last executing test programs: 13.854069925s ago: executing program 2 (id=5352): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000180)={0x2a, 0x0, 0xfffffffe}, 0xc) r3 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x28a}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0}) io_uring_enter(r3, 0x40f9, 0x217, 0xa5, 0x0, 0x0) 12.405893518s ago: executing program 2 (id=5357): unshare(0x2040600) syz_open_procfs$pagemap(0x0, &(0x7f0000000140)) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902"], 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r0, 0x1000}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000140), 0x3ff, r1}, 0x38) 10.704865779s ago: executing program 1 (id=5365): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000380)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x24, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @rand_addr, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@empty}, {@broadcast, 0x10001}, {@empty}, {@multicast1}, {@private}]}, @rr={0x7, 0x23, 0x0, [@remote, @empty, @empty, @multicast1, @remote, @dev, @loopback, @rand_addr]}, @noop, @lsrr={0x83, 0x3}, @generic={0x0, 0x2}]}}}}}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000100)=ANY=[@ANYBLOB="dc01c6ba1cdcc12519250000000000007f007101001300000000000000000000000000000000000000000000000000000000000000dce600000000000000", @ANYRES32=0x0, @ANYBLOB="200100000000000000000000000000020000000032000000fe8000000000000000000000000000bb00"/168], 0x1dc}}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, 0x0) r1 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=0x0, &(0x7f0000000140)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='2'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READ_FIXED) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 10.374309852s ago: executing program 1 (id=5368): statx(0xffffffffffffffff, 0xffffffffffffffff, 0x219b88a945bbfc11, 0x200, 0x0) socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_to_bond\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000540)={'bond_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {0x0, 0xa}, {0x0, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 9.411509786s ago: executing program 1 (id=5370): openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) readv(r5, &(0x7f0000000000)=[{&(0x7f0000000100)=""/54, 0x36}], 0x1) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) 8.944936971s ago: executing program 2 (id=5371): close(0xffffffffffffffff) r0 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee6, 0x0, 0x2, 0x30b}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x3406c012) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc01c64b9, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, 0x0) syz_open_dev$dri(0x0, 0x1, 0x0) 8.408720097s ago: executing program 0 (id=5373): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) fspick(0xffffffffffffffff, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0xa) dup(r2) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r4, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x2}}, 0x50) syz_fuse_handle_req(r4, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) ppoll(&(0x7f0000000140)=[{r6, 0x6402}], 0x1, 0x0, 0x0, 0x0) dup2(r6, r4) close_range(r3, 0xffffffffffffffff, 0x0) r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r9, 0xc008ae88, 0x0) r10 = open(0x0, 0x1850c2, 0x14c) ftruncate(r10, 0x200004) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) 8.236041776s ago: executing program 1 (id=5374): syz_emit_ethernet(0x4e, 0x0, 0x0) removexattr(&(0x7f00000004c0)='./file0\x00', 0x0) geteuid() r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)={0x30, 0x0, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x40) dup3(r2, r0, 0x80000) 7.690146771s ago: executing program 1 (id=5375): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) close(0x3) close(0x4) 6.86418952s ago: executing program 2 (id=5377): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r2, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001440)={0x1c, r6, 0x1, 0x80, 0x0, {{0x8}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c000) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r1) 6.677354515s ago: executing program 0 (id=5378): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@bridge_newvlan={0x3c, 0x70, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x2c, 0x3}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0x9}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0x10}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4081}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="9115463ecc790180c20000020806000108000604"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup(r2) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x1, 0x2, 0x20000000, 0xb000000, 0x515}) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) r5 = socket(0x11, 0x3, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(r5, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x4) getsockname$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000180)=0x14) 6.590938348s ago: executing program 3 (id=5379): socket$inet(0x2, 0x1, 0x0) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0xc3072, 0xffffffffffffffff, 0x204000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0xbdc, &(0x7f00000021c0)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000002180)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) 6.243072374s ago: executing program 0 (id=5381): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x3ff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) prlimit64(0x0, 0x6, 0x0, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x284a01, 0x0) 6.0239764s ago: executing program 4 (id=5382): syz_open_dev$sg(&(0x7f0000000080), 0x7f, 0x200) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4040000) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0x9, 0x14, 0x8, 0x3, 0xa, 0xb9, 0x9, 0xe, 0x5, 0xffffffffffff1892}, {0x804, 0x2f7, 0x1, 0x2, 0x7, 0x48, 0x22, 0xff, 0x0, 0x1, 0x6, 0x7f, 0x616}, {0x1, 0x2, 0x18, 0x5, 0x84, 0xbc, 0x3, 0xfe, 0x4, 0x70, 0x4, 0x9, 0x1000000000}], 0xfffffffe}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000240)={[{0x8a0, 0xfffc, 0xc, 0x44, 0x0, 0x4, 0x2, 0x9, 0x6, 0x1, 0x0, 0x3, 0x393}, {0x3, 0x1, 0x1, 0x2a, 0xff, 0x3, 0x5, 0x5, 0xb4, 0x2, 0x0, 0x6, 0x4}, {0x0, 0x8a7d, 0x9, 0x6, 0x80, 0x9, 0x1, 0x8, 0x9, 0xff, 0x4, 0x28, 0x3fc}], 0x401}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x2000001, 0x0, 0x2004cb, 0x0, 0x0, 0x68ff, 0x5, 0x0, 0x3], 0x1, 0x202}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.354997473s ago: executing program 4 (id=5383): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2, 0x8000000000000003, {}, 0xfd}, 0x18) sendmmsg(r1, &(0x7f00000075c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)="b7d4a23c7c921334", 0x8}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x8000) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r3, 0x8, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x80000001}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x1) r4 = dup(0xffffffffffffffff) r5 = syz_open_dev$cec(&(0x7f0000000200), 0xffffffffffffffff, 0x4ae60) ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r4, 0x0, 0x0) 4.606270028s ago: executing program 4 (id=5384): r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) mkdir(&(0x7f0000000140)='./control\x00', 0x5) close(r0) r1 = inotify_init1(0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) fcntl$setstatus(r0, 0x4, 0x2c00) r2 = gettid() fcntl$setown(r0, 0x8, r2) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8) inotify_add_watch(r1, &(0x7f0000000180)='./control\x00', 0xa4000960) rmdir(&(0x7f0000000100)='./control\x00') 4.368979029s ago: executing program 0 (id=5385): ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0x7) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x184}, {0xa, 0x2, 0x3}]}) ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000040)=0x93f) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x100000009, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4.360635735s ago: executing program 4 (id=5386): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x4533, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x54, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x21000, 0x0) ioctl$TIOCMIWAIT(r5, 0x545c, 0x300fff2) 4.241323692s ago: executing program 3 (id=5387): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28) shutdown(r0, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff004) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) close_range(r2, 0xffffffffffffffff, 0x0) 3.330759519s ago: executing program 0 (id=5388): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000080), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, r1}, 0x10, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="0500"], 0x48}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1d, 0x2, 0x6) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000400)={0x1d, r5, 0x2}, 0x18) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r7}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 2.934494674s ago: executing program 3 (id=5389): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000240)="ab3e29113b0daad3436c980b9ab0d681b439c0d30b40378acb973ae0cae288031f19398452bf1a84d0083d97a9d545a7a6242e7c1ca026c48d1ca07ecf73f04f8ab29fae1f24dcfeb83c8d74cad17e23"}) 2.812221541s ago: executing program 4 (id=5390): rt_sigaction(0xd, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x66) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x20800, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x88c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xf, 0xf}, {}, {0x7}}, [@TCA_RATE={0x6, 0x5, {0x1, 0xd}}, @filter_kind_options=@f_cgroup={{0xb}, {0x854, 0x2, [@TCA_CGROUP_POLICE={0x850, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x10000, 0x6, 0x7, 0xb, 0xfffffffe, 0x0, 0x80, 0x10000, 0x4, 0x2, 0xd2, 0xffffffff, 0x6, 0x0, 0x0, 0x4, 0x7, 0x38fd, 0x10001, 0x7fff, 0x1, 0x9, 0xbbc6, 0x64b0, 0xfffffffa, 0x1c, 0x1e, 0x3, 0x9, 0x10000, 0x988, 0x4, 0x6, 0x10000, 0x756e, 0x8000, 0x10000, 0x3, 0x3ada, 0x401, 0x0, 0x1bc, 0x4, 0x9, 0x80000001, 0x3, 0x100, 0x2f2, 0x475f, 0xf970, 0xf7b, 0xf, 0x2707, 0x8, 0x6, 0x1000, 0x4, 0x10001, 0x5, 0x0, 0x5, 0x8, 0x101, 0x8001, 0x1, 0xffffff81, 0x2, 0xef, 0x80, 0x7, 0x8, 0x9, 0x9, 0x3ff000, 0xde49, 0x0, 0x5, 0x4, 0xa99, 0x2, 0x200, 0x8, 0x2, 0x36d000, 0x5, 0x2, 0x0, 0x101, 0x58, 0x0, 0xde5, 0xfff, 0x0, 0x1aa8, 0x9, 0x2, 0xf, 0x400, 0x200, 0x1, 0x4, 0x2, 0x0, 0x401, 0x1ff, 0x5, 0x1, 0x5, 0xfffffffa, 0x5, 0x3, 0x5, 0x3, 0x2, 0x1ac, 0xdd64, 0x8001, 0x5, 0x3, 0xffff, 0xfffffff8, 0x7, 0x8, 0x1000, 0x1, 0x8, 0x5, 0xb08, 0xa, 0xfe7f, 0xfffffff5, 0x6, 0x7, 0xff, 0x2, 0x101, 0x2, 0x1, 0x7ff, 0x1, 0x4, 0x6, 0x4, 0x7, 0x2, 0x4, 0x0, 0x4, 0x5, 0x6, 0x4, 0xab1, 0x74f1, 0x9, 0x4a, 0x2, 0x7d2, 0x8c8a, 0xc, 0x5, 0xf6, 0x5, 0x8, 0x7f, 0x0, 0x0, 0x9c, 0x1, 0x1, 0xfffffbff, 0x5, 0x80000001, 0x10, 0x8000, 0x0, 0x0, 0xd, 0x3, 0x4, 0x6, 0x2, 0x3, 0x7, 0xfffff843, 0x6, 0x6, 0x9, 0x9, 0xffffff93, 0xd, 0xfff, 0x4, 0x80000001, 0xf93, 0x6, 0xd, 0xd, 0x7, 0x9, 0x4, 0x7fffffff, 0x5, 0xe92e, 0x2, 0x8, 0x0, 0x2, 0x2, 0xd, 0x2, 0x80, 0x4, 0x90, 0xfffffbff, 0xb0bb, 0x4, 0xc0, 0x19fa, 0x2b, 0xfffffeff, 0x6, 0x7, 0x2, 0x8, 0x0, 0x9, 0x4, 0x4, 0x4, 0xfffff000, 0x7, 0x3dbc4d99, 0x4e, 0xcef, 0x80000000, 0x400, 0x7, 0x6103, 0xf, 0x5, 0x5, 0x40, 0x5, 0x6, 0x7, 0x6, 0xe9c8, 0x1a0, 0x3fe, 0x10001, 0x8000, 0x5, 0x1000, 0x4, 0xb13]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xe, 0x9, 0x80, 0x7, 0x10, 0x8000, 0x0, 0x9, 0x2000000, 0x800004, 0x5, 0x7, 0x6, 0x8, 0xb48, 0x5, 0x9, 0x101, 0xa, 0x3, 0x5, 0xfff, 0x7, 0x10000000, 0xffffffff, 0x1d3e, 0x4, 0x22, 0xfffffffd, 0x80000000, 0x8, 0xffffffff, 0x200, 0x7fff, 0x20009, 0x5, 0x1, 0xfff, 0x402, 0x0, 0x0, 0x3d0, 0x3, 0x78b5, 0x8, 0x5, 0x9d, 0x5, 0x40, 0xf9e, 0x8, 0x1, 0xb, 0x6, 0x3, 0x8, 0x8, 0x800, 0x0, 0x3, 0xaa, 0x9, 0x4, 0x9, 0xfffffff9, 0x8, 0x7, 0x6, 0xffe, 0x800, 0x1, 0x6, 0x2, 0x81, 0x81, 0x5, 0x200, 0x401, 0x9464, 0x1, 0x7fff, 0x2, 0x9, 0x5a, 0x1a, 0x5fd, 0x81, 0x1, 0x7fffffff, 0x2, 0xf8c, 0x4, 0x6, 0x2, 0x0, 0x1, 0x6, 0xab99, 0xe, 0x1, 0x2, 0x3ff, 0x6, 0xb, 0x7f1, 0x7fffffff, 0x3, 0x40, 0x7, 0x1, 0x15, 0x1, 0x7fffffff, 0x1, 0x6, 0x3, 0x91, 0x0, 0x9, 0x4, 0x3, 0xffffff0d, 0xe, 0x7, 0xdc, 0x8, 0x80000001, 0xb, 0x6, 0x8, 0x0, 0x2f, 0xe1, 0x10000, 0x0, 0x1407, 0x9, 0x5, 0x8, 0x81, 0x1, 0x9, 0x2, 0x10000, 0x9, 0x8, 0x5, 0x3, 0x0, 0x8000, 0x4, 0x7, 0x3, 0x400, 0x2, 0x6, 0x5, 0x4e38211e, 0x0, 0xa959, 0x67, 0x400, 0x1000, 0xaf, 0xfffffff9, 0x30cfd753, 0xe0, 0x4, 0x1, 0x800, 0x9, 0x4, 0x400, 0x39a, 0x2, 0x1ff, 0x1, 0x7fff, 0xffffffff, 0x40, 0x9742393, 0x0, 0x4ef5, 0x6, 0x80000001, 0xffff0fb7, 0x1, 0x0, 0x1, 0x0, 0xe, 0x3, 0x0, 0x5000, 0x4, 0xb14, 0x6, 0xf864eed, 0xc5, 0x8, 0x7, 0x125, 0x40, 0x2, 0x3ff, 0x9, 0x10000, 0x101, 0xc, 0x0, 0x9, 0x800, 0x7, 0x4, 0x3, 0x0, 0xf34a, 0x9, 0x18, 0x3ff, 0x1, 0xde, 0x0, 0x2, 0x77f, 0x0, 0x5, 0xcd0c, 0x0, 0x3, 0x0, 0x8, 0x4, 0x3ff, 0x4, 0x1, 0x1, 0x100, 0x5553, 0x4, 0xfffffffe, 0x25f76613, 0xffffffff, 0xc7, 0x4, 0x1000, 0xf0, 0x3, 0x1, 0x7f, 0x3, 0x7fff, 0x5, 0x3, 0x101, 0x3]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x800, 0x6, 0x8, 0x8, 0x4, {0x6, 0x0, 0xb, 0x2, 0x8, 0x1}, {0x4, 0x2, 0x30, 0x1, 0x7, 0x3}, 0xb, 0x5}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x5}]}]}}]}, 0x88c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=@gettaction={0x28, 0x32, 0x301, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}]}]}, 0x28}}, 0x0) 2.702652516s ago: executing program 3 (id=5391): setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)=0x101, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, 0x0, 0x0) munlockall() setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x200, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x74, &(0x7f0000000200)={r1, 0xfffe, 0x20}, &(0x7f00000001c0)=0x18) 2.047901299s ago: executing program 3 (id=5392): getpgid(0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="23f53736cda55085f18e18330d3a57663eafd4861f6da07fa2768dbdb6fedb673162de113834769ed1774508df819e68d48a9d37cd94bd724590389d7f3b92533ae9fd27bda0ddf906ca456e9ee5666ac9d0da858c71436e07bb633d549f3d69746073a8a2f7d9b4685207536a7d867504", 0x71}], 0x1, 0x0, 0x0, 0x20000010}}], 0x1, 0x200000c0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x7ff, 0x8bb, 0xb5, 0x8, 0x0, 0x8000000000000000, 0x500, 0x3b2, 0x3, 0x5, 0x7, 0x7, 0x7, 0x3, 0x7, 0x200], 0xf000, 0x66000}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f00000003c0)={0x2a6, 0x0, "2dd82129cb82327389c3b42ee17f84200e7484f2b06fa73f76c4a3bb89519ec7f4e86c283a065a0036d64b8068332387a7480dc9962a6d38d39bb67b895f9c3cd96f038080c2c62f9ec93860609c35ff0f48eacd242f9e6ec1d9d2bb1af2f280a03771ae387b444b02406eb2890dcd7c211bea667ba841721bc40864e4eee3399fe804fd89ec4fedfa7496b29e4fce1122d61f1bed350d2e7404962a8284739051bd22963a0f3ee06aedb7c6cb64a61f96647b5b310fd35dd3fd3708c980d14ba87f0becf8c6ee2052eb8fd243ed8bfc3ba48944721e6a5f6d921177e14a6d06492664929f04bf583fe592ed5946f1991bf2a27a2ffa9a2d856e298b54347906"}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x80, '\x00', 0x0, 0x5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 809.135975ms ago: executing program 3 (id=5393): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58"}, 0x28) r0 = socket(0x10, 0x3, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000000)={0x1d, r2}, 0x10) setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f00000000c0), 0xf00) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r5, {0x7, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0) 225.517008ms ago: executing program 2 (id=5394): r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000001c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x1, {0x1, 0xff, 0x4}, 0x1}, 0x18) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000340)={0x1d, r5, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x74, r5, {0xb, 0xffeb}, {0xfff1, 0xfff2}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050) 155.251721ms ago: executing program 1 (id=5395): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r3 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@mcast2, 0x0, 0x0, 0x1, 0x4, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0xbd1, 0x0, 0x3}, {0x81, 0x2}, 0x1fffffc, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8000, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1, 0x0, 0x0, 0x7, 0x7, 0x0, 0x2}}, 0xe8) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0xffe0) 146.36572ms ago: executing program 0 (id=5396): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f0000000dc0)={{0x1, 0x3, 0x9, 0x800, 0x5, 0x5}, 0x8d, [0x7, 0x93b, 0x6, 0x1, 0x1, 0xb8a, 0x2f, 0x100, 0x5, 0x7, 0x7, 0x5, 0x41d4, 0x83, 0x4, 0xffffffff, 0x9, 0x1000, 0x77e4, 0xffff0c56, 0x3, 0x1, 0x0, 0x40, 0x9, 0x200, 0x69, 0x4, 0x0, 0x6, 0x3, 0x7, 0x8, 0x8, 0xa522, 0x100, 0xfffffff8, 0x80000001, 0x0, 0x40, 0x1, 0x6, 0x1, 0x7fffffff, 0x5eb9, 0x5, 0x9c05, 0x800000c, 0x401, 0x4, 0x75, 0x817, 0xb, 0x3, 0xda90, 0x7, 0xf, 0xbc4b, 0x106, 0xfd, 0x81, 0x6, 0x101, 0x39, 0xffffff7f, 0x6, 0x5, 0x5, 0x77, 0xfffffffd, 0x0, 0x9, 0x73f, 0x5, 0x8, 0x4, 0x3, 0xffffffff, 0x5, 0x26be23d3, 0x7, 0x2, 0x9, 0x8, 0xdd2, 0xdd2, 0x3, 0x4, 0x2, 0xfff, 0x80000001, 0x9, 0x4, 0x0, 0x3, 0x2, 0x2, 0x5, 0x2, 0x1, 0x80000001, 0x7, 0x0, 0x40, 0x5, 0x101, 0x8, 0x9, 0x334c230c, 0x6, 0x4, 0xfffffff9, 0x8, 0x3, 0xffff0000, 0x7, 0x2, 0xffffffff, 0x4, 0x3, 0x4, 0x4, 0x3f, 0x81, 0x3, 0x400, 0x4, 0x984, 0x1, 0x6, 0x7, 0x8001, 0x1ff, 0x2a3, 0x6d, 0x1, 0x10000, 0x5, 0x80000000, 0x1d01e, 0x1, 0x3, 0xfffffffb, 0x8, 0x63, 0x400, 0x5, 0x401, 0x4, 0xfff, 0x0, 0x9, 0x3, 0x8, 0xfffffff9, 0x2, 0x80000000, 0x3, 0xc, 0x1, 0xad, 0x100, 0x144, 0x2, 0xfffffffc, 0x2, 0x5, 0x0, 0x5, 0x9, 0x1, 0x4, 0x1000, 0x974, 0x5, 0x6, 0x8, 0x5, 0x88, 0x1000, 0x0, 0x1, 0x2, 0x5, 0x9, 0x0, 0x57a, 0x1, 0x0, 0x6, 0x9, 0x5c, 0x6, 0x9, 0xd22, 0x2, 0x7, 0x10, 0x8, 0xffffffff, 0x2149, 0xf, 0x26a02622, 0x7fff, 0x8, 0x8, 0x7ff, 0x5, 0x8, 0x81, 0x8, 0xff, 0x5, 0xfffffffa, 0x2, 0x2, 0xffff, 0xf, 0x5, 0x7, 0x5, 0x100, 0x1e06, 0xf, 0xdf2, 0x0, 0xbb, 0xfff, 0x400, 0x2, 0x80000000, 0x7, 0x8, 0xf9b, 0x8, 0x7ff, 0x7, 0x3ff, 0x9, 0x5, 0xcff, 0x9, 0xb7, 0x1, 0xff, 0x4, 0x5, 0x10, 0x1, 0x92a, 0x3, 0x5, 0xd, 0x5, 0x101, 0x6, 0x7fff, 0x800, 0x3, 0x4, 0x0, 0x7f, 0x200, 0x20, 0x7, 0x1000000, 0x0, 0x7f, 0x53, 0x8, 0x8, 0x5, 0x2, 0xf, 0xd81c, 0x840, 0x1, 0x9, 0x2, 0x81, 0x9, 0x3, 0x5, 0x1000, 0x8, 0x7, 0x94, 0x7, 0x8, 0x8001, 0x56f71053, 0x1, 0x867, 0x3ff, 0x40, 0x6, 0x3, 0xfff, 0x5, 0x197, 0x9, 0x6, 0x5, 0x6, 0x7, 0x0, 0xffff, 0x3, 0x1ff, 0x400, 0x3, 0xd42, 0x9, 0x5, 0x1ff, 0x4, 0x9, 0xbec, 0x5, 0x7, 0x3, 0x5, 0x64000000, 0x2, 0x1e, 0x3a, 0x6, 0x5, 0x18000, 0x2, 0xffff, 0x9, 0x6, 0x9, 0x0, 0xe4f, 0x1fffc000, 0x27b7, 0xe, 0x9, 0x9, 0x5, 0xd, 0x5, 0x7f, 0x76, 0x9, 0xc4fe, 0x9, 0x3, 0x7, 0x8, 0x87, 0x1, 0x4, 0x6, 0x40, 0x9, 0x8, 0x1, 0x6, 0x8, 0xc75e, 0x4, 0x6, 0x1b, 0xfd3, 0x2, 0x3, 0x9, 0x10, 0x4, 0x5d2f, 0x5, 0x1b, 0x3ff, 0x5, 0x8, 0x6, 0xc000000, 0x5c, 0x9, 0x541b, 0xce, 0x6, 0x4, 0x69f, 0x3, 0x5, 0x7, 0x4, 0x200, 0x7, 0x8, 0x2323, 0xfffffff7, 0xffff, 0x7ff, 0x4, 