last executing test programs: 1.884735572s ago: executing program 2 (id=2422): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d56549b}) ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000040)={0x8f, 0x0, 0xa}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.767230397s ago: executing program 4 (id=2424): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01080000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000640)=ANY=[@ANYBLOB="20000000170a0101000000000000000000000000090001"], 0x20}}, 0x0) 1.585235077s ago: executing program 2 (id=2428): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000000000093000040", @ANYRES8, @ANYBLOB="3ccadde3e732"]) 1.527276828s ago: executing program 4 (id=2430): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='vegas\x00', 0x6) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000002500)={0x0, 0x0, &(0x7f00000024c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001200010a00000000000000000000003f00000000000000000000000000000000000000e0ffffffff454b086007ecaec800000000e0798deb5d64018ebcdfdc8817"], 0x50}}, 0x0) 1.235393103s ago: executing program 2 (id=2432): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = syz_init_net_socket$x25(0x3, 0x5, 0x3) ioctl$SIOCX25SFACILITIES(r1, 0x89e3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1}) 1.153655667s ago: executing program 0 (id=2434): r0 = syz_io_uring_setup(0x52, &(0x7f0000000100), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x77359400}}) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{}, "9b0aa8b8bb6ab27c", "7c1e0b918669e6396fdac89e0b7fcfc4", "ddc2747b", "cad125ea3d9d1f14"}, 0x28) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 1.107457221s ago: executing program 2 (id=2435): ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@ipv6_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e21, 0x4e24}}]}, 0x24}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000021000f0000000000000000000a"], 0x24}}, 0x0) 1.097389869s ago: executing program 3 (id=2436): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000808000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x4f) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[], 0xb0}}, 0x0) mount$9p_fd(0x20000000, &(0x7f0000000340)='./file1\x00', 0x0, 0x1942060, 0x0) 1.043675919s ago: executing program 0 (id=2437): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r1, &(0x7f0000000480)=[{&(0x7f0000000080)='4', 0x1}], 0x1) 1.002803164s ago: executing program 1 (id=2438): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r1 = syz_io_uring_setup(0x690a, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0) write$P9_RSTATu(r0, &(0x7f0000000a00)=ANY=[@ANYBLOB="080200000200000005fc"], 0x23d) 934.28816ms ago: executing program 2 (id=2439): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x240dc8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x31}}, 0x1c) sendto$inet6(r0, &(0x7f0000000e80)="0d0ad7", 0x3, 0x6d91fb6102d8910c, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvfrom(r0, 0x0, 0x12, 0x12, 0x0, 0x0) 832.117437ms ago: executing program 0 (id=2440): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000080), 0x4) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000280)={0x1, &(0x7f0000528000)=[{0x6}]}, 0x10) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) close(r0) 747.409089ms ago: executing program 1 (id=2441): rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) 652.637463ms ago: executing program 3 (id=2442): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}, 0x1c) shutdown(r0, 0x1) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={r2}, &(0x7f0000000180)=0x14) 649.705947ms ago: executing program 1 (id=2443): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000a00)={'#! ', './control'}, 0xd) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) 601.408871ms ago: executing program 0 (id=2444): sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000380)="93", 0x1}], 0x1, 0x0, 0x0, 0x4080}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r0, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0xb9, 0x0, &(0x7f00000000c0)) 589.196775ms ago: executing program 4 (id=2445): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000040850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b4090a79507df79f298129da487130d5f24b46001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad379e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488a010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a18159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7962b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac2bba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f407000000000000006d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab669ab377e4c2422a47e9ffe2d4a2d32f7528751313694bf57704400b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6940b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d30902208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c8000000000000003a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f000000000facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f296115d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc05000000000000006c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a4619a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806b90cc39c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d3133319e069f9648a2ff93060ff073b3a113e47e447c030931651dd315003b7a6a47c912853826c4c65433a2bb560ae99ec4b227eda2e63a1cb1a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e5f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec90f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754c68b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8adbd2c2604eab3a62a28611da1dae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412cbbdebae06edb51a134301d2627d4927287daf9dcae6720334862d3a18094f1edd9e350337cbb804004d1755cfe7d7fa01872fb99815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2b63a6038ab5546ba1e5ad6a329f2c627100e0442f865fc6c179ad3edcb6b000000000000000b0000000000000000ac192d48d76e2a8cae83ae850f73fdfbaca81b6b7b1a0d7b517f41fbd46aa24b0f4b8e0202e3a580947f1925ba4de097e8dcb6bd7f686322b45d4a544ca1e83b592d4a6d46d0a0dc39634550bc77d4cabba01b283082e66778de7c61a1a36838d36c2f8e58cef603770ee3d6a9625be0bc21d2be2da69ac9e9c5e88278d39239501b465102ad16d651ea8bb8cee35527c1ad42ac6a565e449929ccb4469bdd6824b64e13579b7188566e735200000000000000000094e05bcda1e96e4c33ccf6d74046e45bafe9d512c43a3e485dedad9a38b34f7fcd00fafcc25dc36716f0e21e0632425b7a1c1a6bc15c3fc07d914c88103411d8d2b77b72a796fd3aaa7ea493c7bc43e63b2b0d05ad5682121682096b224933fa20255d58a680cc2ec200"/3002], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x3f) 544.66578ms ago: executing program 1 (id=2446): r0 = socket$inet_tcp(0x2, 0x1, 0x0) shutdown(r0, 0x1) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x401) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000d00), 0x4) 489.680984ms ago: executing program 3 (id=2447): r0 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x29, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x5, 0x0, 0xb, 0x2, 0x0, 0x14}, {0x18, 0x8, 0x2, 0x0, r2}, {}, {0x15, 0x0, 0x0, 0x76}}, @snprintf={{0x7, 0x0, 0xb, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0xa4}}], {{}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 480.887564ms ago: executing program 1 (id=2448): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc7100000000000800000000000000ff"}) r1 = syz_open_pts(r0, 0x141201) fcntl$setstatus(r1, 0x4, 0x102800) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TCFLSH(r0, 0x540b, 0x0) 412.617652ms ago: executing program 4 (id=2449): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000000)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'pim6reg0\x00', 0x2}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'rose0\x00', 0x2}) 363.496547ms ago: executing program 0 (id=2450): r0 = syz_io_uring_setup(0xd79, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) r4 = socket$rds(0x15, 0x5, 0x0) dup3(r4, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x0, 0x0}) io_uring_enter(r0, 0x17ac1, 0x0, 0x0, 0x0, 0x0) 350.127521ms ago: executing program 1 (id=2451): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) syz_usb_disconnect(r0) r2 = epoll_create(0xffff) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)) epoll_pwait2(r2, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0) 324.571695ms ago: executing program 3 (id=2452): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x0, 0x2}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r0, &(0x7f0000000280)={&(0x7f0000000040), 0x10, 0x0}, 0x0) 222.324044ms ago: executing program 0 (id=2453): socket(0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cgroup.clone_children\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x12) mkdirat$cgroup(r0, &(0x7f0000000280)='syz0\x00', 0x1ff) 216.615037ms ago: executing program 3 (id=2454): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x2, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000000bae3000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) socket$packet(0x11, 0x3, 0x300) close_range(r2, 0xffffffffffffffff, 0x0) 189.963869ms ago: executing program 4 (id=2455): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x42, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0xc2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x6215e3c3}]}}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}]}}}}}}}, 0x0) 101.131584ms ago: executing program 3 (id=2456): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7d, 0x0, 0x0) r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty, 0x0, 0x1}, 0x20) syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8002000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) 40.685679ms ago: executing program 4 (id=2457): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r1, 0x84, 0x6c, &(0x7f0000000580)=""/4056, &(0x7f00000004c0)=0xfd8) 0s ago: executing program 2 (id=2458): syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x284, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e"}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) kernel console output (not intermixed with test programs): h-speed USB device number 9 using dummy_hcd [ 138.666251][ T5278] usb 2-1: Using ep0 maxpacket: 32 [ 138.707621][ T5278] usb 2-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 138.726377][ T5278] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.748064][ T5278] usb 2-1: config 0 descriptor?? [ 138.765425][ T5278] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 138.947347][ T5277] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 139.033793][ T25] usb 3-1: USB disconnect, device number 8 [ 139.116803][ T59] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 139.168893][ T5277] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 139.193297][ T5277] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.217775][ T5277] usb 5-1: config 0 descriptor?? [ 139.312873][ T59] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 139.346668][ T59] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.388587][ T59] usb 1-1: config 0 descriptor?? [ 139.404964][ T59] cp210x 1-1:0.0: cp210x converter detected [ 139.595526][ T5278] gspca_sunplus: reg_w_riv err -71 [ 139.607022][ T5278] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 139.627345][ T5278] usb 2-1: USB disconnect, device number 9 [ 139.664550][ T5277] [drm:udl_init] *ERROR* Selecting channel failed [ 139.734269][ T5277] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 139.773629][ T5277] [drm] Initialized udl on minor 2 [ 139.799341][ T5277] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 139.821710][ T5277] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 139.834375][ T47] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 139.846451][ T5277] usb 5-1: USB disconnect, device number 6 [ 139.854128][ T59] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 139.863170][ T6663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.885800][ T47] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 139.916751][ T6663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.986368][ T59] usb 1-1: cp210x converter now attached to ttyUSB0 [ 140.173385][ T47] usb 1-1: USB disconnect, device number 8 [ 140.197155][ T47] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 140.274200][ T47] cp210x 1-1:0.0: device disconnected [ 141.725266][ T6738] Bluetooth: hci3: unsupported parameter 64512 [ 141.737405][ T6740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.563'. [ 141.769789][ T6738] Bluetooth: hci3: invalid length 0, exp 2 for type 6 [ 143.169822][ T6786] capability: warning: `syz.2.586' uses 32-bit capabilities (legacy support in use) [ 144.678739][ T6838] netlink: 12 bytes leftover after parsing attributes in process `syz.2.610'. [ 144.826241][ T47] usb 4-1: new low-speed USB device number 11 using dummy_hcd [ 144.976220][ T5282] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 145.077103][ T47] usb 4-1: config index 0 descriptor too short (expected 1307, got 27) [ 145.085452][ T47] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 145.142973][ T47] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 145.166360][ T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 145.181217][ T5282] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 145.189192][ T47] usb 4-1: string descriptor 0 read error: -22 [ 145.205880][ T47] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 145.206404][ T5282] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 145.221598][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.280941][ T47] usb 4-1: config 0 descriptor?? [ 145.299765][ T5282] usb 1-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 145.310030][ T5282] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.326620][ T5282] usb 1-1: Product: syz [ 145.333720][ T6833] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 145.335847][ T5282] usb 1-1: Manufacturer: syz [ 145.377582][ T47] hub 4-1:0.0: bad descriptor, ignoring hub [ 145.384078][ T5282] usb 1-1: SerialNumber: syz [ 145.402557][ T5282] usb 1-1: config 0 descriptor?? [ 145.407956][ T47] hub 4-1:0.0: probe with driver hub failed with error -5 [ 145.411878][ T47] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input12 [ 145.458838][ C0] usb_acecad 4-1:0.0: can't resubmit intr, dummy_hcd.3-1/input0, status -1 [ 145.638747][ T5278] usb 4-1: USB disconnect, device number 11 [ 145.638805][ C1] usb_acecad 4-1:0.0: can't resubmit intr, dummy_hcd.3-1/input0, status -19 [ 145.718594][ T5282] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 145.910974][ T5282] usb 1-1: USB disconnect, device number 9 [ 146.064883][ T5408] udevd[5408]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 146.114766][ T6859] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 146.156502][ T6859] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 146.173033][ T6865] syz.1.619: attempt to access beyond end of device [ 146.173033][ T6865] loop1: rw=0, sector=0, nr_sectors = 8 limit=0 [ 146.218884][ T6859] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 