscuous mode [ 649.285703][T22759] vlan2: entered promiscuous mode [ 649.846368][T22788] input: syz1 as /devices/virtual/input/input58 [ 650.225512][T22806] netlink: 'syz.3.7554': attribute type 5 has an invalid length. [ 650.622620][T22823] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 650.855552][T22828] xt_CT: No such helper "snmp" [ 651.008491][T22842] netlink: 'syz.4.7568': attribute type 9 has an invalid length. [ 651.030886][T22842] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7568'. [ 651.083587][T22842] macvlan2: entered promiscuous mode [ 651.089182][T22842] macvlan2: entered allmulticast mode [ 651.109988][T22842] hsr0: entered allmulticast mode [ 651.115281][T22842] hsr_slave_0: entered allmulticast mode [ 651.129961][T22842] hsr_slave_1: entered allmulticast mode [ 651.218880][T22848] netlink: 104 bytes leftover after parsing attributes in process `syz.3.7571'. [ 652.079866][ T5905] usb 4-1: new full-speed USB device number 77 using dummy_hcd [ 652.281694][ T5905] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 652.299831][ T5905] usb 4-1: config 0 has no interface number 0 [ 652.350428][ T5905] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 652.359555][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 652.424237][ T5905] usb 4-1: config 0 descriptor?? [ 652.442560][ T5905] usb 4-1: selecting invalid altsetting 1 [ 652.469408][ T5905] dvb_ttusb_budget: ttusb_init_controller: error [ 652.484393][ T5905] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 652.535570][T22891] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7590'. [ 652.741601][ T5905] DVB: Unable to find symbol cx22700_attach() [ 652.861400][ T5905] DVB: Unable to find symbol tda10046_attach() [ 652.867701][ T5905] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 652.940252][ T5905] usb 4-1: USB disconnect, device number 77 [ 653.170644][ T5906] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 653.332316][ T5906] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 653.346500][ T5906] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 653.359290][ T5906] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 653.368924][ T5906] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 653.381472][ T5906] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 653.401413][ T5906] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 653.411005][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 653.419063][ T5906] usb 2-1: Product: syz [ 653.437018][ T5906] usb 2-1: Manufacturer: syz [ 653.449919][ T5885] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 653.454235][ T5906] cdc_wdm 2-1:1.0: skipping garbage [ 653.465423][ T5906] cdc_wdm 2-1:1.0: skipping garbage [ 653.476562][ T5906] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 653.483134][ T5906] cdc_wdm 2-1:1.0: Unknown control protocol [ 653.509987][ T5830] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 653.627350][ T5885] usb 3-1: unable to get BOS descriptor or descriptor too short [ 653.649277][ T5885] usb 3-1: no configurations [ 653.656934][ T5885] usb 3-1: can't read configurations, error -22 [ 653.682655][ T5830] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 653.690961][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 653.697521][ T5830] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 653.700175][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 653.700711][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 653.715135][ T5830] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 653.716090][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 653.725683][ T5830] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.740092][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 653.753514][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 653.762142][ T5830] usb 5-1: config 0 descriptor?? [ 653.769342][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 653.776014][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 653.783584][ T5906] usb 2-1: USB disconnect, device number 78 [ 653.789949][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 653.796860][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 653.802960][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 654.188925][ T5830] sony 0003:054C:024B.0089: unexpected long global item [ 654.219569][ T5830] sony 0003:054C:024B.0089: parse failed [ 654.238368][ T5830] sony 0003:054C:024B.0089: probe with driver sony failed with error -22 [ 654.398830][ T5830] usb 5-1: USB disconnect, device number 77 [ 655.019842][ T5830] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 655.133519][T22964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7624'. [ 655.183785][ T5830] usb 2-1: Using ep0 maxpacket: 32 [ 655.192973][ T5830] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 655.205526][ T5830] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 655.215229][ T5830] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 655.227319][ T5830] usb 2-1: config 1 has no interface number 0 [ 655.233998][ T5830] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 655.254685][ T5830] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 655.276560][ T5830] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 655.287804][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 655.336600][ T5830] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 655.541608][ T5830] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 655.593358][T22979] netlink: 'syz.2.7631': attribute type 11 has an invalid length. [ 655.616152][T22982] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7632'. [ 655.640268][T22982] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 655.803519][T22991] vivid-000: disconnect [ 655.811520][T22990] vivid-000: reconnect [ 655.966508][ T5830] usb 2-1: USB disconnect, device number 79 [ 655.980274][ T5830] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 656.239622][T23011] sch_tbf: burst 3092 is lower than device lo mtu (65550) ! [ 656.311213][ T5906] usb 5-1: new full-speed USB device number 78 using dummy_hcd [ 656.492766][ T5906] usb 5-1: config 4 has an invalid interface number: 4 but max is 0 [ 656.512831][ T5906] usb 5-1: config 4 has no interface number 0 [ 656.519024][ T5906] usb 5-1: config 4 interface 4 has no altsetting 0 [ 656.574763][ T5906] usb 5-1: New USB device found, idVendor=1435, idProduct=0326, bcdDevice=ea.c7 [ 656.584103][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 656.602013][ T5906] usb 5-1: Product: syz [ 656.606699][ T5906] usb 5-1: Manufacturer: syz [ 656.623721][ T5906] usb 5-1: SerialNumber: syz [ 656.750445][T23031] sctp: [Deprecated]: syz.1.7657 (pid 23031) Use of struct sctp_assoc_value in delayed_ack socket option. [ 656.750445][T23031] Use struct sctp_sack_info instead [ 656.779865][ T5906] usb 5-1: reset full-speed USB device number 78 using dummy_hcd [ 657.182049][T23044] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 657.329876][ T838] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 657.480134][ T5885] usb 3-1: new low-speed USB device number 92 using dummy_hcd [ 657.491474][ T838] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 657.495386][ T5906] usb 5-1: USB disconnect, device number 78 [ 657.506057][ T838] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 657.519835][ T838] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 657.536152][ T838] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 657.547806][ T838] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 657.562819][ T838] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 657.572091][ T838] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 657.581348][ T838] usb 2-1: Product: syz [ 657.585551][ T838] usb 2-1: Manufacturer: syz [ 657.599390][ T838] cdc_wdm 2-1:1.0: skipping garbage [ 657.605185][ T838] cdc_wdm 2-1:1.0: skipping garbage [ 657.612432][ T838] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 657.618377][ T838] cdc_wdm 2-1:1.0: Unknown control protocol [ 657.642224][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 657.653612][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 657.660000][ T5906] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 657.663530][ T5885] usb 3-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00 [ 657.681074][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.698267][ T5885] usb 3-1: config 0 descriptor?? [ 657.829889][ T5906] usb 5-1: Using ep0 maxpacket: 32 [ 657.837389][ T5906] usb 5-1: config 4 has an invalid interface number: 4 but max is 0 [ 657.845976][ T5906] usb 5-1: config 4 has no interface number 0 [ 657.852525][ T5906] usb 5-1: config 4 interface 4 has no altsetting 0 [ 657.864742][ T5906] usb 5-1: New USB device found, idVendor=1435, idProduct=0326, bcdDevice=ea.c7 [ 657.874171][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.884588][ T5906] usb 5-1: Product: syz [ 657.888804][ T5906] usb 5-1: Manufacturer: syz [ 657.893517][ T5906] usb 5-1: SerialNumber: syz [ 658.040443][ T5906] usb 5-1: reset high-speed USB device number 79 using dummy_hcd [ 658.132323][ T5885] glorious 0003:258A:0036.008A: unknown main item tag 0x1 [ 658.178137][ T5885] glorious 0003:258A:0036.008A: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.2-1/input0 [ 658.341183][T15956] usb 3-1: USB disconnect, device number 92 [ 658.516373][T23069] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7674'. [ 658.531073][T23069] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7674'. [ 658.956183][ T5906] usb 5-1: USB disconnect, device number 79 [ 659.493366][T23102] binder: 23101:23102 ioctl c0306201 0 returned -14 [ 660.101213][ T5885] usb 2-1: USB disconnect, device number 80 [ 660.184096][T23128] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7702'. [ 661.383406][T23174] sctp: [Deprecated]: syz.2.7722 (pid 23174) Use of struct sctp_assoc_value in delayed_ack socket option. [ 661.383406][T23174] Use struct sctp_sack_info instead [ 662.660056][ T5885] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 662.692281][T23212] sctp: [Deprecated]: syz.3.7739 (pid 23212) Use of struct sctp_assoc_value in delayed_ack socket option. [ 662.692281][T23212] Use struct sctp_sack_info instead [ 662.820754][ T5885] usb 2-1: Using ep0 maxpacket: 16 [ 662.836898][ T5885] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 662.859554][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 662.902166][ T5885] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 662.927066][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.967466][ T5885] usb 2-1: Product: syz [ 663.000550][ T5885] usb 2-1: Manufacturer: syz [ 663.005224][ T5885] usb 2-1: SerialNumber: syz [ 663.032229][ T5885] usb 2-1: config 0 descriptor?? [ 663.051952][ T5885] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 663.071661][ T5885] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 663.297170][ T30] audit: type=1326 audit(1749913892.464:4012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23225 comm="syz.4.7746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1678e929 code=0x7ffc0000 [ 663.355282][ T30] audit: type=1326 audit(1749913892.474:4013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23225 comm="syz.4.7746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7feb1678e929 code=0x7ffc0000 [ 663.403930][ T30] audit: type=1326 audit(1749913892.474:4014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23225 comm="syz.4.7746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1678e929 code=0x7ffc0000 [ 663.437339][ T30] audit: type=1326 audit(1749913892.474:4015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23225 comm="syz.4.7746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1678e929 code=0x7ffc0000 [ 663.464466][ T30] audit: type=1326 audit(1749913892.474:4016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23225 comm="syz.4.7746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7feb1678e929 code=0x7ffc0000 [ 663.494946][ T30] audit: type=1326 audit(1749913892.474:4017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23225 comm="syz.4.7746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1678e929 code=0x7ffc0000 [ 663.518992][ T30] audit: type=1326 audit(1749913892.474:4018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23225 comm="syz.4.7746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1678e929 code=0x7ffc0000 [ 663.543112][ T30] audit: type=1326 audit(1749913892.474:4019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23225 comm="syz.4.7746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=446 compat=0 ip=0x7feb1678e929 code=0x7ffc0000 [ 663.565593][ C1] vkms_vblank_simulate: vblank timer overrun [ 663.565754][T15956] usb 4-1: new full-speed USB device number 78 using dummy_hcd [ 663.583731][ T30] audit: type=1326 audit(1749913892.474:4020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23225 comm="syz.4.7746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1678e929 code=0x7ffc0000 [ 663.607152][ T30] audit: type=1326 audit(1749913892.474:4021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23225 comm="syz.4.7746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1678e929 code=0x7ffc0000 [ 663.629765][ C1] vkms_vblank_simulate: vblank timer overrun [ 663.719059][ T5885] em28xx 2-1:0.0: chip ID is em28178 [ 663.743059][T15956] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 663.766821][T15956] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 663.788786][T15956] usb 4-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00 [ 663.831416][T15956] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.842775][T15956] usb 4-1: config 0 descriptor?? [ 663.956725][ T5925] usb 2-1: USB disconnect, device number 81 [ 663.964929][ T5925] em28xx 2-1:0.0: Disconnecting em28xx [ 663.983153][ T5925] em28xx 2-1:0.0: Freeing device [ 664.087045][T23250] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7756'. [ 664.187518][T23253] netlink: 'syz.4.7757': attribute type 3 has an invalid length. [ 664.268061][T15956] acrux 0003:1A34:F705.008B: item fetching failed at offset 5/7 [ 664.283924][T15956] acrux 0003:1A34:F705.008B: parse failed [ 664.292151][T15956] acrux 0003:1A34:F705.008B: probe with driver acrux failed with error -22 [ 664.470059][ T5885] usb 4-1: USB disconnect, device number 78 [ 664.617883][T23272] netlink: 48 bytes leftover after parsing attributes in process `syz.1.7766'. [ 665.143578][T23297] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 665.219940][ T5925] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 665.399963][ T5925] usb 2-1: Using ep0 maxpacket: 8 [ 665.414579][ T5925] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 665.436163][ T5925] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 665.456272][ T5925] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 665.476681][ T5925] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 665.509936][ T5925] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 665.529887][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.772572][ T5925] usb 2-1: GET_CAPABILITIES returned 0 [ 665.778449][ T5925] usbtmc 2-1:16.0: can't read capabilities [ 665.960081][ T5906] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 665.985211][ T5885] usb 2-1: USB disconnect, device number 82 [ 666.132382][ T5906] usb 3-1: Using ep0 maxpacket: 32 [ 666.141120][ T5906] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 666.149585][ T5906] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 666.159015][ T5906] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 666.170470][ T5906] usb 3-1: config 1 has no interface number 0 [ 666.177301][ T5906] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 666.189420][ T5906] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 666.208681][ T5906] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 666.219303][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.219835][T23325] netlink: 'syz.3.7791': attribute type 2 has an invalid length. [ 666.242685][T23325] netlink: 132 bytes leftover after parsing attributes in process `syz.3.7791'. [ 666.245951][ T5906] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 666.451107][ T5906] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 666.570925][T23331] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7794'. [ 666.587132][T23331] netlink: 1 bytes leftover after parsing attributes in process `syz.3.7794'. [ 666.876835][ T5906] usb 3-1: USB disconnect, device number 93 [ 666.898436][ T5906] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 667.907767][T23392] gtp0: entered promiscuous mode [ 667.919857][T23392] gtp0: entered allmulticast mode [ 668.367588][T23408] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7829'. [ 668.417821][T23408] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 669.805330][T23489] macvtap1: entered allmulticast mode [ 669.823219][T23489] veth0_macvtap: entered allmulticast mode [ 