0xd, 0xffffff42, 0x89, 0x80000001, 0x3ff, 0x3, 0x554, 0xde, 0x0, 0x400, 0x3, 0x9, 0x800, 0x7cb3aca3, 0x6, 0x6, 0x4, 0xf8000002, 0x1, 0xfffffff9, 0x9, 0xffffffff, 0x0, 0x3, 0x10000, 0x4, 0x3, 0x8001, 0x8, 0xbb, 0x5, 0xf548, 0x3, 0x36c, 0xffffffff, 0x10, 0x676, 0xe67, 0x88, 0x808, 0x560, 0x6db5, 0xa7b, 0x2, 0x4, 0x9, 0x3, 0x4, 0xffffffff, 0x6, 0xed2, 0x24bdaad2, 0x9, 0x4, 0x3, 0x1, 0xd599, 0x2, 0x6c51, 0x2, 0x0, 0x0, 0x2, 0xfce6, 0xf, 0xcd0, 0x4, 0xf, 0x0, 0x9, 0x5, 0x200, 0x6, 0x5, 0x2, 0x7, 0x17, 0xc36, 0x0, 0x8fbb, 0x3, 0x5, 0x0, 0x8, 0x8, 0x1, 0x8, 0x1000001, 0x45d8, 0x9, 0x0, 0x60000, 0x7, 0x2, 0xfffffff1, 0x6, 0x2, 0xfffffd67, 0x2, 0x4, 0x5, 0x3, 0x800, 0x10, 0xa, 0xb12c, 0x5ce, 0x1, 0xfffffffd, 0xf9c8, 0x0, 0x80f4, 0x10000, 0x3, 0x8, 0x2, 0x7, 0x5, 0x8, 0x401, 0x7, 0x10, 0x0, 0x6b, 0x100, 0x8, 0x2, 0x2, 0x5273, 0xe45f, 0x10, 0x0, 0x8, 0x4, 0x7, 0x7, 0x6, 0x4, 0x8e8b, 0x5, 0x3, 0x7, 0x3, 0xe535, 0x80, 0x5, 0x6, 0x0, 0x3, 0xff, 0x7fffffff, 0x5, 0x1, 0xa, 0x4, 0x1, 0x31, 0x0, 0xee1, 0x10001, 0x3, 0xfffffffc, 0x4, 0x1, 0x6f9, 0x7, 0xb26c, 0xb, 0x0, 0xfffffff3, 0x8, 0x8, 0x3, 0x6, 0xfd, 0x3, 0x3d, 0x6, 0x80000001, 0x5, 0x7, 0x1, 0xffffffff, 0x6, 0x3d29, 0x4, 0x7, 0x8, 0xb04, 0x3, 0xea6, 0x9, 0x101, 0x4, 0x1400, 0xfffffeff, 0x7, 0x2, 0x4, 0x8, 0x7, 0xe, 0x2, 0xc, 0x2, 0x2, 0x64c1, 0x80000000, 0x200, 0x2, 0xfffffffd, 0x1, 0x91, 0x8001, 0x401, 0x781d, 0x80, 0xfffff5b0, 0x8, 0x3, 0x8, 0xfff, 0xcd800000, 0x9, 0x6, 0x0, 0x5b5, 0x7, 0x10, 0x2, 0x5, 0x10001, 0xc, 0x9e9, 0x53, 0xfffffdd5, 0xc, 0xc00, 0x40, 0x401, 0xf2a6, 0x7, 0x3, 0x2, 0x80000001, 0x3800000, 0x0, 0x3ff, 0x3, 0x7fffffff, 0x4, 0x0, 0x1, 0xf, 0x7, 0xa84d, 0x3, 0xaf, 0xaf72, 0x5f, 0x1, 0xe, 0x6, 0x9, 0x5, 0x7, 0x3, 0x5, 0x3, 0x40, 0x1000, 0x75f1, 0x4, 0x3, 0x1, 0xfffffffd, 0x4, 0x8, 0x10, 0x80, 0x2, 0x6, 0x6, 0xe, 0xc, 0x3, 0x2, 0xd, 0x5, 0xfffff3f2, 0x6, 0x8, 0x3, 0x6, 0x5, 0x3, 0x101, 0x8, 0xbd, 0xa, 0x8, 0xffffed34, 0x8000, 0x2, 0x7, 0x7, 0x55f4727b, 0xd, 0x3b, 0x5, 0x8, 0xffffffff, 0x4, 0x81, 0x6, 0xb, 0x2, 0xa53, 0xff, 0x0, 0x2, 0x5, 0x3233, 0xff, 0x6, 0x2, 0x9, 0x1, 0x0, 0x3ff, 0x5, 0x8, 0x40, 0x0, 0x40, 0x88, 0x5, 0x80, 0x4, 0xd0000000, 0x8, 0x4, 0x5, 0x5, 0x7, 0x0, 0x0, 0x76b, 0xbb, 0x2, 0x5, 0x7fff, 0x9, 0xa, 0x5, 0x80, 0x4, 0x8, 0x8, 0x1f, 0x1, 0x3, 0x4, 0xd126, 0x7, 0x5, 0x0, 0x0, 0x8, 0x4, 0x1, 0x5, 0xfffffffa, 0x8, 0x270b, 0x5, 0x7fff, 0x4, 0x5, 0x6, 0x3, 0x4, 0x13f, 0x0, 0xc906, 0x6, 0x100, 0x4, 0x3, 0x3, 0x7f, 0x2b, 0x4, 0x3, 0x3, 0x8001, 0x46f, 0x19f1, 0x6, 0x20, 0x2, 0x2, 0x6, 0x5, 0x5, 0x401, 0x5, 0x6, 0x5, 0x7, 0xb, 0x200, 0x6, 0x9, 0x7, 0x5, 0x1, 0x7f, 0x9, 0xc3b, 0xfdf5, 0x0, 0x3, 0x0, 0xf, 0x1, 0x800, 0x4f35, 0x1, 0x18, 0x5, 0x0, 0x6, 0xaa5, 0x800, 0x9, 0x7, 0x800, 0x8, 0xfffffffb, 0xff, 0x5, 0x1000, 0x8, 0x81, 0x6, 0x80, 0x9, 0x8, 0x5, 0x8, 0x8, 0x100, 0x5, 0x10, 0x3, 0x7, 0x82, 0x4, 0x40, 0xabde, 0x1, 0xb, 0x8, 0x5, 0x8, 0x7f, 0x100, 0x8, 0x9, 0x6, 0x80000001, 0x2, 0x8, 0x2, 0x7fff, 0x3, 0x6, 0x4, 0x5, 0x3, 0x0, 0x1, 0x8, 0x59, 0x1, 0x0, 0x48, 0xaa19, 0xc, 0x401, 0x1, 0x401, 0x8, 0xc11, 0x4, 0x0, 0x7, 0x2, 0x7f, 0x0, 0x1, 0xc0000, 0x7, 0x4, 0xef47, 0x3, 0x1, 0x0, 0x2, 0x1, 0x0, 0xe14f, 0x5, 0x7, 0x8, 0x7fffffff, 0x7f, 0xffffffff, 0xffffff88, 0x400, 0x7fffffff, 0x10, 0x5, 0x9, 0x5, 0x0, 0xff, 0x0, 0x8, 0x3, 0x5, 0xfffffffc, 0x9, 0x1, 0x9, 0xfffffffe, 0x40, 0x3, 0x7, 0x0, 0x1, 0x2, 0x6, 0x81, 0x4, 0x401, 0x6, 0x5, 0x3, 0x0, 0xd, 0x6, 0xc, 0x2, 0x1, 0xfffffe5c, 0x40, 0x0, 0x9, 0x24, 0x1ff, 0x4, 0xe92, 0x5, 0x6e3, 0x4, 0xff, 0x0, 0xdf, 0x5, 0x7, 0x100, 0x3ac9, 0x10001, 0xae27, 0x80, 0x5, 0x7, 0x7fff, 0x0, 0xb, 0x4, 0xffffff12, 0x1, 0x0, 0x9, 0x331d, 0x5, 0xb9, 0x7, 0x4, 0x4, 0x9, 0x6cf3, 0x8, 0x7, 0xf, 0x9, 0x9, 0xffff, 0x8000, 0x1, 0x2, 0x2, 0xdc0, 0x5, 0x100, 0x9, 0x1, 0xfffffff8, 0x800, 0x3, 0x0, 0x9, 0x644d, 0x93, 0xb0, 0x2, 0x3ff, 0x800, 0xfffffff7, 0x2, 0x0, 0xff]}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000dc0)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000d40), 0x21800, r3}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r3}, 0x38) 52.040302ms ago: executing program 4 (id=5397): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x68000) fcntl$setstatus(r0, 0x4, 0x2000) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x427c2, 0x19e) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4020aeb2, 0x0) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f0000000b40)={0x56, 0x0, 0x8, {0x80c, 0x1}, {0x45, 0x400}, @rumble={0xdc, 0x8}}) write$char_usb(r2, &(0x7f0000000040)="e2", 0x2250) 0s ago: executing program 2 (id=5398): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x32, &(0x7f0000001c80)={@random="e904a200", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x20, 0x0, @gue={{0x1, 0x1, 0x1, 0x4, 0x0, @void}, "95b8bcc0"}}}}}}, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f0000000080)={0x11, 0x800, r2, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14) r3 = socket(0x200000000000011, 0x2, 0x0) openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$packet(r3, &(0x7f0000000080)={0x11, 0x800, r2, 0x1, 0x0, 0x6, @random="933c547ecfa7"}, 0x14) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0) kernel console output (not intermixed with test programs): T17047] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1759.137599][T17047] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1759.179039][T17047] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1759.429916][T17047] usb 1-1: GET_CAPABILITIES returned 0 [ 1759.437772][T17047] usbtmc 1-1:16.0: can't read capabilities [ 1759.675475][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.684581][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.693630][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.702682][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.711724][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.720764][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.738340][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.747520][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.756572][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.765614][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.774649][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.844138][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.853439][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.862592][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.885919][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1759.895041][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1760.168289][ T886] usb 1-1: USB disconnect, device number 126 [ 1760.308040][T24324] sch_fq: defrate 4 ignored. [ 1760.424428][T17047] usb 2-1: USB disconnect, device number 4 [ 1761.367813][T24347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4575'. [ 1761.429950][T24354] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4575'. [ 1761.447666][T24353] syzkaller1: entered promiscuous mode [ 1761.454743][T24353] syzkaller1: entered allmulticast mode [ 1761.858487][T24365] tipc: Enabled bearer , priority 10 [ 1762.421747][ T886] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1762.485803][T24379] TCP: tcp_parse_options: Illegal window scaling value 236 > 14 received [ 1762.593787][ T886] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1762.614210][ T886] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1762.641700][ T886] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1762.675504][ T886] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1762.688348][ T886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1762.713803][ T886] usb 2-1: Product: syz [ 1762.718036][ T886] usb 2-1: Manufacturer: syz [ 1762.743602][ T886] usb 2-1: SerialNumber: syz [ 1762.767808][ T886] hub 2-1:1.0: bad descriptor, ignoring hub [ 1762.775220][ T886] hub 2-1:1.0: probe with driver hub failed with error -5 [ 1762.984770][ T886] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1763.259624][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 1763.259644][ T30] audit: type=1326 audit(1757549573.982:3046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24398 comm="syz.0.4598" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1763.324417][ T30] audit: type=1326 audit(1757549573.982:3047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24398 comm="syz.0.4598" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1763.352183][ T30] audit: type=1326 audit(1757549573.982:3048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24398 comm="syz.0.4598" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1763.379223][ T30] audit: type=1326 audit(1757549573.982:3049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24398 comm="syz.0.4598" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1763.486106][ T886] usb 2-1: USB disconnect, device number 5 [ 1763.517770][ T30] audit: type=1326 audit(1757549574.022:3050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24398 comm="syz.0.4598" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1763.548108][ T30] audit: type=1326 audit(1757549574.022:3051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24398 comm="syz.0.4598" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1763.594970][ T886] usblp0: removed [ 1763.646624][ T30] audit: type=1326 audit(1757549574.022:3052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24398 comm="syz.0.4598" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1763.683399][T24409] fuse: Unknown parameter 'fd0x0000000000000008' [ 1763.738911][ T30] audit: type=1326 audit(1757549574.202:3053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24402 comm="syz.3.4599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1763.959306][ T30] audit: type=1326 audit(1757549574.202:3054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24402 comm="syz.3.4599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1764.061265][ T30] audit: type=1326 audit(1757549574.202:3055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24402 comm="syz.3.4599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1765.387442][T24426] kvm: Disabled LAPIC found during irq injection [ 1765.893004][T24435] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4609'. [ 1766.957502][T24467] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4620'. [ 1767.003966][T24467] vxlan1: entered promiscuous mode [ 1767.023766][ T1111] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1767.034436][ T1111] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1767.063453][ T1111] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1767.063526][ T1111] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1767.395118][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805b6fa800: rx timeout, send abort [ 1767.407512][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805b6fa800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 1768.108946][T24482] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4626'. [ 1768.190761][T24485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4626'. [ 1768.191407][ T886] usb 4-1: new high-speed USB device number 124 using dummy_hcd [ 1768.361804][ T886] usb 4-1: Using ep0 maxpacket: 8 [ 1768.383990][ T886] usb 4-1: config 0 has no interfaces? [ 1768.397013][ T886] usb 4-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d [ 1768.412837][ T886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1768.431871][ T886] usb 4-1: Product: syz [ 1768.436188][ T886] usb 4-1: Manufacturer: syz [ 1768.448614][ T886] usb 4-1: SerialNumber: syz [ 1768.494914][ T886] usb 4-1: config 0 descriptor?? [ 1768.751687][ T5948] usb 1-1: new high-speed USB device number 127 using dummy_hcd [ 1768.787968][T24503] netlink: 'syz.4.4633': attribute type 2 has an invalid length. [ 1768.882625][ T886] usb 4-1: USB disconnect, device number 124 [ 1768.955977][ T5948] usb 1-1: config 0 has no interfaces? [ 1768.967800][ T5948] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1769.038213][ T5948] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1769.093331][ T5948] usb 1-1: Product: syz [ 1769.097651][ T5948] usb 1-1: Manufacturer: syz [ 1769.137330][T24511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4638'. [ 1769.194649][T24507] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4635'. [ 1769.206251][ T5948] usb 1-1: SerialNumber: syz [ 1769.232149][ T5948] usb 1-1: config 0 descriptor?? [ 1769.403438][T24517] tipc: Enabled bearer , priority 10 [ 1769.646909][T24495] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1770.867304][T24556] sch_fq: defrate 4 ignored. [ 1771.126183][T24560] netlink: 'syz.3.4657': attribute type 4 has an invalid length. [ 1772.081986][ T5948] usb 1-1: USB disconnect, device number 127 [ 1772.485816][T24604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4677'. [ 1772.497952][T24604] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4677'. [ 1772.545920][T24604] gtp0: entered promiscuous mode [ 1772.563510][T24604] gtp0: entered allmulticast mode [ 1773.070347][T23770] usb 5-1: new high-speed USB device number 118 using dummy_hcd [ 1773.256856][T24630] netlink: 1096 bytes leftover after parsing attributes in process `syz.3.4688'. [ 1773.260506][T23770] usb 5-1: Using ep0 maxpacket: 8 [ 1773.292493][T23770] usb 5-1: config 0 has no interfaces? [ 1773.303207][T23770] usb 5-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d [ 1773.324374][T23770] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1773.383790][T23770] usb 5-1: Product: syz [ 1773.404632][T23770] usb 5-1: Manufacturer: syz [ 1773.429738][T23770] usb 5-1: SerialNumber: syz [ 1773.484991][T23770] usb 5-1: config 0 descriptor?? [ 1773.756784][ T886] usb 5-1: USB disconnect, device number 118 [ 1773.763661][ T5948] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1773.943759][ T5948] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1773.961501][ T5948] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1774.047594][ T5948] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1774.115686][ T5948] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 1774.201792][ T5948] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 1774.256927][ T5948] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1774.268145][ T5948] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1774.277736][ T5948] usb 1-1: Product: syz [ 1774.284899][ T5948] usb 1-1: Manufacturer: syz [ 1774.325631][ T5948] cdc_wdm 1-1:1.0: skipping garbage [ 1774.335738][ T5948] cdc_wdm 1-1:1.0: skipping garbage [ 1774.348813][ T5948] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 1774.361284][ T5948] cdc_wdm 1-1:1.0: Unknown control protocol [ 1774.621720][ T5948] usb 1-1: USB disconnect, device number 2 [ 1775.000371][T23770] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 1775.214559][T23770] usb 4-1: config 0 has no interfaces? [ 1775.236319][T23770] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1775.295400][T23770] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1775.326148][T23770] usb 4-1: Product: syz [ 1775.343477][T23770] usb 4-1: Manufacturer: syz [ 1775.353530][T23770] usb 4-1: SerialNumber: syz [ 1775.379489][T23770] usb 4-1: config 0 descriptor?? [ 1775.825226][T24669] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1776.243295][T24681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4708'. [ 1776.354909][ C1] vcan0: j1939_session_tx_dat: 0xffff88805c0c8800: queue data error: -100 [ 1776.363599][ C1] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found [ 1776.371213][ C1] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found [ 1776.378923][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1776.386779][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1776.394771][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1776.402798][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1777.179173][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 1777.179193][ T30] audit: type=1326 audit(1757549587.902:3061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.2.4717" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1777.259425][ T30] audit: type=1326 audit(1757549587.942:3062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.2.4717" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1777.281575][ C1] vkms_vblank_simulate: vblank timer overrun [ 1777.333826][ T30] audit: type=1326 audit(1757549587.962:3063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.2.4717" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1777.383484][ T30] audit: type=1326 audit(1757549587.962:3064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.2.4717" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1777.407982][ T30] audit: type=1326 audit(1757549587.962:3065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.2.4717" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1777.430106][ C1] vkms_vblank_simulate: vblank timer overrun [ 1777.468617][ T30] audit: type=1326 audit(1757549587.962:3066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.2.4717" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1777.549700][ T30] audit: type=1326 audit(1757549587.972:3067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.2.4717" exe="/root/syz-executor" sig=0 arch=40000003 syscall=363 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1777.579822][ T30] audit: type=1326 audit(1757549587.972:3068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.2.4717" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1777.619066][ T30] audit: type=1326 audit(1757549587.972:3069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.2.4717" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1777.694562][ T30] audit: type=1326 audit(1757549587.972:3070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.2.4717" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1777.742296][ T5948] usb 4-1: USB disconnect, device number 125 [ 1778.375667][T24738] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4731'. [ 1779.243797][T24754] fuse: root generation should be zero [ 1779.670403][T23770] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1779.838594][T23770] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1779.869545][T23770] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1779.884169][T23770] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1779.924784][T23770] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1779.934372][T23770] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1779.954236][T23770] usb 1-1: Product: syz [ 1779.967471][T23770] usb 1-1: Manufacturer: syz [ 1779.972332][T23770] usb 1-1: SerialNumber: syz [ 1779.992271][T23770] hub 1-1:1.0: bad descriptor, ignoring hub [ 1780.003777][T23770] hub 1-1:1.0: probe with driver hub failed with error -5 [ 1780.229670][T23770] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1780.726748][T24795] loop6: detected capacity change from 0 to 2560 [ 1780.738264][T24795] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.740848][T17047] usb 1-1: USB disconnect, device number 3 [ 1780.754371][T24795] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.765993][T17047] usblp0: removed [ 1780.781887][T24795] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.867198][T24795] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.883982][T24795] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.894739][T24795] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.905564][T24795] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.919262][T24795] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.929685][T24795] ldm_validate_partition_table(): Disk read failed. [ 1780.972514][T24795] Buffer I/O error on dev loop6, logical block 0, async page read [ 1780.986580][T24795] Buffer I/O error on dev loop6, logical block 0, async page read [ 1781.068810][T24795] Dev loop6: unable to read RDB block 0 [ 1781.087237][T24795] loop6: unable to read partition table [ 1781.117700][T24795] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 1781.630952][ T5948] usb 4-1: new high-speed USB device number 126 using dummy_hcd [ 1781.811322][T23770] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1781.843216][ T5948] usb 4-1: config 0 has no interfaces? [ 1781.863963][ T5948] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1781.884889][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1781.911745][ T5948] usb 4-1: Product: syz [ 1781.925046][ T5948] usb 4-1: Manufacturer: syz [ 1781.938027][ T5948] usb 4-1: SerialNumber: syz [ 1781.954590][ T5948] usb 4-1: config 0 descriptor?? [ 1782.002754][T23770] usb 1-1: Using ep0 maxpacket: 32 [ 1782.010085][T23770] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1782.048868][T23770] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1782.102146][T23770] usb 1-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 1782.188925][T23770] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1782.214705][T23770] usb 1-1: config 0 descriptor?? [ 1782.544568][T24817] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1782.912888][T23770] hid-u2fzero 0003:10C4:8ACF.005B: unexpected long global item [ 1782.937803][T23770] hid-u2fzero 0003:10C4:8ACF.005B: probe with driver hid-u2fzero failed with error -22 [ 1783.091960][T23770] usb 1-1: USB disconnect, device number 4 [ 1783.171282][ T5948] usb 5-1: new high-speed USB device number 119 using dummy_hcd [ 1783.332632][ T5948] usb 5-1: Using ep0 maxpacket: 16 [ 1783.345987][ T5948] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1783.367933][ T5948] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1783.424913][ T5948] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1783.447185][ T5948] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1783.457860][ T5948] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1783.467988][ T5948] usb 5-1: Product: syz [ 1783.473779][ T5948] usb 5-1: Manufacturer: syz [ 1783.479242][ T5948] usb 5-1: SerialNumber: syz [ 1783.924852][ T5948] usb 5-1: 0:2 : does not exist [ 1784.018540][T24852] netlink: 260 bytes leftover after parsing attributes in process `syz.1.4777'. [ 1784.274799][T24858] syzkaller1: entered promiscuous mode [ 1784.281127][T24858] syzkaller1: entered allmulticast mode [ 1784.574606][T17047] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 1784.733294][T17047] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1784.772905][T17047] usb 2-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 1784.798865][ T886] usb 4-1: USB disconnect, device number 126 [ 1784.801008][T17047] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1784.824088][T17047] usb 2-1: config 0 descriptor?? [ 1784.832036][T24860] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 1784.963013][ T5948] usb 5-1: 1:0: failed to get current value for ch 0 (-22) [ 1785.051467][ T5948] usb 5-1: USB disconnect, device number 119 [ 1785.120136][T17264] udevd[17264]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1785.188967][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 1785.188987][ T30] audit: type=1326 audit(1757549595.912:3096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24875 comm="syz.3.4788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1785.224298][ T30] audit: type=1326 audit(1757549595.912:3097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24875 comm="syz.3.4788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1785.248811][ T30] audit: type=1326 audit(1757549595.912:3098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24875 comm="syz.3.4788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1785.277514][ T30] audit: type=1326 audit(1757549595.912:3099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24875 comm="syz.3.4788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1785.284185][T17047] kye 0003:0458:5015.005C: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 1785.307783][ T30] audit: type=1326 audit(1757549595.912:3100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24875 comm="syz.3.4788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1785.312959][ T8883] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1785.353604][ T30] audit: type=1326 audit(1757549595.912:3101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24875 comm="syz.3.4788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1785.376228][T17047] kye 0003:0458:5015.005C: hidraw0: USB HID v1.01 Device [HID 0458:5015] on usb-dummy_hcd.1-1/input0 [ 1785.376264][T17047] kye 0003:0458:5015.005C: tablet-enabling feature report not found [ 1785.376281][T17047] kye 0003:0458:5015.005C: tablet enabling failed [ 1785.419329][ T30] audit: type=1326 audit(1757549595.912:3102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24875 comm="syz.3.4788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1785.458306][ T30] audit: type=1326 audit(1757549595.912:3103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24875 comm="syz.3.4788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1785.499272][ T30] audit: type=1326 audit(1757549595.912:3104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24875 comm="syz.3.4788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1785.530689][ T8883] usb 1-1: Using ep0 maxpacket: 32 [ 1785.549361][T24880] fuse: Unknown parameter 'fd0x0000000000000008' [ 1785.594235][ T8883] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 1785.606245][ T8883] usb 1-1: config 0 has no interface number 0 [ 1785.616317][ T8883] usb 1-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 1785.709311][ T8883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1785.736929][ T8883] usb 1-1: Product: syz [ 1785.750363][ T8883] usb 1-1: Manufacturer: syz [ 1785.794626][ T8883] usb 1-1: SerialNumber: syz [ 1785.847093][ T5989] usb 2-1: USB disconnect, device number 6 [ 1785.858966][ T8883] usb 1-1: config 0 descriptor?? [ 1785.909599][ T8883] etas_es58x 1-1:0.2: Starting syz syz (Serial Number syz) [ 1786.115355][ T8883] usb 1-1: USB disconnect, device number 5 [ 1786.546785][ T30] audit: type=1326 audit(1757549597.272:3105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24896 comm="syz.1.4794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 1786.727292][T24901] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4795'. [ 1787.102349][ T8883] hid-generic 0000:0000:0000.005D: unknown main item tag 0x0 [ 1787.135121][ T8883] hid-generic 0000:0000:0000.005D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1787.346919][T24923] fuse: Unknown parameter 'fd0x0000000000000008' [ 1787.715324][T24930] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4806'. [ 1787.820493][T23770] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1788.072360][T23770] usb 2-1: Using ep0 maxpacket: 16 [ 1788.097416][T23770] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 1788.106427][T23770] usb 2-1: config 0 has no interface number 0 [ 1788.122431][T23770] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1788.149624][T23770] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1788.188399][T23770] usb 2-1: config 0 interface 41 has no altsetting 0 [ 1788.223203][T23770] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1788.250344][T23770] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1788.268803][T23770] usb 2-1: Product: syz [ 1788.291464][T23770] usb 2-1: Manufacturer: syz [ 1788.321819][T23770] usb 2-1: SerialNumber: syz [ 1788.365676][T23770] usb 2-1: config 0 descriptor?? [ 1788.391190][T24927] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1788.398724][T24927] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1788.567931][T24938] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4809'. [ 1788.594454][T24940] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4810'. [ 1788.641139][T24927] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1788.649182][T24927] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1788.736978][T24944] syzkaller1: entered promiscuous mode [ 1788.760586][T24944] syzkaller1: entered allmulticast mode [ 1789.042403][T24956] fuse: Unknown parameter '0x0000000000000008' [ 1789.201772][ T5948] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1789.276283][T23770] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 1789.381643][ T5948] usb 1-1: config 0 has no interfaces? [ 1789.397695][ T5948] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1789.415789][ T5948] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1789.445340][ T5948] usb 1-1: Product: syz [ 1789.466782][ T5948] usb 1-1: Manufacturer: syz [ 1789.528772][T23770] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 1789.549406][T23770] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to power down PHY : -71 [ 1789.579827][ T5948] usb 1-1: SerialNumber: syz [ 1789.584777][T23770] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 1789.602120][T23770] usb 2-1: USB disconnect, device number 7 [ 1789.783466][ T5948] usb 1-1: config 0 descriptor?? [ 1790.088428][T24953] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1790.176855][ T5948] usb 5-1: new high-speed USB device number 120 using dummy_hcd [ 1790.345191][ T5948] usb 5-1: Using ep0 maxpacket: 8 [ 1790.353223][ T5948] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1790.372458][ T5948] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1790.460858][ T5948] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1790.483232][ T5948] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1790.526956][ T5948] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1790.548344][ T5948] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1790.787815][ T5948] usb 5-1: GET_CAPABILITIES returned 0 [ 1790.796901][ T5948] usbtmc 5-1:16.0: can't read capabilities [ 1791.173666][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.184347][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.194283][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.203438][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.212519][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.223383][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.232502][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.243850][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.252970][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.262060][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.273824][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.282968][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.292082][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.303070][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.312182][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.322978][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1791.342922][ T5948] usb 5-1: USB disconnect, device number 120 [ 1791.695553][T24986] netlink: 108 bytes leftover after parsing attributes in process `syz.3.4827'. [ 1791.769075][T24988] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4828'. [ 1791.788056][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.795998][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1791.885555][T24992] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4830'. [ 1792.256645][ T886] usb 1-1: USB disconnect, device number 6 [ 1793.041173][ T5948] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0 [ 1793.064936][ T5948] hid-generic 0000:0000:0000.005E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1793.680816][ T12] tipc: Subscription rejected, illegal request [ 1794.287694][T25042] loop6: detected capacity change from 0 to 2560 [ 1794.359226][T25042] buffer_io_error: 11 callbacks suppressed [ 1794.359246][T25042] Buffer I/O error on dev loop6, logical block 0, async page read [ 1794.494106][T25042] Buffer I/O error on dev loop6, logical block 0, async page read [ 1794.590800][T25042] Buffer I/O error on dev loop6, logical block 0, async page read [ 1794.598903][T25042] Buffer I/O error on dev loop6, logical block 0, async page read [ 1794.667170][T25042] Buffer I/O error on dev loop6, logical block 0, async page read [ 1794.739625][T25042] Buffer I/O error on dev loop6, logical block 0, async page read [ 1794.846111][T25042] Buffer I/O error on dev loop6, logical block 0, async page read [ 1794.861144][T25042] Buffer I/O error on dev loop6, logical block 0, async page read [ 1794.898930][T25042] ldm_validate_partition_table(): Disk read failed. [ 1794.927375][T25042] Buffer I/O error on dev loop6, logical block 0, async page read [ 1794.952794][T25042] Buffer I/O error on dev loop6, logical block 0, async page read [ 1794.984431][T25042] Dev loop6: unable to read RDB block 0 [ 1795.012294][T25042] loop6: unable to read partition table [ 1795.034290][T25042] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 1795.231566][ T886] usb 5-1: new high-speed USB device number 121 using dummy_hcd [ 1795.638782][ T886] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1795.676860][ T886] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1795.702518][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 1795.702540][ T30] audit: type=1326 audit(1757549606.402:3134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25062 comm="syz.2.4860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1795.734968][ T886] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1795.781597][ T886] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1795.802416][ T30] audit: type=1326 audit(1757549606.402:3135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25062 comm="syz.2.4860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1795.841428][ T886] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1795.862314][ T886] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1795.881114][ T886] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1795.944495][T25072] fuse: Unknown parameter 'fd0x0000000000000008' [ 1795.966119][ T30] audit: type=1326 audit(1757549606.402:3136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25062 comm="syz.2.4860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1795.998338][ T30] audit: type=1326 audit(1757549606.402:3137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25062 comm="syz.2.4860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1796.131611][ T886] usb 5-1: Product: syz [ 1796.135908][ T886] usb 5-1: Manufacturer: syz [ 1796.564310][ T886] cdc_wdm 5-1:1.0: skipping garbage [ 1796.564719][ T30] audit: type=1326 audit(1757549606.402:3138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25062 comm="syz.2.4860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1796.569566][ T886] cdc_wdm 5-1:1.0: skipping garbage [ 1796.657523][T25069] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1796.686947][ T30] audit: type=1326 audit(1757549606.402:3139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25062 comm="syz.2.4860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1796.845620][ T886] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1796.850281][ T30] audit: type=1326 audit(1757549606.402:3140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25062 comm="syz.2.4860" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1796.857832][ T886] cdc_wdm 5-1:1.0: Unknown control protocol [ 1797.323325][T25080] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4864'. [ 1797.876598][T25092] kvm: MONITOR instruction emulated as NOP! [ 1798.038342][ T30] audit: type=1326 audit(1757549608.762:3141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25098 comm="syz.2.4870" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1798.090352][T23770] usb 4-1: new high-speed USB device number 127 using dummy_hcd [ 1798.601197][ T30] audit: type=1326 audit(1757549608.762:3142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25098 comm="syz.2.4870" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1798.711057][T23770] usb 4-1: config 0 has no interfaces? [ 1798.776788][ T30] audit: type=1326 audit(1757549608.762:3143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25098 comm="syz.2.4870" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1798.835120][T23770] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1798.850309][T23770] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1798.877397][T23770] usb 4-1: Product: syz [ 1798.892601][T23770] usb 4-1: Manufacturer: syz [ 1798.901472][T25106] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4871'. [ 1798.985665][T23770] usb 4-1: SerialNumber: syz [ 1799.294378][ T886] usb 5-1: USB disconnect, device number 121 [ 1799.472660][T23770] usb 4-1: config 0 descriptor?? [ 1799.520321][ T8883] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1799.718539][ T8883] usb 2-1: config 0 has no interfaces? [ 1799.768860][T25096] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1799.856901][ T8883] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1799.897864][ T8883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1799.910089][ T8883] usb 2-1: Product: syz [ 1799.914326][ T8883] usb 2-1: Manufacturer: syz [ 1799.919146][ T8883] usb 2-1: SerialNumber: syz [ 1800.101482][ T8883] usb 2-1: config 0 descriptor?? [ 1800.315451][T25122] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4878'. [ 1800.474865][T25112] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1801.874731][ T5989] usb 4-1: USB disconnect, device number 127 [ 1801.924093][T25141] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4884'. [ 1801.988121][T25143] netlink: 88 bytes leftover after parsing attributes in process `syz.3.4885'. [ 1802.066277][T25145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4886'. [ 1802.847147][T17047] usb 2-1: USB disconnect, device number 8 [ 1802.893157][ T886] usb 5-1: new high-speed USB device number 122 using dummy_hcd [ 1802.912120][ T8883] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 1803.053345][ T886] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1803.066031][ T886] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1803.077915][ T886] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1803.080278][ T8883] usb 4-1: Using ep0 maxpacket: 32 [ 1803.089276][ T886] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1803.099684][ T8883] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1803.108665][ T886] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1803.123301][ T8883] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1803.129879][ T886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1803.144425][ T8883] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1803.156322][ T886] usb 5-1: config 0 descriptor?? [ 1803.158600][ T8883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1803.201096][ T8883] usb 4-1: config 0 descriptor?? [ 1803.281783][ T5989] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1803.444436][ T5989] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1803.461880][ T5989] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1803.475175][ T5989] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1803.489941][ T5989] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1803.501670][ T5989] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1803.518593][ T5989] usb 1-1: config 0 descriptor?? [ 1803.629893][ T886] plantronics 0003:047F:FFFF.005F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1803.709560][ T8883] savu 0003:1E7D:2D5A.0060: hiddev1,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 1804.022245][ T5989] plantronics 0003:047F:FFFF.0061: hiddev2,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1804.258923][ T5989] usb 1-1: USB disconnect, device number 7 [ 1804.643582][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 1804.643603][ T30] audit: type=1326 audit(1757549615.372:3147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.1.4905" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x0 [ 1804.787684][ T886] usb 5-1: USB disconnect, device number 122 [ 1804.965907][ T30] audit: type=1326 audit(1757549615.692:3148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25209 comm="syz.0.4907" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1804.988733][ T30] audit: type=1326 audit(1757549615.692:3149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25209 comm="syz.0.4907" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.015324][ T30] audit: type=1326 audit(1757549615.692:3150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25209 comm="syz.0.4907" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.043554][ T30] audit: type=1326 audit(1757549615.692:3151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25209 comm="syz.0.4907" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.078335][ T30] audit: type=1326 audit(1757549615.692:3152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25209 comm="syz.0.4907" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.143770][ T30] audit: type=1326 audit(1757549615.692:3153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25209 comm="syz.0.4907" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.171756][ T30] audit: type=1326 audit(1757549615.692:3154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25209 comm="syz.0.4907" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1805.764866][T17047] usb 4-1: USB disconnect, device number 2 [ 1806.299993][T25240] syz_tun: entered allmulticast mode [ 1806.329526][T25237] syz_tun: left allmulticast mode [ 1806.510469][T23770] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 1806.573729][T25257] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4923'. [ 1806.583683][T25257] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4923'. [ 1806.593532][T25257] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4923'. [ 1806.680701][T23770] usb 4-1: Using ep0 maxpacket: 32 [ 1806.701189][T23770] usb 4-1: config 0 has no interfaces? [ 1806.713204][T23770] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 1806.740330][T23770] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1806.761755][T23770] usb 4-1: Product: syz [ 1806.766421][T23770] usb 4-1: Manufacturer: syz [ 1806.791224][T23770] usb 4-1: SerialNumber: syz [ 1806.802943][T23770] usb 4-1: config 0 descriptor?? [ 1806.947442][ T30] audit: type=1326 audit(1757549617.672:3155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25267 comm="syz.4.4928" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3539 code=0x7ffc0000 [ 1806.978488][ T30] audit: type=1326 audit(1757549617.672:3156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25267 comm="syz.4.4928" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3539 code=0x7ffc0000 [ 1807.039447][ T886] usb 4-1: USB disconnect, device number 3 [ 1807.718932][T25294] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4936'. [ 1807.980932][T25299] veth0_to_team: entered promiscuous mode [ 1808.942138][ T5989] usb 5-1: new high-speed USB device number 123 using dummy_hcd [ 1809.017235][T25339] veth0_to_team: entered promiscuous mode [ 1809.186601][ T5989] usb 5-1: config 0 has no interfaces? [ 1809.352800][ T5989] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1809.373250][T25343] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4954'. [ 1809.383940][ T5989] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1809.548472][ T5989] usb 5-1: Product: syz [ 1809.558526][ T5989] usb 5-1: Manufacturer: syz [ 1809.558818][T25347] netlink: 'syz.1.4955': attribute type 1 has an invalid length. [ 1809.640159][T25347] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1809.651661][T25349] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4955'. [ 1809.667381][ T5989] usb 5-1: SerialNumber: syz [ 1809.751714][ T5989] usb 5-1: config 0 descriptor?? [ 1810.500359][T25349] bond3 (unregistering): Released all slaves [ 1810.553120][T25353] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1810.601102][ T5989] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1810.793414][ T5989] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1810.805384][ T5989] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1810.835419][ T5989] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1810.867934][ T5989] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1810.915457][ T5989] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1810.927835][ T5989] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1810.944882][ T5989] usb 4-1: Manufacturer: syz [ 1810.972947][ T5989] usb 4-1: config 0 descriptor?? [ 1811.048279][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 1811.048302][ T30] audit: type=1326 audit(1757549621.772:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25359 comm="syz.0.4957" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1811.081679][ T30] audit: type=1326 audit(1757549621.772:3178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25359 comm="syz.0.4957" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1811.103799][ C1] vkms_vblank_simulate: vblank timer overrun [ 1811.414428][ T30] audit: type=1326 audit(1757549621.812:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25359 comm="syz.0.4957" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1811.436638][ C1] vkms_vblank_simulate: vblank timer overrun [ 1811.467467][ T30] audit: type=1326 audit(1757549621.812:3180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25359 comm="syz.0.4957" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1811.499860][ T5989] appleir 0003:05AC:8243.0062: unknown main item tag 0x0 [ 1811.541878][ T30] audit: type=1326 audit(1757549621.812:3181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25359 comm="syz.0.4957" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1811.584298][ T5989] appleir 0003:05AC:8243.0062: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 1811.584993][ T30] audit: type=1326 audit(1757549621.842:3182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25359 comm="syz.0.4957" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1811.621750][ T30] audit: type=1326 audit(1757549621.842:3183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25359 comm="syz.0.4957" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1811.735893][T23770] usb 5-1: USB disconnect, device number 123 [ 1811.776539][ T30] audit: type=1326 audit(1757549621.842:3184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25359 comm="syz.0.4957" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1811.991787][ T30] audit: type=1326 audit(1757549621.842:3185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25359 comm="syz.0.4957" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 1812.086267][T23770] hid-generic 0000:0000:0000.0063: unknown main item tag 0x0 [ 1812.110662][T23770] hid-generic 0000:0000:0000.0063: hidraw1: HID v0.00 Device [syz1] on syz0 [ 1813.101587][ T5989] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1813.256848][ T5989] usb 2-1: config 0 has no interfaces? [ 1813.269423][ T5989] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1813.293450][ T5989] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1813.309863][ T5989] usb 2-1: Product: syz [ 1813.324159][ T5989] usb 2-1: Manufacturer: syz [ 1813.328998][ T5989] usb 2-1: SerialNumber: syz [ 1813.346316][ T5989] usb 2-1: config 0 descriptor?? [ 1813.591357][T25393] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1813.675156][T25409] netlink: 'syz.0.4972': attribute type 4 has an invalid length. [ 1813.715995][T25409] netlink: 'syz.0.4972': attribute type 4 has an invalid length. [ 1814.319893][T25422] usb usb1: check_ctrlrecip: process 25422 (syz.3.4977) requesting ep 01 but needs 81 [ 1814.331829][T25422] usb usb1: usbfs: process 25422 (syz.3.4977) did not claim interface 0 before use [ 1814.344669][ T5869] Bluetooth: hci4: command 0x0406 tx timeout [ 1814.443359][ T886] usb 4-1: USB disconnect, device number 4 [ 1814.551899][ T8883] hid-generic 0000:0000:0000.0064: unknown main item tag 0x0 [ 1814.581674][ T8883] hid-generic 0000:0000:0000.0064: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1815.154459][ T30] audit: type=1326 audit(1757549625.882:3186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25438 comm="syz.3.4983" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1815.730334][T25445] netlink: 'syz.2.4984': attribute type 4 has an invalid length. [ 1815.795803][T25448] netlink: 'syz.2.4984': attribute type 4 has an invalid length. [ 1816.373832][T25461] IPv6: addrconf: prefix option has invalid lifetime [ 1816.957343][T23770] usb 2-1: USB disconnect, device number 9 [ 1817.450551][ T8883] usb 5-1: new high-speed USB device number 124 using dummy_hcd [ 1817.473146][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 1817.473260][ T30] audit: type=1326 audit(1757549628.202:3195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25438 comm="syz.3.4983" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1817.503606][ T30] audit: type=1326 audit(1757549628.232:3196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25438 comm="syz.3.4983" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1817.527329][T23770] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1817.615565][ T8883] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 1817.624860][ T8883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1817.635279][ T8883] usb 5-1: Product: syz [ 1817.639450][ T8883] usb 5-1: Manufacturer: syz [ 1817.644333][ T8883] usb 5-1: SerialNumber: syz [ 1817.652507][ T8883] usb 5-1: config 0 descriptor?? [ 1817.662770][ T8883] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 1817.702218][T23770] usb 2-1: Using ep0 maxpacket: 16 [ 1817.709146][T23770] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1817.720497][T23770] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1817.730782][T23770] usb 2-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1817.739853][T23770] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1817.751464][T23770] usb 2-1: config 0 descriptor?? [ 1818.078962][T23770] usbhid 2-1:0.0: can't add hid device: -71 [ 1818.085576][T23770] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1818.100649][T23770] usb 2-1: USB disconnect, device number 10 [ 1819.141589][ T886] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1819.298191][ T8883] gspca_sunplus: reg_r err -71 [ 1819.310749][ T8883] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 1819.356065][ T886] usb 2-1: config 0 has no interfaces? [ 1819.372578][ T886] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1819.384132][ T8883] usb 5-1: USB disconnect, device number 124 [ 1819.481583][ T886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1819.495782][ T886] usb 2-1: Product: syz [ 1819.500004][ T886] usb 2-1: Manufacturer: syz [ 1819.520094][ T886] usb 2-1: SerialNumber: syz [ 1819.538308][ T886] usb 2-1: config 0 descriptor?? [ 1819.574756][T25492] cgroup: fork rejected by pids controller in /syz0 [ 1819.929775][T25505] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1821.257412][T17047] hid-generic 0000:0000:0000.0065: unknown main item tag 0x0 [ 1821.293224][T17047] hid-generic 0000:0000:0000.0065: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1821.621872][ T8883] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1821.780338][ T8883] usb 4-1: Using ep0 maxpacket: 32 [ 1821.825886][ T8883] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1821.861919][ T8883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1821.884707][ T886] usb 2-1: USB disconnect, device number 11 [ 1821.898123][ T8883] usb 4-1: Product: syz [ 1821.972211][ T8883] usb 4-1: Manufacturer: syz [ 1821.999621][ T8883] usb 4-1: SerialNumber: syz [ 1822.033725][ T8883] usb 4-1: config 0 descriptor?? [ 1822.081852][ T8883] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1822.260003][T25523] netlink: 'syz.1.5011': attribute type 4 has an invalid length. [ 1822.314012][T25523] netlink: 'syz.1.5011': attribute type 4 has an invalid length. [ 1822.755665][ T5869] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1822.767416][ T5869] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1822.777771][ T5869] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1822.788019][ T5869] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1822.796760][ T5869] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1823.907593][ T8883] gspca_ov534_9: reg_w failed -71 [ 1824.015309][T25529] chnl_net:caif_netlink_parms(): no params data found [ 1824.150307][ T8883] gspca_ov534_9: Unknown sensor 0000 [ 1824.150413][ T8883] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22 [ 1824.182646][ T8883] usb 4-1: USB disconnect, device number 5 [ 1824.444766][T25529] bridge0: port 1(bridge_slave_0) entered blocking state [ 1824.452646][T25529] bridge0: port 1(bridge_slave_0) entered disabled state [ 1824.465655][T25529] bridge_slave_0: entered allmulticast mode [ 1824.474078][T25529] bridge_slave_0: entered promiscuous mode [ 1824.505087][T25529] bridge0: port 2(bridge_slave_1) entered blocking state [ 1824.512412][T25529] bridge0: port 2(bridge_slave_1) entered disabled state [ 1824.519711][T25529] bridge_slave_1: entered allmulticast mode [ 1824.540673][T25529] bridge_slave_1: entered promiscuous mode [ 1824.708175][T25529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1824.725277][T25529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1824.780500][T17047] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1824.876482][T25529] team0: Port device team_slave_0 added [ 1824.896775][T25529] team0: Port device team_slave_1 added [ 1824.901210][T10021] Bluetooth: hci0: command tx timeout [ 1824.921893][ T5948] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 1824.950343][T17047] usb 2-1: Using ep0 maxpacket: 32 [ 1824.962868][T17047] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1824.974664][T17047] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1824.986366][T17047] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1824.995513][T17047] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1825.021095][T17047] usb 2-1: config 0 descriptor?? [ 1825.027970][T25529] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1825.035431][T25529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1825.062137][T25529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1825.081433][T25529] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1825.083669][ T5948] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1825.088888][T25529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1825.131463][T25529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1825.171752][ T5948] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 1825.189330][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 1825.206496][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1825.219763][ T5948] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1825.289690][ T5948] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 1825.304238][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 1825.332749][ T5948] usb 4-1: Product: syz [ 1825.345799][ T5948] usb 4-1: Manufacturer: syz [ 1825.356498][ T5948] usb 4-1: SerialNumber: syz [ 1825.434670][ T5948] usb 4-1: config 0 descriptor?? [ 1825.444723][T25529] hsr_slave_0: entered promiscuous mode [ 1825.455586][T25529] hsr_slave_1: entered promiscuous mode [ 1825.468244][T25529] debugfs: 'hsr0' already exists in 'hsr' [ 1825.483440][T25529] Cannot create hsr debugfs directory [ 1825.525700][T17047] ft260 0003:0403:6030.0066: unknown main item tag 0x7 [ 1825.702108][ T5948] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 1825.708958][ T5948] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 1825.723253][T17047] ft260 0003:0403:6030.0066: chip code: 6424 8183 [ 1825.907545][ T5948] radio-si470x 4-1:0.0: software version 0, hardware version 0 [ 1825.918029][ T5948] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 1825.924391][T17047] ft260 0003:0403:6030.0066: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0 [ 1825.935930][ T5948] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 1826.109181][ T5948] radio-si470x 4-1:0.0: submitting int urb failed (-90) [ 1826.127507][T17047] ft260 0003:0403:6030.0066: failed to retrieve status: -32, no wakeup [ 1826.216950][T25529] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1826.383138][T25529] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1826.433488][T17047] usb 2-1: USB disconnect, device number 12 [ 1826.618249][T25529] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1826.809876][T25529] bond0: (slave netdevsim0): Releasing backup interface [ 1826.970864][T10021] Bluetooth: hci0: command tx timeout [ 1827.066371][T25588] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5032'. [ 1827.131675][ T5948] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 1827.197478][ T5948] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -22 [ 1827.274302][ T5948] usb 4-1: USB disconnect, device number 6 [ 1827.335025][T25529] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1827.369825][T25529] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1827.450903][T25529] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1827.506384][T25529] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1827.604260][T25597] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5035'. [ 1827.661913][T25597] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1827.693947][T25605] vti0: entered