146.250108][ T6865] F2FS-fs (loop1): Unable to read 1th superblock [ 146.265904][ T6859] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 146.310451][ T6865] syz.1.619: attempt to access beyond end of device [ 146.310451][ T6865] loop1: rw=0, sector=8, nr_sectors = 8 limit=0 [ 146.384517][ T6865] F2FS-fs (loop1): Unable to read 2th superblock [ 146.811994][ T6881] netlink: 28 bytes leftover after parsing attributes in process `syz.0.627'. [ 146.893676][ T6884] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 0, id = 0 [ 146.971052][ T6886] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 148.393446][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888063a29400: rx timeout, send abort [ 148.405227][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888063a29400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 149.041243][ T6945] input: syz0 as /devices/virtual/input/input13 [ 149.157417][ T6949] sctp: [Deprecated]: syz.2.659 (pid 6949) Use of int in maxseg socket option. [ 149.157417][ T6949] Use struct sctp_assoc_value instead [ 149.375834][ T6951] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 64 [ 149.392423][ T6956] loop0: detected capacity change from 0 to 7 [ 149.446321][ T6956] Dev loop0: unable to read RDB block 7 [ 149.464010][ T6956] loop0: unable to read partition table [ 149.470100][ T6956] loop0: partition table beyond EOD, truncated [ 149.513941][ T6956] loop_reread_partitions: partition scan of loop0 (被xd) failed (rc=-5) [ 150.416437][ T55] Bluetooth: hci5: command 0x0405 tx timeout [ 150.696303][ T25] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 150.909853][ T25] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 150.937703][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 150.969335][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 151.006200][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 151.066436][ T25] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 151.075553][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.133100][ T25] usb 4-1: config 0 descriptor?? [ 151.447996][ T29] audit: type=1326 audit(1725285301.119:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7004 comm="syz.2.686" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd74179eb9 code=0x0 [ 151.605042][ T25] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 151.637859][ T25] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 151.674591][ T25] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 151.696047][ T25] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 151.971283][ T25] usb 4-1: USB disconnect, device number 12 [ 152.233550][ T29] audit: type=1326 audit(1725285301.899:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7024 comm="syz.1.693" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4a2f379eb9 code=0x0 [ 152.646057][ T7042] netlink: 12 bytes leftover after parsing attributes in process `syz.0.701'. [ 153.326373][ T5278] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 153.540129][ T5278] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 153.565544][ T5278] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.585459][ T5278] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 153.595557][ T5278] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 153.609043][ T5278] usb 3-1: Manufacturer: syz [ 153.654794][ T5278] usb 3-1: config 0 descriptor?? [ 153.906314][ T5278] rc_core: IR keymap rc-hauppauge not found [ 153.917341][ T5278] Registered IR keymap rc-empty [ 153.945863][ T5278] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 153.970231][ T5278] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input15 [ 153.970954][ T7076] mmap: syz.0.716 (7076): VmData 37425152 exceed data ulimit 3626. Update limits or use boot option ignore_rlimit_data. [ 154.124243][ T5278] usb 3-1: USB disconnect, device number 9 [ 154.464061][ T7088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.719'. [ 154.835626][ T7098] dccp_v6_rcv: dropped packet with invalid checksum [ 154.946869][ T59] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 154.972514][ T7103] Bluetooth: hci4: Opcode 0x0c20 failed: -4 [ 155.156413][ T59] usb 1-1: Using ep0 maxpacket: 8 [ 155.167062][ T59] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 155.202934][ T59] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83 [ 155.240511][ T59] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 155.275481][ T59] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33936, setting to 1024 [ 155.314241][ T59] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 155.362215][ T59] usb 1-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e [ 155.396228][ T59] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.423732][ T59] usb 1-1: Product: syz [ 155.441078][ T59] usb 1-1: Manufacturer: syz [ 155.445864][ T59] usb 1-1: SerialNumber: syz [ 155.488199][ T59] usb 1-1: config 0 descriptor?? [ 155.497891][ T7095] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 155.554366][ T59] input: iMON Panel, Knob and Mouse(15c2:003b) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input16 [ 155.594156][ T7118] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 155.630926][ T7118] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 155.978913][ T7095] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.008126][ T59] rc_core: IR keymap rc-imon-pad not found [ 156.034216][ T59] Registered IR keymap rc-empty [ 156.044388][ T7095] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.077492][ T59] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 156.127932][ T59] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 156.156794][ T59] imon:send_packet: packet tx failed (-71) [ 156.176914][ T59] imon 1-1:0.0: remote input dev register failed [ 156.206607][ T59] imon 1-1:0.0: imon_init_intf0: rc device setup failed [ 156.274877][ T7135] hsr_slave_0: left promiscuous mode [ 156.316768][ T7135] hsr_slave_1: left promiscuous mode [ 156.350237][ T59] imon 1-1:0.0: unable to initialize intf0, err 0 [ 156.375381][ T59] imon:imon_probe: failed to initialize context! [ 156.396204][ T59] imon 1-1:0.0: unable to register, err -19 [ 156.413832][ T59] usb 1-1: USB disconnect, device number 10 [ 156.886330][ T47] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 156.976368][ T5234] Bluetooth: hci4: command 0x0c20 tx timeout [ 157.116259][ T47] usb 3-1: Using ep0 maxpacket: 16 [ 157.131449][ T47] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 157.146272][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.165347][ T47] usb 3-1: Product: syz [ 157.176426][ T47] usb 3-1: Manufacturer: syz [ 157.195317][ T47] usb 3-1: SerialNumber: syz [ 157.220685][ T47] usb 3-1: config 0 descriptor?? [ 157.240686][ T47] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 158.313750][ T47] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 158.367277][ T47] usb 3-1: USB disconnect, device number 10 [ 159.226618][ T5282] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 159.456982][ T5282] usb 2-1: Using ep0 maxpacket: 8 [ 159.480164][ T5282] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 159.510118][ T5282] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 159.539194][ T5282] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 159.561825][ T5282] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 159.623552][ T5282] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 159.661254][ T5282] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.908816][ T7252] syz_tun: entered promiscuous mode [ 159.930293][ T5282] usb 2-1: GET_CAPABILITIES returned 0 [ 159.932041][ T7252] syz_tun: left promiscuous mode [ 159.955467][ T5282] usbtmc 2-1:16.0: can't read capabilities [ 160.205346][ T5278] usb 2-1: USB disconnect, device number 10 [ 160.363822][ T7266] syzkaller1: entered promiscuous mode [ 160.388499][ T7266] syzkaller1: entered allmulticast mode [ 160.992842][ T5282] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 161.214467][ T5282] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 161.251081][ T5282] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 161.327575][ T5282] usb 3-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 161.342014][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.351913][ T5282] usb 3-1: Product: syz [ 161.363477][ T5282] usb 3-1: Manufacturer: syz [ 161.421993][ T5282] usb 3-1: SerialNumber: syz [ 161.443699][ T5282] usb 3-1: config 0 descriptor?? [ 161.768903][ T5282] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 161.879165][ T5282] usb 3-1: USB disconnect, device number 11 [ 162.160903][ T7316] udevd[7316]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 163.376613][ T7354] netlink: 'syz.3.833': attribute type 1 has an invalid length. [ 163.426905][ T7354] netlink: 9116 bytes leftover after parsing attributes in process `syz.3.833'. [ 163.453470][ T7354] netlink: 'syz.3.833': attribute type 2 has an invalid length. [ 163.506400][ T7354] netlink: 185 bytes leftover after parsing attributes in process `syz.3.833'. [ 165.831662][ T7421] input: syz0 as /devices/virtual/input/input18 [ 166.763081][ T25] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 166.812353][ T25] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 166.843251][ T25] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 166.862758][ T25] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 166.890166][ T25] hid-generic 0000:0000:0000.000B: hidraw0: HID v0.00 Device [syz0] on syz0 [ 166.926324][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 167.056630][ T59] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 167.131391][ T9] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 167.161510][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.187392][ T9] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 167.213266][ T9] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 167.248372][ T9] usb 5-1: Manufacturer: syz [ 167.264756][ T9] usb 5-1: config 0 descriptor?? [ 167.278414][ T59] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 167.304630][ T59] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.339693][ T59] usb 4-1: Product: syz [ 167.354928][ T59] usb 4-1: Manufacturer: syz [ 167.369627][ T59] usb 4-1: SerialNumber: syz [ 167.400127][ T59] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 167.426431][ T9] rc_core: IR keymap rc-hauppauge not found [ 167.432412][ T9] Registered IR keymap rc-empty [ 167.463048][ T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 167.483682][ T25] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 167.504323][ T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input19 [ 167.896863][ T5282] usb 5-1: USB disconnect, device number 7 [ 168.053821][ T59] usb 4-1: USB disconnect, device number 13 [ 168.577145][ T25] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 168.603670][ T25] ath9k_htc: Failed to initialize the device [ 168.641518][ T59] usb 4-1: ath9k_htc: USB layer deinitialized [ 168.943779][ T7512] netlink: 40 bytes leftover after parsing attributes in process `syz.3.897'. [ 169.836707][ T7540] netlink: 16 bytes leftover after parsing attributes in process `syz.4.910'. [ 169.883265][ T7540] netlink: 16 bytes leftover after parsing attributes in process `syz.4.910'. [ 170.054618][ T7544] dccp_invalid_packet: invalid packet type [ 170.697251][ T5282] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 170.916392][ T5282] usb 4-1: Using ep0 maxpacket: 16 [ 170.932282][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.948960][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.961645][ T5282] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 170.996273][ T5282] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 171.015975][ T5282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.054446][ T5282] usb 4-1: config 0 descriptor?? [ 171.281686][ T7596] unknown channel width for channel at 909000KHz? [ 171.312715][ T7596] unknown channel width for channel at 909000KHz? [ 171.336306][ T7596] unknown channel width for channel at 909000KHz? [ 171.397768][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 171.481534][ T5282] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 171.516892][ T5282] microsoft 0003:045E:07DA.000C: ignoring exceeding usage max [ 171.558189][ T5282] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.000C/input/input20 [ 171.608800][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.636273][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 171.670559][ T5282] microsoft 0003:045E:07DA.000C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 171.675997][ T7604] netlink: 'syz.0.938': attribute type 7 has an invalid length. [ 171.684178][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 171.720397][ T5282] usb 4-1: USB disconnect, device number 14 [ 171.728293][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.791732][ T9] usb 5-1: config 0 descriptor?? [ 172.130418][ T7615] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 172.140601][ T7615] lo: entered allmulticast mode [ 172.250607][ T9] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 172.295145][ T9] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving [ 172.319888][ T59] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 172.321627][ T9] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 172.558107][ T59] usb 3-1: Using ep0 maxpacket: 32 [ 172.584582][ T59] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.614739][ T59] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.624894][ T59] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 172.639656][ T5226] usb 5-1: USB disconnect, device number 8 [ 172.646513][ T25] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 172.656331][ T59] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.692213][ T59] usb 3-1: config 0 descriptor?? [ 172.860883][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 172.878807][ T25] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 172.894758][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 172.956628][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 172.971703][ T25] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 172.986427][ T25] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 173.005981][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.158885][ T59] ft260 0003:0403:6030.000E: unknown main item tag 0x0 [ 173.245333][ T47] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 173.264581][ T25] usb 2-1: GET_CAPABILITIES returned 0 [ 173.273970][ T25] usbtmc 2-1:16.0: can't read capabilities [ 173.355514][ T59] ft260 0003:0403:6030.000E: chip code: 5e81 abf2 [ 173.372968][ T7645] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 173.399672][ T7645] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 173.446511][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 173.454866][ T47] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 173.504275][ T47] usb 4-1: config 0 has no interface number 0 [ 173.530502][ T47] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 173.548859][ T9] usb 2-1: