last executing test programs: 5.470574365s ago: executing program 2 (id=4393): syz_emit_vhci(0x0, 0x3d) r0 = io_uring_setup(0x497c, &(0x7f00000001c0)) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x11, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.578481361s ago: executing program 2 (id=4425): r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000080)=0x8, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e63, 0x6, @private2}, 0x1c) listen(r0, 0x0) 3.360460621s ago: executing program 2 (id=4430): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x3c, r1, 0xc31, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x20, 0x11d, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x22}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x30}]}]}]}, 0x3c}}, 0x0) 3.22731643s ago: executing program 2 (id=4432): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x190, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000440)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000200)={&(0x7f0000000140)=@can={{0x0, 0x0, 0x0, 0x1}, 0x0, 0x7, 0x0, 0x0, "400000008b20aaf0"}, 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000003a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40012001, 0x0) 3.043563432s ago: executing program 2 (id=4436): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000040)=[0x1000000, 0x1ff]) 1.903967328s ago: executing program 4 (id=4453): r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) close(r0) timerfd_create(0x0, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 1.805129567s ago: executing program 3 (id=4455): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x0, 0x20000000}, 0xa}], 0x400000000000172, 0x4000300) 1.324437816s ago: executing program 3 (id=4460): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'wg0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xe1f}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}}, 0x0) 1.26968051s ago: executing program 1 (id=4461): prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0) rt_sigprocmask(0x0, &(0x7f0000000200)={[0xffffffff]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x11) rt_sigaction(0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000)) 1.208207765s ago: executing program 1 (id=4463): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x300}]}]}, 0x28}}, 0x0) 1.099416732s ago: executing program 0 (id=4464): sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001000)={0x104, 0x0, 0x0, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_PEERS={0xe8, 0x8, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x4, "ebde8191ef32b791e708c5de2c6489cbf6041a3a4e139ac5dfa5375a39526077"}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}]}, {0x68, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "314292d45b61195cf4fbd8b30ce569cc56959a10c569e417d562d0815070b4fe"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @multicast1}}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @empty}}]}]}]}, 0x104}}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'erspan0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) sendto$packet(r0, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c152bfdc9435e3ffe46", 0x3840, 0xa0c4, &(0x7f0000000540)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 1.035173824s ago: executing program 2 (id=4465): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8931, &(0x7f0000000900)={'dummy0\x00', @link_local}) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x458, 0x5010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newsa={0x158, 0x10, 0x713, 0x0, 0x0, {{@in6=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@multicast2, 0x0, 0x32}, @in=@local, {}, {}, {}, 0x0, 0x0, 0x2, 0x1}, [@algo_aead={0x68, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xe0, 0x80, "bfd1a1b0b7789a9feb6aead6e54944249665066438af308c79abda7f"}}]}, 0x158}}, 0x0) 938.408284ms ago: executing program 0 (id=4466): r0 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r1) getgroups(0x3, &(0x7f0000000200)=[0xee01, 0xee00, 0xffffffffffffffff]) setregid(r1, r2) 937.98026ms ago: executing program 1 (id=4467): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000000c0)=0x81) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0x5421, &(0x7f0000000340)={{0xffffffff, 0x1, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r1 = dup(r0) read$FUSE(r1, &(0x7f00000044c0)={0x2020}, 0x2020) 926.895599ms ago: executing program 4 (id=4468): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r0, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @empty, 0x7ff}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) 852.791707ms ago: executing program 3 (id=4469): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000003c0)=ANY=[@ANYBLOB="01000000000000000000000004"]) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000000c0)={0x0, 0xfffffffe}) 817.400217ms ago: executing program 1 (id=4470): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000c00)=""/19, 0x13}}], 0x1, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000040)=0x9, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 792.848967ms ago: executing program 0 (id=4471): mprotect(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x5) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x0, 0x0) 792.36192ms ago: executing program 4 (id=4472): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="090000000000000000000a00000008000300", @ANYRES32=r3, @ANYBLOB="14005080050009000200000005000200070000000a0006"], 0x3c}}, 0x0) 631.953088ms ago: executing program 4 (id=4473): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc018aec0, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x20000000, &(0x7f0000001000/0x1000)=nil}) 593.226377ms ago: executing program 1 (id=4474): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x3c}}, 0x0) r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x453, 0xc, 0x70bd2d, 0x25dfdbfe, "c0ae5ff18648fb1cc5df4ea77a8f28d3cd1f", ["", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x8040) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000140)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x154005}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1, 0x4, 0x3, 0x0, 0x0, {0x7}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48020}, 0xc010) 481.690571ms ago: executing program 3 (id=4475): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @empty}, {0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x40}}, r2}}, 0x48) 477.356048ms ago: executing program 0 (id=4476): munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 393.453406ms ago: executing program 1 (id=4477): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee3, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x2000001, 0x31, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001300)={0x2, 0x0, @loopback}, 0x10) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 307.513974ms ago: executing program 4 (id=4478): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0xb, &(0x7f0000000240)=@framed={{0x18, 0x6}, [@printk]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)=r1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000040), &(0x7f0000000080)=r2}, 0x20) 246.48513ms ago: executing program 3 (id=4479): syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020"]) ioctl$USBDEVFS_IOCTL(r0, 0x551f, 0x0) 225.274765ms ago: executing program 0 (id=4480): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)={{0x2f}, [], {0x14}}, 0x28}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {0x0, 0x0, 0xf}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) close(r0) 117.518038ms ago: executing program 4 (id=4481): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000140)="a4", 0x1}, {&(0x7f0000000340)='l', 0x1}], 0x2}}], 0x7fffefff, 0x0) 50.366044ms ago: executing program 3 (id=4482): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @loopback}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @mcast2}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'syztnl0\x00', 0x0}) 0s ago: executing program 0 (id=4483): r0 = syz_open_dev$evdev(&(0x7f0000000800), 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x5452, &(0x7f0000000100)={0x1, 0xfffffffffffffdbd, 0x0}) ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f0000001100)={{}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}) r1 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250) kernel console output (not intermixed with test programs): l 1100 [ 334.982476][ T941] pwc: recv_control_msg error -71 req 04 val 1200 [ 335.007693][ T941] pwc: Registered as video71. [ 335.031179][ T941] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input31 [ 335.069493][ T941] usb 1-1: USB disconnect, device number 17 [ 335.542029][T12224] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 336.694222][ T5238] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 336.707742][ T5238] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 336.721896][ T5238] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 336.731513][ T5238] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 336.779292][ T5238] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 336.800432][ T5238] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 337.352482][T12259] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3118'. [ 337.380972][T12259] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3118'. [ 337.714505][ T1838] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.157744][ T1838] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.459479][ T941] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 338.669318][ T941] usb 3-1: Using ep0 maxpacket: 16 [ 338.690577][ T941] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 338.715965][ T941] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 338.738625][ T941] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.747594][ T941] usb 3-1: Product: syz [ 338.760988][ T941] usb 3-1: Manufacturer: syz [ 338.767365][ T941] usb 3-1: SerialNumber: syz [ 338.780867][ T941] usb 3-1: config 0 descriptor?? [ 338.912029][ T1838] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.929869][ T4617] Bluetooth: hci6: command tx timeout [ 338.983834][T12245] chnl_net:caif_netlink_parms(): no params data found [ 339.005232][ T941] usb 3-1: Not enough endpoints found in device, aborting! [ 339.178802][ T1838] bond0: (slave netdevsim0): Releasing backup interface [ 339.200392][T12291] program syz.1.3130 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 339.215452][ T5282] usb 3-1: USB disconnect, device number 29 [ 339.233814][ T1838] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.418134][T12294] netlink: 'syz.1.3132': attribute type 4 has an invalid length. [ 339.668783][T12245] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.681426][T12245] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.702919][T12245] bridge_slave_0: entered allmulticast mode [ 339.718564][T12245] bridge_slave_0: entered promiscuous mode [ 339.832700][T12245] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.862169][T12245] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.893537][T12245] bridge_slave_1: entered allmulticast mode [ 339.911683][T12245] bridge_slave_1: entered promiscuous mode [ 339.930398][ T1838] bridge_slave_1: left allmulticast mode [ 339.939839][ T1838] bridge_slave_1: left promiscuous mode [ 339.948214][ T1838] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.973149][ T1838] bridge_slave_0: left allmulticast mode [ 339.987976][ T1838] bridge_slave_0: left promiscuous mode [ 339.995497][ T1838] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.401353][T12321] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 341.019029][ T4617] Bluetooth: hci6: command tx timeout [ 341.296106][ T1838] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 341.313772][ T1838] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 341.329775][ T1838] bond0 (unregistering): Released all slaves [ 341.522679][T12316] netpci0: tun_chr_ioctl cmd 1074025677 [ 341.533211][T12316] netpci0: linktype set to 774 [ 341.555893][ T1838] tipc: Left network mode [ 341.578334][T12245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 341.642623][T12343] program syz.2.3150 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 341.657997][T12245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 341.674571][T12343] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 341.935636][T12347] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3151'. [ 341.991431][T12245] team0: Port device team_slave_0 added [ 342.024837][T12245] team0: Port device team_slave_1 added [ 342.293520][T12245] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 342.319043][T12245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 342.368777][T12245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 342.423251][T12245] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 342.434421][T12245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 342.478066][T12245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.089391][ T4617] Bluetooth: hci6: command tx timeout [ 343.167819][T12245] hsr_slave_0: entered promiscuous mode [ 343.239974][T12245] hsr_slave_1: entered promiscuous mode [ 343.255154][T12245] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 343.272315][T12245] Cannot create hsr debugfs directory [ 343.357148][ T1838] hsr_slave_0: left promiscuous mode [ 343.386398][ T1838] hsr_slave_1: left promiscuous mode [ 343.481411][ T1838] veth1_macvtap: left promiscuous mode [ 343.487545][ T1838] veth0_macvtap: left promiscuous mode [ 343.508021][ T1838] veth1_vlan: left promiscuous mode [ 343.515540][ T1838] veth0_vlan: left promiscuous mode [ 344.992578][ C1] vkms_vblank_simulate: vblank timer overrun [ 345.169753][ T4617] Bluetooth: hci6: command tx timeout [ 345.500365][ T1838] team0 (unregistering): Port device team_slave_1 removed [ 345.610660][ T1838] team0 (unregistering): Port device team_slave_0 removed [ 345.889022][ C1] vkms_vblank_simulate: vblank timer overrun [ 346.552285][T12420] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3185'. [ 347.572209][T12445] delete_channel: no stack [ 347.881015][ T8] kernel read not supported for file /newroot/396/file0 (pid: 8 comm: kworker/0:0) [ 348.747649][T12245] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 348.774784][T12245] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 348.806620][T12245] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 348.860321][T12245] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 349.006356][ T58] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 349.219232][ T58] usb 1-1: Using ep0 maxpacket: 8 [ 349.296859][ T58] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 349.322032][ T58] usb 1-1: can't read configurations, error -71 [ 349.406715][T12245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 349.464632][T12245] 8021q: adding VLAN 0 to HW filter on device team0 [ 349.516136][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 349.524727][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 349.651674][ T5283] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 349.854554][ T5283] usb 2-1: Using ep0 maxpacket: 8 [ 349.896363][ T5283] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 349.916823][ T5283] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.931678][ T5283] usb 2-1: Product: syz [ 349.936519][ T5283] usb 2-1: Manufacturer: syz [ 349.944584][ T5283] usb 2-1: SerialNumber: syz [ 349.952048][T12486] sctp: [Deprecated]: syz.2.3211 (pid 12486) Use of struct sctp_assoc_value in delayed_ack socket option. [ 349.952048][T12486] Use struct sctp_sack_info instead [ 349.994325][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 349.995860][ T5283] usb 2-1: config 0 descriptor?? [ 350.002411][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 350.037693][ T5283] gspca_main: sq930x-2.14.0 probing 2770:930c [ 350.775833][T12245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 351.026460][T12245] veth0_vlan: entered promiscuous mode [ 351.106706][T12245] veth1_vlan: entered promiscuous mode [ 351.140032][ T5283] gspca_sq930x: reg_w 0105 0f00 failed -71 [ 351.163145][ T5283] sq930x 2-1:0.0: probe with driver sq930x failed with error -71 [ 351.212960][ T5283] usb 2-1: USB disconnect, device number 23 [ 351.273799][T12245] veth0_macvtap: entered promiscuous mode [ 351.292452][T12245] veth1_macvtap: entered promiscuous mode [ 