670.780531][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 670.810204][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 671.126670][T23546] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 671.129376][ T5825] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 672.244752][T23591] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7912'. [ 672.274794][ T30] audit: type=1326 audit(1749913901.454:4022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23589 comm="syz.0.7911" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0fcd38e929 code=0x0 [ 672.581328][T23601] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 672.597824][T23601] syzkaller0: linktype set to 768 [ 673.401053][T23639] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 673.479864][ T5906] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 673.630385][ T5906] usb 4-1: Using ep0 maxpacket: 32 [ 673.637659][ T5906] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 673.653341][ T5906] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 673.671945][ T5906] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 673.684574][ T5906] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 673.699838][ T5906] usb 4-1: Product: syz [ 673.704243][ T5906] usb 4-1: Manufacturer: syz [ 673.724206][ T5906] hub 4-1:4.0: USB hub found [ 673.810835][T23655] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7940'. [ 673.923770][ T5906] hub 4-1:4.0: 2 ports detected [ 674.126967][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 674.134720][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 674.142339][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 674.149689][ T5906] hub 4-1:4.0: hub_hub_status failed (err = -32) [ 674.157208][ T5906] hub 4-1:4.0: config failed, can't get hub status (err -32) [ 674.210908][ T5906] usb 4-1: USB disconnect, device number 79 [ 674.897773][T23683] input: syz0 as /devices/virtual/input/input59 [ 675.078766][T23689] netlink: 182 bytes leftover after parsing attributes in process `syz.3.7956'. [ 675.174911][T23693] binder: 23692:23693 ioctl c018620c 200000000900 returned -1 [ 675.413079][T23700] openvswitch: netlink: Multiple metadata blocks provided [ 675.982291][T23712] netlink: 'syz.3.7965': attribute type 12 has an invalid length. [ 676.138531][T23717] program syz.3.7967 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 676.193469][T23718] program syz.3.7967 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 676.393373][T23722] bridge_slave_0: default FDB implementation only supports local addresses [ 676.697088][T23738] openvswitch: netlink: IP tunnel TTL not specified. [ 676.925325][T23745] ipvlan2: entered allmulticast mode [ 676.945286][T23745] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 676.977547][T23753] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7983'. [ 677.219532][T23760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7987'. [ 677.340456][ T5830] IPVS: starting estimator thread 0... [ 677.429842][T23767] IPVS: using max 27 ests per chain, 64800 per kthread [ 677.524400][T23772] input: syz1 as /devices/virtual/input/input60 [ 677.752252][ T5925] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 677.933712][ T5925] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 677.946164][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.958158][ T5925] usb 3-1: Product: syz [ 677.965115][ T5925] usb 3-1: Manufacturer: syz [ 677.970529][ T5925] usb 3-1: SerialNumber: syz [ 677.995907][ T5925] usb 3-1: config 0 descriptor?? [ 678.020257][ T5925] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 094 [ 678.409991][T23802] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8005'. [ 678.430656][ T5925] (null): failure reading functionality [ 678.463782][ T5925] i2c i2c-2: connected i2c-tiny-usb device [ 678.648279][ T5830] usb 3-1: USB disconnect, device number 94 [ 678.731016][ T5885] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 678.761586][T23814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8011'. [ 678.889962][ T5885] usb 4-1: Using ep0 maxpacket: 16 [ 678.901501][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 678.924348][ T5885] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 678.945340][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.960903][ T5885] usb 4-1: config 0 descriptor?? [ 679.129914][ T5925] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 679.326454][ T5925] usb 5-1: Using ep0 maxpacket: 16 [ 679.349316][T23827] netlink: 40 bytes leftover after parsing attributes in process `syz.2.8016'. [ 679.358533][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 679.382095][ T5925] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 679.409602][ T5885] mcp2221 0003:04D8:00DD.008C: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 679.449822][ T5925] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 679.479853][ T5925] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 679.522798][ T5925] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 679.591856][ T5925] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 679.601475][ T5925] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 679.622210][ T5925] usb 5-1: Manufacturer: syz [ 679.647813][ T5925] usb 5-1: config 0 descriptor?? [ 679.657909][T23835] netlink: 'syz.2.8020': attribute type 10 has an invalid length. [ 679.688866][T23835] macvlan0: entered allmulticast mode [ 679.738389][T23835] veth1_vlan: entered allmulticast mode [ 679.784761][T23835] team0: Port device macvlan0 added [ 679.828110][ T5906] usb 4-1: USB disconnect, device number 80 [ 679.858296][T23839] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 680.199936][ T5925] rc_core: IR keymap rc-hauppauge not found [ 680.200235][T23854] hsr0: entered promiscuous mode [ 680.209539][ T5925] Registered IR keymap rc-empty [ 680.228296][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.252253][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.281277][ T5925] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 680.310083][ T5925] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input61 [ 680.350537][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.410142][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.430314][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.460065][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.490298][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.520088][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.543522][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.590084][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.619906][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.660939][ T5925] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 680.692084][ T5925] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 680.709914][ T5925] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 680.743121][ T5925] usb 5-1: USB disconnect, device number 80 [ 681.177275][T23881] netlink: 'syz.2.8041': attribute type 1 has an invalid length. [ 681.209931][T23881] netlink: 'syz.2.8041': attribute type 2 has an invalid length. [ 681.233512][T23881] netlink: 'syz.2.8041': attribute type 1 has an invalid length. [ 681.250099][T23881] netlink: 'syz.2.8041': attribute type 2 has an invalid length. [ 681.439874][ T5830] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 681.594466][ T5830] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 681.606998][ T5830] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 681.630401][ T5830] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 681.639523][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.672903][T23883] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 681.687735][ T5830] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 681.759890][ T838] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 681.905563][ T5830] usb 2-1: USB disconnect, device number 83 [ 681.919910][ T838] usb 3-1: Using ep0 maxpacket: 8 [ 681.946484][ T838] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 681.973504][ T838] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 681.991776][ T838] usb 3-1: Product: syz [ 681.996022][ T838] usb 3-1: Manufacturer: syz [ 682.008093][ T838] usb 3-1: SerialNumber: syz [ 682.027589][ T838] usb 3-1: config 0 descriptor?? [ 682.041695][ T838] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 682.114072][ T30] audit: type=1326 audit(1749913911.294:4023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23909 