USB disconnect, device number 11 [ 173.566376][ T59] ft260 0003:0403:6030.000E: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input0 [ 173.581256][ T47] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 173.621373][ T47] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 173.639010][ T47] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 173.655675][ T47] usb 4-1: Product: syz [ 173.660690][ T47] usb 4-1: SerialNumber: syz [ 173.681592][ T47] usb 4-1: config 0 descriptor?? [ 173.703371][ T47] cm109 4-1:0.8: invalid payload size 0, expected 4 [ 173.730985][ T47] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input21 [ 173.764786][ T59] ft260 0003:0403:6030.000E: failed to retrieve status: -71, no wakeup [ 173.792887][ T59] ft260 0003:0403:6030.000E: failed to retrieve status: -71 [ 173.811006][ T59] ft260 0003:0403:6030.000E: failed to reset I2C controller: -71 [ 173.894659][ T59] usb 3-1: USB disconnect, device number 12 [ 174.037063][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 174.464942][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 174.465266][ T47] usb 4-1: USB disconnect, device number 15 [ 174.472033][ C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 174.559342][ T47] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 175.786452][ T47] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 175.867348][ T59] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 176.006201][ T47] usb 5-1: Using ep0 maxpacket: 32 [ 176.022286][ T47] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 176.042884][ T47] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 176.067641][ T47] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 176.094519][ T47] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 176.131180][ T59] usb 1-1: Using ep0 maxpacket: 16 [ 176.149419][ T59] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.170933][ T47] usb 5-1: config 1 interface 1 has no altsetting 0 [ 176.186674][ T59] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.225723][ T59] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 176.236693][ T47] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 176.251723][ T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.265104][ T47] usb 5-1: Product: syz [ 176.269500][ T59] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.284090][ T47] usb 5-1: Manufacturer: syz [ 176.292253][ T47] usb 5-1: SerialNumber: syz [ 176.301970][ T59] usb 1-1: config 0 descriptor?? [ 176.579060][ T47] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 176.596503][ T47] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 176.642084][ T7725] hpfs: Bad magic ... probably not HPFS [ 176.704085][ T47] usb 5-1: USB disconnect, device number 9 [ 176.774682][ T59] hid-multitouch 0003:1FD2:6007.000F: unknown main item tag 0x0 [ 176.822610][ T59] hid-multitouch 0003:1FD2:6007.000F: unknown main item tag 0x0 [ 176.868569][ T59] hid-multitouch 0003:1FD2:6007.000F: unknown main item tag 0x0 [ 176.914646][ T7317] udevd[7317]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 176.930731][ T59] hid-multitouch 0003:1FD2:6007.000F: unknown main item tag 0x0 [ 176.957568][ T59] hid-multitouch 0003:1FD2:6007.000F: unknown main item tag 0x0 [ 176.995033][ T59] hid-multitouch 0003:1FD2:6007.000F: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.0-1/input0 [ 177.047988][ T59] usb 1-1: USB disconnect, device number 11 [ 177.345583][ T7744] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 177.926855][ T47] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 178.138708][ T47] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.166233][ T47] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 178.199668][ T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.213726][ T47] usb 2-1: config 0 descriptor?? [ 178.223292][ T47] usb 2-1: Found UVC 0.00 device (046d:08c1) [ 178.264908][ T47] usb 2-1: No valid video chain found. [ 178.436210][ T29] audit: type=1326 audit(1725285328.099:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7785 comm="syz.3.1021" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbba1379eb9 code=0x0 [ 178.479396][ T25] usb 2-1: USB disconnect, device number 12 [ 178.487800][ T7790] netlink: 'syz.2.1024': attribute type 3 has an invalid length. [ 178.746249][ T5282] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 178.946222][ T5282] usb 5-1: Using ep0 maxpacket: 16 [ 178.967904][ T5282] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 178.984382][ T5282] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 179.007245][ T5282] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.043937][ T5282] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 179.070216][ T5282] usb 5-1: config 0 has no interface number 0 [ 179.080310][ T5282] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 179.104876][ T5282] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 179.126311][ T5282] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 179.154705][ T5282] usb 5-1: config 0 interface 125 has no altsetting 0 [ 179.198224][ T5282] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 179.210016][ T5282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.244610][ T5282] usb 5-1: Product: syz [ 179.249161][ T5282] usb 5-1: Manufacturer: syz [ 179.253812][ T5282] usb 5-1: SerialNumber: syz [ 179.280556][ T5282] usb 5-1: config 0 descriptor?? [ 179.528694][ T5278] usb 5-1: USB disconnect, device number 10 [ 180.661366][ T7858] netlink: 'syz.0.1052': attribute type 8 has an invalid length. [ 180.718686][ T7858] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1052'. [ 181.296577][ T5282] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 181.376383][ T5278] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 181.498557][ T5282] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 181.514072][ T5282] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 181.525078][ T5282] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 181.544851][ T8] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 181.574002][ T5282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 181.582281][ T5278] usb 2-1: Using ep0 maxpacket: 32 [ 181.595487][ T5282] usb 5-1: SerialNumber: syz [ 181.606573][ T5278] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 181.626787][ T5278] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 181.650724][ T5278] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 181.679738][ T5278] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 181.715527][ T5278] usb 2-1: config 0 interface 0 has no altsetting 0 [ 181.730018][ T5278] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 181.746317][ T5278] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 181.764713][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.788960][ T5278] usb 2-1: Product: syz [ 181.793261][ T5278] usb 2-1: Manufacturer: syz [ 181.806351][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.817513][ T5278] usb 2-1: SerialNumber: syz [ 181.839998][ T5278] usb 2-1: config 0 descriptor?? [ 181.849703][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 181.873709][ T5282] usb 5-1: 0:2 : does not exist [ 181.887057][ T5278] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 181.899338][ T8] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 181.913567][ T5278] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 181.923201][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.934887][ T5282] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 181.954688][ T8] usb 3-1: config 0 descriptor?? [ 181.966750][ T5282] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 182.026709][ T5282] usb 5-1: USB disconnect, device number 11 [ 182.135801][ T47] usb 2-1: USB disconnect, device number 13 [ 182.137123][ C0] ldusb 2-1:0.0: usb_submit_urb failed (-19) [ 182.183744][ T47] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 182.278805][ T5274] udevd[5274]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 182.422806][ T8] plantronics 0003:047F:FFFF.0010: unknown main item tag 0xe [ 182.443963][ T8] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x7 [ 182.465332][ T8] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 182.484440][ T8] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 182.736322][ T1169] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 182.748307][ T8] usb 3-1: USB disconnect, device number 13 [ 182.940840][ T1169] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.966270][ T25] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 182.976369][ T1169] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.996673][ T1169] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 183.005905][ T1169] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.049360][ T1169] usb 1-1: config 0 descriptor?? [ 183.166307][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 183.181192][ T25] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 183.182903][ T7930] dummy0: entered promiscuous mode [ 183.196395][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.212651][ T7930] macsec1: entered allmulticast mode [ 183.215699][ T25] usb 5-1: config 0 descriptor?? [ 183.230966][ T25] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 183.232846][ T7930] dummy0: entered allmulticast mode [ 183.257842][ T7930] dummy0: left allmulticast mode [ 183.263126][ T7930] dummy0: left promiscuous mode [ 183.529307][ T1169] pyra 0003:1E7D:2CF6.0011: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0 [ 183.676871][ T8] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 184.077835][ T8] usb 3-1: device not accepting address 14, error -71 [ 184.138366][ T1169] pyra 0003:1E7D:2CF6.0011: couldn't init struct pyra_device [ 184.155570][ T1169] pyra 0003:1E7D:2CF6.0011: couldn't install mouse [ 184.167377][ T1169] pyra 0003:1E7D:2CF6.0011: probe with driver pyra failed with error -71 [ 184.180210][ T1169] usb 1-1: USB disconnect, device number 12 [ 184.255580][ T25] gspca_sunplus: reg_w_riv err -71 [ 184.262569][ T25] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 184.273889][ T25] usb 5-1: USB disconnect, device number 12 [ 185.023504][ T7966] overlayfs: failed to clone upperpath [ 185.126250][ T25] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 185.330068][ T25] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 185.356425][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 185.379513][ T25] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 185.380525][ T5278] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 185.397623][ T25] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 185.415340][ T25] usb 5-1: Manufacturer: syz [ 185.427792][ T25] usb 5-1: config 0 descriptor?? [ 185.517020][ T25] rc_core: IR keymap rc-hauppauge not found [ 185.528255][ T25] Registered IR keymap rc-empty [ 185.534117][ T25] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 185.568394][ T25] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input22 [ 185.580847][ T59] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 185.598299][ T5278] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 185.614532][ T5278] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 185.638763][ T5278] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 185.654238][ T5278] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 185.663256][ T5278] usb 4-1: SerialNumber: syz [ 185.669749][ T7960] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.706557][ T7960] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.736325][ T1169] usb 5-1: USB disconnect, device number 13 [ 185.755279][ T7996] trusted_key: encrypted_key: insufficient parameters specified [ 185.766633][ T59] usb 3-1: Using ep0 maxpacket: 32 [ 185.782532][ T59] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 185.793054][ T7996] trusted_key: encrypted_key: insufficient parameters specified [ 185.795362][ T59] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.815588][ T59] usb 3-1: config 0 descriptor?? [ 185.828859][ T59] gspca_main: sunplus-2.14.0 probing 041e:400b [ 185.894402][ T5278] usb 4-1: 0:2 : does not exist [ 185.914559][ T5278] usb 4-1: USB disconnect, device number 16 [ 186.066336][ T5282] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 186.246354][ T5282] usb 2-1: Using ep0 maxpacket: 16 [ 186.253899][ T5282] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 186.264672][ T5282] usb 2-1: config 0 interface 0 has no altsetting 0 [ 186.274461][ T5282] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d [ 186.284871][ T5282] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.293155][ T5282] usb 2-1: Product: syz [ 186.297481][ T5282] usb 2-1: Manufacturer: syz [ 186.302175][ T5282] usb 2-1: SerialNumber: syz [ 186.314007][ T5282] usb 2-1: config 0 descriptor?? [ 186.337265][ T5282] hub 2-1:0.0: bad descriptor, ignoring hub [ 186.343668][ T5282] hub 2-1:0.0: probe with driver hub failed with error -5 [ 186.377363][ T5282] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 186.397575][ T12] usb 2-1: Failed to submit usb control message: -71 [ 186.404785][ T12] usb 2-1: unable to send the bmi data to the device: -71 [ 186.428673][ T12] usb 2-1: unable to get target info from device [ 186.435328][ T12] usb 2-1: could not get target info (-71) [ 186.465605][ T12] usb 2-1: could not probe fw (-71) [ 186.766537][ T1169] usb 2-1: USB disconnect, device number 14 [ 186.847773][ T59] gspca_sunplus: reg_w_riv err -71 [ 186.853229][ T59] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 186.882014][ T59] usb 3-1: USB disconnect, device number 16 [ 187.042480][ T8026] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1127'. [ 187.053613][ T8026] (unnamed net_device) (uninitialized): option ad_select: invalid value (36) [ 187.386978][ T1169] kernel read not supported for file /vga_arbiter (pid: 1169 comm: kworker/0:2) [ 187.977528][ T1169] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 188.188558][ T1169] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 188.197650][ T1169] usb 1-1: config 1 has no interface number 0 [ 188.203851][ T1169] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.215013][ T1169] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 188.224849][ T1169] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 188.238194][ T1169] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 23 [ 188.254770][ T1169] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 188.266473][ T5226] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 188.266908][ T1169] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.287304][ T1169] usb 1-1: Product: syz [ 188.291558][ T1169] usb 1-1: Manufacturer: syz [ 188.299436][ T1169] usb 1-1: SerialNumber: syz [ 188.336395][ T59] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 188.459167][ T5226] usb 3-1: Using ep0 maxpacket: 16 [ 188.472444][ T5226] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 188.481858][ T5226] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.490205][ T5226] usb 3-1: Product: syz [ 188.494515][ T5226] usb 3-1: Manufacturer: syz [ 188.500575][ T5226] usb 3-1: SerialNumber: syz [ 188.517372][ T5226] r8152-cfgselector 3-1: Unknown version 0x0000 [ 188.523726][ T5226] r8152-cfgselector 3-1: config 0 descriptor?? [ 188.529938][ T8049] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 188.543088][ T59] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.554930][ T59] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.565030][ T59] usb 4-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 188.574321][ T59] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.587971][ T59] usb 4-1: config 0 descriptor?? [ 188.782286][ T5226] r8152-cfgselector 3-1: Needed 2 retries to read version [ 188.796577][ T5226] r8152-cfgselector 3-1: Unknown version 0x0000 [ 188.809872][ T5226] r8152-cfgselector 3-1: bad CDC descriptors [ 189.055047][ T5226] r8152-cfgselector 3-1: USB disconnect, device number 17 [ 189.073054][ T59] cougar 0003:060B:700A.0012: hidraw0: USB HID v0.00 Device [HID 060b:700a] on usb-dummy_hcd.3-1/input0 [ 189.139828][ T8049] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 189.159119][ T1169] cdc_ncm 1-1:1.1: bind() failure [ 189.290951][ T25] usb 4-1: USB disconnect, device number 17 [ 189.394969][ T5282] usb 1-1: USB disconnect, device number 13 [ 189.718201][ T1169] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 189.800265][ T8100] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1162'. [ 189.916794][ T8103] team_slave_0: entered allmulticast mode [ 189.920776][ T1169] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 189.961512][ T1169] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 189.985238][ T1169] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 190.003460][ T1169] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.015550][ T1169] usb 5-1: config 0 descriptor?? [ 190.494156][ T1169] cm6533_jd 0003:0D8C:0022.0013: unknown main item tag 0x0 [ 190.527313][ T1169] cm6533_jd 0003:0D8C:0022.0013: unknown main item tag 0x0 [ 190.548237][ T1169] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0013/input/input25 [ 190.578533][ T1169] cm6533_jd 0003:0D8C:0022.0013: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 190.816059][ T5226] usb 5-1: USB disconnect, device number 14 [ 191.276243][ T1169] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 191.497479][ T1169] usb 2-1: Using ep0 maxpacket: 32 [ 191.509524][ T1169] usb 2-1: config 0 has an invalid interface number: 126 but max is 0 [ 191.523637][ T1169] usb 2-1: config 0 has no interface number 0 [ 191.540012][ T1169] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 191.558414][ T1169] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 191.588494][ T1169] usb 2-1: config 0 interface 126 has no altsetting 0 [ 191.604938][ T1169] usb 2-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 191.627146][ T1169] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.652120][ T1169] usb 2-1: Product: syz [ 191.660116][ T1169] usb 2-1: Manufacturer: syz [ 191.664886][ T1169] usb 2-1: SerialNumber: syz [ 191.683995][ T1169] usb 2-1: config 0 descriptor?? [ 191.691417][ T8149] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 191.699416][ T8149] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 191.933853][ T8149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 191.987579][ T8149] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 192.037707][ T1169] ir_usb 2-1:0.126: IR Dongle converter detected [ 192.055286][ T1169] usb 2-1: IRDA class descriptor not found, device not bound [ 192.081493][ T1169] usb 2-1: USB disconnect, device number 15 [ 192.151232][ T5226] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 192.359421][ T5226] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 192.386674][ T5226] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 192.416693][ T5226] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 192.425900][ T5226] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 192.467173][ T5226] usb 1-1: SerialNumber: syz [ 192.488224][ T8206] sctp: [Deprecated]: syz.2.1208 (pid 8206) Use of struct sctp_assoc_value in delayed_ack socket option. [ 192.488224][ T8206] Use struct sctp_sack_info instead [ 192.707075][ T8213] syzkaller1: entered promiscuous mode [ 192.712624][ T8213] syzkaller1: entered allmulticast mode [ 192.732474][ T5226] usb 1-1: 0:2 : does not exist [ 193.106255][ T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 193.202060][ T25] usb 1-1: USB disconnect, device number 14 [ 193.303063][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 193.336520][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 193.392887][ T9] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 193.412465][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 193.422837][ T8242] could not open pipe file descriptor [ 193.436139][ T9] usb 2-1: SerialNumber: syz [ 193.536405][ T5226] psmouse serio3: Failed to reset mouse on : -5 [ 193.674810][ T9] usb 2-1: 0:2 : does not exist [ 193.695236][ T9] usb 2-1: 5:0: failed to get current value for ch 1 (-22) [ 193.738477][ T9] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5) [ 193.782828][ T9] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5) [ 193.832288][ T8236] netlink: 'syz.4.1221': attribute type 4 has an invalid length. [ 193.833757][ T9] usb 2-1: 5:0: cannot get min/max values for control 4 (id 5) [ 193.856490][ T8236] netlink: 17 bytes leftover after parsing attributes in process `syz.4.1221'. [ 193.898991][ T9] usb 2-1: USB disconnect, device number 16 [ 193.925178][ T29] audit: type=1326 audit(1725285343.589:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8249 comm="syz.0.1225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 193.980792][ T29] audit: type=1326 audit(1725285343.589:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8249 comm="syz.0.1225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 194.030431][ T29] audit: type=1326 audit(1725285343.619:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8249 comm="syz.0.1225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 194.111975][ T29] audit: type=1326 audit(1725285343.619:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8249 comm="syz.0.1225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 194.184719][ T29] audit: type=1326 audit(1725285343.649:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8249 comm="syz.0.1225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 194.195052][ T8256] netlink: 'syz.0.1227': attribute type 4 has an invalid length. [ 194.206191][ C0] vkms_vblank_simulate: vblank timer overrun [ 194.210227][ T29] audit: type=1326 audit(1725285343.649:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8249 comm="syz.0.1225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 194.242432][ C0] vkms_vblank_simulate: vblank timer overrun [ 194.281381][ T29] audit: type=1326 audit(1725285343.649:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8249 comm="syz.0.1225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 194.307893][ T29] audit: type=1326 audit(1725285343.649:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8249 comm="syz.0.1225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 194.390721][ T29] audit: type=1326 audit(1725285343.649:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8249 comm="syz.0.1225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 194.469324][ T29] audit: type=1326 audit(1725285343.649:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8249 comm="syz.0.1225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 194.490863][ C0] vkms_vblank_simulate: vblank timer overrun [ 194.670971][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.677514][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.736463][ T25] usb 5-1: new low-speed USB device number 15 using dummy_hcd [ 194.822737][ T8276] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1237'. [ 194.942142][ T25] usb 5-1: config 0 has no interfaces? [ 194.948225][ T25] usb 5-1: New USB device found, idVendor=0548, idProduct=0069, bcdDevice= a.8d [ 194.966211][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.990511][ T25] usb 5-1: config 0 descriptor?? [ 195.196595][ T1169] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 195.286232][ T25] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 195.386400][ T1169] usb 1-1: Using ep0 maxpacket: 16 [ 195.399029][ T1169] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 195.413584][ T1169] usb 1-1: config 0 has no interface number 0 [ 195.420381][ T1169] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 195.433540][ T8261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.447829][ T1169] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 195.459642][ T8261] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.475815][ T1169] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 195.486986][ T9] usb 5-1: USB disconnect, device number 15 [ 195.494817][ T1169] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 195.498914][ T25] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 195.513307][ T1169] usb 1-1: Product: syz [ 195.523781][ T1169] usb 1-1: SerialNumber: syz [ 195.528757][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.532101][ T1169] usb 1-1: config 0 descriptor?? [ 195.553356][ T1169] cm109 1-1:0.8: invalid payload size 0, expected 4 [ 195.556382][ T25] usb 3-1: Product: syz [ 195.562687][ T1169] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input28 [ 195.564178][ T25] usb 3-1: Manufacturer: syz [ 195.586573][ T25] usb 3-1: SerialNumber: syz [ 195.603951][ T25] usb 3-1: config 0 descriptor?? [ 195.878549][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 196.510934][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 196.518475][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 196.525814][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 196.533160][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 196.540364][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 196.547681][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 196.554854][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 196.562242][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 196.569441][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 196.576627][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 196.587447][ C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 196.596725][ T5282] usb 1-1: USB disconnect, device number 15 [ 196.609137][ T5282] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 196.636512][ T25] usb 3-1: Firmware version (0.0) predates our first public release. [ 196.644906][ T25] usb 3-1: Please update to version 0.2 or newer [ 196.692647][ T25] usb 3-1: USB disconnect, device number 18 [ 197.106409][ T5226] misc userio: Buffer overflowed, userio client isn't keeping up [ 197.700064][ T8339] vlan0: entered promiscuous mode [ 197.705394][ T8339] vlan0: entered allmulticast mode [ 197.721880][ T25] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 197.926257][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 197.935192][ T25] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 197.950425][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.959230][ T25] usb 2-1: Product: syz [ 197.964275][ T25] usb 2-1: Manufacturer: syz [ 197.969221][ T25] usb 2-1: SerialNumber: syz [ 197.976728][ T25] usb 2-1: config 0 descriptor?? [ 198.398454][ T5226] input: PS/2 Generic Mouse as /devices/serio3/input/input26 [ 198.418580][ T25] airspy 2-1:0.0: Board ID: 00 [ 198.423463][ T25] airspy 2-1:0.0: Firmware version: [ 198.647040][ T5226] psmouse serio3: Failed to enable mouse on [ 198.830655][ T25] airspy 2-1:0.0: usb_control_msg() failed -71 request 0e [ 198.853299][ T25] airspy 2-1:0.0: Registered as swradio16 [ 198.874341][ T25] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 198.911056][ T25] usb 2-1: USB disconnect, device number 17 [ 198.999198][ T8375] syz.3.1282[8375] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 198.999496][ T8375] syz.3.1282[8375] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 199.351949][ T8386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1287'. [ 199.389657][ T8386] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1287'. [ 199.441501][ T8386] vlan3: entered promiscuous mode [ 200.088825][ T5231] Bluetooth: hci1: sending frame failed (-49) [ 200.098748][ T5239] Bluetooth: hci1: Opcode 0x1003 failed: -49 [ 200.616261][ T47] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 200.646273][ T25] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 200.816241][ T47] usb 4-1: Using ep0 maxpacket: 32 [ 200.833615][ T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.855751][ T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.868898][ T25] usb 2-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 200.886816][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.905737][ T47] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 200.919148][ T25] usb 2-1: config 0 descriptor?? [ 200.925965][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.939626][ T25] radioshark 2-1:0.0: Invalid radioSHARK device [ 200.946029][ T25] radioshark 2-1:0.0: probe with driver radioshark failed with error -22 [ 200.958305][ T47] usb 4-1: config 0 descriptor?? [ 200.965413][ T25] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 201.137069][ T25] usb 2-1: USB disconnect, device number 18 [ 201.391901][ T47] ft260 0003:0403:6030.0014: unknown main item tag 0x0 [ 201.584058][ T47] ft260 0003:0403:6030.0014: chip code: 5e81 abf2 [ 201.792421][ T47] ft260 0003:0403:6030.0014: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0 [ 201.859645][ T5239] Bluetooth: hci2: command 0x0406 tx timeout [ 201.869738][ T5231] Bluetooth: hci3: command 0x0406 tx timeout [ 201.869758][ T4611] Bluetooth: hci4: command 0x0c20 tx timeout [ 202.011508][ T47] ft260 0003:0403:6030.0014: failed to retrieve status: -71, no wakeup [ 202.033426][ T47] ft260 0003:0403:6030.0014: failed to retrieve status: -71 [ 202.046219][ T47] ft260 0003:0403:6030.0014: failed to reset I2C controller: -71 [ 202.079597][ T47] usb 4-1: USB disconnect, device number 18 [ 202.090965][ T5226] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 202.307102][ T5226] usb 3-1: config 0 has an invalid interface number: 104 but max is 0 [ 202.325915][ T5226] usb 3-1: config 0 has no interface number 0 [ 202.336039][ T5226] usb 3-1: config 0 interface 104 has no altsetting 0 [ 202.397490][ T5226] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9 [ 202.418900][ T5226] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.431988][ T5226] usb 3-1: Product: syz [ 202.436387][ T5226] usb 3-1: Manufacturer: syz [ 202.441413][ T5226] usb 3-1: SerialNumber: syz [ 202.449131][ T5226] usb 3-1: config 0 descriptor?? [ 202.458923][ T5226] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 202.697955][ T5226] gspca_vc032x: reg_r err -71 [ 202.707597][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.724517][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.742228][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.756204][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.766686][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.768566][ T8503] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1338'. [ 202.777113][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.787636][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.793096][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.801936][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.807772][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.813275][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.819153][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.824640][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.838089][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.853052][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.869800][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.884486][ T8506] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 202.899698][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.917397][ T5226] gspca_vc032x: I2c Bus Busy Wait 00 [ 202.922816][ T5226] gspca_vc032x: Unknown sensor... [ 202.936411][ T5226] vc032x 3-1:0.104: probe with driver vc032x failed with error -22 [ 202.960096][ T5226] usb 3-1: USB disconnect, device number 19 [ 203.257245][ T25] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 203.464443][ T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 203.492259][ T25] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 203.511239][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.524757][ T25] usb 5-1: config 0 descriptor?? [ 203.543912][ T25] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 203.749896][ T9] kernel write not supported for file /sequencer (pid: 9 comm: kworker/0:1) [ 204.009725][ T8509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 204.056545][ T8509] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 204.091499][ T25] usb 5-1: USB disconnect, device number 16 [ 204.357825][ T8559] vlan2: entered promiscuous mode [ 204.574729][ T8565] loop8: detected capacity change from 0 to 7 [ 204.613686][ T8565] Dev loop8: unable to read RDB block 7 [ 204.626251][ T8565] loop8: unable to read partition table [ 204.646529][ T8565] loop8: partition table beyond EOD, truncated [ 204.664704][ T8565] loop_reread_partitions: partition scan of loop8 (被xڬdƤݡ [ 204.664704][ T8565] ) failed (rc=-5) [ 204.700869][ T8568] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1368'. [ 205.267515][ T8593] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1380'. [ 205.352018][ T8593] vlan2: entered promiscuous mode [ 205.657201][ T9] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 205.660677][ T8612] netlink: 'syz.3.1386': attribute type 3 has an invalid length. [ 205.696213][ T8612] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1386'. [ 205.876201][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 205.893108][ T9] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 205.921111][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 205.933371][ T8619] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 205.958526][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 205.978878][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 205.998856][ T9] usb 3-1: New USB device found, idVendor=056a, idProduct=00c7, bcdDevice= 0.00 [ 206.012053][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.049125][ T9] usb 3-1: config 0 descriptor?? [ 206.333269][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 206.333290][ T29] audit: type=1326 audit(1725285355.999:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8626 comm="syz.1.1394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a2f379eb9 code=0x7ffc0000 [ 206.375292][ T29] audit: type=1326 audit(1725285355.999:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8626 comm="syz.1.1394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a2f379eb9 code=0x7ffc0000 [ 206.420099][ T29] audit: type=1326 audit(1725285356.009:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8626 comm="syz.1.1394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f4a2f379eb9 code=0x7ffc0000 [ 206.441654][ C0] vkms_vblank_simulate: vblank timer overrun [ 206.449516][ T29] audit: type=1326 audit(1725285356.009:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8626 comm="syz.1.1394" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4a2f379eb9 code=0x0 [ 206.512218][ T9] wacom 0003:056A:00C7.0015: unbalanced collection at end of report description [ 206.543048][ T9] wacom 0003:056A:00C7.0015: parse failed [ 206.562635][ T9] wacom 0003:056A:00C7.0015: probe with driver wacom failed with error -22 [ 206.759469][ T9] usb 3-1: USB disconnect, device number 20 [ 206.913623][ T1169] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 206.935475][ T1169] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 206.948155][ T1169] hid-generic 0000:0000:0000.0016: hidraw0: HID v0.00 Device [syz0] on syz1 [ 208.256638][ T5226] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 208.278962][ T59] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 208.396304][ T1169] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 208.448539][ T5226] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 208.471642][ T5226] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 208.485346][ T59] usb 5-1: Using ep0 maxpacket: 16 [ 208.492870][ T5226] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 208.506594][ T5226] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.516816][ T59] usb 5-1: config 0 has no interfaces? [ 208.522879][ T59] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 208.534497][ T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.545560][ T8689] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 208.566202][ T5226] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 208.580212][ T59] usb 5-1: config 0 descriptor?? [ 208.592417][ T1169] usb 1-1: Using ep0 maxpacket: 16 [ 208.610861][ T1169] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 208.632438][ T1169] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 208.652458][ T1169] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 208.663239][ T1169] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.677347][ T1169] usb 1-1: Product: syz [ 208.681573][ T1169] usb 1-1: Manufacturer: syz [ 208.693644][ T1169] usb 1-1: SerialNumber: syz [ 208.702888][ T8717] netlink: 'syz.2.1433': attribute type 3 has an invalid length. [ 208.714332][ T1169] usb 1-1: config 0 descriptor?? [ 208.719707][ T8717] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1433'. [ 208.733263][ T1169] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 208.756762][ T1169] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 208.901567][ T5282] usb 2-1: USB disconnect, device number 19 [ 208.949657][ T8724] syz.3.1437 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 208.982741][ T59] usb 5-1: USB disconnect, device number 17 [ 209.380855][ T1169] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 209.399315][ T1169] em28xx 1-1:0.0: Config register raw data: 0x41 [ 209.654995][ T1169] usb 1-1: USB disconnect, device number 16 [ 209.676395][ T1169] em28xx 1-1:0.0: Disconnecting em28xx [ 209.705342][ T1169] em28xx 1-1:0.0: Freeing device [ 210.394783][ T8763] xt_bpf: check failed: parse error [ 210.856371][ T8778] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 211.733320][ T29] audit: type=1326 audit(1725285361.399:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8809 comm="syz.4.1475" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7025179eb9 code=0x0 [ 211.754354][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.978114][ T5282] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 212.046225][ T1169] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 212.086562][ T9] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 212.167306][ T5282] usb 2-1: Using ep0 maxpacket: 16 [ 212.175079][ T5282] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 212.187900][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 212.203912][ T5282] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 212.214999][ T5282] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.223862][ T5282] usb 2-1: Product: syz [ 212.228624][ T5282] usb 2-1: Manufacturer: syz [ 212.233482][ T5282] usb 2-1: SerialNumber: syz [ 212.242833][ T1169] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 212.255623][ T5282] usb 2-1: config 0 descriptor?? [ 212.261092][ T1169] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.279054][ T5282] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 212.290739][ T1169] usb 1-1: config 0 descriptor?? [ 212.302319][ T9] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 212.312168][ T5282] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 212.321018][ T1169] cp210x 1-1:0.0: cp210x converter detected [ 212.327179][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.335814][ T9] usb 4-1: Product: syz [ 212.342746][ T9] usb 4-1: Manufacturer: syz [ 212.351247][ T9] usb 4-1: SerialNumber: syz [ 212.365801][ T9] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 212.387550][ C0] hrtimer: interrupt took 104712 ns [ 212.400165][ T5278] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 212.720407][ T1169] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 212.892914][ T5282] em28xx 2-1:0.0: unknown em28xx chip ID (61) [ 212.950751][ T1169] usb 1-1: cp210x converter now attached to ttyUSB0 [ 213.101297][ T5282] em28xx 2-1:0.0: Config register raw data: 0x3d [ 213.108190][ T5282] em28xx 2-1:0.0: I2S Audio (5 sample rate(s)) [ 213.116424][ T5282] em28xx 2-1:0.0: No AC97 audio processor [ 213.142867][ T25] usb 1-1: USB disconnect, device number 17 [ 213.155127][ T25] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 213.165201][ T25] cp210x 1-1:0.0: device disconnected [ 213.222936][ T8843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.232130][ T8843] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.312845][ T5282] usb 2-1: USB disconnect, device number 20 [ 213.416722][ T1169] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 213.456701][ T5278] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 213.471692][ T5278] ath9k_htc: Failed to initialize the device [ 213.504125][ T5278] usb 4-1: ath9k_htc: USB layer deinitialized [ 213.521236][ T5226] usb 4-1: USB disconnect, device number 19 [ 213.606378][ T1169] usb 3-1: Using ep0 maxpacket: 8 [ 213.618379][ T1169] usb 3-1: config 0 has no interfaces? [ 213.631414][ T1169] usb 3-1: config 0 has no interfaces? [ 213.638428][ T1169] usb 3-1: config 0 has no interfaces? [ 213.650586][ T1169] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 213.659896][ T1169] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.668488][ T1169] usb 3-1: Product: syz [ 213.672740][ T1169] usb 3-1: Manufacturer: syz [ 213.683462][ T1169] usb 3-1: SerialNumber: syz [ 213.695017][ T1169] usb 3-1: config 0 descriptor?? [ 213.976846][ T8846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.992692][ T8846] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.021565][ T8846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.064338][ T8846] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.098821][ T5278] usb 3-1: USB disconnect, device number 21 [ 214.151132][ T8867] MPI: mpi too large (187712 bits) [ 214.397225][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1503'. [ 214.666300][ T5278] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 214.825484][ T8901] Bluetooth: hci3: unsupported parameter 64512 [ 214.834392][ T8901] Bluetooth: hci3: invalid length 0, exp 2 for type 14 [ 214.876313][ T5278] usb 3-1: Using ep0 maxpacket: 8 [ 214.883856][ T5278] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 214.902502][ T5278] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 214.922766][ T5278] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 214.946252][ T5278] usb 3-1: New USB device found, idVendor=15c2, idProduct=05d8, bcdDevice= 0.00 [ 214.967248][ T5278] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.009280][ T5278] usb 3-1: config 0 descriptor?? [ 215.255655][ T5278] usbhid 3-1:0.0: can't add hid device: -71 [ 215.263112][ T5278] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 215.293855][ T5278] usb 3-1: USB disconnect, device number 22 [ 215.925176][ T8941] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 215.967842][ T8941] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.979170][ T8941] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.995727][ T8941] bridge0: entered allmulticast mode [ 216.097472][ T59] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 216.311150][ T59] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 216.326270][ T59] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.361964][ T59] usb 1-1: config 0 descriptor?? [ 216.387820][ T59] cp210x 1-1:0.0: cp210x converter detected [ 216.512225][ T8937] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 216.706447][ T25] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 216.806231][ T59] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 216.831991][ T59] usb 1-1: cp210x converter now attached to ttyUSB0 [ 216.917244][ T25] usb 4-1: config 0 has no interfaces? [ 216.923150][ T25] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 216.940406][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.962175][ T25] usb 4-1: config 0 descriptor?? [ 217.093755][ T9] usb 1-1: USB disconnect, device number 18 [ 217.113111][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 217.164866][ T9] cp210x 1-1:0.0: device disconnected [ 217.180202][ T25] usb 4-1: USB disconnect, device number 20 [ 217.413899][ T29] audit: type=1326 audit(1725285367.079:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8990 comm="syz.4.1555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7025179eb9 code=0x7ffc0000 [ 217.466589][ T29] audit: type=1326 audit(1725285367.079:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8990 comm="syz.4.1555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7025179eb9 code=0x7ffc0000 [ 217.510236][ T29] audit: type=1326 audit(1725285367.089:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8990 comm="syz.4.1555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f7025179eb9 code=0x7ffc0000 [ 217.539632][ T29] audit: type=1326 audit(1725285367.089:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8990 comm="syz.4.1555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7025179eb9 code=0x7ffc0000 [ 217.562132][ T8995] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1557'. [ 217.566208][ T29] audit: type=1326 audit(1725285367.089:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8990 comm="syz.4.1555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7025179eb9 code=0x7ffc0000 [ 217.579682][ T8995] netlink: 'syz.2.1557': attribute type 7 has an invalid length. [ 217.608185][ T8995] netlink: 'syz.2.1557': attribute type 8 has an invalid length. [ 217.609281][ T29] audit: type=1326 audit(1725285367.089:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8990 