351.354653][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.376564][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.398424][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.410602][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.422535][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.437053][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.450546][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.468370][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.488368][T12245] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 351.507795][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.519406][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.530080][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.542095][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.555904][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.568038][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.586882][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.601675][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.622067][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.634245][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.661224][T12245] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 351.752004][T12245] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.782803][T12245] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.803189][T12245] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.818439][T12245] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.353444][T12533] macsec3: entered allmulticast mode [ 352.379406][T12533] macvlan0: entered allmulticast mode [ 352.416697][T12533] macvlan0: left allmulticast mode [ 352.554573][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 352.589055][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 352.679983][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 352.688770][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 353.098590][T12559] syz.0.3239[12559] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 353.108385][T12559] syz.0.3239[12559] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 353.125782][T12558] loop0: detected capacity change from 0 to 128 [ 355.500545][ T58] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 355.689363][ T58] usb 1-1: Using ep0 maxpacket: 32 [ 355.713951][ T58] usb 1-1: config 0 has an invalid interface number: 219 but max is 0 [ 355.743446][ T58] usb 1-1: config 0 has no interface number 0 [ 355.749874][T12621] smc: net device ip6_vti0 applied user defined pnetid SYZ0 [ 355.790531][ T58] usb 1-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 355.814104][ T58] usb 1-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 355.839638][ T58] usb 1-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 355.854996][ T58] usb 1-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 355.879091][ T58] usb 1-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023 [ 355.896721][ T58] usb 1-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 355.935502][ T58] usb 1-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 355.945268][ T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.964730][ T58] usb 1-1: Product: syz [ 355.989178][ T58] usb 1-1: Manufacturer: syz [ 356.004675][ T58] usb 1-1: SerialNumber: syz [ 356.034102][ T58] usb 1-1: config 0 descriptor?? [ 356.055926][T12609] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 356.065340][T12609] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 356.302985][ T58] etas_es58x 1-1:0.219: Starting syz syz (Serial Number syz) [ 356.499514][ T58] etas_es58x 1-1:0.219: could not parse product info: '놹' [ 356.528386][ T29] audit: type=1326 audit(2000000234.440:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12636 comm="syz.3.3272" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09a2f7def9 code=0x0 [ 356.608261][T12639] netlink: 4272 bytes leftover after parsing attributes in process `syz.1.3273'. [ 356.759060][ T5235] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 356.780510][ T8] usb 1-1: USB disconnect, device number 20 [ 356.789848][ T8] etas_es58x 1-1:0.219: Disconnecting syz syz [ 356.978859][ T5235] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 357.018966][ T5235] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.040359][ T5235] usb 3-1: Product: syz [ 357.045888][ T5235] usb 3-1: Manufacturer: syz [ 357.059215][ T5235] usb 3-1: SerialNumber: syz [ 357.072412][ T5235] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 357.311069][ T8] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 357.919296][ T5235] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 358.142927][T12660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 358.174648][T12662] bond0: option miimon: invalid value (18446744073072082944) [ 358.183959][ T5235] usb 1-1: config 0 has an invalid interface number: 18 but max is 0 [ 358.184000][ T5235] usb 1-1: config 0 has no interface number 0 [ 358.184106][ T5235] usb 1-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 358.184142][ T5235] usb 1-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 358.188513][ T5235] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 358.225102][T12662] bond0: option miimon: allowed values 0 - 2147483647 [ 358.279582][ T5235] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 358.291547][ T5235] usb 1-1: Manufacturer: syz [ 358.301568][T12660] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 358.344238][ T5235] usb 1-1: config 0 descriptor?? [ 358.375904][ T8] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 358.431073][ T8] ath9k_htc: Failed to initialize the device [ 358.553667][ T8] usb 3-1: ath9k_htc: USB layer deinitialized [ 358.577995][ T58] usb 3-1: USB disconnect, device number 30 [ 358.671080][T12671] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3284'. [ 358.829361][ T5235] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.18/0003:054C:03D5.0019/input/input32 [ 358.859592][ T5235] sony 0003:054C:03D5.0019: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.0-1/input18 [ 358.939417][ T8] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 359.139497][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 359.152437][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 359.187958][ T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 359.223082][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 359.259297][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 359.299769][ T8] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 359.319306][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.352760][ T8] hub 4-1:1.0: bad descriptor, ignoring hub [ 359.360371][ T8] hub 4-1:1.0: probe with driver hub failed with error -5 [ 359.379186][ T8] cdc_wdm 4-1:1.0: skipping garbage [ 359.385496][ T8] cdc_wdm 4-1:1.0: skipping garbage [ 359.397940][ T46] usb 1-1: USB disconnect, device number 21 [ 359.402540][ T8] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 359.425278][ T8] cdc_wdm 4-1:1.0: Unknown control protocol [ 359.576343][T12687] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3292'. [ 359.790997][ T5280] usb 4-1: USB disconnect, device number 20 [ 360.125501][T12707] vlan3: entered promiscuous mode [ 360.131751][T12707] vlan0: entered promiscuous mode [ 360.141427][T12707] vlan0: left promiscuous mode [ 360.192901][ T8] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 360.389404][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 360.400525][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 360.417051][ T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 360.439058][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 360.480225][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 360.509714][ T8] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 360.520019][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.540819][ T8] hub 4-1:1.0: bad descriptor, ignoring hub [ 360.551787][ T8] hub 4-1:1.0: probe with driver hub failed with error -5 [ 360.568333][ T8] cdc_wdm 4-1:1.0: skipping garbage [ 360.578682][ T8] cdc_wdm 4-1:1.0: skipping garbage [ 360.601009][ T8] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 360.627612][ T5238] Bluetooth: hci5: command 0x0406 tx timeout [ 360.637904][ T8] cdc_wdm 4-1:1.0: Unknown control protocol [ 360.881762][ T8] usb 4-1: USB disconnect, device number 21 [ 361.180558][T12746] nbd: device at index 1 is going down [ 361.219120][T12748] loop8: detected capacity change from 0 to 7 [ 361.261520][T12748] Dev loop8: unable to read RDB block 7 [ 361.270356][ T8] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 361.312899][T12748] loop8: unable to read partition table [ 361.327878][T12748] loop8: partition table beyond EOD, truncated [ 361.335058][T12748] loop_reread_partitions: partition scan of loop8 (被xڬdƤݡ [ 361.335058][T12748] ) failed (rc=-5) [ 361.482994][ T8] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 361.510164][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 361.538717][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 361.564952][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 361.597915][ T8] usb 5-1: New USB device found, idVendor=0458, idProduct=501a, bcdDevice= 0.00 [ 361.613647][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.628486][ T8] usb 5-1: config 0 descriptor?? [ 361.752729][T12765] /dev/loop0: Can't open blockdev [ 361.789755][ T5280] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 361.999708][ T5280] usb 2-1: Using ep0 maxpacket: 8 [ 362.027638][ T5280] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 362.059602][ T5280] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 26056, setting to 1024 [ 362.083493][ T8] kye 0003:0458:501A.001A: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 362.089852][ T5280] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 362.138248][ T8] kye 0003:0458:501A.001A: unknown main item tag 0x0 [ 362.147651][ T5280] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 362.161347][ T5280] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 362.173046][ T5280] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 362.183335][ T5280] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58 [ 362.196300][ T5280] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.204852][ T8] kye 0003:0458:501A.001A: item fetching failed at offset 3/5 [ 362.205875][ T8] kye 0003:0458:501A.001A: parse failed [ 362.205967][ T8] kye 0003:0458:501A.001A: probe with driver kye failed with error -22 [ 362.235141][ T5280] usb 2-1: config 0 descriptor?? [ 362.241776][T12757] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 362.274975][ T4617] Bluetooth: hci2: urb ffff88802676d700 submission failed (90) [ 362.314041][ T5280] usb 5-1: USB disconnect, device number 18 [ 362.553212][ T9] usb 2-1: USB disconnect, device number 24 [ 362.879519][T12790] vlan2: entered promiscuous mode [ 362.884677][T12790] vlan0: entered promiscuous mode [ 362.912637][T12790] vlan0: left promiscuous mode [ 363.019324][ T5280] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 363.205531][T12798] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3339'. [ 363.231547][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 363.248551][T12798] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3339'. [ 363.269096][ T5280] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 363.304554][T12798] macvlan0: entered promiscuous mode [ 363.310097][ T5280] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 363.330257][ T5280] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.342415][T12798] batadv_slave_0: entered promiscuous mode [ 363.351951][ T5280] usb 3-1: config 0 descriptor?? [ 363.370527][T12798] hsr1: Slave A (macvlan0) is not up; please bring it up to get a fully working HSR network [ 363.530603][ T8] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 363.719327][ T58] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 363.749378][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 363.765822][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 363.786042][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 363.796625][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 363.811694][ T8] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 363.818100][ T5280] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 363.823945][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.853457][ T5280] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 363.866142][ T8] usb 2-1: config 0 descriptor?? [ 363.874967][ T5280] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving [ 363.897381][ T5280] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 363.953204][ T58] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 363.976070][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 364.005384][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 364.037594][ T58] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 364.089174][ T58] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 364.136621][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.167945][ T58] usb 1-1: config 0 descriptor?? [ 364.266010][ T46] usb 3-1: USB disconnect, device number 31 [ 364.353674][ T8] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.001C/input/input33 [ 364.492414][ T8] microsoft 0003:045E:07DA.001C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 364.563556][ T8] usb 2-1: USB disconnect, device number 25 [ 364.633665][ T58] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving [ 364.697948][ T58] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 364.978445][ T5280] usb 1-1: USB disconnect, device number 22 [ 365.217891][T12827] sctp: [Deprecated]: syz.2.3351 (pid 12827) Use of struct sctp_assoc_value in delayed_ack socket option. [ 365.217891][T12827] Use struct sctp_sack_info instead [ 365.551930][T12834] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3353'. [ 365.589532][T12834] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3353'. [ 365.640012][T12838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3356'. [ 365.704989][T12838] vlan3: entered promiscuous mode [ 366.140383][T12853] netlink: 'syz.0.3362': attribute type 11 has an invalid length. [ 366.915961][T12876] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3373'. [ 366.948630][T12876] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3373'. [ 367.330159][ T9] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 367.549612][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 367.581513][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 367.622938][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 367.655326][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 367.705362][ T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 367.737807][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.771734][ T9] usb 3-1: config 0 descriptor?? [ 368.081074][T12900] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 368.246743][ T9] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 368.282323][ T9] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving [ 368.314495][ T9] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 368.571891][ T9] usb 3-1: USB disconnect, device number 32 [ 368.918734][T12932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3400'. [ 369.009419][T12934] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3402'. [ 369.028841][T12934] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 369.307799][T12942] gretap0: entered promiscuous mode [ 369.326856][T12942] macsec3: entered promiscuous mode [ 369.338209][T12942] macsec3: entered allmulticast mode [ 369.345453][T12942] gretap0: entered allmulticast mode [ 369.380030][T12942] gretap0: left allmulticast mode [ 369.397381][T12942] gretap0: left promiscuous mode [ 369.600529][ T46] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 369.799086][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 369.833092][ T46] usb 3-1: config 0 has no interfaces? [ 369.846432][ T46] usb 3-1: config 0 has no interfaces? [ 369.872674][ T46] usb 3-1: config 0 has no interfaces? [ 369.890772][ T46] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 369.907865][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.939068][ T46] usb 3-1: Product: syz [ 369.949066][ T46] usb 3-1: Manufacturer: syz [ 369.953776][ T46] usb 3-1: SerialNumber: syz [ 369.972648][ T46] usb 3-1: config 0 descriptor?? [ 370.301025][T12950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 370.337419][T12950] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 