promiscuous mode [ 1827.707877][T25605] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1827.724431][T25605] bond3: (slave vti0): The slave device specified does not support setting the MAC address [ 1827.762181][T25605] bond3: (slave vti0): Error -95 calling set_mac_address [ 1827.780523][T17047] usb 5-1: new full-speed USB device number 125 using dummy_hcd [ 1827.923014][T25529] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1827.945186][T17047] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1827.976450][T17047] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1828.005644][T25529] 8021q: adding VLAN 0 to HW filter on device team0 [ 1828.012881][T17047] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1828.036407][T17047] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1828.053846][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 1828.061066][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1828.078131][T17047] usb 5-1: config 0 descriptor?? [ 1828.104093][T17047] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1828.126075][T17047] dvb-usb: bulk message failed: -22 (3/0) [ 1828.147385][ T3517] bridge0: port 2(bridge_slave_1) entered blocking state [ 1828.154602][ T3517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1828.164088][T17047] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1828.179941][T17047] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1828.190931][T17047] usb 5-1: media controller created [ 1828.198584][T17047] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1828.244993][T17047] dvb-usb: bulk message failed: -22 (6/0) [ 1828.252328][ T5948] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1828.265233][T17047] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1828.281778][ T886] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1828.295591][T25596] dvb-usb: bulk message failed: -22 (2/0) [ 1828.313999][T17047] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input67 [ 1828.352146][T17047] dvb-usb: schedule remote query interval to 150 msecs. [ 1828.359147][T17047] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1828.394817][T25529] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1828.422343][ T5948] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1828.424849][T17047] usb 5-1: USB disconnect, device number 125 [ 1828.437804][ T5948] usb 4-1: config 1 interface 0 altsetting 73 bulk endpoint 0x1 has invalid maxpacket 1023 [ 1828.459760][ T886] usb 2-1: Using ep0 maxpacket: 8 [ 1828.497337][ T886] usb 2-1: config 0 has an invalid interface number: 186 but max is 0 [ 1828.507179][ T5948] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1828.518036][ T886] usb 2-1: config 0 has no interface number 0 [ 1828.528218][T17047] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1828.546536][ T5948] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1828.562022][ T886] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1828.584883][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1828.594808][ T886] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 1828.616442][ T5948] usb 4-1: Product: syz [ 1828.618034][T25529] veth0_vlan: entered promiscuous mode [ 1828.622000][ T5948] usb 4-1: Manufacturer: syz [ 1828.643680][ T886] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1828.659582][T25529] veth1_vlan: entered promiscuous mode [ 1828.667710][ T5948] usb 4-1: SerialNumber: syz [ 1828.677053][ T886] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 1828.699643][T25610] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1828.708371][ T886] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 1828.720159][ T886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1828.729672][ T886] usb 2-1: Product: syz [ 1828.735538][ T886] usb 2-1: Manufacturer: syz [ 1828.742415][ T886] usb 2-1: SerialNumber: syz [ 1828.766998][ T886] usb 2-1: config 0 descriptor?? [ 1828.774682][T25529] veth0_macvtap: entered promiscuous mode [ 1828.808973][T25529] veth1_macvtap: entered promiscuous mode [ 1828.849028][T25529] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1828.874646][T25529] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1828.897993][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1828.907764][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1828.922808][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1828.942084][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1829.052320][ T886] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 1829.060402][T10021] Bluetooth: hci0: command tx timeout [ 1829.141662][T25515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1829.146884][ T5948] usblp 4-1:1.0: usblp1: USB Unidirectional printer dev 7 if 0 alt 73 proto 1 vid 0x0525 pid 0xA4A8 [ 1829.149683][T25515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1829.209705][ T5948] usb 4-1: USB disconnect, device number 7 [ 1829.258865][ T3517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1829.274058][ T5948] usblp1: removed [ 1829.284649][ T3517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1829.349931][T17046] usb 2-1: USB disconnect, device number 13 [ 1829.381705][ T886] usb 5-1: new high-speed USB device number 126 using dummy_hcd [ 1829.542831][ T886] usb 5-1: Using ep0 maxpacket: 32 [ 1829.550159][ T886] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 1829.561913][ T886] usb 5-1: config 0 has no interface number 0 [ 1829.568108][ T886] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1829.584471][ T886] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 1829.595346][ T886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1829.604881][ T886] usb 5-1: Product: syz [ 1829.609166][ T886] usb 5-1: Manufacturer: syz [ 1829.616023][ T886] usb 5-1: SerialNumber: syz [ 1829.626487][ T886] usb 5-1: config 0 descriptor?? [ 1829.646742][ T886] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 1829.657907][ T886] em28xx 5-1:0.132: Video interface 132 found: [ 1829.749880][T25630] kvm: pic: non byte write [ 1829.756627][T25630] kvm: pic: non byte write [ 1829.769538][T25630] kvm: pic: non byte write [ 1829.786547][T25630] kvm: pic: non byte write [ 1829.796915][T25630] kvm: pic: non byte write [ 1829.809401][T25633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5044'. [ 1829.819740][T25630] kvm: pic: non byte write [ 1829.835350][T25630] kvm: pic: non byte write [ 1829.846173][T25630] kvm: pic: non byte write [ 1829.872690][T25630] kvm: pic: non byte write [ 1829.877447][T25630] kvm: pic: non byte write [ 1829.958662][T25630] kvm: pic: level sensitive irq not supported [ 1829.965003][T25630] kvm: pic: level sensitive irq not supported [ 1829.988105][T25630] kvm: pic: level sensitive irq not supported [ 1830.006950][T25630] kvm: pic: single mode not supported [ 1830.054553][ T886] em28xx 5-1:0.132: unknown em28xx chip ID (0) [ 1830.422761][T25646] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 1830.429453][T25646] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1830.450094][T25646] vhci_hcd vhci_hcd.0: Device attached [ 1830.467477][T25650] vhci_hcd: connection closed [ 1830.468585][ T3517] vhci_hcd: stop threads [ 1830.478351][ T3517] vhci_hcd: release socket [ 1830.481430][ T5989] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1830.488560][ T3517] vhci_hcd: disconnect device [ 1830.492026][ T886] em28xx 5-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 1830.529830][ T886] em28xx 5-1:0.132: board has no eeprom [ 1830.611273][ T886] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 1830.621786][ T886] em28xx 5-1:0.132: analog set to bulk mode. [ 1830.627963][T17055] em28xx 5-1:0.132: Registering V4L2 extension [ 1830.671660][ T5989] usb 4-1: Using ep0 maxpacket: 32 [ 1830.682876][ T5989] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 1830.717674][ T5989] usb 4-1: config 0 has no interface number 0 [ 1830.744681][ T5989] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1830.750439][T17046] usb 5-1: USB disconnect, device number 126 [ 1830.759895][ T5989] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1830.783562][T17046] em28xx 5-1:0.132: Disconnecting em28xx [ 1830.798664][ T5989] usb 4-1: Product: syz [ 1830.821495][ T5989] usb 4-1: Manufacturer: syz [ 1830.826328][ T5989] usb 4-1: SerialNumber: syz [ 1830.852853][ T5989] usb 4-1: config 0 descriptor?? [ 1830.875480][ T5989] smsc95xx v2.0.0 [ 1830.981864][T17055] em28xx 5-1:0.132: Config register raw data: 0xffffffed [ 1830.999767][T17055] em28xx 5-1:0.132: AC97 chip type couldn't be determined [ 1831.031924][T17055] em28xx 5-1:0.132: No AC97 audio processor [ 1831.058382][T17055] usb 5-1: Decoder not found [ 1831.140396][T10021] Bluetooth: hci0: command tx timeout [ 1831.141929][T17055] em28xx 5-1:0.132: failed to create media graph [ 1831.716850][T17055] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 1831.724843][ T5989] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1831.741711][ T5989] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1831.760019][T17055] em28xx 5-1:0.132: Remote control support is not available for this card. [ 1831.800310][T17046] em28xx 5-1:0.132: Closing input extension [ 1831.864570][T17046] em28xx 5-1:0.132: Freeing device [ 1832.469195][T25673] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5057'. [ 1832.666766][T25676] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5057'. [ 1833.009096][ T5989] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1833.009436][ T5989] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 1833.024260][ T5989] usb 4-1: USB disconnect, device number 8 [ 1833.489836][T25685] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5061'. [ 1833.905214][T25701] netlink: 'syz.3.5068': attribute type 4 has an invalid length. [ 1834.345449][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802f98b800: rx timeout, send abort [ 1834.356036][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802f98b800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1834.449126][T23770] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1834.633338][T23770] usb 4-1: config 0 has no interfaces? [ 1834.789214][T23770] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1834.819835][T23770] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1834.871591][T23770] usb 4-1: Product: syz [ 1834.875804][T23770] usb 4-1: Manufacturer: syz [ 1834.940100][T23770] usb 4-1: SerialNumber: syz [ 1834.965643][T23770] usb 4-1: config 0 descriptor?? [ 1835.202270][T17046] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1835.230322][T17047] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1835.299573][T25727] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1835.412528][T17047] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1835.423966][T17046] usb 2-1: Using ep0 maxpacket: 8 [ 1835.429042][T17047] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 93, changing to 10 [ 1835.446113][T17046] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1835.456485][T17047] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 50824, setting to 1024 [ 1835.469383][T17046] usb 2-1: config 4 interface 0 has no altsetting 0 [ 1835.478269][T17047] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 63488, setting to 64 [ 1835.491297][T17046] usb 2-1: string descriptor 0 read error: -22 [ 1835.491493][T17046] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 1835.491518][T17046] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1835.511144][T17046] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 1835.512421][T17047] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1835.512451][T17047] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1835.512472][T17047] usb 1-1: Product: syz [ 1835.512487][T17047] usb 1-1: Manufacturer: syz [ 1835.512503][T17047] usb 1-1: SerialNumber: syz [ 1835.531816][T17046] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1835.532186][T17046] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 1835.532251][T17046] usb 2-1: media controller created [ 1835.616517][T17046] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1835.743892][T25723] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 1836.376575][T25723] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 1836.590903][T17047] cdc_ncm 1-1:1.0: bind() failure [ 1836.605984][T17047] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 1836.614844][T17047] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 1836.625295][T17047] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 1836.638953][T17047] usb 1-1: USB disconnect, device number 8 [ 1836.732541][T17046] zl10353_read_register: readreg error (reg=127, ret==0) [ 1836.785307][T17046] usb 2-1: USB disconnect, device number 14 [ 1837.125318][T17047] usb 4-1: USB disconnect, device number 9 [ 1837.312069][T25740] netlink: 'syz.4.5085': attribute type 1 has an invalid length. [ 1837.347923][T25743] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5086'. [ 1837.390400][T25740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1837.443329][T25744] bond0: (slave gretap1): making interface the new active one [ 1837.453986][T25744] bond0: (slave gretap1): Enslaving as an active interface with an up link [ 1837.463686][T17046] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 1837.526893][T25740] vlan0: entered allmulticast mode [ 1837.532171][T25740] bond0: entered allmulticast mode [ 1837.537313][T25740] gretap1: entered allmulticast mode [ 1837.545965][T25740] bond0: (slave vlan0): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 1837.636996][T17046] usb 1-1: Using ep0 maxpacket: 16 [ 1837.662235][T17046] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1837.690728][T17046] usb 1-1: config 0 has no interfaces? [ 1837.703553][T17046] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 1837.721629][T17046] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1837.732756][T17046] usb 1-1: Product: syz [ 1837.737730][T17046] usb 1-1: Manufacturer: syz [ 1837.742804][T17046] usb 1-1: SerialNumber: syz [ 1837.760110][T17046] usb 1-1: config 0 descriptor?? [ 1837.902120][ T5948] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1837.971706][T17055] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1838.053056][T17046] usb 1-1: USB disconnect, device number 9 [ 1838.062462][ T5948] usb 4-1: Using ep0 maxpacket: 32 [ 1838.069802][ T5948] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 1838.079240][ T5948] usb 4-1: config 0 has no interface number 0 [ 1838.086408][ T5948] usb 4-1: config 0 interface 89 has no altsetting 0 [ 1838.096481][ T5948] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 1838.107506][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1838.116874][ T5948] usb 4-1: Product: syz [ 1838.122625][ T5948] usb 4-1: Manufacturer: syz [ 1838.127249][ T5948] usb 4-1: SerialNumber: syz [ 1838.135786][ T5948] usb 4-1: config 0 descriptor?? [ 1838.149434][ T5948] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1838.162877][T17055] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1838.174321][ T5948] em28xx 4-1:0.89: Video interface 89 found: bulk [ 1838.181938][T17055] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1838.189941][T17055] usb 2-1: Product: syz [ 1838.195171][T17055] usb 2-1: Manufacturer: syz [ 1838.199835][T17055] usb 2-1: SerialNumber: syz [ 1838.655690][T25759] kvm: pic: non byte read [ 1838.660480][T25759] kvm: pic: level sensitive irq not supported [ 1838.660558][T25759] kvm: pic: non byte read [ 1838.674379][T25759] kvm: pic: level sensitive irq not supported [ 1838.674469][T25759] kvm: pic: non byte read [ 1838.686030][T25759] kvm: pic: level sensitive irq not supported [ 1838.686110][T25759] kvm: pic: non byte read [ 1838.697619][T25759] kvm: pic: level sensitive irq not supported [ 1838.697706][T25759] kvm: pic: non byte read [ 1838.709794][T25759] kvm: pic: level sensitive irq not supported [ 1838.709870][T25759] kvm: pic: non byte read [ 1838.721042][T25759] kvm: pic: level sensitive irq not supported [ 1838.721122][T25759] kvm: pic: non byte read [ 1838.732064][T25759] kvm: pic: level sensitive irq not supported [ 1838.732145][T25759] kvm: pic: non byte read [ 1838.743173][T25759] kvm: pic: level sensitive irq not supported [ 1838.743252][T25759] kvm: pic: non byte read [ 1838.754835][ T5948] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 1838.754985][T25759] kvm: pic: level sensitive irq not supported [ 1838.761598][T25759] kvm: pic: non byte read [ 1838.772619][T25759] kvm: pic: level sensitive irq not supported [ 1839.601232][ T5948] em28xx 4-1:0.89: write to i2c device at 0xa0 failed with unknown error (status=1) [ 1839.635234][ T5948] em28xx 4-1:0.89: failed to read eeprom (err=-5) [ 1839.645287][T17055] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 1839.661861][ T5948] em28xx 4-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 1839.852196][ T5948] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 1839.859704][ T5948] em28xx 4-1:0.89: analog set to bulk mode. [ 1839.868184][ T886] em28xx 4-1:0.89: Registering V4L2 extension [ 1839.899093][ T5948] usb 4-1: USB disconnect, device number 10 [ 1839.910154][ T5948] em28xx 4-1:0.89: Disconnecting em28xx [ 1839.948538][ T886] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 1839.964282][ T886] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 1839.982027][ T886] em28xx 4-1:0.89: No AC97 audio processor [ 1840.005661][ T886] usb 4-1: Decoder not found [ 1840.013184][ T886] em28xx 4-1:0.89: failed to create media graph [ 1840.023745][ T886] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 1840.049442][ T886] em28xx 4-1:0.89: Registering snapshot button... [ 1840.078853][ T886] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input68 [ 1840.109229][T17055] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 1840.125829][ T886] em28xx 4-1:0.89: Remote control support is not available for this card. [ 1840.142507][T17055] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 1840.161952][ T5948] em28xx 4-1:0.89: Closing input extension [ 1840.173303][ T5948] em28xx 4-1:0.89: Deregistering snapshot button [ 1840.179742][T17055] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1840.195525][T17055] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1840.221458][T17055] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 1840.254948][ T5948] em28xx 4-1:0.89: Freeing device [ 1840.265216][T17055] usb 2-1: USB disconnect, device number 15 [ 1841.630420][T23770] usb 5-1: new high-speed USB device number 127 using dummy_hcd [ 1841.828667][T23770] usb 5-1: config 0 has no interfaces? [ 1841.872550][T23770] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1841.893831][T23770] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1841.935323][T23770] usb 5-1: Product: syz [ 1841.939534][T23770] usb 5-1: Manufacturer: syz [ 1841.971810][T23770] usb 5-1: SerialNumber: syz [ 1842.006639][T23770] usb 5-1: config 0 descriptor?? [ 