comm="syz.4.1555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7025178850 code=0x7ffc0000 [ 217.622087][ T8995] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1557'. [ 217.645539][ T29] audit: type=1326 audit(1725285367.089:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8990 comm="syz.4.1555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7025179abb code=0x7ffc0000 [ 217.671288][ T29] audit: type=1326 audit(1725285367.089:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8990 comm="syz.4.1555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7025179abb code=0x7ffc0000 [ 217.693110][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 217.709864][ T8995] gretap0: entered promiscuous mode [ 217.716711][ T29] audit: type=1326 audit(1725285367.089:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8990 comm="syz.4.1555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7025179abb code=0x7ffc0000 [ 217.738144][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.745956][ T29] audit: type=1326 audit(1725285367.089:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8990 comm="syz.4.1555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7025179abb code=0x7ffc0000 [ 217.769197][ T8995] batadv_slave_1: entered promiscuous mode [ 217.785672][ T8995] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 217.793883][ T8995] Cannot create hsr debugfs directory [ 217.879741][ T9] usb 5-1: config 0 has no interfaces? [ 217.885753][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 217.910745][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.931492][ T9] usb 5-1: config 0 descriptor?? [ 218.181495][ T9] usb 5-1: USB disconnect, device number 18 [ 221.387575][ T9111] netlink: 'syz.1.1608': attribute type 11 has an invalid length. [ 222.043424][ T9141] kernel read not supported for file /eth0 (pid: 9141 comm: syz.2.1620) [ 222.681668][ T5278] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 222.883907][ T5278] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 222.904582][ T5278] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 222.929900][ T5278] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 222.939556][ T5278] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.947669][ T5278] usb 3-1: Product: syz [ 222.952213][ T5278] usb 3-1: Manufacturer: syz [ 222.956864][ T5278] usb 3-1: SerialNumber: syz [ 222.966865][ T5278] usb 3-1: config 0 descriptor?? [ 222.973926][ T9150] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 222.981879][ T9150] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 223.194161][ T9182] vivid-004: ================= START STATUS ================= [ 223.216712][ T9150] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 223.219603][ T9182] vivid-004: Radio HW Seek Mode: Bounded [ 223.228302][ T9150] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 223.245710][ T9182] [ 223.250378][ T9182] vivid-004: Radio Programmable HW Seek: false [ 223.260745][ T9182] vivid-004: RDS Rx I/O Mode: Block I/O [ 223.267049][ T9182] vivid-004: Generate RBDS Instead of RDS: false [ 223.275157][ T9182] vivid-004: RDS Reception: true [ 223.285111][ T9182] vivid-004: RDS Program Type: 0 inactive [ 223.294520][ T9182] vivid-004: RDS PS Name: inactive [ 223.304425][ T9182] vivid-004: RDS Radio Text: inactive [ 223.314605][ T9182] vivid-004: RDS Traffic Announcement: false inactive [ 223.339877][ T9182] vivid-004: RDS Traffic Program: false inactive [ 223.348310][ T9182] vivid-004: RDS Music: false inactive [ 223.354056][ T9182] vivid-004: ================== END STATUS ================== [ 223.519157][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 223.519181][ T29] audit: type=1804 audit(1725285373.218:61): pid=9188 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.1641" name="/newroot/353/file0/bus" dev="hugetlbfs" ino=25210 res=1 errno=0 [ 224.066212][ T5278] dm9601 3-1:0.0 (unnamed net_device) (uninitialized): Error reading MODE_CTRL [ 224.090635][ T5278] usb 3-1: USB disconnect, device number 23 [ 225.105777][ T9250] hugetlbfs: Invalid gid '0x00000000ffffffff' [ 225.746650][ T9278] netlink: 'syz.1.1677': attribute type 9 has an invalid length. [ 225.780410][ T9278] netlink: 391 bytes leftover after parsing attributes in process `syz.1.1677'. [ 226.254656][ T5278] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 226.320649][ T9306] loop0: detected capacity change from 0 to 7 [ 226.328903][ T9306] Dev loop0: unable to read RDB block 7 [ 226.342459][ T9306] loop0: unable to read partition table [ 226.349037][ T9306] loop0: partition table beyond EOD, truncated [ 226.357726][ T9306] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 226.357726][ T9306] ) failed (rc=-5) [ 226.458687][ T5278] usb 2-1: config 0 has no interfaces? [ 226.465141][ T5278] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 226.500258][ T5278] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.530689][ T5278] usb 2-1: config 0 descriptor?? [ 226.953277][ T5278] usb 2-1: USB disconnect, device number 21 [ 227.149761][ T9336] netlink: 'syz.4.1700': attribute type 11 has an invalid length. [ 227.167471][ T9336] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1700'. [ 228.147238][ T9379] netlink: 'syz.3.1720': attribute type 21 has an invalid length. [ 228.173458][ T9381] netlink: 4272 bytes leftover after parsing attributes in process `syz.2.1721'. [ 228.174300][ T9379] netlink: 'syz.3.1720': attribute type 16 has an invalid length. [ 228.187949][ T9381] netlink: 'syz.2.1721': attribute type 1 has an invalid length. [ 228.209116][ T9379] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1720'. [ 228.227258][ T9381] netlink: 121 bytes leftover after parsing attributes in process `syz.2.1721'. [ 228.936188][ T5278] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 229.126966][ T5278] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 229.144802][ T5278] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.160511][ T5278] usb 3-1: config 0 descriptor?? [ 229.214264][ T25] usb 4-1: new low-speed USB device number 21 using dummy_hcd [ 229.232999][ T5226] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 229.432405][ T25] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 229.445448][ T5226] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 229.457394][ T25] usb 4-1: config 0 has no interface number 0 [ 229.481953][ T25] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 229.497957][ T5226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 229.515330][ T25] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 229.527927][ T5226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 229.543225][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.556542][ T5226] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 229.572828][ T25] usb 4-1: config 0 descriptor?? [ 229.589063][ T5226] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 229.601943][ T25] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 229.619742][ T5226] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.643898][ T5226] usb 2-1: config 0 descriptor?? [ 229.650078][ T9421] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 229.838302][ T25] usb 4-1: USB disconnect, device number 21 [ 229.861734][ T25] iowarrior 4-1:0.1: I/O-Warror #0 now disconnected [ 230.110048][ T5226] plantronics 0003:047F:FFFF.0017: unknown main item tag 0xd [ 230.125351][ T5226] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving [ 230.161210][ T5226] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 230.197295][ T5278] pegasus 3-1:0.0: probe with driver pegasus failed with error -71 [ 230.238033][ T5278] usb 3-1: USB disconnect, device number 24 [ 230.442505][ T5226] usb 2-1: USB disconnect, device number 22 [ 230.699487][ T9464] sctp: [Deprecated]: syz.4.1758 (pid 9464) Use of struct sctp_assoc_value in delayed_ack socket option. [ 230.699487][ T9464] Use struct sctp_sack_info instead [ 231.208846][ T5277] kernel read not supported for file /newroot/359/file0 (pid: 5277 comm: kworker/1:6) [ 231.284456][ T9495] TCP: TCP_TX_DELAY enabled [ 231.930683][ T9522] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1784'. [ 232.210372][ T9532] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 232.403481][ T5278] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 232.492722][ T5229] Bluetooth: hci5: link tx timeout [ 232.498658][ T5229] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 232.614188][ T5278] usb 4-1: config 0 has no interfaces? [ 232.623094][ T5278] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 232.637552][ T5278] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 232.662043][ T5278] usb 4-1: Product: syz [ 232.669806][ T5278] usb 4-1: Manufacturer: syz [ 232.684357][ T5278] usb 4-1: config 0 descriptor?? [ 232.885247][ T5229] Bluetooth: hci5: link tx timeout [ 232.890567][ T5229] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 232.946737][ T5282] usb 4-1: USB disconnect, device number 22 [ 233.649877][ T9560] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 234.554992][ T5229] Bluetooth: hci5: command 0x0405 tx timeout [ 234.655118][ T9593] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 235.359870][ T9639] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1831'. [ 235.389711][ T9639] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1831'. [ 235.613508][ T5277] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 235.709533][ T9656] netlink: 'syz.1.1840': attribute type 4 has an invalid length. [ 235.789731][ T9658] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1841'. [ 235.807836][ T9658] openvswitch: netlink: Key type 29 is not supported [ 235.824348][ T5277] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 235.841854][ T5277] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 235.880613][ T5277] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 235.899037][ T5277] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.927740][ T5277] usb 1-1: Product: syz [ 235.941435][ T5277] usb 1-1: Manufacturer: syz [ 235.955076][ T5277] usb 1-1: SerialNumber: syz [ 235.971257][ T5277] usb 1-1: config 0 descriptor?? [ 235.981267][ T9640] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 236.000646][ T9640] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 236.249897][ T9640] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 236.286486][ T9640] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 236.547926][ T5282] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 236.758322][ T5282] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 236.783544][ T5282] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 236.810024][ T5282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 236.821747][ T5282] usb 4-1: SerialNumber: syz [ 237.162617][ T5277] dm9601 1-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 237.222636][ T5277] dm9601 1-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.0-1, Davicom DM96xx USB 10/100 Ethernet, 54:00:00:00:00:00 [ 237.272318][ T5277] usb 1-1: USB disconnect, device number 19 [ 237.280608][ T5277] dm9601 1-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.0-1, Davicom DM96xx USB 10/100 Ethernet [ 237.357260][ T9690] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 237.371150][ T9690] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 237.516797][ T5282] cdc_ether 4-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 237.879852][ T5278] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 237.902020][ T29] audit: type=1326 audit(1725285387.702:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9703 comm="syz.0.1861" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x0 [ 237.945454][ T5282] usb 4-1: USB disconnect, device number 23 [ 237.956153][ T5282] cdc_ether 4-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device [ 238.082809][ T5278] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.096624][ T5278] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 238.106579][ T5278] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.123265][ T5278] usb 2-1: config 0 descriptor?? [ 238.256527][ T9719] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 238.373876][ T5282] usb 2-1: USB disconnect, device number 23 [ 240.575289][ T5278] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 240.783148][ T5278] usb 5-1: Using ep0 maxpacket: 8 [ 240.790885][ T5278] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 240.806244][ T5278] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 240.828966][ T5278] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 240.850736][ T5278] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 240.886921][ T5278] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 240.927404][ T5278] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.047265][ T9804] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1904'. [ 241.171639][ T5278] usb 5-1: GET_CAPABILITIES returned 0 [ 241.177263][ T5278] usbtmc 5-1:16.0: can't read capabilities [ 241.380222][ T25] usb 5-1: USB disconnect, device number 19 [ 241.702982][ T9824] netlink: 5288 bytes leftover after parsing attributes in process `syz.2.1912'. [ 241.753946][ T9824] openvswitch: netlink: IP tunnel dst address not specified [ 242.058509][ T9840] syz.0.1918[9840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 242.058984][ T9840] syz.0.1918[9840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 242.266130][ T9849] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1922'. [ 243.508674][ T9903] Bluetooth: hci3: unsupported parameter 64512 [ 243.518096][ T9903] Bluetooth: hci3: invalid length 0, exp 2 for type 15 [ 243.562372][ T5282] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 243.768088][ T25] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 243.770767][ T5282] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 243.800062][ T5282] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 243.846388][ T5282] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 243.855590][ T5282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.873855][ T5282] usb 3-1: config 0 descriptor?? [ 243.991647][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.007719][ T25] usb 2-1: New USB device found, idVendor=28de, idProduct=1205, bcdDevice= 0.00 [ 244.030433][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.055298][ T25] usb 2-1: config 0 descriptor?? [ 244.498266][ T25] hid-steam 0003:28DE:1205.0019: : USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.1-1/input0 [ 244.575174][ T25] hid-steam 0003:28DE:1205.0019: Steam Controller 'XXXXXXXXXX' connected [ 244.588242][ T25] input: Steam Deck as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28DE:1205.0019/input/input31 [ 244.612862][ T25] input: Steam Deck Motion Sensors as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28DE:1205.0019/input/input32 [ 244.663419][ T25] hid-steam 0003:28DE:1205.001A: hidraw0: USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.1-1/input0 [ 244.698098][ T5282] hid-led 0003:27B8:01ED.0018: hidraw1: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.2-1/input0 [ 244.730466][ T5282] hid-led 0003:27B8:01ED.0018: ThingM blink(1) v1 initialized [ 244.852912][ T9901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 244.881449][ T9901] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 244.899928][ T25] usb 3-1: USB disconnect, device number 25 [ 244.949185][ T5282] usb 2-1: USB disconnect, device number 24 [ 245.029240][ T5282] hid-steam 0003:28DE:1205.0019: Steam Controller 'XXXXXXXXXX' disconnected [ 245.088493][ T9935] ======================================================= [ 245.088493][ T9935] WARNING: The mand mount option has been deprecated and [ 245.088493][ T9935] and is ignored by this kernel. Remove the mand [ 245.088493][ T9935] option from the mount to silence this warning. [ 245.088493][ T9935] ======================================================= [ 245.123421][ C1] vkms_vblank_simulate: vblank timer overrun [ 245.311838][ T9948] loop7: detected capacity change from 0 to 1 [ 245.356593][ T9948] Dev loop7: unable to read RDB block 1 [ 245.364198][ T9948] loop7: unable to read partition table [ 245.372484][ T9948] loop7: partition table beyond EOD, truncated [ 245.379119][ T9948] loop_reread_partitions: partition scan of loop7 (SaEǷ>#|J_diV3Q~d!