370.401782][T12950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 370.447823][T12950] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 370.474425][ T46] usb 3-1: USB disconnect, device number 33 [ 370.838034][T12987] xt_bpf: check failed: parse error [ 371.029190][ T46] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 371.129816][ T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 371.239050][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 371.256183][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 371.280184][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 371.302829][ T46] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 371.348193][ T46] usb 3-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice= 0.00 [ 371.365793][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.370464][ T8] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 371.385594][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 371.400460][ T46] usb 3-1: config 0 descriptor?? [ 371.407133][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 371.429096][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 371.433880][ T46] imon:imon_init_intf0: usb_submit_urb failed for intf0 (-90) [ 371.454033][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 371.478462][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 371.481632][ T46] imon 3-1:0.0: unable to initialize intf0, err -90 [ 371.518119][ T46] imon:imon_probe: failed to initialize context! [ 371.523093][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 371.537817][ T46] imon 3-1:0.0: unable to register, err -19 [ 371.557305][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.652324][ T8] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 371.663465][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 371.678993][ T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 371.688480][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 371.723715][ T8] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 371.725295][ T5280] usb 3-1: USB disconnect, device number 34 [ 371.749206][ T8] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 371.757585][ T8] usb 4-1: Product: syz [ 371.781124][ T8] usb 4-1: Manufacturer: syz [ 371.793800][ T8] cdc_wdm 4-1:1.0: skipping garbage [ 371.809126][ T8] cdc_wdm 4-1:1.0: skipping garbage [ 371.815496][ T9] usb 5-1: GET_CAPABILITIES returned 0 [ 371.821924][ T9] usbtmc 5-1:16.0: can't read capabilities [ 371.835020][ T8] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 371.857893][ T8] cdc_wdm 4-1:1.0: Unknown control protocol [ 371.859221][ T46] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 372.062384][ T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.079951][ T8] usb 4-1: USB disconnect, device number 22 [ 372.091115][ T5280] usb 5-1: USB disconnect, device number 19 [ 372.101008][ T46] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 372.151268][ T46] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 372.161719][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.173731][ T46] usb 1-1: config 0 descriptor?? [ 372.194515][T13013] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3434'. [ 372.617665][ T46] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0 [ 372.652309][ T46] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0 [ 372.682572][ T46] plantronics 0003:047F:FFFF.001F: No inputs registered, leaving [ 372.714110][ T46] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 372.990021][ T46] usb 1-1: USB disconnect, device number 23 [ 373.948152][T13052] netlink: 'syz.2.3451': attribute type 4 has an invalid length. [ 373.965083][T13052] netlink: 126052 bytes leftover after parsing attributes in process `syz.2.3451'. [ 374.980062][ T9] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 375.213652][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 375.225936][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 375.256669][T13097] overlayfs: failed to create directory ./file1/work (errno: 13); mounting read-only [ 375.267269][ T9] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 375.282262][T13097] overlayfs: fs on './file1' does not support file handles, falling back to index=off,nfs_export=off. [ 375.302020][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 375.312817][ T9] usb 3-1: SerialNumber: syz [ 375.328528][T13097] overlayfs: conflicting lowerdir path [ 375.596354][ T9] usb 3-1: 0:2 : does not exist [ 375.684323][ T9] usb 3-1: USB disconnect, device number 35 [ 376.033841][T13118] loop1: detected capacity change from 0 to 16384 [ 376.079822][T13121] input: syz1 as /devices/virtual/input/input34 [ 376.186656][T13123] netlink: 165 bytes leftover after parsing attributes in process `syz.4.3482'. [ 377.084300][T13145] sctp: [Deprecated]: syz.0.3491 (pid 13145) Use of struct sctp_assoc_value in delayed_ack socket option. [ 377.084300][T13145] Use struct sctp_sack_info instead [ 378.350826][T13186] netlink: 'syz.3.3509': attribute type 3 has an invalid length. [ 379.017212][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.350528][T13221] ALSA: mixer_oss: invalid OSS volume '' [ 380.805986][T13274] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 380.847161][ T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 381.043057][T13281] sctp: [Deprecated]: syz.4.3550 (pid 13281) Use of int in max_burst socket option deprecated. [ 381.043057][T13281] Use struct sctp_assoc_value instead [ 381.067124][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 381.075854][ T9] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 381.089191][ T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 381.115163][ T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 381.135233][ T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 381.157982][ T9] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 381.167796][ T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 381.189743][ T5283] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 381.199385][ T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 381.221887][ T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 381.244615][ T9] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 381.255128][ T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 381.278778][ T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 381.316670][ T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 381.353504][ T9] usb 4-1: string descriptor 0 read error: -22 [ 381.360958][ T9] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 381.389421][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.411432][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 381.417730][ T9] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 381.447722][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 381.481357][ T5283] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 381.514552][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.526128][ T5283] usb 3-1: config 0 descriptor?? [ 381.676876][ T9] usb 4-1: USB disconnect, device number 23 [ 381.958351][ T5283] arvo 0003:1E7D:30D4.0020: unknown main item tag 0x0 [ 381.988230][ T5283] arvo 0003:1E7D:30D4.0020: unknown main item tag 0x0 [ 382.018037][ T5283] arvo 0003:1E7D:30D4.0020: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.2-1/input0 [ 382.380412][ T46] usb 3-1: USB disconnect, device number 36 [ 383.233594][T13338] ebt_among: src integrity fail: 300 [ 383.840383][ T5280] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 383.927347][T13366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3589'. [ 384.071572][ T5280] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 384.093691][ T5280] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 384.120112][ T5280] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 384.150715][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 384.164819][ T5280] usb 1-1: SerialNumber: syz [ 384.255422][T13378] loop6: detected capacity change from 0 to 524287999 [ 384.264630][ C0] blk_print_req_error: 8 callbacks suppressed [ 384.264653][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.281486][ C0] buffer_io_error: 7 callbacks suppressed [ 384.281504][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 384.299607][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.309023][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 384.319254][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.328512][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 384.346800][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.356553][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 384.364776][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.374273][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 384.391608][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.401158][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 384.419816][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.429432][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 384.449419][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.452812][ T5280] usb 1-1: 0:2 : does not exist [ 384.458762][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 384.471759][T13378] ldm_validate_partition_table(): Disk read failed. [ 384.489053][ T5280] usb 1-1: unit 255 not found! [ 384.497593][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.507088][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 384.516082][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.525644][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 384.579040][T13378] Dev loop6: unable to read RDB block 0 [ 384.599685][ T5280] usb 1-1: USB disconnect, device number 24 [ 384.612779][T13378] loop6: unable to read partition table [ 384.618747][T13378] loop_reread_partitions: partition scan of loop6 (3 xC) failed (rc=-5) [ 385.209391][T13404] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 385.217676][T13404] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 385.260546][T13404] vhci_hcd vhci_hcd.0: Device attached [ 385.272298][T13407] vhci_hcd: connection closed [ 385.279555][ T2948] vhci_hcd: stop threads [ 385.295453][ T2948] vhci_hcd: release socket [ 385.303688][ T2948] vhci_hcd: disconnect device [ 385.680829][ T5311] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 385.689447][ T8] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 385.879153][ T5311] usb 4-1: Using ep0 maxpacket: 32 [ 385.886337][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 385.895433][T13422] netlink: 'syz.4.3611': attribute type 1 has an invalid length. [ 385.911621][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 385.915425][T13422] netlink: 9328 bytes leftover after parsing attributes in process `syz.4.3611'. [ 385.936543][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 385.953620][T13422] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3611'. [ 385.953785][ T5311] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 385.975836][T13422] netlink: 'syz.4.3611': attribute type 1 has an invalid length. [ 385.983310][ T8] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 385.996464][T13422] netlink: 'syz.4.3611': attribute type 2 has an invalid length. [ 385.998227][ T5311] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.017427][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.027776][ T5311] usb 4-1: Product: syz [ 386.045516][ T8] usb 2-1: config 0 descriptor?? [ 386.052539][ T5311] usb 4-1: Manufacturer: syz [ 386.069150][ T5311] usb 4-1: SerialNumber: syz [ 386.078782][ T8] hub 2-1:0.0: USB hub found [ 386.090917][ T5311] usb 4-1: config 0 descriptor?? [ 386.289563][ T8] hub 2-1:0.0: 1 port detected [ 386.429508][ T29] audit: type=1326 audit(2000000264.330:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13426 comm="syz.4.3614" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f302317def9 code=0x0 [ 386.475579][T13433] bridge0: port 3(syz_tun) entered blocking state [ 386.484109][T13433] bridge0: port 3(syz_tun) entered disabled state [ 386.509435][T13433] syz_tun: entered allmulticast mode [ 386.518472][ T8] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 386.547091][ T8] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 386.560991][T13433] syz_tun: entered promiscuous mode [ 386.574361][T13433] bridge0: port 3(syz_tun) entered blocking state [ 386.583183][T13433] bridge0: port 3(syz_tun) entered forwarding state [ 386.598188][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 386.605434][ T8] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 386.655135][ T8] usb 2-1: USB disconnect, device number 26 [ 386.733819][ T5311] rtl8150 4-1:0.0: eth1: rtl8150 is detected [ 386.950303][ T5280] usb 4-1: USB disconnect, device number 24 [ 387.080500][ T46] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 387.290347][ T5283] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 387.315452][T13455] macvlan3: entered promiscuous mode [ 387.319766][ T46] usb 1-1: config 0 has an invalid interface number: 65 but max is 0 [ 387.328329][T13455] vlan1: entered promiscuous mode [ 387.350361][ T46] usb 1-1: config 0 has no interface number 0 [ 387.365760][T13455] team0: Port device macvlan3 added [ 387.382661][ T46] usb 1-1: New USB device found, idVendor=050d, idProduct=0128, bcdDevice=bc.ae [ 387.406538][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.438752][ T46] usb 1-1: Product: syz [ 387.449667][ T46] usb 1-1: Manufacturer: syz [ 387.460744][ T46] usb 1-1: SerialNumber: syz [ 387.478262][ T46] usb 1-1: config 0 descriptor?? [ 387.493291][ T46] ax88179_178a 1-1:0.65: probe with driver ax88179_178a failed with error -22 [ 387.549239][ T5283] usb 3-1: Using ep0 maxpacket: 16 [ 387.561768][ T5283] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA5, changing to 0x85 [ 387.583664][ T5283] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 104 [ 387.608495][ T5283] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 387.618058][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.659515][ T5283] usb 3-1: Product: syz [ 387.664232][ T5283] usb 3-1: Manufacturer: syz [ 387.671405][ T5283] usb 3-1: SerialNumber: syz [ 387.691570][ T5283] usb 3-1: config 0 descriptor?? [ 387.699884][T13446] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 387.723772][ T5283] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input35 [ 387.907800][T13471] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3633'. [ 387.967156][ C0] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 388.004143][ T5311] usb 3-1: USB disconnect, device number 37 [ 388.267592][ T5283] usb 1-1: USB disconnect, device number 25 [ 389.162326][T13516] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 389.229545][ T5283] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 389.261814][ T5238] Bluetooth: hci6: command 0x0405 tx timeout [ 389.433711][ T5283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.453549][ T5283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.473105][T13523] Bluetooth: MGMT ver 1.23 [ 389.495687][ T5283] usb 4-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 389.536423][ T5283] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.580211][ T5283] usb 4-1: config 0 descriptor?? [ 390.008610][ T5283] samsung 0003:0419:0600.0021: item fetching failed at offset 0/5 [ 390.029851][ T5283] samsung 0003:0419:0600.0021: parse failed [ 390.038604][ T5283] samsung 0003:0419:0600.0021: probe with driver samsung failed with error -22 [ 390.255292][ T5311] usb 4-1: USB disconnect, device number 25 [ 390.609565][ T4617] Bluetooth: hci2: command 0xfc11 tx timeout [ 390.614358][T13451] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 391.370005][ T5283] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 391.561333][ T5283] usb 4-1: Using ep0 maxpacket: 8 [ 391.581553][ T5283] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 391.602783][ T5283] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 391.622061][ T5283] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 391.642100][ T5283] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 391.671076][ T5311] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 391.672450][ T5283] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 391.699716][ T5283] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.871596][ T5311] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 391.884111][ T5311] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 391.898766][ T5311] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 391.908665][ T5311] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.919671][ T5311] usb 1-1: config 0 descriptor?? [ 391.941992][ T5283] usb 4-1: GET_CAPABILITIES returned 0 [ 391.952239][ T5283] usbtmc 4-1:16.0: can't read capabilities [ 392.163261][ T8] usb 4-1: USB disconnect, device number 26 [ 392.720949][ T5283] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 392.761647][ T5311] hid-led 0003:27B8:01ED.0022: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.0-1/input0 [ 392.807361][ T5311] hid-led 0003:27B8:01ED.0022: ThingM blink(1) initialized [ 392.847967][ T29] audit: type=1326 audit(2000000270.760:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13613 comm="syz.2.3697" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f583977def9 code=0x0 [ 392.924608][ T5283] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 392.951295][ T5283] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 392.954059][ T5311] usb 1-1: USB disconnect, device number 26 [ 392.977541][ T5283] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 392.990231][ T5283] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 393.007635][ T5283] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 393.017894][ T5283] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.034146][ T5283] usb 5-1: config 0 descriptor?? [ 393.473547][ T5283] plantronics 0003:047F:FFFF.0023: No inputs registered, leaving [ 393.491039][ T5283] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 393.606337][T13619] netlink: 'syz.0.3698': attribute type 10 has an invalid length. [ 393.616847][T13619] geneve0: entered promiscuous mode [ 393.653879][T13619] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 393.815905][ T5283] usb 5-1: USB disconnect, device number 20 [ 393.899779][ T5311] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 394.153251][ T5311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.178987][ T5311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.213081][ T5311] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 394.253606][ T5311] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 394.278686][ T5311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.312372][ T5311] usb 2-1: config 0 descriptor?? [ 394.941483][ T5311] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 394.983775][ T5311] plantronics 0003:047F:FFFF.0024: No inputs registered, leaving [ 395.029439][ T5311] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 395.325344][ T5235] usb 2-1: USB disconnect, device number 27 [ 396.328331][T13668] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 396.669197][T13679] syzkaller1: entered promiscuous mode [ 396.686102][T13679] syzkaller1: entered allmulticast mode [ 397.928266][T13724] Bluetooth: hci3: unsupported parameter 64512 [ 397.936543][T13724] Bluetooth: hci3: invalid length 0, exp 2 for type 3 [ 398.011908][T13727] syz.1.3746[13727] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 398.012118][T13727] syz.1.3746[13727] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 398.077139][T13731] input: syz1 as /devices/virtual/input/input36 [ 398.359207][ T58] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 398.576173][ T58] usb 2-1: Using ep0 maxpacket: 32 [ 398.593944][ T58] usb 2-1: config 163 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 398.648984][ T58] usb 2-1: config 163 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 398.706670][ T58] usb 2-1: New USB device found, idVendor=0499, idProduct=1001, bcdDevice=f8.14 [ 398.728545][ T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.748253][ T58] usb 2-1: Product: syz [ 398.753604][ T58] usb 2-1: Manufacturer: syz [ 398.761492][ T58] usb 2-1: SerialNumber: syz [ 398.794257][ T58] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 398.926099][ T58] snd-usb-audio 2-1:163.0: probe with driver snd-usb-audio failed with error -2 [ 399.024007][ T5283] usb 2-1: USB disconnect, device number 28 [ 399.235101][T13759] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 399.294048][T13763] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3764'. [ 399.903485][ T5280] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 399.999417][ T5311] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 400.114108][ T5280] usb 5-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98 [ 400.142769][ T5280] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.173759][ T5280] usb 5-1: config 0 descriptor?? [ 400.198230][ T5280] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 400.210150][ T5280] ftdi_sio ttyUSB0: unknown device type: 0xc698 [ 400.230382][ T5311] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 400.254200][ T5311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.279063][ T5280] kernel write not supported for file /input/event2 (pid: 5280 comm: kworker/1:3) [ 400.319247][ T5311] usb 2-1: config 0 descriptor?? [ 400.570870][ T8] usb 5-1: USB disconnect, device number 21 [ 400.587199][ T8] ftdi_sio 5-1:0.0: device disconnected [ 400.759211][ T5311] [drm:udl_init] *ERROR* Selecting channel failed [ 400.804953][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 400.834068][ T5311] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 400.883222][ T5311] [drm] Initialized udl on minor 2 [ 400.899918][ T5311] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 400.949606][ T5311] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 400.979327][ T8] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 400.987655][ T8] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 401.002950][ T5311] usb 2-1: USB disconnect, device number 29 [ 401.221917][T13798] tipc: Started in network mode [ 401.237975][T13798] tipc: Node identity 5f6c656e3a20380a, cluster identity 4711 [ 401.262880][T13798] tipc: Enabling of bearer rejected, failed to enable media [ 401.364781][T13802] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3780'. [ 401.400888][T13802] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3780'. [ 401.423772][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 401.511130][T13802] vlan4: entered promiscuous mode [ 401.875227][T13812] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3784'. [ 402.230568][T13828] netlink: 'syz.0.3792': attribute type 1 has an invalid length. [ 402.266109][T13828] netlink: 3440 bytes leftover after parsing attributes in process `syz.0.3792'. [ 402.289992][T13828] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3792'. [ 402.317464][T13828] netlink: 'syz.0.3792': attribute type 1 has an invalid length. [ 402.346886][T13828] netlink: 5888 bytes leftover after parsing attributes in process `syz.0.3792'. [ 403.229417][ T5311] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 403.290728][T13870] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3809'. [ 403.433760][ T5311] usb 3-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98 [ 403.453842][ T5311] usb 3-1: New USB device strings: Mfr=128, Product=0, SerialNumber=0 [ 403.466512][ T5311] usb 3-1: Manufacturer: syz [ 403.482570][ T5311] usb 3-1: config 0 descriptor?? [ 403.493163][ T5311] hub 3-1:0.0: bad descriptor, ignoring hub [ 403.499808][ T5311] hub 3-1:0.0: probe with driver hub failed with error -5 [ 403.509087][ T5311] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 403.522218][ T5311] ftdi_sio ttyUSB0: unknown device type: 0xc698 [ 403.900996][ T5311] usb 3-1: USB disconnect, device number 38 [ 403.927179][ T5311] ftdi_sio 3-1:0.0: device disconnected [ 404.429718][T13897] Cannot find set identified by id 0 to match [ 404.740422][ T5280] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 404.957914][ T5280] usb 4-1: too many configurations: 65, using maximum allowed: 8 [ 405.000134][ T5280] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 405.040282][ T5280] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.077709][ T5280] usb 4-1: Found UVC 0.00 device (046d:08c1) [ 405.104788][ T5280] usb 4-1: No valid video chain found. [ 405.296391][ T5280] usb 4-1: USB disconnect, device number 27 [ 405.734811][T13904] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 406.245536][ T29] audit: type=1326 audit(2000000284.160:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13927 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecd137def9 code=0x7ffc0000 [ 406.354222][ T29] audit: type=1326 audit(2000000284.210:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13927 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecd137def9 code=0x7ffc0000 [ 406.396872][ T29] audit: type=1326 audit(2000000284.210:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13927 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=143 compat=0 ip=0x7fecd137def9 code=0x7ffc0000 [ 406.475109][ T29] audit: type=1326 audit(2000000284.210:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13927 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecd137def9 code=0x7ffc0000 [ 406.580110][ C1] vkms_vblank_simulate: vblank timer overrun [ 406.591838][ T29] audit: type=1326 audit(2000000284.220:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13927 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecd137def9 code=0x7ffc0000 [ 407.061619][ T46] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 407.102294][ T46] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 407.186911][ T46] hid-generic 0000:0000:0000.0025: hidraw0: HID v0.00 Device [syz0] on syz1 [ 407.391551][ T5311] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 407.411897][T13964] netlink: 'syz.2.3849': attribute type 3 has an invalid length. [ 407.541366][ T29] audit: type=1326 audit(2000000285.460:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13970 comm="syz.1.3851" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8890b7def9 code=0x0 [ 407.603976][ T5311] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 407.614364][ T5311] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.626503][ T5311] usb 4-1: Product: syz [ 407.631282][ T5311] usb 4-1: Manufacturer: syz [ 407.636231][ T5311] usb 4-1: SerialNumber: syz [ 407.644516][ T5311] usb 4-1: config 0 descriptor?? [ 407.720356][T13977] netlink: 'syz.2.3853': attribute type 1 has an invalid length. [ 407.957635][ T5311] usb 4-1: USB disconnect, device number 28 [ 408.112321][ T5235] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 408.122019][ T5235] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 408.141831][ T5235] hid-generic 0000:0000:0000.0026: hidraw0: HID v0.00 Device [syz0] on syz1 [ 408.215654][T13991] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 408.232649][T13990] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 408.300918][ T8] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 408.374162][T13995] Bluetooth: hci3: too big key_count value 29184 [ 408.501391][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 408.513209][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 408.534732][ T8] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 408.559717][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.572088][ T8] usb 3-1: config 0 descriptor?? [ 408.581358][ T8] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 409.641214][ T8] gspca_vc032x: reg_r err -71 [ 409.651359][ T8] vc032x 3-1:0.0: probe with driver vc032x failed with error -71 [ 409.673247][ T8] usb 3-1: USB disconnect, device number 39 [ 410.349646][T14044] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 410.385252][ T29] audit: type=1326 audit(2000000288.300:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14043 comm="syz.3.3883" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09a2f7def9 code=0x0 [ 410.460542][T14047] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3885'. [ 413.229357][ T941] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 413.341388][T14112] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3911'. [ 413.391392][T14112] macvtap0: entered promiscuous mode [ 413.419409][T14112] macvtap0: left promiscuous mode [ 413.465310][ T941] usb 5-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 413.521897][ T941] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 413.544301][ T941] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 413.561882][T14118] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3914'. [ 413.562426][ T941] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 413.639214][ T941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.680745][ T941] usb 5-1: config 0 descriptor?? [ 413.710659][ T941] usb-storage 5-1:0.0: USB Mass Storage device detected [ 413.753013][T14122] Context (ID=0x1) not attached to queue pair (handle=0x1:0x0) [ 413.766734][ T941] usb-storage 5-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 414.032004][T14134] loop4: detected capacity change from 0 to 2 [ 414.573329][ T941] usb 5-1: USB disconnect, device number 22 [ 415.037368][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 415.712761][T14169] Mount JFS Failure: -22 [ 415.749514][T14169] jfs_mount failed w/return code = -22 [ 417.051102][T14208] cgroup: fork rejected by pids controller in /syz1 [ 418.018071][T14220] syz_tun: entered promiscuous mode [ 418.055314][T14220] syz_tun: left promiscuous mode [ 418.512004][ T1838] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.871734][ T1838] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 419.259949][ T1838] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 419.605007][ T1838] bond0: (slave netdevsim0): Releasing backup interface [ 419.634608][ T1838] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 419.690228][ T4617] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 419.708167][ T4617] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 419.711342][T14248] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3969'. [ 419.749691][ T4617] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 419.767067][T14248] openvswitch: netlink: Key type 29 is not supported [ 419.780970][ T4617] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 419.810117][ T4617] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 419.820534][ T4617] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 419.910270][ T5283] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 419.940948][ T1838] bridge_slave_0: left allmulticast mode [ 419.949370][ T1838] bridge_slave_0: left promiscuous mode [ 419.966671][ T1838] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.162471][ T5283] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 420.200369][ T5283] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 420.247192][ T5283] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 420.287708][ T5283] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 420.352274][ T5283] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 420.409235][ T5283] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 420.431503][ T5283] usb 5-1: Manufacturer: syz [ 420.451624][ T5283] usb 5-1: config 0 descriptor?? [ 420.952110][ T5283] appleir 0003:05AC:8243.0027: unknown main item tag 0x0 [ 420.991704][ T5283] appleir 0003:05AC:8243.0027: No inputs registered, leaving [ 421.032619][ T5283] appleir 0003:05AC:8243.0027: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 421.312948][ T5311] usb 5-1: USB disconnect, device number 23 [ 421.642458][T14269] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 421.820344][ T1838] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 421.848785][ T1838] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 421.885158][ T1838] bond0 (unregistering): Released all slaves [ 421.900140][T13451] Bluetooth: hci2: command tx timeout [ 422.073263][ T1838] tipc: Left network mode [ 422.229923][T14275] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3981'. [ 423.144610][ T1838] hsr_slave_0: left promiscuous mode [ 423.164745][ T1838] hsr_slave_1: left promiscuous mode [ 423.210729][ T1838] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 423.239168][ T1838] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 423.296113][ T1838] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 423.339957][ T1838] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 423.480573][ T1838] veth1_macvtap: left promiscuous mode [ 423.502390][ T1838] veth0_macvtap: left promiscuous mode [ 423.521944][ T1838] veth1_vlan: left promiscuous mode [ 423.549450][ T1838] veth0_vlan: left promiscuous mode [ 423.972499][T13451] Bluetooth: hci2: command tx timeout [ 425.120444][ T4617] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 425.169599][ T4617] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 425.189934][ T4617] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 