comm="syz.3.8055" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x0 [ 682.846496][T23932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8065'. [ 682.860015][T23932] netlink: 'syz.1.8065': attribute type 21 has an invalid length. [ 682.874066][ T838] gspca_sonixj: reg_r err -71 [ 682.878911][ T838] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 682.901438][ T838] usb 3-1: USB disconnect, device number 95 [ 683.366282][T23943] input: syz0 as /devices/virtual/input/input62 [ 684.040263][ T5925] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 684.234474][ T5925] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 684.263668][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.300919][ T5925] usb 3-1: Product: syz [ 684.305175][ T5925] usb 3-1: Manufacturer: syz [ 684.305242][T23976] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8085'. [ 684.318300][ T5925] usb 3-1: SerialNumber: syz [ 684.362399][ T5925] usb 3-1: config 0 descriptor?? [ 684.382680][ T5925] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 684.461983][T23979] bridge0: entered promiscuous mode [ 684.478691][T23979] macsec1: entered allmulticast mode [ 684.489965][T23979] bridge0: entered allmulticast mode [ 684.511797][T23979] bridge0: port 3(macsec1) entered blocking state [ 684.526773][T23979] bridge0: port 3(macsec1) entered disabled state [ 684.533374][ T30] audit: type=1326 audit(1749913913.704:4024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23936 comm="syz.3.8067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 684.533440][ T30] audit: type=1326 audit(1749913913.704:4025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23936 comm="syz.3.8067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 684.533490][ T30] audit: type=1326 audit(1749913913.704:4026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23936 comm="syz.3.8067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 684.533537][ T30] audit: type=1326 audit(1749913913.704:4027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23936 comm="syz.3.8067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 684.533583][ T30] audit: type=1326 audit(1749913913.704:4028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23936 comm="syz.3.8067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 684.533641][ T30] audit: type=1326 audit(1749913913.704:4029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23936 comm="syz.3.8067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 684.579347][ C1] vkms_vblank_simulate: vblank timer overrun [ 684.648693][ C1] vkms_vblank_simulate: vblank timer overrun [ 684.737936][T23979] bridge0: left allmulticast mode [ 684.746010][ T30] audit: type=1326 audit(1749913913.704:4030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23936 comm="syz.3.8067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 684.759832][T23979] bridge0: left promiscuous mode [ 684.771937][ T30] audit: type=1326 audit(1749913913.874:4031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23936 comm="syz.3.8067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 684.795811][ C1] vkms_vblank_simulate: vblank timer overrun [ 684.814520][ T30] audit: type=1326 audit(1749913913.874:4032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23936 comm="syz.3.8067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 685.310504][ T5925] gspca_sunplus: reg_r err -71 [ 685.325173][ T5925] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 685.354670][ T5925] usb 3-1: USB disconnect, device number 96 [ 687.698770][T24063] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 687.710409][T24063] syzkaller1: linktype set to 774 [ 688.348776][T24092] xt_CT: No such helper "snmp" [ 688.807733][T24113] loop4: detected capacity change from 0 to 524255232 [ 689.277146][T24120] ip6gretap0: entered promiscuous mode [ 689.300057][T24120] macsec1: entered allmulticast mode [ 689.305595][T24120] ip6gretap0: entered allmulticast mode [ 689.520168][T24133] input: syz0 as /devices/virtual/input/input63 [ 691.245788][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.252894][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.299574][T24190] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8181'. [ 691.437615][T24194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8182'. [ 692.409855][ T5906] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 692.575529][ T5906] usb 5-1: Using ep0 maxpacket: 16 [ 692.587469][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 692.618472][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 692.629534][ T5906] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 692.646745][ T5906] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 692.659638][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 692.693571][ T5906] usb 5-1: config 0 descriptor?? [ 692.820034][ T5925] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 692.951496][T24248] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.8208'. [ 693.002756][ T5925] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 693.018746][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.029046][ T5925] usb 2-1: Product: syz [ 693.037328][ T5925] usb 2-1: Manufacturer: syz [ 693.062434][ T5925] usb 2-1: SerialNumber: syz [ 693.091165][ T5925] usb 2-1: config 0 descriptor?? [ 693.127761][ T5906] microsoft 0003:045E:07DA.008D: unknown main item tag 0x0 [ 693.160865][ T5906] microsoft 0003:045E:07DA.008D: unknown main item tag 0x0 [ 693.230960][ T5906] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.008D/input/input64 [ 693.289164][ T5906] microsoft 0003:045E:07DA.008D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 693.322810][ T5925] cx82310_eth 2-1:0.0: probe with driver cx82310_eth failed with error -22 [ 693.370647][ T5906] usb 5-1: USB disconnect, device number 81 [ 693.542619][T24259] fido_id[24259]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 693.726136][ T5925] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 693.940337][ T838] usb 2-1: USB disconnect, device number 84 [ 694.554553][T24296] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.8228'. [ 694.565984][T24293] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.8228'. [ 695.390005][ T5925] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 695.550150][ T5906] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 695.569845][ T5925] usb 2-1: Using ep0 maxpacket: 16 [ 695.576819][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 695.588174][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 695.609816][ T5925] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 695.623254][ T5925] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 695.641777][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 695.663328][ T5925] usb 2-1: config 0 descriptor?? [ 695.723186][ T5906] usb 3-1: Using ep0 maxpacket: 32 [ 695.742033][ T5906] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 695.759904][ T5906] usb 3-1: config 0 has no interface number 0 [ 695.772709][ T5906] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 695.800050][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.808139][ T5906] usb 3-1: Product: syz [ 695.829829][ T5906] usb 3-1: Manufacturer: syz [ 695.834672][ T5906] usb 3-1: SerialNumber: syz [ 695.845700][ T5906] usb 3-1: config 0 descriptor?? [ 695.863617][ T5906] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 695.994899][T24338] syzkaller1: entered promiscuous mode [ 696.063065][T24338] syzkaller1: entered allmulticast mode [ 696.097921][ T5906] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 696.108867][ T5925] shield 0003:0955:7214.008E: unknown main item tag 0x0 [ 696.127751][ T5925] shield 0003:0955:7214.008E: unknown main item tag 0x0 [ 696.165270][ T5906] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 696.176339][ T5925] shield 0003:0955:7214.008E: unknown main item tag 0x0 [ 696.193105][ T5925] shield 0003:0955:7214.008E: unknown main item tag 0x0 [ 696.199891][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 696.211439][ T5925] shield 0003:0955:7214.008E: unknown main item tag 0x0 [ 696.246359][ T5925] input: HID 0955:7214 Haptics as /devices/virtual/input/input65 [ 696.250595][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 696.265974][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 696.299050][T24329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 696.340739][T24329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 696.475548][ T5925] shield 