=U5hcs-3hгJHv>l,) failed (rc=-5) [ 246.347174][ T9993] netlink: 'syz.4.1985': attribute type 27 has an invalid length. [ 246.431437][ T25] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 246.665198][ T25] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 246.684168][ T9993] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.687316][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 246.693639][ T9993] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.711425][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 246.724383][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 246.737998][ T25] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 246.748626][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.779777][ T25] usb 4-1: config 0 descriptor?? [ 247.151830][ T9993] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 247.204729][ T9993] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 247.240130][ T25] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 247.266005][ T25] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving [ 247.301576][ T25] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 247.452584][ T9993] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.475393][ T9993] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.511195][ T9993] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.520802][ T9993] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.596974][ T5277] usb 4-1: USB disconnect, device number 24 [ 248.111528][ T8] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 248.261194][ T5226] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 248.321474][ T8] usb 1-1: config 0 has an invalid interface number: 18 but max is 0 [ 248.329639][ T8] usb 1-1: config 0 has no interface number 0 [ 248.345878][ T8] usb 1-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.358950][ T8] usb 1-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 248.371626][ T8] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 248.389269][ T8] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 248.408699][ T8] usb 1-1: Manufacturer: syz [ 248.428895][ T8] usb 1-1: config 0 descriptor?? [ 248.471382][ T5226] usb 2-1: Using ep0 maxpacket: 8 [ 248.478713][ T5226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 248.510928][ T5226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 26056, setting to 1024 [ 248.533156][ T5226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 248.552298][T10064] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2006'. [ 248.560010][ T5226] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 248.575629][T10065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2007'. [ 248.581340][T10064] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2006'. [ 248.594770][ T5226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 248.617858][ T5226] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 248.624992][T10064] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 248.630902][ T5226] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58 [ 248.653923][ T5226] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.671585][T10064] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 248.672905][ T5226] usb 2-1: config 0 descriptor?? [ 248.693175][T10044] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 248.732512][ T55] Bluetooth: hci1: urb ffff88802478a800 submission failed (90) [ 248.928170][ T8] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.18/0003:054C:03D5.001C/input/input33 [ 248.986658][ T5278] usb 2-1: USB disconnect, device number 25 [ 249.028484][ T8] sony 0003:054C:03D5.001C: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.0-1/input18 [ 249.119471][T10077] IPVS: persistence engine module ip_vs_pe_ not found [ 249.203806][ T8] usb 1-1: USB disconnect, device number 20 [ 249.337120][T10088] netlink: 'syz.2.2017': attribute type 3 has an invalid length. [ 249.351431][T10088] netlink: 'syz.2.2017': attribute type 11 has an invalid length. [ 249.361595][T10088] netlink: 128512 bytes leftover after parsing attributes in process `syz.2.2017'. [ 250.961302][ T5282] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 251.021319][ T8] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 251.157646][ T5282] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 251.174231][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.187513][ T5282] usb 3-1: Product: syz [ 251.201268][ T5282] usb 3-1: Manufacturer: syz [ 251.206415][ T5282] usb 3-1: SerialNumber: syz [ 251.217567][ T8] usb 5-1: config 0 has an invalid interface number: 185 but max is 0 [ 251.228831][ T5282] usb 3-1: config 0 descriptor?? [ 251.234150][ T8] usb 5-1: config 0 has an invalid interface association descriptor of length 5, skipping [ 251.246277][ T8] usb 5-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 251.259173][ T8] usb 5-1: config 0 has no interface number 0 [ 251.265941][ T8] usb 5-1: config 0 interface 185 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 251.277849][ T8] usb 5-1: config 0 interface 185 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 16 [ 251.296930][ T8] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=d2.82 [ 251.308803][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.317711][ T8] usb 5-1: Product: syz [ 251.322628][ T8] usb 5-1: Manufacturer: syz [ 251.327406][ T8] usb 5-1: SerialNumber: syz [ 251.336103][ T8] usb 5-1: config 0 descriptor?? [ 251.346483][ T8] cdc_ether 5-1:0.185: skipping garbage [ 251.354282][ T8] cdc_ether 5-1:0.185: skipping garbage [ 251.360014][ T8] cdc_ether 5-1:0.185: skipping garbage [ 251.366663][ T8] usb 5-1: bad CDC descriptors [ 251.373711][ T8] usb 5-1: unsupported MDLM descriptors [ 251.472478][ T29] audit: type=1400 audit(1725285657.313:63): lsm=SMACK fn=smack_file_ioctl action=denied subject="I" object="_" requested=w pid=10188 comm="syz.0.2063" path="/dev/snd/seq" dev="devtmpfs" ino=1089 [ 251.503626][ T5282] hso 3-1:0.0: Failed to find BULK IN ep [ 251.518739][ T5282] usb-storage 3-1:0.0: USB Mass Storage device detected [ 251.592081][ T5279] usb 5-1: USB disconnect, device number 20 [ 251.638537][T10195] sctp: [Deprecated]: syz.0.2065 (pid 10195) Use of int in max_burst socket option. [ 251.638537][T10195] Use struct sctp_assoc_value instead [ 251.737775][ T5226] usb 3-1: USB disconnect, device number 26 [ 252.954993][ T29] audit: type=1326 audit(1725285658.793:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10247 comm="syz.0.2092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 253.038503][ T29] audit: type=1326 audit(1725285658.793:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10247 comm="syz.0.2092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 253.074146][ T29] audit: type=1326 audit(1725285658.793:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10247 comm="syz.0.2092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 253.095676][ C1] vkms_vblank_simulate: vblank timer overrun [ 253.110446][ T1069] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.113797][ T29] audit: type=1326 audit(1725285658.813:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10247 comm="syz.0.2092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e09979eb9 code=0x7ffc0000 [ 253.310707][ T1069] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.376331][T10253] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2094'. [ 253.597658][ T1069] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.741837][ T1069] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.831838][ T5279] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 253.909152][ T5229] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 253.920065][ T5229] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 253.938257][ T5229] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 253.956553][ T5229] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 253.966472][ T5229] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 253.975195][ T5229] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 254.032917][ T1069] bridge_slave_1: left allmulticast mode [ 254.038786][ T5279] usb 2-1: Using ep0 maxpacket: 8 [ 254.050377][ T5279] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 254.053210][ T1069] bridge_slave_1: left promiscuous mode [ 254.065537][ T1069] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.074738][ T5279] usb 2-1: config 0 has no interface number 0 [ 254.085504][ T5279] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 254.099366][ T5279] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 254.099799][ T1069] bridge_slave_0: left allmulticast mode [ 254.116795][ T1069] bridge_slave_0: left promiscuous mode [ 254.123425][ T1069] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.136780][ T5279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.157245][ T5279] usb 2-1: config 0 descriptor?? [ 254.170910][ T5279] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 254.386430][ T5279] usb 2-1: USB disconnect, device number 26 [ 254.411578][ T5279] iowarrior 2-1:0.1: I/O-Warror #0 now disconnected [ 254.596630][ T1069] gretap0 (unregistering): left promiscuous mode [ 254.727374][ T1069] bond0 (unregistering): (slave geneve0): Releasing backup interface [ 255.210192][ T1069] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 255.240519][ T1069] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 255.261020][ T1069] bond0 (unregistering): Released all slaves [ 255.558207][ T5229] Bluetooth: hci4: unexpected event for opcode 0x0407 [ 255.942129][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.948598][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.970220][ T1069] batadv_slave_1: left promiscuous mode [ 256.016499][ T5229] Bluetooth: hci1: command tx timeout [ 256.095847][ T1069] hsr_slave_0: left promiscuous mode [ 256.124750][ T1069] hsr_slave_1: left promiscuous mode [ 256.132940][ T1069] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 256.140505][ T1069] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 256.173799][ T1069] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 256.191800][ T1069] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 256.244697][ T1069] veth1_macvtap: left promiscuous mode [ 256.250379][ T1069] veth0_macvtap: left promiscuous mode [ 256.264970][ T1069] veth1_vlan: left promiscuous mode [ 256.281767][ T1069] veth0_vlan: left promiscuous mode [ 257.285412][ T1069] team0 (unregistering): Port device team_slave_1 removed [ 257.352609][ T1069] team0 (unregistering): Port device team_slave_0 removed [ 258.029239][T10334] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2125'. [ 258.060986][T10270] chnl_net:caif_netlink_parms(): no params data found [ 258.091397][ T5229] Bluetooth: hci1: command tx timeout [ 258.464450][T10270] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.479711][T10270] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.489434][T10270] bridge_slave_0: entered allmulticast mode [ 258.503318][T10270] bridge_slave_0: entered promiscuous mode [ 258.519104][T10270] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.529603][T10270] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.540970][T10270] bridge_slave_1: entered allmulticast mode [ 258.551905][T10270] bridge_slave_1: entered promiscuous mode [ 258.557295][T10358] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2133'. [ 258.650835][T10270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 258.693845][T10270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 258.793504][T10270] team0: Port device team_slave_0 added [ 258.964117][T10270] team0: Port device team_slave_1 added [ 259.253407][T10270] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.260640][T10270] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.331313][T10270] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.361348][T10270] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 259.368406][T10270] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.427571][T10270] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 259.616675][ T5229] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 259.626262][ T5229] Bluetooth: hci4: Injecting HCI hardware error event [ 259.637793][ T55] Bluetooth: hci4: hardware error 0x00 [ 259.785482][T10270] hsr_slave_0: entered promiscuous mode [ 259.847852][T10270] hsr_slave_1: entered promiscuous mode [ 260.171382][ T5229] Bluetooth: hci1: command tx timeout [ 260.464571][T10404] netlink: 'syz.3.2154': attribute type 3 has an invalid length. [ 260.827702][ T5229] Bluetooth: hci4: unexpected event for opcode 0x0000 [ 260.836327][T10415] bond0: option arp_interval: invalid value (18446744073145618180) [ 260.851343][T10415] bond0: option arp_interval: allowed values 0 - 2147483647 [ 261.154669][T10270] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 261.205308][T10270] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 261.252753][T10270] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 261.367221][T10270] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 261.781407][ T55] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 261.958162][T10270] 8021q: adding VLAN 0 to HW filter on device bond0 [ 262.246058][T10270] 8021q: adding VLAN 0 to HW filter on device team0 [ 262.253543][ T55] Bluetooth: hci1: command tx timeout [ 262.305587][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.312990][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.414375][ T185] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.421637][ T185] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.739981][T10270] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 263.401361][T10270] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 263.437351][T10478] Dead loop on virtual device ip6_vti0, fix it urgently! [ 263.462715][T10478] Dead loop on virtual device ip6_vti0, fix it urgently! [ 