425.244183][ T4617] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 425.289839][ T4617] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 425.301886][ T4617] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 426.017223][ T1838] team0 (unregistering): Port device team_slave_1 removed [ 426.072201][T13451] Bluetooth: hci2: command tx timeout [ 426.120372][ T1838] team0 (unregistering): Port device team_slave_0 removed [ 427.409448][T13451] Bluetooth: hci3: command tx timeout [ 427.600049][T14247] chnl_net:caif_netlink_parms(): no params data found [ 428.129522][T13451] Bluetooth: hci2: command tx timeout [ 428.163051][T14247] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.176325][T14247] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.202182][T14247] bridge_slave_0: entered allmulticast mode [ 428.225386][T14247] bridge_slave_0: entered promiscuous mode [ 428.303720][T14247] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.350173][T14247] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.358216][T14247] bridge_slave_1: entered allmulticast mode [ 428.369871][T14247] bridge_slave_1: entered promiscuous mode [ 428.566353][T14351] netlink: 'syz.2.4006': attribute type 34 has an invalid length. [ 428.601757][T14247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 428.635630][T14247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 428.923771][T14247] team0: Port device team_slave_0 added [ 429.096401][T14247] team0: Port device team_slave_1 added [ 429.342261][T14247] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 429.379803][T14247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 429.426270][T14247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 429.460424][T14358] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 429.480077][T14358] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 429.499183][T13451] Bluetooth: hci3: command tx timeout [ 429.537331][T14247] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 429.581065][T14247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 429.691086][T14247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 429.705654][T14367] sctp: [Deprecated]: syz.3.4013 (pid 14367) Use of int in max_burst socket option deprecated. [ 429.705654][T14367] Use struct sctp_assoc_value instead [ 429.738330][T14317] chnl_net:caif_netlink_parms(): no params data found [ 430.076173][T14247] hsr_slave_0: entered promiscuous mode [ 430.117402][T14247] hsr_slave_1: entered promiscuous mode [ 430.141279][T14247] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 430.169274][T14247] Cannot create hsr debugfs directory [ 430.241581][ T5283] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 430.435234][T14317] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.450227][ T5283] usb 4-1: Using ep0 maxpacket: 8 [ 430.467366][T14317] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.479484][ T5283] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 430.479543][ T5283] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 430.479601][ T5283] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 430.479631][ T5283] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.557926][T14317] bridge_slave_0: entered allmulticast mode [ 430.583781][T14317] bridge_slave_0: entered promiscuous mode [ 430.599801][T14317] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.610627][T14317] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.620773][T14317] bridge_slave_1: entered allmulticast mode [ 430.634519][T14317] bridge_slave_1: entered promiscuous mode [ 430.652578][T14385] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4020'. [ 431.570207][T13451] Bluetooth: hci3: command tx timeout [ 431.645236][ T5280] usb 4-1: USB disconnect, device number 29 [ 431.669209][T14317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 431.761753][ T1838] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.862433][T14317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 432.008542][ T1838] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.231544][ T1838] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.389417][T14317] team0: Port device team_slave_0 added [ 432.483303][ T1838] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.670154][T14317] team0: Port device team_slave_1 added [ 432.820382][T14317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 432.839323][T14317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.889011][T14317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 433.070035][T14317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 433.077161][T14317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.106037][ C0] vkms_vblank_simulate: vblank timer overrun [ 433.153738][T14317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 433.649459][T13451] Bluetooth: hci3: command tx timeout [ 433.686995][T14317] hsr_slave_0: entered promiscuous mode [ 433.696664][T14317] hsr_slave_1: entered promiscuous mode [ 433.704376][T14317] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 433.713122][T14317] Cannot create hsr debugfs directory [ 433.722387][ T1838] bridge_slave_1: left allmulticast mode [ 433.747045][ T1838] bridge_slave_1: left promiscuous mode [ 433.777835][ T1838] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.805772][ T1838] bridge_slave_0: left allmulticast mode [ 433.820711][ T1838] bridge_slave_0: left promiscuous mode [ 433.830550][ T1838] bridge0: port 1(bridge_slave_0) entered disabled state [ 433.870358][ T2948] bond0: (slave geneve0): link status down for interface, disabling it in 4 ms [ 434.113478][T14433] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4038'. [ 434.398623][ T1838] bond0 (unregistering): (slave geneve0): Releasing backup interface [ 434.838720][ T1838] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 434.872405][ T1838] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 434.887739][ T1838] bond0 (unregistering): Released all slaves [ 435.142928][ T1838] tipc: Left network mode [ 435.316957][ C0] vkms_vblank_simulate: vblank timer overrun [ 435.364688][T14437] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 435.382160][ T29] audit: type=1326 audit(2000000313.280:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14434 comm="syz.2.4039" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f583977def9 code=0x0 [ 435.408291][ C0] vkms_vblank_simulate: vblank timer overrun [ 435.693388][T14247] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 435.853998][T14247] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 435.886470][T14247] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 435.995256][T14247] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 436.155132][ T1838] hsr_slave_0: left promiscuous mode [ 436.187182][ T1838] hsr_slave_1: left promiscuous mode [ 436.196777][ T1838] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 436.210104][ T1838] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 436.234326][ T1838] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 436.264051][ T1838] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 436.335478][ T1838] veth0_macvtap: left promiscuous mode [ 436.348826][ T1838] veth1_vlan: left promiscuous mode [ 436.369220][ T1838] veth0_vlan: left promiscuous mode [ 437.116523][ C0] vkms_vblank_simulate: vblank timer overrun [ 437.563544][ T46] infiniband syz0: ib_query_port failed (-19) [ 437.569905][ T1838] team0 (unregistering): Port device team_slave_1 removed [ 437.672839][ T1838] team0 (unregistering): Port device team_slave_0 removed [ 437.918233][ C0] vkms_vblank_simulate: vblank timer overrun [ 439.259332][ T5311] hid-generic 0000:0000:0000.0028: unknown main item tag 0x7 [ 439.299044][ T5311] hid-generic 0000:0000:0000.0028: ignoring exceeding usage max [ 439.347986][ T5311] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0 [ 439.392493][ T5311] hid-generic 0000:0000:0000.0028: unknown main item tag 0x6 [ 439.414412][ T5311] hid-generic 0000:0000:0000.0028: unknown main item tag 0xd [ 439.443031][ T5311] hid-generic 0000:0000:0000.0028: hidraw0: HID v0.00 Device [syz0] on syz0 [ 439.785397][T14475] input: syz1 as /devices/virtual/input/input37 [ 440.073396][T14247] 8021q: adding VLAN 0 to HW filter on device bond0 [ 440.190166][T14247] 8021q: adding VLAN 0 to HW filter on device team0 [ 440.241701][ T1838] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.252532][ T1838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 440.302607][ T1838] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.312440][ T1838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 440.453637][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.627966][T14317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 440.645549][T14317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 440.694050][T14247] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 440.720883][T14490] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4063'. [ 440.736664][T14317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 440.785000][T14317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 441.094213][T14496] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 441.332808][T14317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 441.415397][T14317] 8021q: adding VLAN 0 to HW filter on device team0 [ 441.489402][T12340] bridge0: port 1(bridge_slave_0) entered blocking state [ 441.497881][T12340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 441.526391][T12340] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.534004][T12340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 441.630156][T14247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 441.902671][T14247] veth0_vlan: entered promiscuous mode [ 441.985130][T14247] veth1_vlan: entered promiscuous mode [ 442.092834][T14511] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 442.102491][T14511] IPv6: NLM_F_CREATE should be set when creating new route [ 442.110285][T14511] IPv6: NLM_F_CREATE should be set when creating new route [ 442.119331][T14511] IPv6: NLM_F_CREATE should be set when creating new route [ 442.201731][T14511] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 442.248188][T14247] veth0_macvtap: entered promiscuous mode [ 442.296883][T14247] veth1_macvtap: entered promiscuous mode [ 442.440027][T14247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.462512][T14247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.489156][T14247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.521384][T14247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.549217][T14247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.579185][T14247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.602685][T14247] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 442.644078][T14247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.670003][T14247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.693120][T14247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.725076][T14247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.747302][T14247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.770046][T14247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.809447][T14247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.828993][T14247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.861368][T14247] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 442.914090][T14247] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.937575][T14247] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.958626][T14247] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.990863][T14247] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.043454][T14317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 443.486152][ T2948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.518039][ T2948] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.594483][T14317] veth0_vlan: entered promiscuous mode [ 443.679232][ T2948] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.702772][T14317] veth1_vlan: entered promiscuous mode [ 443.714489][ T2948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.834514][T14317] veth0_macvtap: entered promiscuous mode [ 443.883347][T14317] veth1_macvtap: entered promiscuous mode [ 444.004673][T14317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 444.054459][T14317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.075227][T14317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 444.094293][T14317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.108337][T14317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 444.126818][T14317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.151215][T14317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 444.183275][T14317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.215197][T14551] ALSA: seq fatal error: cannot create timer (-22) [ 444.223088][T14317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 444.301574][T14317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 444.352746][T14317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.385428][T14317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 444.441589][T14317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.475184][T14317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 444.508776][T14317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.539335][T14317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 444.552344][T14561] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 444.559661][T14317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.591172][T14317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 444.638773][T14317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.682210][T14317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 444.753428][T14317] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.770649][T14317] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.781663][ T5282] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 444.799948][T14317] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.824365][T14317] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.999679][ T5282] usb 3-1: Using ep0 maxpacket: 8 [ 445.046720][ T5282] usb 3-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 445.092286][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.130440][ T5282] usb 3-1: Product: syz [ 445.137416][ T2948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 445.150831][ T5282] usb 3-1: Manufacturer: syz [ 445.155925][ T5282] usb 3-1: SerialNumber: syz [ 445.163845][ T2948] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.205185][ T5282] usb 3-1: config 0 descriptor?? [ 445.237541][ T5282] gspca_main: sq905-2.14.0 probing 2770:9120 [ 445.301502][ T2948] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 445.324254][ T2948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.739338][ T5283] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 445.984189][ T5283] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 445.996852][T14591] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 446.012811][T14591] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 446.023327][T14591] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 446.035309][T14591] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 446.050822][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.067539][ T5283] usb 2-1: config 0 descriptor?? [ 446.097744][ T5283] cp210x 2-1:0.0: cp210x converter detected [ 446.109302][T14591] vxlan0: entered promiscuous mode [ 446.119598][T14591] vxlan0: entered allmulticast mode [ 446.172953][T14591] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 446.184942][T14591] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 446.201687][T14591] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 446.215302][T14591] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 446.310936][ T5282] gspca_sq905: sq905_read_data: usb_control_msg failed (-71) [ 446.342549][ T5282] sq905 3-1:0.0: probe with driver sq905 failed with error -71 [ 446.391141][ T5282] usb 3-1: USB disconnect, device number 40 [ 446.535242][ T5283] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 446.771678][ T5283] usb 2-1: cp210x converter now attached to ttyUSB0 [ 446.899166][ T46] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 447.009522][ T5235] usb 2-1: USB disconnect, device number 30 [ 447.030728][ T5235] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 447.051438][ T5235] cp210x 2-1:0.0: device