0003:0955:7214.008E: Registered Thunderstrike controller [ 696.520270][ T5925] shield 0003:0955:7214.008E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 696.591327][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 696.594834][ T838] usb 3-1: USB disconnect, device number 97 [ 696.634035][ T5906] shield 0003:0955:7214.008E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 696.646105][ T838] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 696.649876][ T5925] usb 2-1: USB disconnect, device number 85 [ 696.682613][ T5906] shield 0003:0955:7214.008E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 696.727617][ T5906] shield 0003:0955:7214.008E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 696.741189][ T838] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 696.794335][ T838] quatech2 3-1:0.51: device disconnected [ 696.800504][ T5906] shield 0003:0955:7214.008E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 697.012824][ T30] kauditd_printk_skb: 1117 callbacks suppressed [ 697.012846][ T30] audit: type=1326 audit(1749913926.194:5150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24352 comm="syz.4.8254" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb1678e929 code=0x0 [ 697.131377][ T30] audit: type=1326 audit(1749913926.304:5151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24354 comm="syz.3.8255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 697.225070][ T30] audit: type=1326 audit(1749913926.304:5152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24354 comm="syz.3.8255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 697.230258][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 697.313522][ T30] audit: type=1326 audit(1749913926.304:5153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24354 comm="syz.3.8255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 697.367663][ T30] audit: type=1326 audit(1749913926.304:5154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24354 comm="syz.3.8255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 697.446662][ T30] audit: type=1326 audit(1749913926.304:5155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24354 comm="syz.3.8255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 697.487807][ T30] audit: type=1326 audit(1749913926.304:5156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24354 comm="syz.3.8255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 697.517710][ T30] audit: type=1326 audit(1749913926.304:5157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24354 comm="syz.3.8255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 697.573793][ T30] audit: type=1326 audit(1749913926.314:5158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24354 comm="syz.3.8255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 697.602845][ T30] audit: type=1326 audit(1749913926.314:5159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24354 comm="syz.3.8255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 697.810110][ T5906] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 697.943403][T24363] netlink: 56 bytes leftover after parsing attributes in process `syz.1.8257'. [ 697.952925][T24363] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8257'. [ 697.994312][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 698.005425][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 698.025973][ T5906] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 698.045599][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.076588][ T5906] usb 4-1: config 0 descriptor?? [ 698.334130][T24387] netlink: 64 bytes leftover after parsing attributes in process `syz.1.8268'. [ 698.525786][ T5906] cm6533_jd 0003:0D8C:0022.008F: unknown main item tag 0x0 [ 698.554731][ T5906] cm6533_jd 0003:0D8C:0022.008F: unknown main item tag 0x0 [ 698.590211][ T5906] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.008F/input/input66 [ 698.650688][ T5906] cm6533_jd 0003:0D8C:0022.008F: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 698.732701][ T838] usb 4-1: USB disconnect, device number 81 [ 698.855202][T24392] fido_id[24392]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 699.270952][ T838] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 699.432050][ T838] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 699.453801][ T838] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 699.477750][ T838] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 699.488742][ T838] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 699.500354][ T838] usb 3-1: Manufacturer: syz [ 699.508263][ T838] usb 3-1: config 0 descriptor?? [ 699.622055][ T838] rc_core: IR keymap rc-hauppauge not found [ 699.640822][ T838] Registered IR keymap rc-empty [ 699.655143][ T838] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 699.682698][ T838] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input67 [ 699.747704][ C1] igorplugusb 3-1:0.0: Error: urb status = -32 [ 699.815592][ T5906] usb 3-1: USB disconnect, device number 98 [ 700.339958][T24441] netlink: 'syz.4.8292': attribute type 64 has an invalid length. [ 700.348330][T24441] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8292'. [ 700.372871][T24441] netlink: 'syz.4.8292': attribute type 64 has an invalid length. [ 700.392563][T24441] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8292'. [ 700.689869][ T5906] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 700.873364][ T5906] usb 3-1: Using ep0 maxpacket: 32 [ 700.885318][ T5906] usb 3-1: config 0 has an invalid interface number: 247 but max is 0 [ 700.897524][ T5906] usb 3-1: config 0 has no interface number 0 [ 700.906872][ T5906] usb 3-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 700.917661][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 700.928290][ T5906] usb 3-1: Product: syz [ 700.950475][ T5906] usb 3-1: Manufacturer: syz [ 700.968661][ T5906] usb 3-1: config 0 descriptor?? [ 701.229620][ T5906] usb 3-1: USB disconnect, device number 99 [ 701.259824][ T838] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 701.429937][ T838] usb 2-1: Using ep0 maxpacket: 8 [ 701.468983][ T838] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 701.500563][ T838] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 701.524196][ T838] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 701.538273][ T838] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 701.555679][ T838] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 701.580932][ T838] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 701.600894][ T838] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.752320][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.768276][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.783743][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.806372][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.816293][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.827150][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.846864][ T838] usb 2-1: usb_control_msg returned -32 [ 701.852744][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.864184][ T838] usbtmc 2-1:16.0: can't read capabilities [ 701.873910][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.894755][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.926351][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.934201][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.950507][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.958411][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.980962][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.988440][ T5830] hid-generic 00A0:0006:0003.0090: unknown main item tag 0x0 [ 701.999931][ T24] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 702.030068][ T5905] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 702.032637][ T5830] hid-generic 00A0:0006:0003.0090: hidraw0: HID v0.05 Device [syz1] on syz0 [ 702.073671][T24484] netlink: 788 bytes leftover after parsing attributes in process `syz.2.8312'. [ 702.160222][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 702.170503][ T24] usb 5-1: config 0 has no interfaces? [ 702.181812][ T24] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 702.191963][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 702.210117][ T24] usb 5-1: Product: syz [ 702.211694][ T5905] usb 4-1: Using ep0 maxpacket: 16 [ 702.214341][ T24] usb 5-1: Manufacturer: syz [ 702.232037][ T24] usb 5-1: SerialNumber: syz [ 702.240439][ T24] usb 5-1: config 0 descriptor?? [ 702.249520][ T5905] usb 4-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 702.277980][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 702.296130][ T5905] usb 4-1: Product: syz [ 702.310115][ T5905] usb 4-1: Manufacturer: syz [ 702.315011][ T5905] usb 4-1: SerialNumber: syz [ 702.331282][ T5905] usb 4-1: config 0 descriptor?? [ 702.437946][ T5925] usb 2-1: USB disconnect, device number 86 [ 702.472775][ T24] usb 5-1: USB disconnect, device number 82 [ 702.551563][ T5905] ums-onetouch 4-1:0.0: USB Mass Storage device detected [ 702.630577][ T5905] usb 4-1: USB disconnect, device number 82 [ 702.924755][T24506] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 703.452165][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 703.452188][ T30] audit: type=1326 audit(1749913932.614:5193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24524 comm="syz.3.8327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 703.522206][ T30] audit: type=1326 audit(1749913932.624:5194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24524 comm="syz.3.8327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 703.622179][ T30] audit: type=1326 audit(1749913932.624:5195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24524 comm="syz.3.8327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 703.700820][ T30] audit: type=1326 audit(1749913932.734:5196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24524 comm="syz.3.8327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 703.779683][ T30] audit: type=1326 audit(1749913932.734:5197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24524 comm="syz.3.8327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 703.795007][T24535] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8332'. [ 703.802329][ C0] vkms_vblank_simulate: vblank timer overrun [ 703.821008][T24535] netlink: 'syz.1.8332': attribute type 7 has an invalid length. [ 703.834536][T24535] netlink: 'syz.1.8332': attribute type 8 has an invalid length. [ 703.841895][ T30] audit: type=1326 audit(1749913932.734:5198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24524 comm="syz.3.8327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 703.865212][T24535] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8332'. [ 703.893901][T24535] gretap0: entered promiscuous mode [ 703.911003][T24535] batadv_slave_1: entered promiscuous mode [ 703.920592][ T30] audit: type=1326 audit(1749913932.734:5199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24524 comm="syz.3.8327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff48ab2ab19 code=0x7ffc0000 [ 703.943023][ T24] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 703.969808][T24535] gretap0: left promiscuous mode [ 703.976008][T24535] batadv_slave_1: left promiscuous mode [ 703.992213][ T30] audit: type=1326 audit(1749913932.734:5200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24524 comm="syz.3.8327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 704.024107][ T30] audit: type=1326 audit(1749913932.734:5201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24524 comm="syz.3.8327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 704.089861][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 704.090551][ T30] audit: type=1326 audit(1749913932.734:5202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24524 comm="syz.3.8327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff48ab8e929 code=0x7ffc0000 [ 704.102429][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 704.117477][ C0] vkms_vblank_simulate: vblank timer overrun [ 704.196256][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 704.214451][T24539] syzkaller1: entered promiscuous mode [ 704.220524][ T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 704.236137][T24539] syzkaller1: entered allmulticast mode [ 704.242063][ T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 704.257881][ T24] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 704.290520][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 704.335632][ T24] hub 3-1:1.0: bad descriptor, ignoring hub [ 704.360280][ T24] hub 3-1:1.0: probe with driver hub failed with error -5 [ 704.383703][ T24] cdc_wdm 3-1:1.0: skipping garbage [ 704.389150][ T24] cdc_wdm 3-1:1.0: skipping garbage [ 704.429371][ T24] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 704.439829][ T24] cdc_wdm 3-1:1.0: Unknown control protocol [ 704.850085][ T5885] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 705.018565][T24567] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 705.028160][ T5885] usb 4-1: Using ep0 maxpacket: 8 [ 705.042786][ T5885] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 705.070340][ T5885] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 705.105037][ T5885] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 705.135260][ T5885] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 705.157788][ T5885] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 705.208762][ T5885] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 705.240795][T24532] usb 3-1: reset high-speed USB device number 100 using dummy_hcd [ 705.280928][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 705.361187][T24573] netlink: 136 bytes leftover after parsing attributes in process `syz.1.8349'. [ 705.415170][T24573] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 705.508825][ T5885] usb 4-1: usb_control_msg returned -32 [ 705.532788][ T5885] usbtmc 4-1:16.0: can't read capabilities [ 705.587088][T24578] sctp: [Deprecated]: syz.0.8351 (pid 24578) Use of int in max_burst socket option. [ 705.587088][T24578] Use struct sctp_assoc_value instead [ 705.592245][T24577] syzkaller1: entered promiscuous mode [ 705.617688][T24577] syzkaller1: entered allmulticast mode [ 705.770702][ T5885] usb 3-1: USB disconnect, device number 100 [ 705.840672][T24584] netlink: 80 bytes leftover after parsing attributes in process `syz.4.8355'. [ 706.627269][T24608] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8364'. [ 706.639166][T24608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8364'. [ 706.666514][T24608] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8364'. [ 706.868513][T24610] vcan0: tx drop: invalid da for name 0xfffffffffffffffc [ 707.150660][T24613] all (unregistering): Released all slaves [ 707.589864][ T838] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 707.657033][ T24] usb 4-1: USB disconnect, device number 83 [ 707.758599][ T838] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 707.778576][ T838] usb 5-1: New USB device strings: Mfr=1, Product=9, SerialNumber=3 [ 707.796815][ T838] usb 5-1: Product: syz [ 707.802032][ T838] usb 5-1: Manufacturer: syz [ 707.807905][ T838] usb 5-1: SerialNumber: syz [ 707.823719][ T838] usb 5-1: config 0 descriptor?? [ 707.836268][ T838] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 708.105326][T24645] binder: 24644:24645 ioctl c018620c 200000000040 returned -22 [ 708.275775][T24651] macvlan1: entered promiscuous mode [ 708.283819][T24651] ipvlan0: entered promiscuous mode [ 708.293515][T24651] ipvlan0: left promiscuous mode [ 708.299041][T24651] macvlan1: left promiscuous mode [ 708.693563][ T838] usb 5-1: USB disconnect, device number 83 [ 709.896645][T24691] input: syz1 as /devices/virtual/input/input68 [ 710.290157][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 710.395346][T24711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8409'. [ 710.437172][T24711] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8409'. [ 710.532443][T24717] [ 710.534852][T24717] ===================================================== [ 710.541819][T24717] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 710.549328][T24717] 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 Not tainted [ 710.556476][T24717] ----------------------------------------------------- [ 710.563448][T24717] syz.1.8411/24717 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 710.571262][T24717] ffff888011ac76a8 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 710.580067][T24717] [ 710.580067][T24717] and this task is already holding: [ 710.587475][T24717] ffff888021ed0028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 710.597306][T24717] which would create a new lock dependency: [ 710.603240][T24717] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 710.611427][T24717] [ 710.611427][T24717] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 710.620922][T24717] (&dev->event_lock#2){..