1842.081856][T17055] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1842.163071][T25803] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1842.244166][T17055] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1842.252889][T25803] bridge0: port 2(bridge_slave_1) entered disabled state [ 1842.264773][T25803] bridge0: port 1(bridge_slave_0) entered disabled state [ 1842.297219][T17055] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1842.373238][T25803] bridge0: entered allmulticast mode [ 1842.409467][T17055] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1842.427950][T17055] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1842.448766][T17055] usb 4-1: Product: syz [ 1842.529298][T17055] usb 4-1: Manufacturer: syz [ 1842.543458][T17055] usb 4-1: SerialNumber: syz [ 1842.551598][T25806] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1843.109507][T25801] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1843.476804][T25818] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5112'. [ 1843.707883][T25818] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5112'. [ 1843.871861][T25801] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1844.099138][T17055] cdc_mbim 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 1844.107367][T17055] cdc_mbim 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 1844.116703][T17055] cdc_mbim 4-1:1.0: setting rx_max = 2048 [ 1844.196525][T25823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5114'. [ 1844.267881][T25823] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5114'. [ 1844.299062][T17055] cdc_mbim 4-1:1.0: setting tx_max = 184 [ 1844.302298][T25823] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5114'. [ 1844.377727][T17055] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device [ 1845.114044][T17055] wwan wwan0: port wwan0mbim0 attached [ 1845.153214][T17055] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42 [ 1845.194928][T17055] usb 4-1: USB disconnect, device number 11 [ 1845.285222][T17055] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM [ 1845.391155][T23770] usb 5-1: USB disconnect, device number 127 [ 1845.758738][T17055] wwan wwan0: port wwan0mbim0 disconnected [ 1845.784370][ T886] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 1845.959622][ T886] usb 1-1: config 0 has no interfaces? [ 1846.063056][ T886] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1846.224828][ T886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1846.318833][ T886] usb 1-1: Product: syz [ 1846.331774][ T886] usb 1-1: Manufacturer: syz [ 1846.342937][ T886] usb 1-1: SerialNumber: syz [ 1846.367224][ T886] usb 1-1: config 0 descriptor?? [ 1846.885283][T25832] bridge0: port 2(bridge_slave_1) entered blocking state [ 1846.892560][T25832] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1846.900258][T25832] bridge0: port 1(bridge_slave_0) entered blocking state [ 1846.907472][T25832] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1846.974721][T25832] bridge0: left allmulticast mode [ 1847.031776][T25832] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1847.079246][T25868] syz_tun: entered allmulticast mode [ 1847.138805][T25868] syz_tun: left allmulticast mode [ 1848.920903][T17046] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 1849.178502][T17046] usb 5-1: config 0 has no interfaces? [ 1849.252850][T17047] usb 1-1: USB disconnect, device number 10 [ 1849.262482][T17046] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1849.285393][T17046] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1849.336270][T17046] usb 5-1: Product: syz [ 1849.374018][T17046] usb 5-1: Manufacturer: syz [ 1849.394192][T17046] usb 5-1: SerialNumber: syz [ 1849.437763][T17046] usb 5-1: config 0 descriptor?? [ 1849.980932][T25920] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1852.035809][T25958] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5145'. [ 1852.124068][T25958] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5145'. [ 1852.192113][T25958] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5145'. [ 1852.245608][T25958] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5145'. [ 1852.683214][T25623] usb 5-1: USB disconnect, device number 2 [ 1853.378001][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.384648][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1853.417559][ T30] audit: type=1326 audit(1757549664.122:3197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25976 comm="syz.0.5150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1853.549974][ T30] audit: type=1326 audit(1757549664.122:3198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25976 comm="syz.0.5150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1853.607578][ T30] audit: type=1326 audit(1757549664.122:3199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25976 comm="syz.0.5150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1853.758793][ T30] audit: type=1326 audit(1757549664.122:3200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25976 comm="syz.0.5150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1853.863959][ T30] audit: type=1326 audit(1757549664.122:3201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25976 comm="syz.0.5150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1853.944708][ T30] audit: type=1326 audit(1757549664.122:3202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25976 comm="syz.0.5150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1856.556327][T26035] syzkaller0: entered promiscuous mode [ 1856.571985][T26035] syzkaller0: entered allmulticast mode [ 1858.415833][T26056] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5164'. [ 1858.618574][T26059] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5164'. [ 1860.098691][T26045] syz.3.5161 (26045): drop_caches: 1 [ 1860.366372][T26062] netlink: 'syz.3.5165': attribute type 10 has an invalid length. [ 1861.292770][T26062] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1861.539101][T26075] syzkaller0: create flow: hash 4258881725 index 1 [ 1861.814239][T26064] syzkaller0: delete flow: hash 4258881725 index 1 [ 1861.961832][ T5948] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 1862.131638][ T5948] usb 5-1: Using ep0 maxpacket: 16 [ 1862.145452][ T5948] usb 5-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 1862.168337][ T5948] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1862.215194][ T5948] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1862.226989][ T5948] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1862.237433][ T5948] usb 5-1: Product: syz [ 1862.243279][ T5948] usb 5-1: Manufacturer: syz [ 1862.248143][ T5948] usb 5-1: SerialNumber: syz [ 1862.490056][ T5948] usb 5-1: 0:2 : does not exist [ 1862.507103][ T5948] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 1862.591896][ T5948] usb 5-1: USB disconnect, device number 3 [ 1862.669643][T26072] udevd[26072]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1862.790490][T17046] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 1862.968679][T17046] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1862.989287][T17046] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 1863.020380][T17046] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1863.029476][T17046] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1863.038219][T17046] usb 1-1: Manufacturer: syz [ 1863.074077][T17046] usb 1-1: config 0 descriptor?? [ 1863.357885][T25623] usb 1-1: USB disconnect, device number 11 [ 1863.763732][T17046] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 1863.925661][T17046] usb 5-1: Using ep0 maxpacket: 8 [ 1863.954969][T17046] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 1863.965252][T17046] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1863.973690][T17046] usb 5-1: Product: syz [ 1863.978119][T17046] usb 5-1: Manufacturer: syz [ 1863.982794][T17046] usb 5-1: SerialNumber: syz [ 1863.991310][T17046] usb 5-1: config 0 descriptor?? [ 1864.000535][T17046] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 1866.004318][T17046] gspca_sonixj: reg_r err -71 [ 1866.016371][T17046] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 1866.034866][T17046] usb 5-1: USB disconnect, device number 4 [ 1867.097717][T26137] netlink: 'syz.1.5193': attribute type 1 has an invalid length. [ 1867.201274][T25623] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 1867.289429][T26137] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1867.353842][T25623] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1867.389358][T25623] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1867.401171][T26138] bond4: (slave gretap1): making interface the new active one [ 1867.404366][T26138] bond4: (slave gretap1): Enslaving as an active interface with an up link [ 1867.528351][T25623] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1867.641644][T25623] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1867.654064][T25623] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1867.674377][T25623] usb 5-1: config 0 descriptor?? [ 1868.142896][T25623] plantronics 0003:047F:FFFF.0067: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1868.382863][T17046] usb 5-1: USB disconnect, device number 5 [ 1868.565980][T26154] fido_id[26154]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 1869.031277][ T5948] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 1869.227413][ T5948] usb 4-1: config 0 has an invalid interface number: 113 but max is 0 [ 1869.238246][ T5948] usb 4-1: config 0 has no interface number 0 [ 1869.647677][ T5948] usb 4-1: config 0 interface 113 has no altsetting 0 [ 1869.667515][ T30] audit: type=1326 audit(1757549680.392:3203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26166 comm="syz.2.5203" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1869.782556][ T5948] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1869.792672][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1869.802664][ T5948] usb 4-1: Product: syz [ 1869.806900][ T5948] usb 4-1: Manufacturer: syz [ 1869.817092][ T5948] usb 4-1: SerialNumber: syz [ 1869.888151][ T5948] usb 4-1: config 0 descriptor?? [ 1869.917224][ T5948] pn533_usb 4-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint [ 1870.006284][ T30] audit: type=1326 audit(1757549680.392:3204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26166 comm="syz.2.5203" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1870.281538][ T30] audit: type=1326 audit(1757549680.392:3205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26166 comm="syz.2.5203" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1870.370118][ T30] audit: type=1326 audit(1757549680.392:3206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26166 comm="syz.2.5203" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1870.399778][ T30] audit: type=1326 audit(1757549680.392:3207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26166 comm="syz.2.5203" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1870.484438][ T30] audit: type=1326 audit(1757549680.392:3208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26166 comm="syz.2.5203" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1870.514669][ T30] audit: type=1326 audit(1757549680.392:3209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26166 comm="syz.2.5203" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1870.538882][ T30] audit: type=1326 audit(1757549680.392:3210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26166 comm="syz.2.5203" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1870.561341][ T30] audit: type=1326 audit(1757549680.392:3211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26166 comm="syz.2.5203" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1870.664531][T17046] usb 4-1: USB disconnect, device number 12 [ 1871.118403][ T30] audit: type=1326 audit(1757549681.842:3212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26183 comm="syz.0.5208" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x0 [ 1871.680666][ T8883] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1871.860254][ T8883] usb 2-1: Using ep0 maxpacket: 16 [ 1871.876761][ T8883] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1871.909067][ T8883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1871.937295][ T8883] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1871.953426][ T8883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1871.969710][ T8883] usb 2-1: Product: syz [ 1871.980609][ T8883] usb 2-1: Manufacturer: syz [ 1871.990546][ T8883] usb 2-1: SerialNumber: syz [ 1872.004546][ T8883] usb 2-1: config 0 descriptor?? [ 1872.029760][ T8883] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1872.065256][ T8883] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 1872.107683][T26206] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5217'. [ 1872.634095][T26225] vlan0: entered allmulticast mode [ 1872.640860][ T8883] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 1872.656089][T26225] bond0: entered allmulticast mode [ 1872.670126][ T8883] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 1872.681749][T26225] bond_slave_0: entered allmulticast mode [ 1872.707280][T26225] @0Ù: entered allmulticast mode [ 1872.739715][T26225] dummy0: entered allmulticast mode [ 1872.777636][T26225] syz_tun: entered allmulticast mode [ 1873.084276][T17047] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 1873.154384][T26240] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1873.258511][T26245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5232'. [ 1873.276881][T17047] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 1873.298479][T17047] usb 1-1: config 0 has no interface number 0 [ 1873.311641][ T8883] em28xx 2-1:0.0: AC97 command still being executed: not handled properly! [ 1873.325759][T17047] usb 1-1: config 0 interface 41 has no altsetting 0 [ 1873.345931][ T8883] em28xx 2-1:0.0: Unknown AC97 audio processor detected! [ 1873.356146][T17047] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1873.365708][T17047] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1873.375130][T17047] usb 1-1: Product: syz [ 1873.379687][T17047] usb 1-1: Manufacturer: syz [ 1873.379867][T26245] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5232'. [ 1873.385407][T17047] usb 1-1: SerialNumber: syz [ 1873.391576][T17047] usb 1-1: config 0 descriptor?? [ 1873.525985][ T8883] em28xx 2-1:0.0: AC97 command still being executed: not handled properly! [ 1873.541601][ T5948] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1873.771748][ T8883] em28xx 2-1:0.0: couldn't setup AC97 register 2 [ 1873.787981][ T8883] em28xx 2-1:0.0: couldn't setup AC97 register 4 [ 1873.795780][ T8883] em28xx 2-1:0.0: couldn't setup AC97 register 6 [ 1873.806400][ T8883] em28xx 2-1:0.0: couldn't setup AC97 register 54 [ 1873.813514][ T8883] em28xx 2-1:0.0: couldn't setup AC97 register 56 [ 1873.845837][ T8883] usb 2-1: USB disconnect, device number 16 [ 1873.981366][ T5948] usb 4-1: Using ep0 maxpacket: 8 [ 1873.989238][ T5948] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 1873.999795][ T5948] usb 4-1: config 0 has no interface number 0 [ 1874.043555][ T5948] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1874.079231][ T5948] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1874.122521][ T5948] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1874.157719][ T5948] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1874.193389][ T5948] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1874.264025][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1874.282425][ T5948] usb 4-1: config 0 descriptor?? [ 1874.304492][ T5948] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1874.475046][T17047] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 1874.557032][ T5948] usb 4-1: USB disconnect, device number 13 [ 1874.585902][ T5948] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 1875.238059][T26269] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 1875.797876][T17047] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Error reading RX_CTL register:ffffffb9 [ 1875.815996][T17047] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9 [ 1875.889894][T17047] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -71 [ 1875.973449][T17047] usb 1-1: USB disconnect, device number 12 [ 1876.413056][T26285] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5244'. [ 1876.443498][T26285] tipc: Bearer : already 2 bearers with priority 10 [ 1876.471893][T26285] tipc: Bearer : trying with adjusted priority [ 1876.483006][T26285] tipc: Enabling of bearer rejected, failed to enable media [ 1877.227924][T17047] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 1877.430913][T17047] usb 5-1: config 0 has no interfaces? [ 1877.437080][T17047] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1877.490721][T17047] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1877.598700][T17047] usb 5-1: config 0 descriptor?? [ 1877.720271][ T8883] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 1878.073787][ T8883] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x7F, changing to 0xF [ 1878.220824][ T8883] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 1878.260321][ T8883] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 29949, setting to 64 [ 1878.277031][ T8883] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 1878.347298][ T8883] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 1878.396551][ T8883] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1878.406816][ T8883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1878.746478][ T8883] usb 2-1: SerialNumber: syz [ 1878.799294][T26305] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1878.807588][T26305] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1879.106502][ T886] usb 2-1: USB disconnect, device number 17 [ 1879.517464][T26326] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5255'. [ 1879.639700][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 1879.639720][ T30] audit: type=1326 audit(1757549690.362:3220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26329 comm="syz.2.5258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1879.706152][ T30] audit: type=1326 audit(1757549690.402:3221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26329 comm="syz.2.5258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1879.813840][ T30] audit: type=1326 audit(1757549690.402:3222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26329 comm="syz.2.5258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1879.870506][T17046] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 1879.879010][ T30] audit: type=1326 audit(1757549690.402:3223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26329 comm="syz.2.5258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1879.949702][ T30] audit: type=1326 audit(1757549690.402:3224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26329 comm="syz.2.5258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1879.995014][T26336] syzkaller0: entered promiscuous mode [ 1880.004172][ T30] audit: type=1326 audit(1757549690.412:3225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26329 