disconnected [ 447.102153][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 447.134345][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 447.191407][ T46] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 447.211386][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.242910][ T46] usb 5-1: config 0 descriptor?? [ 447.720302][ T46] cp2112 0003:10C4:EA90.0029: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 447.899732][ T46] cp2112 0003:10C4:EA90.0029: Part Number: 0x82 Device Version: 0xFE [ 448.321559][ T46] cp2112 0003:10C4:EA90.0029: error setting SMBus config [ 448.341152][ T46] cp2112 0003:10C4:EA90.0029: probe with driver cp2112 failed with error -71 [ 448.368337][ T46] usb 5-1: USB disconnect, device number 24 [ 448.448998][T14633] infiniband syz0: set active [ 448.454982][T14633] infiniband syz0: added team0 [ 448.459272][ T5280] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 448.556243][T14633] RDS/IB: syz0: added [ 448.563837][T14633] smc: adding ib device syz0 with port count 1 [ 448.572070][T14633] smc: ib device syz0 port 1 has pnetid [ 448.667119][ T5280] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 448.751292][ T5280] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 448.809416][ T5280] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 448.831701][ T5280] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 448.846587][ T5280] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.861996][ T5280] usb 4-1: config 0 descriptor?? [ 449.346927][ T5280] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 449.409251][ T5280] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 449.453860][ T5280] plantronics 0003:047F:FFFF.002A: No inputs registered, leaving [ 449.487741][ T5280] plantronics 0003:047F:FFFF.002A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 449.570809][ T5280] usb 4-1: USB disconnect, device number 30 [ 449.898228][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.979067][ T46] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 450.205961][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.230226][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 450.249649][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 450.276641][ T46] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 450.289686][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.310889][ T46] usb 5-1: config 0 descriptor?? [ 450.573949][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.724703][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.758017][ T46] hid (null): bogus close delimiter [ 450.786086][ T4617] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 450.804469][ T4617] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 450.819197][ T4617] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 450.839068][ T941] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 450.857667][ T4617] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 450.867566][ T4617] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 450.875426][ T4617] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 450.972161][ T46] usb 5-1: string descriptor 0 read error: -22 [ 451.065128][ T941] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 451.087374][ T941] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 451.119027][ T941] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 451.128658][ T941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.164713][T14671] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 451.204361][ T941] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 451.237525][ T12] bridge_slave_1: left allmulticast mode [ 451.251193][ T12] bridge_slave_1: left promiscuous mode [ 451.273391][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.297646][ T12] bridge_slave_0: left allmulticast mode [ 451.304559][ T12] bridge_slave_0: left promiscuous mode [ 451.311681][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.369620][ T46] uclogic 0003:256C:006D.002B: failed retrieving string descriptor #100: -71 [ 451.382967][ T46] uclogic 0003:256C:006D.002B: failed retrieving pen parameters: -71 [ 451.410330][ T46] uclogic 0003:256C:006D.002B: failed probing pen v1 parameters: -71 [ 451.429444][ T46] uclogic 0003:256C:006D.002B: failed probing parameters: -71 [ 451.458737][ T46] uclogic 0003:256C:006D.002B: probe with driver uclogic failed with error -71 [ 451.488530][ T46] usb 5-1: USB disconnect, device number 25 [ 451.520314][ T58] usb 1-1: USB disconnect, device number 27 [ 452.181144][ C1] vkms_vblank_simulate: vblank timer overrun [ 452.364372][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 452.379217][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 452.395176][ T12] bond0 (unregistering): Released all slaves [ 452.492036][T14688] netlink: 188 bytes leftover after parsing attributes in process `syz.0.4146'. [ 452.780242][ C1] vkms_vblank_simulate: vblank timer overrun [ 452.940039][ T4617] Bluetooth: hci2: command tx timeout [ 453.629813][T14710] netlink: 'syz.3.4156': attribute type 29 has an invalid length. [ 454.190246][T14674] chnl_net:caif_netlink_parms(): no params data found [ 454.366325][ T12] hsr_slave_0: left promiscuous mode [ 454.385008][ T12] hsr_slave_1: left promiscuous mode [ 454.445141][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 454.461332][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 454.489892][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 454.502208][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 454.591416][ T12] veth1_macvtap: left promiscuous mode [ 454.620056][ T12] veth0_macvtap: left promiscuous mode [ 454.636902][ T12] veth1_vlan: left promiscuous mode [ 454.648506][ T12] veth0_vlan: left promiscuous mode [ 455.009904][ T4617] Bluetooth: hci2: command tx timeout [ 455.699563][T14753] vivid-004: disconnect [ 456.991301][ T12] team0 (unregistering): Port device team_slave_1 removed [ 457.085026][ T12] team0 (unregistering): Port device team_slave_0 removed [ 457.098591][ T4617] Bluetooth: hci2: command tx timeout [ 457.656925][ C0] vkms_vblank_simulate: vblank timer overrun [ 458.294221][ C0] vkms_vblank_simulate: vblank timer overrun [ 458.329543][T14751] vivid-004: reconnect [ 458.678646][T14767] input: syz0 as /devices/virtual/input/input38 [ 458.735734][T14767] input: failed to attach handler leds to device input38, error: -6 [ 458.810887][T14674] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.864919][T14674] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.899515][T14674] bridge_slave_0: entered allmulticast mode [ 458.910163][T14674] bridge_slave_0: entered promiscuous mode [ 458.944074][T14674] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.960486][T14674] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.969927][T14674] bridge_slave_1: entered allmulticast mode [ 458.982685][T14674] bridge_slave_1: entered promiscuous mode [ 459.169460][ T4617] Bluetooth: hci2: command tx timeout [ 459.376313][T14674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 459.447496][T14674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 459.811597][T14674] team0: Port device team_slave_0 added [ 459.868013][T14674] team0: Port device team_slave_1 added [ 460.210248][T14674] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 460.224178][T14674] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.260761][T14674] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 460.323813][T14674] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 460.331626][T14674] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.360408][T14674] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 460.535591][T14674] hsr_slave_0: entered promiscuous mode [ 460.555827][T14674] hsr_slave_1: entered promiscuous mode [ 460.568548][T14674] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 460.587295][T14674] Cannot create hsr debugfs directory [ 461.194729][T14803] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 461.618368][T14674] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 461.637798][T14674] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 461.674309][T14674] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 461.689739][T14674] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 462.154213][T14674] 8021q: adding VLAN 0 to HW filter on device bond0 [ 462.199131][T14674] 8021q: adding VLAN 0 to HW filter on device team0 [ 462.274718][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.282667][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.316299][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.323925][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 463.097307][T14674] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 463.273308][T14674] veth0_vlan: entered promiscuous mode [ 463.339461][T14674] veth1_vlan: entered promiscuous mode [ 463.442119][T14674] veth0_macvtap: entered promiscuous mode [ 463.465647][T14674] veth1_macvtap: entered promiscuous mode [ 463.517857][T14674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.543651][T14674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.570640][T14674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.589521][T14674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.611453][T14674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.651380][T14674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.683445][T14674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.719562][T14674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.741180][T14674] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 463.785009][T14674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 463.818192][T14674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.830344][T14674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 463.846661][T14674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.857517][T14674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 463.872816][T14674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.885375][T14674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 463.918936][T14674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.938191][T14674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 463.949159][ T5283] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 463.985807][T14674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.987258][T14893] skbuff: bad partial csum: csum=65506/2 headroom=168 headlen=65526 [ 464.005809][T14674] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 464.051751][T14674] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.099067][T14674] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.127952][T14674] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.137851][ T5283] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 464.137894][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.137950][ T5283] usb 3-1: Product: syz [ 464.137970][ T5283] usb 3-1: Manufacturer: syz [ 464.137991][ T5283] usb 3-1: SerialNumber: syz [ 464.142308][ T5283] usb 3-1: config 0 descriptor?? [ 464.177541][T14674] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.566726][T12340] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.576024][T12340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.626068][ T5283] usb 3-1: Firmware: major: 202, minor: 255, hardware type: RZUSB (3) [ 464.677689][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.726451][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.837849][ T5283] usb 3-1: failed to fetch extended address, random address set [ 464.912373][ T5283] usb 3-1: USB disconnect, device number 41 [ 465.579216][T14933] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 465.607308][T14933] lo: entered allmulticast mode [ 465.790034][T14940] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 466.619243][ T8] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 466.812441][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 466.848973][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 466.886008][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 466.918579][ T8] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 466.939863][T14980] sctp: [Deprecated]: syz.0.4266 (pid 14980) Use of int in max_burst socket option. [ 466.939863][T14980] Use struct sctp_assoc_value instead [ 466.955008][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.984160][ T8] usb 2-1: config 0 descriptor?? [ 467.062139][T14988] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0) [ 467.227346][T14961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 467.259462][T14961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 467.290534][T14961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 467.310065][T14961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 467.344643][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 467.353116][ T8] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 467.368706][ T8] usb 2-1: USB disconnect, device number 31 [ 467.949180][ T8] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 468.170118][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 468.183939][ T8] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 468.208809][ T8] usb 2-1: config 0 has no interface number 0 [ 468.230025][ T8] usb 2-1: config 0 interface 1 altsetting 1 has an endpoint descriptor with address 0xD6, changing to 0x86 [ 468.254467][ T8] usb 2-1: config 0 interface 1 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 256 [ 468.273220][ T8] usb 2-1: config 0 interface 1 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 468.295358][ T8] usb 2-1: config 0 interface 1 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 468.309081][ T8] usb 2-1: config 0 interface 1 has no altsetting 0 [ 468.316227][ T8] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 468.336008][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.358314][ T8] usb 2-1: config 0 descriptor?? [ 468.372387][ T8] hso 2-1:0.1: Failed to find BULK OUT ep [ 468.419377][ T58] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 468.496443][T15039] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4291'. [ 468.508040][T15039] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4291'. [ 468.622830][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 468.645776][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 468.658586][ T8] usb 2-1: USB disconnect, device number 32 [ 468.672754][ T58] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 468.701874][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.740650][ T58] usb 1-1: config 0 descriptor?? [ 469.571887][ T58] hid-led 0003:27B8:01ED.002C: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.0-1/input0 [ 469.605930][ T58] hid-led 0003:27B8:01ED.002C: ThingM blink(1) v1 initialized [ 469.839865][ T58] usb 1-1: USB disconnect, device number 28 [ 469.869350][ T5283] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 470.062727][ T5283] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 470.081406][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.109874][ T5283] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 470.143620][ T5283] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 470.179220][ T5283] usb 2-1: Manufacturer: syz [ 470.197157][T13451] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 470.206723][ T5283] usb 2-1: config 0 descriptor?? [ 470.219956][T13451] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 470.241875][T13451] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 470.262676][T13451] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 470.280803][T13451] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 470.293859][T13451] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 470.437200][ T5283] rc_core: IR keymap rc-hauppauge not found [ 470.460001][ T5283] Registered IR keymap rc-empty [ 470.460823][T15070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 470.466654][ T5283] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 470.535083][T15070] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 470.543570][ T5283] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input41 [ 470.578331][ T5283] usb 2-1: USB disconnect, device number 33 [ 470.974542][T15102] Bluetooth: MGMT ver 1.23 [ 470.981542][T15102] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 471.315762][T15084] chnl_net:caif_netlink_parms(): no params data found [ 471.716728][T15084] bridge0: port 1(bridge_slave_0) entered blocking state [ 471.739109][ T5280] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 