-.}-{3:3} [ 710.620977][T24717] [ 710.620977][T24717] ... which became SOFTIRQ-irq-safe at: [ 710.633927][T24717] lock_acquire+0x120/0x360 [ 710.638551][T24717] _raw_spin_lock_irqsave+0xa7/0xf0 [ 710.643859][T24717] input_inject_event+0xab/0x320 [ 710.648910][T24717] led_trigger_event+0x138/0x210 [ 710.653970][T24717] kbd_bh+0x1c6/0x2e0 [ 710.658057][T24717] tasklet_action_common+0x36c/0x580 [ 710.663442][T24717] handle_softirqs+0x286/0x870 [ 710.668317][T24717] __irq_exit_rcu+0xca/0x1f0 [ 710.673021][T24717] irq_exit_rcu+0x9/0x30 [ 710.677374][T24717] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 710.683120][T24717] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 710.689202][T24717] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 710.695032][T24717] evdev_write+0x2fc/0x480 [ 710.699549][T24717] vfs_write+0x27b/0xa90 [ 710.703905][T24717] ksys_write+0x145/0x250 [ 710.708330][T24717] do_syscall_64+0xfa/0x3b0 [ 710.712936][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.718968][T24717] [ 710.718968][T24717] to a SOFTIRQ-irq-unsafe lock: [ 710.726007][T24717] (tasklist_lock){.+.+}-{3:3} [ 710.726041][T24717] [ 710.726041][T24717] ... which became SOFTIRQ-irq-unsafe at: [ 710.738709][T24717] ... [ 710.738719][T24717] lock_acquire+0x120/0x360 [ 710.745913][T24717] _raw_read_lock+0x36/0x50 [ 710.750525][T24717] __do_wait+0xde/0x740 [ 710.754784][T24717] do_wait+0x1f8/0x520 [ 710.758958][T24717] kernel_wait+0xab/0x170 [ 710.763391][T24717] call_usermodehelper_exec_work+0xbe/0x230 [ 710.769406][T24717] process_scheduled_works+0xae1/0x17b0 [ 710.775069][T24717] worker_thread+0x8a0/0xda0 [ 710.779769][T24717] kthread+0x70e/0x8a0 [ 710.783947][T24717] ret_from_fork+0x3fc/0x770 [ 710.788644][T24717] ret_from_fork_asm+0x1a/0x30 [ 710.793507][T24717] [ 710.793507][T24717] other info that might help us debug this: [ 710.793507][T24717] [ 710.803747][T24717] Chain exists of: [ 710.803747][T24717] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 710.803747][T24717] [ 710.817338][T24717] Possible interrupt unsafe locking scenario: [ 710.817338][T24717] [ 710.825665][T24717] CPU0 CPU1 [ 710.831043][T24717] ---- ---- [ 710.836415][T24717] lock(tasklist_lock); [ 710.840677][T24717] local_irq_disable(); [ 710.847440][T24717] lock(&dev->event_lock#2); [ 710.854666][T24717] lock(&client->buffer_lock); [ 710.862057][T24717] [ 710.865523][T24717] lock(&dev->event_lock#2); [ 710.870401][T24717] [ 710.870401][T24717] *** DEADLOCK *** [ 710.870401][T24717] [ 710.878556][T24717] 7 locks held by syz.1.8411/24717: [ 710.883764][T24717] #0: ffff888029a82118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 710.892947][T24717] #1: ffff8881477c6230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 [ 710.903100][T24717] #2: ffffffff8e13ed60 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 [ 710.912832][T24717] #3: ffffffff8e13ed60 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 710.922440][T24717] #4: ffffffff8e13ed60 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 710.931611][T24717] #5: ffff888021ed0028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 710.941912][T24717] #6: ffffffff8e13ed60 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 710.951000][T24717] [ 710.951000][T24717] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 710.961501][T24717] -> (&dev->event_lock#2){..-.}-{3:3} { [ 710.967206][T24717] IN-SOFTIRQ-W at: [ 710.971314][T24717] lock_acquire+0x120/0x360 [ 710.977678][T24717] _raw_spin_lock_irqsave+0xa7/0xf0 [ 710.984725][T24717] input_inject_event+0xab/0x320 [ 710.991607][T24717] led_trigger_event+0x138/0x210 [ 710.998386][T24717] kbd_bh+0x1c6/0x2e0 [ 711.004237][T24717] tasklet_action_common+0x36c/0x580 [ 711.011368][T24717] handle_softirqs+0x286/0x870 [ 711.017977][T24717] __irq_exit_rcu+0xca/0x1f0 [ 711.024419][T24717] irq_exit_rcu+0x9/0x30 [ 711.030522][T24717] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 711.038110][T24717] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 711.045943][T24717] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 711.053513][T24717] evdev_write+0x2fc/0x480 [ 711.059772][T24717] vfs_write+0x27b/0xa90 [ 711.065865][T24717] ksys_write+0x145/0x250 [ 711.072029][T24717] do_syscall_64+0xfa/0x3b0 [ 711.078455][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.086189][T24717] INITIAL USE at: [ 711.090185][T24717] lock_acquire+0x120/0x360 [ 711.096448][T24717] _raw_spin_lock_irqsave+0xa7/0xf0 [ 711.103399][T24717] input_inject_event+0xab/0x320 [ 711.110091][T24717] kbd_led_trigger_activate+0xbc/0x100 [ 711.117302][T24717] led_trigger_set+0x52a/0x950 [ 711.123912][T24717] led_trigger_set_default+0x260/0x2a0 [ 711.131123][T24717] led_classdev_register_ext+0x73d/0x930 [ 711.138505][T24717] input_leds_connect+0x517/0x790 [ 711.145279][T24717] input_register_device+0xceb/0x10b0 [ 711.152405][T24717] atkbd_connect+0x70e/0x9c0 [ 711.158752][T24717] serio_driver_probe+0x82/0xa0 [ 711.165356][T24717] really_probe+0x26a/0x9a0 [ 711.171618][T24717] __driver_probe_device+0x18c/0x2f0 [ 711.178655][T24717] driver_probe_device+0x4f/0x430 [ 711.185441][T24717] __driver_attach+0x452/0x700 [ 711.191967][T24717] bus_for_each_dev+0x230/0x2b0 [ 711.198589][T24717] serio_handle_event+0x1a2/0x860 [ 711.205377][T24717] process_scheduled_works+0xae1/0x17b0 [ 711.212692][T24717] worker_thread+0x8a0/0xda0 [ 711.219034][T24717] kthread+0x70e/0x8a0 [ 711.224862][T24717] ret_from_fork+0x3fc/0x770 [ 711.231211][T24717] ret_from_fork_asm+0x1a/0x30 [ 711.237732][T24717] } [ 711.240334][T24717] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 711.249471][T24717] -> (&client->buffer_lock){....}-{3:3} { [ 711.255236][T24717] INITIAL USE at: [ 711.259144][T24717] lock_acquire+0x120/0x360 [ 711.265234][T24717] _raw_spin_lock+0x2e/0x40 [ 711.271336][T24717] evdev_pass_values+0xb9/0xbd0 [ 711.277768][T24717] evdev_events+0x1e6/0x340 [ 711.283853][T24717] input_pass_values+0x285/0x890 [ 711.290378][T24717] input_event_dispose+0x330/0x6b0 [ 711.297080][T24717] input_inject_event+0x1fe/0x320 [ 711.303691][T24717] evdev_write+0x2fc/0x480 [ 711.309689][T24717] vfs_write+0x27b/0xa90 [ 711.315524][T24717] ksys_write+0x145/0x250 [ 711.321432][T24717] do_syscall_64+0xfa/0x3b0 [ 711.327514][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.335012][T24717] } [ 711.337519][T24717] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 711.345723][T24717] ... acquired at: [ 711.349536][T24717] lock_acquire+0x120/0x360 [ 711.354242][T24717] _raw_spin_lock+0x2e/0x40 [ 711.358942][T24717] evdev_pass_values+0xb9/0xbd0 [ 711.363997][T24717] evdev_events+0x1e6/0x340 [ 711.368689][T24717] input_pass_values+0x285/0x890 [ 711.373815][T24717] input_event_dispose+0x330/0x6b0 [ 711.379163][T24717] input_inject_event+0x1fe/0x320 [ 711.384385][T24717] evdev_write+0x2fc/0x480 [ 711.388996][T24717] vfs_write+0x27b/0xa90 [ 711.393443][T24717] ksys_write+0x145/0x250 [ 711.397961][T24717] do_syscall_64+0xfa/0x3b0 [ 711.402665][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.408749][T24717] [ 711.411083][T24717] [ 711.411083][T24717] the dependencies between the lock to be acquired [ 711.411095][T24717] and SOFTIRQ-irq-unsafe lock: [ 711.424626][T24717] -> (tasklist_lock){.+.