comm="syz.2.5258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1880.029982][ T30] audit: type=1326 audit(1757549690.412:3226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26329 comm="syz.2.5258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1880.039704][T17046] usb 1-1: Using ep0 maxpacket: 32 [ 1880.057979][T26336] syzkaller0: entered allmulticast mode [ 1880.077157][T17046] usb 1-1: config 0 has no interfaces? [ 1880.102888][T26339] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5261'. [ 1880.106779][T17046] usb 1-1: New USB device found, idVendor=108c, idProduct=dd68, bcdDevice=84.5c [ 1880.115847][ T886] usb 5-1: USB disconnect, device number 6 [ 1880.147633][ T30] audit: type=1326 audit(1757549690.412:3227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26329 comm="syz.2.5258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1880.160269][T17046] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1880.178424][ T30] audit: type=1326 audit(1757549690.412:3228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26329 comm="syz.2.5258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf704e539 code=0x7ffc0000 [ 1880.200280][T17046] usb 1-1: Product: syz [ 1880.216235][T17046] usb 1-1: Manufacturer: syz [ 1880.238344][T17046] usb 1-1: SerialNumber: syz [ 1880.272103][T17046] usb 1-1: config 0 descriptor?? [ 1880.407912][T26339] bond0: (slave syz_tun): Releasing backup interface [ 1880.419088][T26339] syz_tun (unregistering): left allmulticast mode [ 1880.628840][ T886] usb 1-1: USB disconnect, device number 13 [ 1885.638138][ T30] audit: type=1326 audit(1757549696.362:3229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26391 comm="syz.0.5277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1885.691457][ T30] audit: type=1326 audit(1757549696.362:3230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26391 comm="syz.0.5277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1885.726358][ T30] audit: type=1326 audit(1757549696.362:3231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26391 comm="syz.0.5277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1885.818924][ T30] audit: type=1326 audit(1757549696.362:3232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26391 comm="syz.0.5277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1885.847813][ T8883] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1885.858615][ T30] audit: type=1326 audit(1757549696.362:3233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26391 comm="syz.0.5277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1885.982655][ T30] audit: type=1326 audit(1757549696.362:3234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26391 comm="syz.0.5277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1886.009534][ T30] audit: type=1326 audit(1757549696.362:3235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26391 comm="syz.0.5277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1886.103686][ T8883] usb 4-1: Using ep0 maxpacket: 16 [ 1886.114282][T26401] netlink: 'syz.4.5279': attribute type 10 has an invalid length. [ 1886.118339][ T8883] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 1886.137968][ T8883] usb 4-1: config 0 has no interface number 0 [ 1886.151051][ T8883] usb 4-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.01 [ 1886.165143][ T8883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1886.185581][ T8883] usb 4-1: Product: syz [ 1886.189995][ T8883] usb 4-1: Manufacturer: syz [ 1886.195140][ T8883] usb 4-1: SerialNumber: syz [ 1886.204134][ T8883] usb 4-1: config 0 descriptor?? [ 1886.227974][ T8883] gspca_main: xirlink-cit-2.14.0 probing 0545:8080 [ 1887.547423][T26418] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1888.742598][ T8883] gspca_xirlink_cit: Failed to write a register (index 0x040B, value 0x26, error -71) [ 1888.905713][ T8883] gspca_xirlink_cit: Failed to write a register (index 0x0437, value 0x07, error -71) [ 1888.932137][ T8883] gspca_xirlink_cit: Failed to write a register (index 0x042F, value 0x15, error -71) [ 1888.944495][ T8883] gspca_xirlink_cit: Failed to write a register (index 0x0439, value 0x2B, error -71) [ 1888.977729][ T8883] gspca_xirlink_cit: Failed to write a register (index 0x043A, value 0x26, error -71) [ 1889.011319][ T8883] gspca_xirlink_cit: Failed to write a register (index 0x0438, value 0x08, error -71) [ 1889.029358][ T8883] gspca_xirlink_cit: Failed to write a register (index 0x042B, value 0x1E, error -71) [ 1889.056796][ T8883] gspca_xirlink_cit: Failed to write a register (index 0x042C, value 0x41, error -71) [ 1889.078855][ T8883] gspca_xirlink_cit: Failed to write a register (index 0x0100, value 0xC0, error -71) [ 1889.099966][ T8883] input: xirlink-cit as /devices/platform/dummy_hcd.3/usb4/4-1/input/input70 [ 1889.128434][ T8883] usb 4-1: USB disconnect, device number 14 [ 1889.590083][ T30] audit: type=1326 audit(1757549700.312:3236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26449 comm="syz.4.5297" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3539 code=0x7ffc0000 [ 1889.679584][ T30] audit: type=1326 audit(1757549700.312:3237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26449 comm="syz.4.5297" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3539 code=0x7ffc0000 [ 1889.750544][ T30] audit: type=1326 audit(1757549700.322:3238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26449 comm="syz.4.5297" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf7ff3539 code=0x7ffc0000 [ 1890.255993][T26462] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5299'. [ 1890.392196][T26463] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5299'. [ 1890.471952][T26462] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5299'. [ 1890.734037][T26467] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5300'. [ 1891.181651][ T5948] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 1891.341395][ T5948] usb 1-1: Using ep0 maxpacket: 8 [ 1891.350003][ T5948] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 1891.365945][ T5948] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 1891.376463][ T5948] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 1891.388314][ T5948] usb 1-1: Product: syz [ 1891.394250][ T5948] usb 1-1: Manufacturer: syz [ 1891.399885][ T5948] usb 1-1: SerialNumber: syz [ 1891.627100][ T5948] usb 1-1: Invalid connection information received from device [ 1891.867467][ T5948] usb 1-1: USB disconnect, device number 14 [ 1892.383926][T26494] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5311'. [ 1892.478217][T26494] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1892.504788][T26496] vlan2: entered promiscuous mode [ 1892.510088][T26496] bond5: entered promiscuous mode [ 1892.523436][T26496] vlan2: entered allmulticast mode [ 1892.544431][T26496] bond5: entered allmulticast mode [ 1892.609302][T26501] syz_tun: entered allmulticast mode [ 1892.654196][T26497] syz_tun: left allmulticast mode [ 1892.738397][T26505] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5314'. [ 1892.744019][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 1892.744037][ T30] audit: type=1326 audit(1757549703.462:3245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26506 comm="syz.1.5315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 1892.784785][ T30] audit: type=1326 audit(1757549703.512:3246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26506 comm="syz.1.5315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 1892.949208][T26510] binder: transaction release 40 bad handle 1, ret = -22 [ 1892.964255][ T30] audit: type=1326 audit(1757549703.512:3247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26506 comm="syz.1.5315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 1893.267448][ T30] audit: type=1326 audit(1757549703.512:3248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26506 comm="syz.1.5315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 1893.467376][ T30] audit: type=1326 audit(1757549703.512:3249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26506 comm="syz.1.5315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 1893.527028][ T30] audit: type=1326 audit(1757549703.512:3250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26506 comm="syz.1.5315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 1893.559181][ T30] audit: type=1326 audit(1757549703.512:3251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26506 comm="syz.1.5315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 1896.371334][ T8883] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1896.620621][ T8883] usb 2-1: Using ep0 maxpacket: 8 [ 1896.628540][ T8883] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1896.645945][ T8883] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1896.688749][ T8883] usb 2-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 1896.716573][ T8883] usb 2-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 1896.732616][ T8883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1896.809945][ T8883] usb 2-1: Product: syz [ 1896.818668][ T8883] usb 2-1: Manufacturer: syz [ 1896.830514][T17047] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1896.844749][ T8883] usb 2-1: SerialNumber: syz [ 1897.013871][T17047] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1897.035377][T17047] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1897.080462][T17047] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1897.127202][T17047] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1897.159123][ T8883] usb 2-1: USB disconnect, device number 18 [ 1897.182158][T17047] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1897.457531][T17047] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1897.497376][T17047] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1897.557544][T17047] usb 5-1: Product: syz [ 1897.570257][T17047] usb 5-1: Manufacturer: syz [ 1897.612143][T17047] cdc_wdm 5-1:1.0: skipping garbage [ 1897.617411][T17047] cdc_wdm 5-1:1.0: skipping garbage [ 1897.646264][T17047] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1897.703470][T17047] cdc_wdm 5-1:1.0: Unknown control protocol [ 1897.954983][T26557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1897.991838][T26557] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1898.123782][ T30] audit: type=1326 audit(1757549708.852:3252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26572 comm="syz.3.5334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1898.148656][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 1898.149181][T25623] usb 5-1: USB disconnect, device number 7 [ 1898.155290][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 1898.155311][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1898.177849][ T30] audit: type=1326 audit(1757549708.872:3253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26572 comm="syz.3.5334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1898.257714][ T30] audit: type=1326 audit(1757549708.892:3254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26572 comm="syz.3.5334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1898.351067][ T5948] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 1898.420612][ T30] audit: type=1326 audit(1757549708.892:3255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26572 comm="syz.3.5334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1898.452118][ T30] audit: type=1326 audit(1757549708.892:3256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26572 comm="syz.3.5334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1898.482951][ T30] audit: type=1326 audit(1757549708.892:3257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26572 comm="syz.3.5334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1898.518148][ T30] audit: type=1326 audit(1757549708.892:3258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26572 comm="syz.3.5334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1898.545716][ T30] audit: type=1326 audit(1757549708.892:3259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26572 comm="syz.3.5334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1898.568827][ T5948] usb 1-1: Using ep0 maxpacket: 8 [ 1898.594598][ T30] audit: type=1326 audit(1757549708.892:3260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26572 comm="syz.3.5334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 1898.646118][ T5948] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1898.676825][ T5948] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1898.688086][ T5948] usb 1-1: Product: syz [ 1898.693908][ T5948] usb 1-1: Manufacturer: syz [ 1898.698542][ T5948] usb 1-1: SerialNumber: syz [ 1898.755830][ T5948] usb 1-1: config 0 descriptor?? [ 1898.767611][ T5948] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1899.298794][T26590] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1900.244836][T26592] netlink: 1347 bytes leftover after parsing attributes in process `syz.4.5340'. [ 1900.291801][ T886] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1900.452897][ T886] usb 4-1: config 0 has no interfaces? [ 1900.462432][ T886] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1900.483981][ T886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1900.506688][ T886] usb 4-1: Product: syz [ 1900.536829][ T886] usb 4-1: Manufacturer: syz [ 1900.582607][ T886] usb 4-1: SerialNumber: syz [ 1900.607768][ T886] usb 4-1: config 0 descriptor?? [ 1900.985284][T26610] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1901.288688][ T5948] gspca_sonixj: reg_w1 err -71 [ 1901.332799][ T5948] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 1901.372999][ T5948] usb 1-1: USB disconnect, device number 15 [ 1901.957392][ T30] audit: type=1326 audit(1757549712.682:3261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26630 comm="syz.1.5354" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 1902.930275][ T8883] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1903.175114][ T8883] usb 5-1: Using ep0 maxpacket: 8 [ 1903.246853][T17047] usb 4-1: USB disconnect, device number 15 [ 1903.362710][ T8883] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 1903.375065][ T8883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1903.405666][ T8883] usb 5-1: Product: syz [ 1903.409888][ T8883] usb 5-1: Manufacturer: syz [ 1903.436147][ T8883] usb 5-1: SerialNumber: syz [ 1903.477574][ T8883] usb 5-1: config 0 descriptor?? [ 1903.627399][ T8883] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 1905.021829][T26671] veth1_to_bond: entered allmulticast mode [ 1905.032570][T26671] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5368'. [ 1905.496381][ T8883] gspca_sonixj: i2c_w8 err -110 [ 1905.646009][T26671] bond0: (slave bond_slave_1): Releasing backup interface [ 1905.653765][ T8883] sonixj 5-1:0.0: probe with driver sonixj failed with error -110 [ 1906.762473][ T8883] usb 5-1: USB disconnect, device number 8 [ 1907.106460][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 1907.106481][ T30] audit: type=1326 audit(1757549717.832:3267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26695 comm="syz.0.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1907.168747][ T30] audit: type=1326 audit(1757549717.882:3268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26695 comm="syz.0.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1907.194245][ T30] audit: type=1326 audit(1757549717.882:3269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26695 comm="syz.0.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1907.253631][ T30] audit: type=1326 audit(1757549717.882:3270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26695 comm="syz.0.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1907.308106][ T30] audit: type=1326 audit(1757549717.882:3271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26695 comm="syz.0.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1907.401137][ T30] audit: type=1326 audit(1757549717.882:3272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26695 comm="syz.0.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1907.498756][ T30] audit: type=1326 audit(1757549717.882:3273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26695 comm="syz.0.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1907.595641][ T30] audit: type=1326 audit(1757549717.882:3274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26695 comm="syz.0.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf708e539 code=0x7ffc0000 [ 1908.930009][T26721] binder: 26720:26721 unknown command 0 [ 1908.947318][T26721] binder: 26720:26721 ioctl c0306201 80000080 returned -22 [ 1909.016017][T26721] binder: 26720:26721 ioctl c0306201 80000300 returned -11 [ 1910.543726][T26735] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 1911.433600][ T30] audit: type=1326 audit(1757549722.162:3275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26745 comm="syz.3.5387" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x0 [ 1912.174263][T26752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5388'. [ 1912.570061][T26755] binder_alloc: 26753: pid 26753 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1914.655138][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1914.662947][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1914.679312][T26770] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5393'. [ 1915.217913][T26773] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5394'. [ 1915.327427][T26779] [ 1915.329813][T26779] ===================================================== [ 1915.336767][T26779] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1915.344242][T26779] syzkaller #0 Not tainted [ 1915.348670][T26779] ----------------------------------------------------- [ 1915.355617][T26779] syz.4.5397/26779 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1915.363358][T26779] ffff88807a4d2be8 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1915.372116][T26779] [ 1915.372116][T26779] and this task is already holding: [ 1915.372173][T26782] syz_tun: entered allmulticast mode [ 1915.379487][T26779] ffff888030cb2028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1915.379545][T26779] which would create a new lock dependency: [ 1915.400435][T26779] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1915.408563][T26779] [ 1915.408563][T26779] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1915.418005][T26779] (&dev->event_lock#2){..-.