471.749652][T15084] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.769409][T15084] bridge_slave_0: entered allmulticast mode [ 471.777142][T15084] bridge_slave_0: entered promiscuous mode [ 471.801043][T15084] bridge0: port 2(bridge_slave_1) entered blocking state [ 471.812760][T15084] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.823652][T15084] bridge_slave_1: entered allmulticast mode [ 471.833791][T15084] bridge_slave_1: entered promiscuous mode [ 471.848013][ T5311] kernel read not supported for file /rfkill (pid: 5311 comm: kworker/0:6) [ 471.983384][ T5280] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 471.999832][ T5280] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 472.029970][ T5280] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 472.031367][T15084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 472.052429][ T5280] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 472.073254][ T5280] usb 5-1: SerialNumber: syz [ 472.093535][T15084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 472.162875][T15147] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 472.172222][T15147] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 472.193807][ T4617] Bluetooth: hci7: sending frame failed (-49) [ 472.205802][T15147] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 472.215069][T13451] Bluetooth: hci7: Opcode 0x1003 failed: -49 [ 472.324367][T15084] team0: Port device team_slave_0 added [ 472.341168][T15084] team0: Port device team_slave_1 added [ 472.353656][ T5280] usb 5-1: 0:2 : does not exist [ 472.371600][T13451] Bluetooth: hci5: command tx timeout [ 472.400861][ T5280] usb 5-1: 5:0: cannot get min/max values for control 5 (id 5) [ 472.446871][T15084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 472.461261][ T5283] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 472.482185][T15084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 472.514554][T15084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 472.528777][T15084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 472.536440][T15084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 472.563406][ T5280] usb 5-1: 5:0: cannot get min/max values for control 5 (id 5) [ 472.568755][ T5280] usb 5-1: USB disconnect, device number 26 [ 472.581815][T15084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 472.670091][ T5283] usb 3-1: Using ep0 maxpacket: 8 [ 472.690674][ T5283] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 472.709233][ T5283] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 472.736755][T15084] hsr_slave_0: entered promiscuous mode [ 472.746101][ T5283] usb 3-1: New USB device found, idVendor=0b05, idProduct=19b6, bcdDevice= 0.40 [ 472.756460][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.758130][T15084] hsr_slave_1: entered promiscuous mode [ 472.766189][ T5283] usb 3-1: Product: syz [ 472.766223][ T5283] usb 3-1: Manufacturer: syz [ 472.766243][ T5283] usb 3-1: SerialNumber: syz [ 472.804544][T15084] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 472.822253][T15084] Cannot create hsr debugfs directory [ 473.397793][ T5283] hid (null): report_id 2668810406 is invalid [ 473.417972][T15084] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.452717][ T5283] asus 0003:0B05:19B6.002D: report_id 2668810406 is invalid [ 473.483455][ T5283] asus 0003:0B05:19B6.002D: item 0 4 1 8 parsing failed [ 473.514866][ T5283] asus 0003:0B05:19B6.002D: Asus hid parse failed: -22 [ 473.534423][ T5283] asus 0003:0B05:19B6.002D: probe with driver asus failed with error -22 [ 473.660088][ T58] usb 3-1: USB disconnect, device number 42 [ 473.694727][T15084] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.731410][T15178] hugetlbfs: Invalid gid '0x00000000ffffffff' [ 473.843758][T15173] team0: Port device macvlan1 added [ 473.917436][T15176] team0: Port device macvlan1 removed [ 474.037450][T15084] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.253889][T15084] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.414233][T15193] random: crng reseeded on system resumption [ 474.449376][T13451] Bluetooth: hci5: command tx timeout [ 474.757837][T15084] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 474.853389][T15084] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 474.944433][T15084] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 475.002953][T15084] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 475.395521][T15084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 475.486002][T15084] 8021q: adding VLAN 0 to HW filter on device team0 [ 475.563639][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.571255][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 475.617991][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.625705][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 475.831823][T15084] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 475.931859][T15230] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4372'. [ 475.982493][T15230] veth1_vlan: left promiscuous mode [ 476.063549][ T5283] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 476.264678][ T5283] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 476.294566][ T5283] usb 3-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 476.323224][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.349636][ T5283] usb 3-1: Product: syz [ 476.353885][ T5283] usb 3-1: Manufacturer: syz [ 476.370430][ T5283] usb 3-1: SerialNumber: syz [ 476.372593][T15084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 476.389680][ T5283] usb 3-1: config 0 descriptor?? [ 476.524793][ T58] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 476.539458][T13451] Bluetooth: hci5: command tx timeout [ 476.545396][T15084] veth0_vlan: entered promiscuous mode [ 476.596185][T15084] veth1_vlan: entered promiscuous mode [ 476.660773][T15084] veth0_macvtap: entered promiscuous mode [ 476.677384][T15084] veth1_macvtap: entered promiscuous mode [ 476.683574][ T5283] kaweth 3-1:0.0: Firmware present in device. [ 476.733722][T15084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.739039][ T58] usb 2-1: Using ep0 maxpacket: 32 [ 476.755049][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 476.757636][T15084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.793233][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 476.795739][T15084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.813584][ T58] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 476.844393][T15084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.855110][ T5283] kaweth 3-1:0.0: Statistics collection: 0 [ 476.856945][T15084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.869130][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.885707][ T5283] kaweth 3-1:0.0: Multicast filter limit: 0 [ 476.887237][T15084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.899203][ T5283] kaweth 3-1:0.0: MTU: 0 [ 476.904327][T15084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.917377][T15084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.917620][ T58] usb 2-1: config 0 descriptor?? [ 476.935351][ T5283] kaweth 3-1:0.0: Read MAC address 00:00:00:00:00:00 [ 476.972074][T15084] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 477.058729][T15084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.073360][T15084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.099273][T15084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.119868][T15084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.163301][T15084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.198328][T15084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.228761][T15084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.251311][T15084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.271673][T15084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.303540][T15084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.333126][T15084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.373427][ T58] ft260 0003:0403:6030.002E: unknown main item tag 0x0 [ 477.383297][T15084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.411517][T15084] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 477.450285][T15084] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.461316][ T5283] kaweth 3-1:0.0: Error setting receive filter [ 477.475150][ T5283] kaweth 3-1:0.0: probe with driver kaweth failed with error -5 [ 477.490296][T15084] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.506702][ T5283] usb 3-1: USB disconnect, device number 43 [ 477.511544][T15084] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.549489][T15084] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.586866][ T58] ft260 0003:0403:6030.002E: chip code: 5e81 abf2 [ 477.795870][ T58] ft260 0003:0403:6030.002E: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0 [ 477.887372][T12340] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.906393][T12340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 477.952386][T15250] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4380'. [ 477.996267][ T58] ft260 0003:0403:6030.002E: failed to retrieve status: -71, no wakeup [ 478.039969][ T58] ft260 0003:0403:6030.002E: failed to retrieve status: -71 [ 478.064772][ T58] ft260 0003:0403:6030.002E: failed to reset I2C controller: -71 [ 478.134905][ T58] usb 2-1: USB disconnect, device number 34 [ 478.141857][ T2948] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 478.154056][ T2948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 478.541506][T15267] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.4386'. [ 478.611220][T13451] Bluetooth: hci5: command tx timeout [ 478.719005][ T58] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 478.944397][ T58] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 478.969122][ T58] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.023528][ T58] usb 4-1: config 0 descriptor?? [ 479.057546][ T58] cp210x 4-1:0.0: cp210x converter detected [ 479.468410][ T58] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 479.503141][ T58] usb 4-1: cp210x converter now attached to ttyUSB0 [ 479.744315][ T5311] usb 4-1: USB disconnect, device number 31 [ 479.760531][ T5311] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 479.782675][ T5311] cp210x 4-1:0.0: device disconnected [ 479.806115][T15292] netlink: 188 bytes leftover after parsing attributes in process `syz.0.4396'. [ 479.817580][T15292] netlink: 'syz.0.4396': attribute type 1 has an invalid length. [ 479.889586][ T58] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 480.104088][ T58] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 480.133558][ T58] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 480.151963][ T58] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 480.168792][ T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.194935][T15283] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 480.235892][ T58] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 480.681596][ T5280] usb 3-1: USB disconnect, device number 44 [ 482.189831][T15389] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 482.249168][ T941] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 482.471576][ T941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.490153][ T941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.510857][ T941] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 482.541291][ T941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.569220][ T941] usb 3-1: config 0 descriptor?? [ 482.864662][T15412] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 482.885718][T15412] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 482.934156][T13451] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 482.943947][T13451] Bluetooth: hci2: Injecting HCI hardware error event [ 482.956264][T13451] Bluetooth: hci2: hardware error 0x00 [ 483.016942][ T941] cm6533_jd 0003:0D8C:0022.002F: unknown main item tag 0x0 [ 483.055161][ T941] cm6533_jd 0003:0D8C:0022.002F: unknown main item tag 0x0 [ 483.108228][ T941] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.002F/input/input42 [ 483.174825][T15423] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4456'. [ 483.175565][ T941] cm6533_jd 0003:0D8C:0022.002F: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 483.198441][T15423] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.208331][T15423] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.209564][ T941] usb 3-1: USB disconnect, device number 45 [ 483.230253][T15423] bridge0: entered allmulticast mode [ 483.759083][T15435] mac80211_hwsim hwsim27 wlan0: entered promiscuous mode [ 483.793671][T15435] macvlan2: entered allmulticast mode [ 483.800073][T15435] mac80211_hwsim hwsim27 wlan0: entered allmulticast mode [ 483.814526][T15435] mac80211_hwsim hwsim27 wlan0: left promiscuous mode [ 484.219320][ T941] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 484.415879][ T941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 484.436869][ T941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 484.467924][ T941] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 484.482436][ T29] audit: type=1107 audit(2000000362.400:333): pid=15463 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='_HNz(' [ 484.512352][ T941] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 484.528458][ T941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.570724][ T941] usb 3-1: config 0 descriptor?? [ 484.600166][T15467] binder: 15465:15467 ioctl c0306201 200001c0 returned -14 [ 484.740673][T15474] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 484.929281][ T4617] Bluetooth: hci0: command tx timeout [ 485.001457][T15484] [ 485.003854][T15484] ===================================================== [ 485.010805][T15484] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 485.012266][T13451] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 485.018261][T15484] 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 Not tainted [ 485.018277][T15484] ----------------------------------------------------- [ 485.018286][T15484] syz.0.4483/15484 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 485.046198][T15484] ffff8880642af360 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x19e/0x4d0 [ 485.054949][T15484] [ 485.054949][T15484] and this task is already holding: [ 485.062316][T15484] ffff888034db1028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xf2/0xad0 [ 485.072188][T15484] which would create a new lock dependency: [ 485.078106][T15484] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 485.086239][T15484] [ 485.086239][T15484] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 485.095811][T15484] (&dev->event_lock#2){..-.}-{2:2} [ 485.095852][T15484] [ 485.095852][T15484] ... which became SOFTIRQ-irq-safe at: [ 485.108769][T15484] lock_acquire+0x1ed/0x550 [ 485.113378][T15484] _raw_spin_lock_irqsave+0xd5/0x120 [ 485.118765][T15484] input_inject_event+0xc5/0x340 [ 485.123822][T15484] led_trigger_event+0x138/0x210 [ 485.128859][T15484] kbd_bh+0x1b5/0x290 [ 485.132944][T15484] tasklet_action_common+0x321/0x4d0 [ 485.138334][T15484] handle_softirqs+0x2c4/0x970 [ 485.143207][T15484] run_ksoftirqd+0xca/0x130 [ 485.147806][T15484] smpboot_thread_fn+0x544/0xa30 [ 485.152839][T15484] kthread+0x2f0/0x390 [ 485.157013][T15484] ret_from_fork+0x4b/0x80 [ 485.161533][T15484] ret_from_fork_asm+0x1a/0x30 [ 485.166395][T15484] [ 485.166395][T15484] to a SOFTIRQ-irq-unsafe lock: [ 485.173449][T15484] (tasklist_lock){.+.+}-{2:2} [ 485.173479][T15484] [ 485.173479][T15484] ... which became SOFTIRQ-irq-unsafe at: [ 485.186123][T15484] ... [ 485.186132][T15484] lock_acquire+0x1ed/0x550 [ 485.193345][T15484] _raw_read_lock+0x36/0x50 [ 485.197951][T15484] __do_wait+0x12d/0x850 [ 485.202295][T15484] do_wait+0x1e9/0x560 [ 485.206475][T15484] kernel_wait+0xe9/0x240 [ 485.210898][T15484] call_usermodehelper_exec_work+0xbd/0x230 [ 485.216890][T15484] process_scheduled_works+0xa2c/0x1830 [ 485.222551][T15484] worker_thread+0x86d/0xd10 [ 485.227278][T15484] kthread+0x2f0/0x390 [ 485.231467][T15484] ret_from_fork+0x4b/0x80 [ 485.235996][T15484] ret_from_fork_asm+0x1a/0x30 [ 485.240875][T15484] [ 485.240875][T15484] other info that might help us debug this: [ 485.240875][T15484] [ 485.251110][T15484] Chain exists of: [ 485.251110][T15484] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 485.251110][T15484] [ 485.264701][T15484] Possible interrupt unsafe locking scenario: [ 485.264701][T15484] [ 485.273106][T15484] CPU0 CPU1 [ 485.278469][T15484] ---- ---- [ 485.283839][T15484] lock(tasklist_lock); [ 485.288092][T15484] local_irq_disable(); [ 485.294845][T15484] lock(&dev->event_lock#2); [ 485.302060][T15484] lock(&client->buffer_lock); [ 485.309523][T15484] [ 485.312975][T15484] lock(&dev->event_lock#2); [ 485.317836][T15484] [ 485.317836][T15484] *** DEADLOCK *** [ 485.317836][T15484] [ 485.326067][T15484] 7 locks held by syz.0.4483/15484: [ 485.331283][T15484] #0: ffff888029e23110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x272/0x7c0 [ 485.340450][T15484] #1: ffff88801dbbd230 (&dev->event_lock#2){..