+}-{3:3} { [ 711.429961][T24717] HARDIRQ-ON-R at: [ 711.434132][T24717] lock_acquire+0x120/0x360 [ 711.440656][T24717] _raw_read_lock+0x36/0x50 [ 711.447183][T24717] __do_wait+0xde/0x740 [ 711.453363][T24717] do_wait+0x1f8/0x520 [ 711.459451][T24717] kernel_wait+0xab/0x170 [ 711.465804][T24717] call_usermodehelper_exec_work+0xbe/0x230 [ 711.473724][T24717] process_scheduled_works+0xae1/0x17b0 [ 711.481299][T24717] worker_thread+0x8a0/0xda0 [ 711.487920][T24717] kthread+0x70e/0x8a0 [ 711.494015][T24717] ret_from_fork+0x3fc/0x770 [ 711.500628][T24717] ret_from_fork_asm+0x1a/0x30 [ 711.507410][T24717] SOFTIRQ-ON-R at: [ 711.511585][T24717] lock_acquire+0x120/0x360 [ 711.518108][T24717] _raw_read_lock+0x36/0x50 [ 711.524631][T24717] __do_wait+0xde/0x740 [ 711.530806][T24717] do_wait+0x1f8/0x520 [ 711.536889][T24717] kernel_wait+0xab/0x170 [ 711.543243][T24717] call_usermodehelper_exec_work+0xbe/0x230 [ 711.551160][T24717] process_scheduled_works+0xae1/0x17b0 [ 711.558731][T24717] worker_thread+0x8a0/0xda0 [ 711.565330][T24717] kthread+0x70e/0x8a0 [ 711.571421][T24717] ret_from_fork+0x3fc/0x770 [ 711.578035][T24717] ret_from_fork_asm+0x1a/0x30 [ 711.584817][T24717] INITIAL USE at: [ 711.588899][T24717] lock_acquire+0x120/0x360 [ 711.595340][T24717] _raw_write_lock_irq+0xa2/0xf0 [ 711.602218][T24717] copy_process+0x224f/0x3c00 [ 711.608824][T24717] kernel_clone+0x21e/0x870 [ 711.615257][T24717] user_mode_thread+0xdd/0x140 [ 711.621956][T24717] rest_init+0x23/0x300 [ 711.628040][T24717] start_kernel+0x47d/0x500 [ 711.634473][T24717] x86_64_start_reservations+0x24/0x30 [ 711.641868][T24717] x86_64_start_kernel+0x143/0x1c0 [ 711.648913][T24717] common_startup_64+0x13e/0x147 [ 711.655786][T24717] INITIAL READ USE at: [ 711.660305][T24717] lock_acquire+0x120/0x360 [ 711.667201][T24717] _raw_read_lock+0x36/0x50 [ 711.674071][T24717] __do_wait+0xde/0x740 [ 711.680600][T24717] do_wait+0x1f8/0x520 [ 711.687032][T24717] kernel_wait+0xab/0x170 [ 711.693726][T24717] call_usermodehelper_exec_work+0xbe/0x230 [ 711.702025][T24717] process_scheduled_works+0xae1/0x17b0 [ 711.709950][T24717] worker_thread+0x8a0/0xda0 [ 711.716896][T24717] kthread+0x70e/0x8a0 [ 711.723334][T24717] ret_from_fork+0x3fc/0x770 [ 711.730295][T24717] ret_from_fork_asm+0x1a/0x30 [ 711.737437][T24717] } [ 711.740159][T24717] ... key at: [] tasklist_lock+0x18/0x40 [ 711.748096][T24717] ... acquired at: [ 711.752087][T24717] lock_acquire+0x120/0x360 [ 711.756790][T24717] _raw_read_lock+0x36/0x50 [ 711.761520][T24717] send_sigio+0x101/0x370 [ 711.766055][T24717] dnotify_handle_event+0x169/0x440 [ 711.771448][T24717] fsnotify+0x1814/0x1a80 [ 711.775987][T24717] vfs_mkdir+0x477/0x510 [ 711.780428][T24717] do_mkdirat+0x247/0x590 [ 711.784950][T24717] __x64_sys_mkdirat+0x87/0xa0 [ 711.789910][T24717] do_syscall_64+0xfa/0x3b0 [ 711.794605][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.800712][T24717] [ 711.803046][T24717] -> (&f_owner->lock){....}-{3:3} { [ 711.808386][T24717] INITIAL USE at: [ 711.812379][T24717] lock_acquire+0x120/0x360 [ 711.818642][T24717] _raw_write_lock_irq+0xa2/0xf0 [ 711.825342][T24717] __f_setown+0x67/0x370 [ 711.831343][T24717] generic_setlease+0xd60/0x1240 [ 711.838037][T24717] fcntl_setlease+0x3a2/0x4c0 [ 711.844470][T24717] do_fcntl+0x6a9/0x1910 [ 711.850489][T24717] __se_sys_fcntl+0xc8/0x150 [ 711.856835][T24717] do_syscall_64+0xfa/0x3b0 [ 711.863127][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.870773][T24717] INITIAL READ USE at: [ 711.875213][T24717] lock_acquire+0x120/0x360 [ 711.881908][T24717] _raw_read_lock_irq+0xaa/0xf0 [ 711.888960][T24717] do_fcntl+0x812/0x1910 [ 711.895397][T24717] __se_sys_fcntl+0xc8/0x150 [ 711.902205][T24717] do_syscall_64+0xfa/0x3b0 [ 711.908911][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.917018][T24717] } [ 711.919618][T24717] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 711.928699][T24717] ... acquired at: [ 711.932606][T24717] lock_acquire+0x120/0x360 [ 711.937318][T24717] _raw_read_lock_irqsave+0xaf/0x100 [ 711.942803][T24717] send_sigio+0x38/0x370 [ 711.947239][T24717] kill_fasync+0x24d/0x4d0 [ 711.951849][T24717] lease_break_callback+0x26/0x30 [ 711.957071][T24717] __break_lease+0x6a2/0x1620 [ 711.961937][T24717] do_dentry_open+0xd62/0x1970 [ 711.966901][T24717] vfs_open+0x3b/0x340 [ 711.971164][T24717] path_openat+0x2ee5/0x3830 [ 711.975947][T24717] do_filp_open+0x1fa/0x410 [ 711.980644][T24717] do_sys_openat2+0x121/0x1c0 [ 711.985521][T24717] __x64_sys_creat+0x8f/0xc0 [ 711.990319][T24717] do_syscall_64+0xfa/0x3b0 [ 711.995033][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.001129][T24717] [ 712.003470][T24717] -> (&new->fa_lock){....}-{3:3} { [ 712.008646][T24717] INITIAL USE at: [ 712.012555][T24717] lock_acquire+0x120/0x360 [ 712.018651][T24717] _raw_write_lock_irq+0xa2/0xf0 [ 712.025184][T24717] fasync_remove_entry+0xf1/0x1c0 [ 712.031802][T24717] lease_modify+0x1ca/0x3c0 [ 712.037890][T24717] locks_remove_file+0x4bf/0xea0 [ 712.044418][T24717] __fput+0x3ab/0xa70 [ 712.049986][T24717] task_work_run+0x1d1/0x260 [ 712.056160][T24717] exit_to_user_mode_loop+0xec/0x110 [ 712.063034][T24717] do_syscall_64+0x2bd/0x3b0 [ 712.069203][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.076677][T24717] INITIAL READ USE at: [ 712.081047][T24717] lock_acquire+0x120/0x360 [ 712.087591][T24717] _raw_read_lock_irqsave+0xaf/0x100 [ 712.094899][T24717] kill_fasync+0x199/0x4d0 [ 712.101338][T24717] mousedev_write+0x8f9/0x950 [ 712.108029][T24717] vfs_write+0x27b/0xa90 [ 712.114307][T24717] ksys_write+0x145/0x250 [ 712.120654][T24717] do_syscall_64+0xfa/0x3b0 [ 712.127167][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.135073][T24717] } [ 712.137597][T24717] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 712.146294][T24717] ... acquired at: [ 712.150139][T24717] lock_acquire+0x120/0x360 [ 712.154862][T24717] _raw_read_lock_irqsave+0xaf/0x100 [ 712.160343][T24717] kill_fasync+0x199/0x4d0 [ 712.164954][T24717] evdev_pass_values+0x627/0xbd0 [ 712.170085][T24717] evdev_events+0x1e6/0x340 [ 712.174815][T24717] input_pass_values+0x285/0x890 [ 712.179947][T24717] input_event_dispose+0x330/0x6b0 [ 712.185260][T24717] input_inject_event+0x1fe/0x320 [ 712.190482][T24717] evdev_write+0x2fc/0x480 [ 712.195094][T24717] vfs_write+0x27b/0xa90 [ 712.199548][T24717] ksys_write+0x145/0x250 [ 712.204069][T24717] do_syscall_64+0xfa/0x3b0 [ 712.208772][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.214872][T24717] [ 712.217205][T24717] [ 712.217205][T24717] stack backtrace: [ 712.223124][T24717] CPU: 1 UID: 0 PID: 24717 Comm: syz.1.8411 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 712.223148][T24717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 712.223160][T24717] Call Trace: [ 712.223169][T24717] [ 712.223177][T24717] dump_stack_lvl+0x189/0x250 [ 712.223210][T24717] ? __pfx_dump_stack_lvl+0x10/0x10 [ 712.223238][T24717] ? __pfx__printk+0x10/0x10 [ 712.223262][T24717] validate_chain+0x1f05/0x2140 [ 712.223289][T24717] __lock_acquire+0xab9/0xd20 [ 712.223317][T24717] ? kill_fasync+0x199/0x4d0 [ 712.223342][T24717] lock_acquire+0x120/0x360 [ 712.223367][T24717] ? kill_fasync+0x199/0x4d0 [ 712.223397][T24717] _raw_read_lock_irqsave+0xaf/0x100 [ 712.223424][T24717] ? kill_fasync+0x199/0x4d0 [ 712.223447][T24717] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 712.223472][T24717] ? do_raw_spin_lock+0x121/0x290 [ 712.223496][T24717] kill_fasync+0x199/0x4d0 [ 712.223520][T24717] ? kill_fasync+0x53/0x4d0 [ 712.223544][T24717] evdev_pass_values+0x627/0xbd0 [ 712.223567][T24717] ? evdev_pass_values+0x661/0xbd0 [ 712.223590][T24717] evdev_events+0x1e6/0x340 [ 712.223621][T24717] ? evdev_events+0x79/0x340 [ 712.223640][T24717] ? input_pass_values+0x8d/0x890 [ 712.223659][T24717] input_pass_values+0x285/0x890 [ 712.223680][T24717] ? input_handle_event+0x70c/0xf30 [ 712.223708][T24717] input_event_dispose+0x330/0x6b0 [ 712.223743][T24717] input_inject_event+0x1fe/0x320 [ 712.223776][T24717] ? input_inject_event+0xbc/0x320 [ 712.223805][T24717] evdev_write+0x2fc/0x480 [ 712.223827][T24717] ? __pfx_evdev_write+0x10/0x10 [ 712.223848][T24717] ? bpf_lsm_file_permission+0x9/0x20 [ 712.223875][T24717] ? security_file_permission+0x75/0x290 [ 712.223895][T24717] ? rw_verify_area+0x258/0x650 [ 712.223922][T24717] ? __pfx_evdev_write+0x10/0x10 [ 712.223943][T24717] vfs_write+0x27b/0xa90 [ 712.223973][T24717] ? __pfx_vfs_write+0x10/0x10 [ 712.224002][T24717] ? __fget_files+0x2a/0x420 [ 712.224023][T24717] ? __fget_files+0x2a/0x420 [ 712.224041][T24717] ? __fget_files+0x3a0/0x420 [ 712.224059][T24717] ? __fget_files+0x2a/0x420 [ 712.224082][T24717] ksys_write+0x145/0x250 [ 712.224099][T24717] ? __pfx_ksys_write+0x10/0x10 [ 712.224118][T24717] ? rcu_is_watching+0x15/0xb0 [ 712.224148][T24717] ? do_syscall_64+0xbe/0x3b0 [ 712.224166][T24717] do_syscall_64+0xfa/0x3b0 [ 712.224181][T24717] ? lockdep_hardirqs_on+0x9c/0x150 [ 712.224207][T24717] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.224225][T24717] ? clear_bhb_loop+0x60/0xb0 [ 712.224245][T24717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.224263][T24717] RIP: 0033:0x7fe90598e929 [ 712.224280][T24717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 712.224296][T24717] RSP: 002b:00007fe906718038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 712.224317][T24717] RAX: ffffffffffffffda RBX: 00007fe905bb5fa0 RCX: 00007fe90598e929 [ 712.224331][T24717] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000004 [ 712.224344][T24717] RBP: 00007fe905a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 712.224355][T24717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 712.224381][T24717] R13: 0000000000000000 R14: 00007fe905bb5fa0 R15: 00007fe905cdfa28 [ 712.224400][T24717]