}-{3:3} [ 1915.418033][T26779] [ 1915.418033][T26779] ... which became SOFTIRQ-irq-safe at: [ 1915.430914][T26779] lock_acquire+0x120/0x360 [ 1915.435526][T26779] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1915.440815][T26779] input_inject_event+0xa5/0x340 [ 1915.445860][T26779] kd_sound_helper+0x19f/0x210 [ 1915.450710][T26779] input_handler_for_each_handle+0x101/0x1c0 [ 1915.456786][T26779] call_timer_fn+0x17e/0x5f0 [ 1915.461475][T26779] __run_timer_base+0x61a/0x860 [ 1915.466402][T26779] run_timer_softirq+0xb7/0x180 [ 1915.471425][T26779] handle_softirqs+0x283/0x870 [ 1915.476262][T26779] __irq_exit_rcu+0xca/0x1f0 [ 1915.480930][T26779] irq_exit_rcu+0x9/0x30 [ 1915.485268][T26779] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1915.490991][T26779] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1915.497140][T26779] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 1915.502952][T26779] __wake_up_common_lock+0x190/0x1f0 [ 1915.508402][T26779] __unix_dgram_recvmsg+0x486/0xd60 [ 1915.513682][T26779] sock_recvmsg_nosec+0x183/0x1c0 [ 1915.518973][T26779] ____sys_recvmsg+0x3aa/0x460 [ 1915.523823][T26779] ___sys_recvmsg+0x1b5/0x510 [ 1915.528600][T26779] do_recvmmsg+0x36a/0x770 [ 1915.533101][T26779] __sys_recvmmsg+0x19d/0x280 [ 1915.537886][T26779] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 1915.544121][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1915.549315][T26779] do_fast_syscall_32+0x34/0x80 [ 1915.554303][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1915.560724][T26779] [ 1915.560724][T26779] to a SOFTIRQ-irq-unsafe lock: [ 1915.567763][T26779] (tasklist_lock){.+.+}-{3:3} [ 1915.567786][T26779] [ 1915.567786][T26779] ... which became SOFTIRQ-irq-unsafe at: [ 1915.580457][T26779] ... [ 1915.580471][T26779] lock_acquire+0x120/0x360 [ 1915.587667][T26779] _raw_read_lock+0x36/0x50 [ 1915.592269][T26779] __do_wait+0xde/0x740 [ 1915.596516][T26779] do_wait+0x1f8/0x520 [ 1915.600672][T26779] kernel_wait+0xab/0x170 [ 1915.605128][T26779] call_usermodehelper_exec_work+0xbe/0x230 [ 1915.611203][T26779] process_scheduled_works+0xae1/0x17b0 [ 1915.616848][T26779] worker_thread+0x8a0/0xda0 [ 1915.621524][T26779] kthread+0x70e/0x8a0 [ 1915.625670][T26779] ret_from_fork+0x3fc/0x770 [ 1915.630339][T26779] ret_from_fork_asm+0x1a/0x30 [ 1915.635208][T26779] [ 1915.635208][T26779] other info that might help us debug this: [ 1915.635208][T26779] [ 1915.645474][T26779] Chain exists of: [ 1915.645474][T26779] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 1915.645474][T26779] [ 1915.659026][T26779] Possible interrupt unsafe locking scenario: [ 1915.659026][T26779] [ 1915.667339][T26779] CPU0 CPU1 [ 1915.672697][T26779] ---- ---- [ 1915.678056][T26779] lock(tasklist_lock); [ 1915.682309][T26779] local_irq_disable(); [ 1915.689049][T26779] lock(&dev->event_lock#2); [ 1915.696243][T26779] lock(&client->buffer_lock); [ 1915.703628][T26779] [ 1915.707072][T26779] lock(&dev->event_lock#2); [ 1915.711915][T26779] [ 1915.711915][T26779] *** DEADLOCK *** [ 1915.711915][T26779] [ 1915.720046][T26779] 7 locks held by syz.4.5397/26779: [ 1915.725228][T26779] #0: ffff8881473fe118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 1915.734354][T26779] #1: ffff8881473fa230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340 [ 1915.744454][T26779] #2: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340 [ 1915.754101][T26779] #3: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 1915.763660][T26779] #4: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 1915.772783][T26779] #5: ffff888030cb2028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1915.782949][T26779] #6: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1915.791983][T26779] [ 1915.791983][T26779] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1915.802377][T26779] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1915.808014][T26779] IN-SOFTIRQ-W at: [ 1915.812069][T26779] lock_acquire+0x120/0x360 [ 1915.818391][T26779] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1915.825403][T26779] input_inject_event+0xa5/0x340 [ 1915.832161][T26779] kd_sound_helper+0x19f/0x210 [ 1915.838739][T26779] input_handler_for_each_handle+0x101/0x1c0 [ 1915.846556][T26779] call_timer_fn+0x17e/0x5f0 [ 1915.852968][T26779] __run_timer_base+0x61a/0x860 [ 1915.859645][T26779] run_timer_softirq+0xb7/0x180 [ 1915.866312][T26779] handle_softirqs+0x283/0x870 [ 1915.872892][T26779] __irq_exit_rcu+0xca/0x1f0 [ 1915.879294][T26779] irq_exit_rcu+0x9/0x30 [ 1915.885349][T26779] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1915.892803][T26779] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1915.900600][T26779] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 1915.908160][T26779] __wake_up_common_lock+0x190/0x1f0 [ 1915.915262][T26779] __unix_dgram_recvmsg+0x486/0xd60 [ 1915.922288][T26779] sock_recvmsg_nosec+0x183/0x1c0 [ 1915.929218][T26779] ____sys_recvmsg+0x3aa/0x460 [ 1915.935883][T26779] ___sys_recvmsg+0x1b5/0x510 [ 1915.942471][T26779] do_recvmmsg+0x36a/0x770 [ 1915.948703][T26779] __sys_recvmmsg+0x19d/0x280 [ 1915.955212][T26779] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 1915.963188][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1915.970125][T26779] do_fast_syscall_32+0x34/0x80 [ 1915.976802][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1915.984955][T26779] INITIAL USE at: [ 1915.988930][T26779] lock_acquire+0x120/0x360 [ 1915.995164][T26779] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1916.002114][T26779] input_inject_event+0xa5/0x340 [ 1916.008799][T26779] kbd_led_trigger_activate+0xbc/0x100 [ 1916.015983][T26779] led_trigger_set+0x52a/0x950 [ 1916.022475][T26779] led_trigger_set_default+0x260/0x2a0 [ 1916.029658][T26779] led_classdev_register_ext+0x73d/0x930 [ 1916.037019][T26779] input_leds_connect+0x517/0x790 [ 1916.043776][T26779] input_register_device+0xcfd/0x1140 [ 1916.050892][T26779] atkbd_connect+0x72e/0xa00 [ 1916.057244][T26779] serio_driver_probe+0x82/0xd0 [ 1916.063830][T26779] really_probe+0x26d/0x9e0 [ 1916.070064][T26779] __driver_probe_device+0x18c/0x2f0 [ 1916.077074][T26779] driver_probe_device+0x4f/0x430 [ 1916.083841][T26779] __driver_attach+0x452/0x700 [ 1916.090340][T26779] bus_for_each_dev+0x233/0x2b0 [ 1916.096937][T26779] serio_handle_event+0x1f9/0x8d0 [ 1916.103690][T26779] process_scheduled_works+0xae1/0x17b0 [ 1916.110964][T26779] worker_thread+0x8a0/0xda0 [ 1916.117289][T26779] kthread+0x70e/0x8a0 [ 1916.123083][T26779] ret_from_fork+0x3fc/0x770 [ 1916.129414][T26779] ret_from_fork_asm+0x1a/0x30 [ 1916.135904][T26779] } [ 1916.138477][T26779] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 1916.147580][T26779] -> (&client->buffer_lock){....}-{3:3} { [ 1916.153304][T26779] INITIAL USE at: [ 1916.157185][T26779] lock_acquire+0x120/0x360 [ 1916.163246][T26779] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1916.170002][T26779] evdev_ioctl_handler+0x1969/0x1f10 [ 1916.177276][T26779] __ia32_compat_sys_ioctl+0x540/0x840 [ 1916.184289][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1916.190959][T26779] do_fast_syscall_32+0x34/0x80 [ 1916.197378][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1916.205258][T26779] } [ 1916.207753][T26779] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 1916.215979][T26779] ... acquired at: [ 1916.219766][T26779] lock_acquire+0x120/0x360 [ 1916.224461][T26779] _raw_spin_lock+0x2e/0x40 [ 1916.229132][T26779] evdev_pass_values+0xb9/0xbd0 [ 1916.234149][T26779] evdev_events+0x1e6/0x340 [ 1916.238830][T26779] input_pass_values+0x288/0x890 [ 1916.243934][T26779] input_event_dispose+0x330/0x6b0 [ 1916.249217][T26779] input_inject_event+0x1dd/0x340 [ 1916.254407][T26779] evdev_write+0x2fc/0x480 [ 1916.258990][T26779] vfs_write+0x27b/0xb30 [ 1916.263407][T26779] ksys_write+0x145/0x250 [ 1916.267902][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1916.273177][T26779] do_fast_syscall_32+0x34/0x80 [ 1916.278188][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1916.284676][T26779] [ 1916.287008][T26779] [ 1916.287008][T26779] the dependencies between the lock to be acquired [ 1916.287015][T26779] and SOFTIRQ-irq-unsafe lock: [ 1916.300529][T26779] -> (tasklist_lock){.+.+}-{3:3} { [ 1916.305854][T26779] HARDIRQ-ON-R at: [ 1916.310010][T26779] lock_acquire+0x120/0x360 [ 1916.316520][T26779] _raw_read_lock+0x36/0x50 [ 1916.323024][T26779] __do_wait+0xde/0x740 [ 1916.329171][T26779] do_wait+0x1f8/0x520 [ 1916.335229][T26779] kernel_wait+0xab/0x170 [ 1916.341553][T26779] call_usermodehelper_exec_work+0xbe/0x230 [ 1916.349437][T26779] process_scheduled_works+0xae1/0x17b0 [ 1916.356965][T26779] worker_thread+0x8a0/0xda0 [ 1916.363543][T26779] kthread+0x70e/0x8a0 [ 1916.369600][T26779] ret_from_fork+0x3fc/0x770 [ 1916.376179][T26779] ret_from_fork_asm+0x1a/0x30 [ 1916.382942][T26779] SOFTIRQ-ON-R at: [ 1916.387088][T26779] lock_acquire+0x120/0x360 [ 1916.393584][T26779] _raw_read_lock+0x36/0x50 [ 1916.400076][T26779] __do_wait+0xde/0x740 [ 1916.406219][T26779] do_wait+0x1f8/0x520 [ 1916.412277][T26779] kernel_wait+0xab/0x170 [ 1916.418596][T26779] call_usermodehelper_exec_work+0xbe/0x230 [ 1916.426476][T26779] process_scheduled_works+0xae1/0x17b0 [ 1916.434007][T26779] worker_thread+0x8a0/0xda0 [ 1916.440592][T26779] kthread+0x70e/0x8a0 [ 1916.446665][T26779] ret_from_fork+0x3fc/0x770 [ 1916.453243][T26779] ret_from_fork_asm+0x1a/0x30 [ 1916.459997][T26779] INITIAL USE at: [ 1916.464055][T26779] lock_acquire+0x120/0x360 [ 1916.470465][T26779] _raw_write_lock_irq+0xa2/0xf0 [ 1916.477319][T26779] copy_process+0x224f/0x3c00 [ 1916.483907][T26779] kernel_clone+0x21e/0x840 [ 1916.490333][T26779] user_mode_thread+0xdd/0x140 [ 1916.497032][T26779] rest_init+0x23/0x300 [ 1916.503102][T26779] start_kernel+0x3a9/0x410 [ 1916.509579][T26779] x86_64_start_reservations+0x24/0x30 [ 1916.516963][T26779] x86_64_start_kernel+0x143/0x1c0 [ 1916.523990][T26779] common_startup_64+0x13e/0x147 [ 1916.530847][T26779] INITIAL READ USE at: [ 1916.535359][T26779] lock_acquire+0x120/0x360 [ 1916.542209][T26779] _raw_read_lock+0x36/0x50 [ 1916.549062][T26779] __do_wait+0xde/0x740 [ 1916.555584][T26779] do_wait+0x1f8/0x520 [ 1916.562019][T26779] kernel_wait+0xab/0x170 [ 1916.568691][T26779] call_usermodehelper_exec_work+0xbe/0x230 [ 1916.576970][T26779] process_scheduled_works+0xae1/0x17b0 [ 1916.584894][T26779] worker_thread+0x8a0/0xda0 [ 1916.591825][T26779] kthread+0x70e/0x8a0 [ 1916.598280][T26779] ret_from_fork+0x3fc/0x770 [ 1916.605236][T26779] ret_from_fork_asm+0x1a/0x30 [ 1916.612349][T26779] } [ 1916.615018][T26779] ... key at: [] tasklist_lock+0x18/0x40 [ 1916.622899][T26779] ... acquired at: [ 1916.626861][T26779] lock_acquire+0x120/0x360 [ 1916.631531][T26779] _raw_read_lock+0x36/0x50 [ 1916.636202][T26779] send_sigurg+0x12b/0x420 [ 1916.640782][T26779] sk_send_sigurg+0x6c/0x2e0 [ 1916.645558][T26779] queue_oob+0x420/0x4f0 [ 1916.649969][T26779] unix_stream_sendmsg+0xc3f/0xdf0 [ 1916.655248][T26779] __sock_sendmsg+0x21c/0x270 [ 1916.660093][T26779] ____sys_sendmsg+0x52d/0x830 [ 1916.665023][T26779] ___sys_sendmsg+0x21f/0x2a0 [ 1916.669862][T26779] __sys_sendmmsg+0x28e/0x430 [ 1916.674701][T26779] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1916.680472][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1916.685770][T26779] do_fast_syscall_32+0x34/0x80 [ 1916.690803][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1916.697326][T26779] [ 1916.699654][T26779] -> (&f_owner->lock){....}-{3:3} { [ 1916.704968][T26779] INITIAL USE at: [ 1916.708940][T26779] lock_acquire+0x120/0x360 [ 1916.715178][T26779] _raw_write_lock_irq+0xa2/0xf0 [ 1916.721859][T26779] __f_setown+0x67/0x370 [ 1916.727830][T26779] do_fcntl+0x15ff/0x1910 [ 1916.733974][T26779] do_compat_fcntl64+0x477/0x720 [ 1916.740653][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1916.747512][T26779] do_fast_syscall_32+0x34/0x80 [ 1916.754102][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1916.762160][T26779] INITIAL READ USE at: [ 1916.766568][T26779] lock_acquire+0x120/0x360 [ 1916.773235][T26779] _raw_read_lock_irqsave+0xaf/0x100 [ 1916.780690][T26779] send_sigurg+0x55/0x420 [ 1916.787198][T26779] sk_send_sigurg+0x6c/0x2e0 [ 1916.793955][T26779] queue_oob+0x420/0x4f0 [ 1916.800375][T26779] unix_stream_sendmsg+0xc3f/0xdf0 [ 1916.807677][T26779] __sock_sendmsg+0x21c/0x270 [ 1916.814524][T26779] ____sys_sendmsg+0x52d/0x830 [ 1916.821478][T26779] ___sys_sendmsg+0x21f/0x2a0 [ 1916.828317][T26779] __sys_sendmmsg+0x28e/0x430 [ 1916.835152][T26779] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1916.842863][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1916.850134][T26779] do_fast_syscall_32+0x34/0x80 [ 1916.857155][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1916.865646][T26779] } [ 1916.868231][T26779] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1916.877201][T26779] ... acquired at: [ 1916.881090][T26779] lock_acquire+0x120/0x360 [ 1916.885785][T26779] _raw_read_lock_irqsave+0xaf/0x100 [ 1916.891251][T26779] send_sigio+0x38/0x370 [ 1916.895680][T26779] kill_fasync+0x24d/0x4d0 [ 1916.900264][T26779] sock_wake_async+0x137/0x160 [ 1916.905207][T26779] sock_def_readable+0x3bb/0x550 [ 1916.910318][T26779] queue_oob+0x452/0x4f0 [ 1916.914754][T26779] unix_stream_sendmsg+0xc3f/0xdf0 [ 1916.920031][T26779] __sock_sendmsg+0x21c/0x270 [ 1916.924876][T26779] ____sys_sendmsg+0x52d/0x830 [ 1916.929803][T26779] ___sys_sendmsg+0x21f/0x2a0 [ 1916.934645][T26779] __sys_sendmmsg+0x28e/0x430 [ 1916.939511][T26779] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1916.945227][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1916.950508][T26779] do_fast_syscall_32+0x34/0x80 [ 1916.955539][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1916.962034][T26779] [ 1916.964349][T26779] -> (&new->fa_lock){....}-{3:3} { [ 1916.969552][T26779] INITIAL USE at: [ 1916.973433][T26779] lock_acquire+0x120/0x360 [ 1916.979493][T26779] _raw_write_lock_irq+0xa2/0xf0 [ 1916.985987][T26779] fasync_remove_entry+0xf1/0x1c0 [ 1916.992570][T26779] __fput+0x8a2/0xa70 [ 1916.998101][T26779] task_work_run+0x1d1/0x260 [ 1917.004262][T26779] exit_to_user_mode_loop+0xec/0x110 [ 1917.011105][T26779] __do_fast_syscall_32+0x1f4/0x2b0 [ 1917.017947][T26779] do_fast_syscall_32+0x34/0x80 [ 1917.024432][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1917.032316][T26779] INITIAL READ USE at: [ 1917.036632][T26779] lock_acquire+0x120/0x360 [ 1917.043122][T26779] _raw_read_lock_irqsave+0xaf/0x100 [ 1917.050452][T26779] kill_fasync+0x199/0x4d0 [ 1917.056878][T26779] sock_wake_async+0x137/0x160 [ 1917.063642][T26779] sk_send_sigurg+0x1f1/0x2e0 [ 1917.070321][T26779] queue_oob+0x420/0x4f0 [ 1917.076576][T26779] unix_stream_sendmsg+0xc3f/0xdf0 [ 1917.083680][T26779] __sock_sendmsg+0x21c/0x270 [ 1917.090352][T26779] ____sys_sendmsg+0x52d/0x830 [ 1917.097127][T26779] ___sys_sendmsg+0x21f/0x2a0 [ 1917.103793][T26779] __sys_sendmmsg+0x28e/0x430 [ 1917.110464][T26779] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1917.118018][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1917.125140][T26779] do_fast_syscall_32+0x34/0x80 [ 1917.131983][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1917.140303][T26779] } [ 1917.142800][T26779] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1917.151468][T26779] ... acquired at: [ 1917.155257][T26779] lock_acquire+0x120/0x360 [ 1917.159920][T26779] _raw_read_lock_irqsave+0xaf/0x100 [ 1917.165377][T26779] kill_fasync+0x199/0x4d0 [ 1917.169957][T26779] evdev_pass_values+0x627/0xbd0 [ 1917.175053][T26779] evdev_events+0x1e6/0x340 [ 1917.179715][T26779] input_pass_values+0x288/0x890 [ 1917.184832][T26779] input_event_dispose+0x330/0x6b0 [ 1917.190120][T26779] input_inject_event+0x1dd/0x340 [ 1917.195340][T26779] evdev_write+0x2fc/0x480 [ 1917.199924][T26779] vfs_write+0x27b/0xb30 [ 1917.204331][T26779] ksys_write+0x145/0x250 [ 1917.208828][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1917.214105][T26779] do_fast_syscall_32+0x34/0x80 [ 1917.219121][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1917.225612][T26779] [ 1917.227924][T26779] [ 1917.227924][T26779] stack backtrace: [ 1917.233800][T26779] CPU: 1 UID: 0 PID: 26779 Comm: syz.4.5397 Not tainted syzkaller #0 PREEMPT(full) [ 1917.233816][T26779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1917.233824][T26779] Call Trace: [ 1917.233830][T26779] [ 1917.233836][T26779] dump_stack_lvl+0x189/0x250 [ 1917.233853][T26779] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1917.233865][T26779] ? __pfx__printk+0x10/0x10 [ 1917.233883][T26779] validate_chain+0x1f05/0x2140 [ 1917.233901][T26779] __lock_acquire+0xab9/0xd20 [ 1917.233918][T26779] ? kill_fasync+0x199/0x4d0 [ 1917.233930][T26779] lock_acquire+0x120/0x360 [ 1917.233944][T26779] ? kill_fasync+0x199/0x4d0 [ 1917.233959][T26779] _raw_read_lock_irqsave+0xaf/0x100 [ 1917.233976][T26779] ? kill_fasync+0x199/0x4d0 [ 1917.233988][T26779] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1917.234006][T26779] ? do_raw_spin_lock+0x121/0x290 [ 1917.234020][T26779] kill_fasync+0x199/0x4d0 [ 1917.234032][T26779] ? kill_fasync+0x53/0x4d0 [ 1917.234043][T26779] evdev_pass_values+0x627/0xbd0 [ 1917.234057][T26779] ? evdev_pass_values+0x5c1/0xbd0 [ 1917.234068][T26779] evdev_events+0x1e6/0x340 [ 1917.234078][T26779] ? evdev_events+0x79/0x340 [ 1917.234089][T26779] ? input_pass_values+0x8d/0x890 [ 1917.234099][T26779] input_pass_values+0x288/0x890 [ 1917.234111][T26779] ? input_handle_event+0x70c/0xf30 [ 1917.234125][T26779] input_event_dispose+0x330/0x6b0 [ 1917.234140][T26779] input_inject_event+0x1dd/0x340 [ 1917.234154][T26779] ? input_inject_event+0xb6/0x340 [ 1917.234168][T26779] evdev_write+0x2fc/0x480 [ 1917.234180][T26779] ? __pfx_evdev_write+0x10/0x10 [ 1917.234192][T26779] ? bpf_lsm_file_permission+0x9/0x20 [ 1917.234205][T26779] ? security_file_permission+0x75/0x290 [ 1917.234219][T26779] ? rw_verify_area+0x255/0x4d0 [ 1917.234232][T26779] ? __lock_acquire+0xab9/0xd20 [ 1917.234246][T26779] ? __pfx_evdev_write+0x10/0x10 [ 1917.234257][T26779] vfs_write+0x27b/0xb30 [ 1917.234272][T26779] ? __pfx_vfs_write+0x10/0x10 [ 1917.234286][T26779] ? __fget_files+0x2a/0x420 [ 1917.234295][T26779] ? __fget_files+0x2a/0x420 [ 1917.234304][T26779] ? __fget_files+0x3a0/0x420 [ 1917.234312][T26779] ? __fget_files+0x2a/0x420 [ 1917.234323][T26779] ksys_write+0x145/0x250 [ 1917.234337][T26779] ? __pfx_ksys_write+0x10/0x10 [ 1917.234351][T26779] ? lockdep_hardirqs_on+0x9c/0x150 [ 1917.234362][T26779] __do_fast_syscall_32+0xb6/0x2b0 [ 1917.234377][T26779] do_fast_syscall_32+0x34/0x80 [ 1917.234388][T26779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1917.234408][T26779] RIP: 0023:0xf7ff3539 [ 1917.234419][T26779] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1917.234429][T26779] RSP: 002b:00000000f54f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1917.234443][T26779] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000040 [ 1917.234451][T26779] RDX: 0000000000002250 RSI: 0000000000000000 RDI: 0000000000000000 [ 1917.234458][T26779] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1917.234464][T26779] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1917.234471][T26779] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1917.234481][T26779] [ 1917.999964][T26781] syz_tun: left allmulticast mode [ 1925.046769][ T12] team0: Port device geneve0 removed [ 1925.266080][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1925.276179][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1925.286733][ T12] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 1925.296100][ T12] bond0 (unregistering): Released all slaves [ 1925.306649][ T12] bond1 (unregistering): Released all slaves