-.}-{2:2}, at: input_inject_event+0xc5/0x340 [ 485.350647][T15484] #2: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xd6/0x340 [ 485.360322][T15484] #3: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0x8f/0x860 [ 485.369906][T15484] #4: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x6f/0x300 [ 485.379070][T15484] #5: ffff888034db1028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xf2/0xad0 [ 485.389363][T15484] #6: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x55/0x4d0 [ 485.398479][T15484] [ 485.398479][T15484] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 485.408974][T15484] -> (&dev->event_lock#2){..-.}-{2:2} { [ 485.414653][T15484] IN-SOFTIRQ-W at: [ 485.418740][T15484] lock_acquire+0x1ed/0x550 [ 485.425195][T15484] _raw_spin_lock_irqsave+0xd5/0x120 [ 485.432430][T15484] input_inject_event+0xc5/0x340 [ 485.439213][T15484] led_trigger_event+0x138/0x210 [ 485.445992][T15484] kbd_bh+0x1b5/0x290 [ 485.451810][T15484] tasklet_action_common+0x321/0x4d0 [ 485.458941][T15484] handle_softirqs+0x2c4/0x970 [ 485.465540][T15484] run_ksoftirqd+0xca/0x130 [ 485.471907][T15484] smpboot_thread_fn+0x544/0xa30 [ 485.478694][T15484] kthread+0x2f0/0x390 [ 485.484600][T15484] ret_from_fork+0x4b/0x80 [ 485.490942][T15484] ret_from_fork_asm+0x1a/0x30 [ 485.497551][T15484] INITIAL USE at: [ 485.501539][T15484] lock_acquire+0x1ed/0x550 [ 485.507789][T15484] _raw_spin_lock_irqsave+0xd5/0x120 [ 485.514913][T15484] input_inject_event+0xc5/0x340 [ 485.521592][T15484] kbd_led_trigger_activate+0xb8/0x100 [ 485.528797][T15484] led_trigger_set+0x582/0x9c0 [ 485.535305][T15484] led_trigger_set_default+0x229/0x260 [ 485.542508][T15484] led_classdev_register_ext+0x6e6/0x8a0 [ 485.549893][T15484] input_leds_connect+0x489/0x630 [ 485.556661][T15484] input_register_device+0xd3b/0x1110 [ 485.563778][T15484] atkbd_connect+0x752/0xa00 [ 485.570116][T15484] serio_driver_probe+0x7f/0xa0 [ 485.576712][T15484] really_probe+0x2b8/0xad0 [ 485.583144][T15484] __driver_probe_device+0x1a2/0x390 [ 485.590176][T15484] driver_probe_device+0x50/0x430 [ 485.597040][T15484] __driver_attach+0x45f/0x710 [ 485.603560][T15484] bus_for_each_dev+0x239/0x2b0 [ 485.610249][T15484] serio_handle_event+0x1c7/0x920 [ 485.617021][T15484] process_scheduled_works+0xa2c/0x1830 [ 485.624313][T15484] worker_thread+0x86d/0xd10 [ 485.630649][T15484] kthread+0x2f0/0x390 [ 485.636465][T15484] ret_from_fork+0x4b/0x80 [ 485.642636][T15484] ret_from_fork_asm+0x1a/0x30 [ 485.649190][T15484] } [ 485.651785][T15484] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 485.660911][T15484] -> (&client->buffer_lock){....}-{2:2} { [ 485.666658][T15484] INITIAL USE at: [ 485.670642][T15484] lock_acquire+0x1ed/0x550 [ 485.676725][T15484] _raw_spin_lock+0x2e/0x40 [ 485.682890][T15484] evdev_pass_values+0xf2/0xad0 [ 485.689318][T15484] evdev_events+0x1c2/0x300 [ 485.695398][T15484] input_pass_values+0x286/0x860 [ 485.701910][T15484] input_event_dispose+0x30f/0x600 [ 485.708588][T15484] input_handle_event+0xa71/0xbe0 [ 485.715175][T15484] input_inject_event+0x22f/0x340 [ 485.721859][T15484] evdev_write+0x672/0x7c0 [ 485.727847][T15484] vfs_write+0x2a2/0xc90 [ 485.733675][T15484] ksys_write+0x1a0/0x2c0 [ 485.739579][T15484] do_syscall_64+0xf3/0x230 [ 485.745649][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.753114][T15484] } [ 485.755611][T15484] ... key at: [] evdev_open.__key.24+0x0/0x20 [ 485.763796][T15484] ... acquired at: [ 485.767595][T15484] lock_acquire+0x1ed/0x550 [ 485.772282][T15484] _raw_spin_lock+0x2e/0x40 [ 485.776972][T15484] evdev_pass_values+0xf2/0xad0 [ 485.782004][T15484] evdev_events+0x1c2/0x300 [ 485.786687][T15484] input_pass_values+0x286/0x860 [ 485.791806][T15484] input_event_dispose+0x30f/0x600 [ 485.797096][T15484] input_handle_event+0xa71/0xbe0 [ 485.802302][T15484] input_inject_event+0x22f/0x340 [ 485.807505][T15484] evdev_write+0x672/0x7c0 [ 485.812106][T15484] vfs_write+0x2a2/0xc90 [ 485.816532][T15484] ksys_write+0x1a0/0x2c0 [ 485.821049][T15484] do_syscall_64+0xf3/0x230 [ 485.825728][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.831804][T15484] [ 485.834129][T15484] [ 485.834129][T15484] the dependencies between the lock to be acquired [ 485.834140][T15484] and SOFTIRQ-irq-unsafe lock: [ 485.848051][T15484] -> (tasklist_lock){.+.+}-{2:2} { [ 485.853365][T15484] HARDIRQ-ON-R at: [ 485.857522][T15484] lock_acquire+0x1ed/0x550 [ 485.864035][T15484] _raw_read_lock+0x36/0x50 [ 485.870650][T15484] __do_wait+0x12d/0x850 [ 485.876899][T15484] do_wait+0x1e9/0x560 [ 485.882969][T15484] kernel_wait+0xe9/0x240 [ 485.889325][T15484] call_usermodehelper_exec_work+0xbd/0x230 [ 485.897246][T15484] process_scheduled_works+0xa2c/0x1830 [ 485.904821][T15484] worker_thread+0x86d/0xd10 [ 485.911433][T15484] kthread+0x2f0/0x390 [ 485.917517][T15484] ret_from_fork+0x4b/0x80 [ 485.923952][T15484] ret_from_fork_asm+0x1a/0x30 [ 485.930729][T15484] SOFTIRQ-ON-R at: [ 485.934890][T15484] lock_acquire+0x1ed/0x550 [ 485.941404][T15484] _raw_read_lock+0x36/0x50 [ 485.947917][T15484] __do_wait+0x12d/0x850 [ 485.954162][T15484] do_wait+0x1e9/0x560 [ 485.960325][T15484] kernel_wait+0xe9/0x240 [ 485.966655][T15484] call_usermodehelper_exec_work+0xbd/0x230 [ 485.974594][T15484] process_scheduled_works+0xa2c/0x1830 [ 485.982171][T15484] worker_thread+0x86d/0xd10 [ 485.988775][T15484] kthread+0x2f0/0x390 [ 485.994856][T15484] ret_from_fork+0x4b/0x80 [ 486.001381][T15484] ret_from_fork_asm+0x1a/0x30 [ 486.008157][T15484] INITIAL USE at: [ 486.012236][T15484] lock_acquire+0x1ed/0x550 [ 486.018674][T15484] _raw_write_lock_irq+0xd3/0x120 [ 486.025625][T15484] copy_process+0x228b/0x3dc0 [ 486.032243][T15484] kernel_clone+0x223/0x880 [ 486.038686][T15484] user_mode_thread+0x132/0x1a0 [ 486.045547][T15484] rest_init+0x23/0x300 [ 486.051623][T15484] start_kernel+0x47a/0x500 [ 486.058057][T15484] x86_64_start_reservations+0x2a/0x30 [ 486.065449][T15484] x86_64_start_kernel+0x9f/0xa0 [ 486.072304][T15484] common_startup_64+0x13e/0x147 [ 486.079175][T15484] INITIAL READ USE at: [ 486.083697][T15484] lock_acquire+0x1ed/0x550 [ 486.090572][T15484] _raw_read_lock+0x36/0x50 [ 486.097436][T15484] __do_wait+0x12d/0x850 [ 486.104035][T15484] do_wait+0x1e9/0x560 [ 486.110456][T15484] kernel_wait+0xe9/0x240 [ 486.117138][T15484] call_usermodehelper_exec_work+0xbd/0x230 [ 486.125476][T15484] process_scheduled_works+0xa2c/0x1830 [ 486.133376][T15484] worker_thread+0x86d/0xd10 [ 486.140672][T15484] kthread+0x2f0/0x390 [ 486.147097][T15484] ret_from_fork+0x4b/0x80 [ 486.153868][T15484] ret_from_fork_asm+0x1a/0x30 [ 486.161077][T15484] } [ 486.163749][T15484] ... key at: [] tasklist_lock+0x18/0x40 [ 486.171648][T15484] ... acquired at: [ 486.175619][T15484] lock_acquire+0x1ed/0x550 [ 486.180318][T15484] _raw_read_lock+0x36/0x50 [ 486.185003][T15484] send_sigio+0xfc/0x360 [ 486.189434][T15484] dnotify_handle_event+0x13c/0x440 [ 486.194817][T15484] fsnotify+0x18ab/0x1f70 [ 486.199329][T15484] fsnotify_change+0x24f/0x2a0 [ 486.204361][T15484] notify_change+0xc0c/0xe90 [ 486.209147][T15484] chmod_common+0x2ab/0x4c0 [ 486.213871][T15484] __x64_sys_fchmod+0xf8/0x160 [ 486.218815][T15484] do_syscall_64+0xf3/0x230 [ 486.223505][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.229581][T15484] [ 486.231908][T15484] -> (&f->f_owner.lock){...-}-{2:2} { [ 486.237393][T15484] IN-SOFTIRQ-R at: [ 486.241460][T15484] lock_acquire+0x1ed/0x550 [ 486.247902][T15484] _raw_read_lock_irqsave+0xdd/0x130 [ 486.255042][T15484] send_sigurg+0x29/0x3c0 [ 486.261238][T15484] sk_send_sigurg+0x75/0x2f0 [ 486.267671][T15484] tcp_check_urg+0x207/0x740 [ 486.274103][T15484] tcp_urg+0x15c/0x450 [ 486.280000][T15484] tcp_rcv_established+0xfaf/0x2020 [ 486.287131][T15484] tcp_v6_do_rcv+0x5c8/0x13a0 [ 486.293724][T15484] tcp_v6_rcv+0x253a/0x2fb0 [ 486.300151][T15484] ip6_protocol_deliver_rcu+0xc79/0x1580 [ 486.307707][T15484] ip6_input_finish+0x187/0x2d0 [ 486.314403][T15484] NF_HOOK+0x3a4/0x450 [ 486.320396][T15484] NF_HOOK+0x3a4/0x450 [ 486.326299][T15484] __netif_receive_skb+0x1ea/0x650 [ 486.333255][T15484] process_backlog+0x662/0x15b0 [ 486.339934][T15484] __napi_poll+0xcb/0x490 [ 486.346100][T15484] net_rx_action+0x89b/0x1240 [ 486.352601][T15484] handle_softirqs+0x2c4/0x970 [ 486.359202][T15484] do_softirq+0x11b/0x1e0 [ 486.365403][T15484] __local_bh_enable_ip+0x1bb/0x200 [ 486.372608][T15484] sk_stream_wait_memory+0x762/0xfa0 [ 486.379728][T15484] tcp_sendmsg_locked+0x1471/0x4e10 [ 486.386883][T15484] tcp_sendmsg+0x30/0x50 [ 486.392963][T15484] __sock_sendmsg+0xef/0x270 [ 486.399410][T15484] __sys_sendto+0x3a4/0x4f0 [ 486.405744][T15484] __x64_sys_sendto+0xde/0x100 [ 486.412342][T15484] do_syscall_64+0xf3/0x230 [ 486.418677][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.426406][T15484] INITIAL USE at: [ 486.430396][T15484] lock_acquire+0x1ed/0x550 [ 486.436649][T15484] _raw_write_lock_irq+0xd3/0x120 [ 486.443511][T15484] f_modown+0x38/0x340 [ 486.449437][T15484] f_setown+0x14f/0x200 [ 486.455451][T15484] do_fcntl+0x67d/0x1730 [ 486.461472][T15484] __se_sys_fcntl+0xd2/0x1c0 [ 486.468011][T15484] do_syscall_64+0xf3/0x230 [ 486.474275][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.482379][T15484] INITIAL READ USE at: [ 486.486814][T15484] lock_acquire+0x1ed/0x550 [ 486.493594][T15484] _raw_read_lock_irq+0xda/0x120 [ 486.500810][T15484] do_fcntl+0x400/0x1730 [ 486.507264][T15484] __se_sys_fcntl+0xd2/0x1c0 [ 486.514061][T15484] do_syscall_64+0xf3/0x230 [ 486.520784][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.528961][T15484] } [ 486.531600][T15484] ... key at: [] init_file.__key+0x0/0x20 [ 486.539623][T15484] ... acquired at: [ 486.543528][T15484] lock_acquire+0x1ed/0x550 [ 486.548266][T15484] _raw_read_lock_irqsave+0xdd/0x130 [ 486.553837][T15484] send_sigio+0x33/0x360 [ 486.558267][T15484] kill_fasync+0x23a/0x4d0 [ 486.562865][T15484] pipe_release+0x1bf/0x330 [ 486.567550][T15484] __fput+0x24a/0x8a0 [ 486.571747][T15484] task_work_run+0x24f/0x310 [ 486.576517][T15484] syscall_exit_to_user_mode+0x168/0x370 [ 486.582339][T15484] do_syscall_64+0x100/0x230 [ 486.587111][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.593189][T15484] [ 486.595512][T15484] -> (&new->fa_lock){....}-{2:2} { [ 486.600656][T15484] INITIAL USE at: [ 486.604551][T15484] lock_acquire+0x1ed/0x550 [ 486.610628][T15484] _raw_write_lock_irq+0xd3/0x120 [ 486.617320][T15484] fasync_remove_entry+0xff/0x1d0 [ 486.623954][T15484] pipe_fasync+0xb5/0x1f0 [ 486.629857][T15484] __fput+0x73e/0x8a0 [ 486.635498][T15484] task_work_run+0x24f/0x310 [ 486.641658][T15484] syscall_exit_to_user_mode+0x168/0x370 [ 486.648864][T15484] do_syscall_64+0x100/0x230 [ 486.655031][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.662496][T15484] INITIAL READ USE at: [ 486.666843][T15484] lock_acquire+0x1ed/0x550 [ 486.673363][T15484] _raw_read_lock_irqsave+0xdd/0x130 [ 486.680833][T15484] kill_fasync+0x19e/0x4d0 [ 486.687278][T15484] pipe_release+0x1bf/0x330 [ 486.693805][T15484] __fput+0x24a/0x8a0 [ 486.699824][T15484] task_work_run+0x24f/0x310 [ 486.706414][T15484] syscall_exit_to_user_mode+0x168/0x370 [ 486.714050][T15484] do_syscall_64+0x100/0x230 [ 486.720690][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.728592][T15484] } [ 486.731178][T15484] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 486.739860][T15484] ... acquired at: [ 486.743659][T15484] lock_acquire+0x1ed/0x550 [ 486.748343][T15484] _raw_read_lock_irqsave+0xdd/0x130 [ 486.753815][T15484] kill_fasync+0x19e/0x4d0 [ 486.758439][T15484] evdev_pass_values+0x58a/0xad0 [ 486.763566][T15484] evdev_events+0x1c2/0x300 [ 486.768248][T15484] input_pass_values+0x286/0x860 [ 486.773363][T15484] input_event_dispose+0x30f/0x600 [ 486.778648][T15484] input_handle_event+0xa71/0xbe0 [ 486.783884][T15484] input_inject_event+0x22f/0x340 [ 486.789086][T15484] evdev_write+0x672/0x7c0 [ 486.793710][T15484] vfs_write+0x2a2/0xc90 [ 486.798159][T15484] ksys_write+0x1a0/0x2c0 [ 486.802674][T15484] do_syscall_64+0xf3/0x230 [ 486.807354][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.813517][T15484] [ 486.815838][T15484] [ 486.815838][T15484] stack backtrace: [ 486.821732][T15484] CPU: 0 UID: 0 PID: 15484 Comm: syz.0.4483 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 486.832848][T15484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 486.843082][T15484] Call Trace: [ 486.846368][T15484] [ 486.849303][T15484] dump_stack_lvl+0x241/0x360 [ 486.854001][T15484] ? __pfx_dump_stack_lvl+0x10/0x10 [ 486.859209][T15484] ? __pfx__printk+0x10/0x10 [ 486.863811][T15484] ? print_shortest_lock_dependencies+0xf2/0x160 [ 486.870154][T15484] validate_chain+0x4de0/0x5900 [ 486.875025][T15484] ? __pfx_validate_chain+0x10/0x10 [ 486.880243][T15484] ? __pfx_validate_chain+0x10/0x10 [ 486.885449][T15484] ? register_lock_class+0x102/0x980 [ 486.890747][T15484] ? __pfx_register_lock_class+0x10/0x10 [ 486.896397][T15484] ? queue_work_on+0x246/0x380 [ 486.901178][T15484] ? mark_lock+0x9a/0x350 [ 486.905525][T15484] __lock_acquire+0x137a/0x2040 [ 486.910487][T15484] lock_acquire+0x1ed/0x550 [ 486.915089][T15484] ? kill_fasync+0x19e/0x4d0 [ 486.919697][T15484] ? __pfx_lock_acquire+0x10/0x10 [ 486.924743][T15484] ? __pfx_lock_acquire+0x10/0x10 [ 486.929791][T15484] _raw_read_lock_irqsave+0xdd/0x130 [ 486.935186][T15484] ? kill_fasync+0x19e/0x4d0 [ 486.939792][T15484] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 486.945700][T15484] ? do_raw_spin_lock+0x14f/0x370 [ 486.950741][T15484] kill_fasync+0x19e/0x4d0 [ 486.955169][T15484] ? kill_fasync+0x55/0x4d0 [ 486.959711][T15484] evdev_pass_values+0x58a/0xad0 [ 486.965102][T15484] ? evdev_pass_values+0x5b1/0xad0 [ 486.970267][T15484] evdev_events+0x1c2/0x300 [ 486.974782][T15484] ? evdev_events+0x6f/0x300 [ 486.979383][T15484] input_pass_values+0x286/0x860 [ 486.984336][T15484] ? input_pass_values+0x8f/0x860 [ 486.989383][T15484] input_event_dispose+0x30f/0x600 [ 486.994681][T15484] input_handle_event+0xa71/0xbe0 [ 486.999715][T15484] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 487.005207][T15484] ? __pfx_input_handle_event+0x10/0x10 [ 487.010767][T15484] input_inject_event+0x22f/0x340 [ 487.015828][T15484] ? input_inject_event+0xd6/0x340 [ 487.020978][T15484] evdev_write+0x672/0x7c0 [ 487.025430][T15484] ? __pfx_evdev_write+0x10/0x10 [ 487.030388][T15484] ? bpf_lsm_file_permission+0x9/0x10 [ 487.035953][T15484] ? security_file_permission+0x7f/0xa0 [ 487.041518][T15484] ? rw_verify_area+0x1d2/0x6b0 [ 487.046397][T15484] ? __pfx_evdev_write+0x10/0x10 [ 487.051444][T15484] vfs_write+0x2a2/0xc90 [ 487.055721][T15484] ? __pfx_vfs_write+0x10/0x10 [ 487.060503][T15484] ? do_futex+0x33b/0x560 [ 487.064877][T15484] ? __fget_files+0x29/0x470 [ 487.069478][T15484] ? __fget_files+0x3f6/0x470 [ 487.074251][T15484] ? __fget_files+0x29/0x470 [ 487.078863][T15484] ksys_write+0x1a0/0x2c0 [ 487.083260][T15484] ? __pfx_ksys_write+0x10/0x10 [ 487.088175][T15484] ? do_syscall_64+0x100/0x230 [ 487.092980][T15484] ? do_syscall_64+0xb6/0x230 [ 487.097720][T15484] do_syscall_64+0xf3/0x230 [ 487.102263][T15484] ? clear_bhb_loop+0x35/0x90 [ 487.107002][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.112962][T15484] RIP: 0033:0x7efffdf7def9 [ 487.117424][T15484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.137342][T15484] RSP: 002b:00007efffed64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 487.145782][T15484] RAX: ffffffffffffffda RBX: 00007efffe135f80 RCX: 00007efffdf7def9 [ 487.154028][T15484] RDX: 0000000000002250 RSI: 0000000020000040 RDI: 0000000000000004 [ 487.162127][T15484] RBP: 00007efffdff09f6 R08: 0000000000000000 R09: 0000000000000000 [ 487.170258][T15484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 487.178254][T15484] R13: 0000000000000000 R14: 00007efffe135f80 R15: 00007ffe67f1ffd8 [ 487.186643][T15484] [ 487.419255][ T941] usbhid 3-1:0.0: can't add hid device: -71 [ 487.425357][ T941] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 487.461677][ T941] usb 3-1: USB disconnect, device number 46