263.484063][T10478] Dead loop on virtual device ip6_vti0, fix it urgently! [ 263.504530][T10478] Dead loop on virtual device ip6_vti0, fix it urgently! [ 263.523230][T10478] Dead loop on virtual device ip6_vti0, fix it urgently! [ 263.546585][T10478] Dead loop on virtual device ip6_vti0, fix it urgently! [ 263.575985][T10270] veth0_vlan: entered promiscuous mode [ 263.608995][T10270] veth1_vlan: entered promiscuous mode [ 263.724825][T10270] veth0_macvtap: entered promiscuous mode [ 263.750883][T10270] veth1_macvtap: entered promiscuous mode [ 263.825324][T10270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.871588][T10270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.902523][T10270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.928375][T10270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.949153][T10270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.978166][T10270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 264.017586][T10270] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 264.072449][T10270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 264.121582][T10270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 264.139895][T10270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 264.171635][T10270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 264.182259][T10270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 264.193488][T10270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 264.207239][T10270] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 264.243659][T10270] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.287306][T10270] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.316881][T10270] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.343424][T10270] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.543605][ T185] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.565570][ T185] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.661717][ T1069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.691924][ T1069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.872451][ T5279] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 265.062050][ T5279] usb 5-1: Using ep0 maxpacket: 8 [ 265.079786][ T5279] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 265.107183][ T5279] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 265.120818][ T5279] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 265.129928][ T5279] usb 5-1: SerialNumber: syz [ 265.135408][ T8] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 265.152002][ T5279] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 265.221847][ T5275] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 265.343202][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 265.368981][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 265.389980][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 265.400280][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 265.419401][ T8] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 265.422089][ T5275] usb 2-1: Using ep0 maxpacket: 16 [ 265.430133][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.455653][ T5275] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 265.471875][ T8] usb 4-1: config 0 descriptor?? [ 265.472329][ T5275] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.511165][ T5275] usb 2-1: Product: syz [ 265.515407][ T5275] usb 2-1: Manufacturer: syz [ 265.530356][ T5275] usb 2-1: SerialNumber: syz [ 265.549253][ T5275] usb 2-1: config 0 descriptor?? [ 265.567696][T10498] raw-gadget.0 gadget.4: fail, usb_ep_set_halt returned -11 [ 265.568280][ T5275] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 265.577953][ T5278] usb 5-1: USB disconnect, device number 21 [ 265.606516][ T5275] usb 2-1: Detected FT232H [ 265.807077][ T5275] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 265.904850][ T8] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 265.917320][ T8] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving [ 265.940279][ T8] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 266.240322][ T5275] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 266.278505][ T8] usb 4-1: USB disconnect, device number 25 [ 266.327902][T10543] pimreg: entered allmulticast mode [ 266.431319][T10543] pimreg: left allmulticast mode [ 266.505796][ T5278] usb 2-1: USB disconnect, device number 27 [ 266.520281][ T5278] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 266.536882][ T5278] ftdi_sio 2-1:0.0: device disconnected [ 267.319961][T10577] syz.1.2225: attempt to access beyond end of device [ 267.319961][T10577] loop3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 267.351469][T10577] EXT4-fs (loop3): unable to read superblock [ 268.313148][ T29] audit: type=1326 audit(1725285674.153:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10625 comm="syz.3.2248" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbba1379eb9 code=0x0 [ 268.759856][ T29] audit: type=1326 audit(1725285674.593:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10646 comm="syz.2.2257" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdf54779eb9 code=0x0 [ 269.633539][T10674] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2268'. [ 269.649932][T10674] netlink: 'syz.0.2268': attribute type 2 has an invalid length. [ 269.839581][T10681] netlink: 'syz.4.2272': attribute type 11 has an invalid length. [ 269.858710][T10681] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2272'. [ 270.685648][T10731] netlink: 'syz.0.2292': attribute type 20 has an invalid length. [ 270.754429][T10733] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 270.995193][ T5279] kernel write not supported for file /vcsa1 (pid: 5279 comm: kworker/0:4) [ 271.161200][ T5279] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 271.354040][ T5279] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 271.370845][ T5279] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.396759][ T5279] usb 3-1: config 0 descriptor?? [ 271.401321][ T5275] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 271.595140][ T5275] usb 4-1: config 0 has an invalid interface number: 138 but max is 0 [ 271.610474][ T5275] usb 4-1: config 0 has no interface number 0 [ 271.617593][ T5275] usb 4-1: config 0 interface 138 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 271.646618][ T5275] usb 4-1: config 0 interface 138 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 271.666903][ T5275] usb 4-1: config 0 interface 138 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 271.688567][ T5275] usb 4-1: config 0 interface 138 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 271.702426][ T5275] usb 4-1: New USB device found, idVendor=1b3d, idProduct=01f0, bcdDevice=6d.75 [ 271.712058][ T5275] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.721553][ T5275] usb 4-1: Product: syz [ 271.732334][ T5275] usb 4-1: Manufacturer: syz [ 271.742341][ T5275] usb 4-1: SerialNumber: syz [ 271.758876][ T5275] usb 4-1: config 0 descriptor?? [ 271.775544][ T5275] ftdi_sio 4-1:0.138: FTDI USB Serial Device converter detected [ 271.793514][T10777] netlink: 'syz.0.2312': attribute type 29 has an invalid length. [ 271.802379][ T5275] ftdi_sio ttyUSB0: unknown device type: 0x6d75 [ 271.820618][T10777] netlink: 'syz.0.2312': attribute type 29 has an invalid length. [ 271.832230][T10777] netlink: 500 bytes leftover after parsing attributes in process `syz.0.2312'. [ 271.841286][ T5279] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 272.037012][ T8] usb 4-1: USB disconnect, device number 26 [ 272.065308][ T8] ftdi_sio 4-1:0.138: device disconnected [ 272.251252][T10786] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2315'. [ 272.266074][T10786] netlink: 'syz.0.2315': attribute type 7 has an invalid length. [ 272.280239][T10786] netlink: 'syz.0.2315': attribute type 8 has an invalid length. [ 272.294643][T10786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2315'. [ 272.494149][ T5275] usb 3-1: USB disconnect, device number 27 [ 273.850140][T10853] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.2345'. [ 273.871566][T10853] openvswitch: netlink: IP tunnel dst address not specified [ 274.181261][ T5226] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 274.396539][ T5226] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 179, changing to 11 [ 274.426082][ T5226] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8991, setting to 1024 [ 274.438649][ T5226] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 274.461240][ T5226] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 274.476632][ T5226] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.506389][ T5226] usb 5-1: config 0 descriptor?? [ 274.518209][T10874] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 274.947719][ T5226] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x5 [ 274.968777][ T5226] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving [ 275.013302][ T5226] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 275.092069][T10895] serio: Serial port ptm0 [ 275.199435][ T8] usb 5-1: USB disconnect, device number 22 [ 275.398008][T10907] ALSA: mixer_oss: invalid OSS volume '1' [ 275.408973][T10907] ALSA: mixer_oss: invalid OSS volume '010000E0' [ 275.425354][T10907] ALSA: mixer_oss: invalid OSS volume '2' [ 275.432778][T10907] ALSA: mixer_oss: invalid OSS volume '010000E0' [ 275.881197][ T5226] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 276.095494][ T5226] usb 1-1: Using ep0 maxpacket: 16 [ 276.106221][ T5226] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 276.126571][ T5226] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 276.139407][ T5226] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.154532][ T5226] usb 1-1: config 0 descriptor?? [ 276.165069][ T5226] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input35 [ 276.301593][ T5279] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 276.399720][ T4658] bcm5974 1-1:0.0: could not read from device [ 276.418618][ T4658] bcm5974 1-1:0.0: could not read from device [ 276.463002][ T5226] bcm5974 1-1:0.0: could not read from device [ 276.509782][ T5279] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 276.520463][ T5226] input: failed to attach handler mousedev to device input35, error: -5 [ 276.540146][ T5279] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 276.554506][ T5226] usb 1-1: USB disconnect, device number 21 [ 276.560370][ T4658] bcm5974 1-1:0.0: could not read from device [ 276.576249][ T5279] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 276.586527][ T4658] bcm5974 1-1:0.0: could not read from device [ 276.608697][ T5279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 276.661843][ T5279] usb 2-1: SerialNumber: syz [ 276.936378][ T5279] usb 2-1: 0:2 : does not exist [ 276.973959][ T5279] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 277.011306][ T5279] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 277.090876][ T5279] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 277.123587][ T5279] usb 2-1: USB disconnect, device number 28 [ 277.874395][T10973] serio: Serial port pts0 [ 278.183924][T10990] sp0: Synchronizing with TNC [ 278.573847][ T5226] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 278.688426][T10024] kernel write not supported for file [eventfd] (pid: 10024 comm: kworker/1:16) [ 278.794187][ T5226] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 278.830880][ T5226] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 278.902100][ T5226] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 278.916787][ T5226] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 278.925451][ T5226] usb 3-1: SerialNumber: syz [ 279.046439][ T5279] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 279.222846][ T5226] usb 3-1: 0:2 : does not exist [ 279.238197][ T5226] usb 3-1: unit 5 not found! [ 279.258439][ T5279] usb 2-1: Using ep0 maxpacket: 8 [ 279.274850][ T5279] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.285773][ T5226] usb 3-1: USB disconnect, device number 28 [ 279.311232][ T5279] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.329236][ T5279] usb 2-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 279.348983][ T5279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.372773][ T5279] usb 2-1: config 0 descriptor?? [ 281.217842][ T5279] lenovo 0003:17EF:6067.001F: unknown main item tag 0x0 [ 281.253809][ T5279] lenovo 0003:17EF:6067.001F: item fetching failed at offset 5/7 [ 281.282132][ T5279] lenovo 0003:17EF:6067.001F: hid_parse failed [ 281.288448][ T5279] lenovo 0003:17EF:6067.001F: probe with driver lenovo failed with error -22 [ 281.480758][T10024] usb 2-1: USB disconnect, device number 29 [ 282.083281][T11062] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2435'. [ 283.070491][T11111] ================================================================== [ 283.078721][T11111] BUG: KASAN: slab-use-after-free in uprobe_mmap+0xb9a/0x11a0 [ 283.086323][T11111] Read of size 8 at addr ffff888034e106b0 by task syz.4.2457/11111 [ 283.094262][T11111] [ 283.096636][T11111] CPU: 0 UID: 0 PID: 11111 Comm: syz.4.2457 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0 [ 283.107458][T11111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 283.117586][T11111] Call Trace: [ 283.120891][T11111] [ 283.123856][T11111] dump_stack_lvl+0x241/0x360 [ 283.128581][T11111] ? __pfx_dump_stack_lvl+0x10/0x10 [ 283.133826][T11111] ? __pfx__printk+0x10/0x10 [ 283.138466][T11111] ? _printk+0xd5/0x120 [ 283.142707][T11111] ? __virt_addr_valid+0x183/0x530 [ 283.147866][T11111] ? __virt_addr_valid+0x183/0x530 [ 283.153025][T11111] print_report+0x169/0x550 [ 283.157582][T11111] ? __virt_addr_valid+0x183/0x530 [ 283.162837][T11111] ? __virt_addr_valid+0x183/0x530 [ 283.167994][T11111] ? __virt_addr_valid+0x45f/0x530 [ 283.173153][T11111] ? __phys_addr+0xba/0x170 [ 283.177700][T11111] ? uprobe_mmap+0xb9a/0x11a0 [ 283.182419][T11111] kasan_report+0x143/0x180 [ 283.186974][T11111] ? uprobe_mmap+0xb9a/0x11a0 [ 283.191702][T11111] uprobe_mmap+0xb9a/0x11a0 [ 283.196263][T11111] ? __pfx_uprobe_mmap+0x10/0x10 [ 283.201264][T11111] mmap_region+0x1891/0x2090 [ 283.205898][T11111] ? mark_lock+0x9a/0x350 [ 283.210294][T11111] ? __pfx_mmap_region+0x10/0x10 [ 283.215272][T11111] ? mm_get_unmapped_area+0xa5/0xd0 [ 283.220525][T11111] ? shmem_get_unmapped_area+0x2a7/0x8f0 [ 283.226202][T11111] ? cap_mmap_addr+0x163/0x2c0 [ 283.231024][T11111] ? __get_unmapped_area+0x2f0/0x360 [ 283.236362][T11111] do_mmap+0x8f9/0x1010 [ 283.240654][T11111] ? __pfx_do_mmap+0x10/0x10 [ 283.245404][T11111] ? __pfx_down_write_killable+0x10/0x10 [ 283.251081][T11111] ? __pfx_ima_file_mmap+0x10/0x10 [ 283.256329][T11111] ? security_mmap_file+0x178/0x1a0 [ 283.261586][T11111] vm_mmap_pgoff+0x1dd/0x3d0 [ 283.266664][T11111] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 283.271829][T11111] ? __fget_files+0x29/0x470 [ 283.276461][T11111] ? __fget_files+0x3f6/0x470 [ 283.281270][T11111] ksys_mmap_pgoff+0x4f1/0x720 [ 283.286074][T11111] ? __x64_sys_mmap+0x7f/0x140 [ 283.290885][T11111] do_syscall_64+0xf3/0x230 [ 283.295601][T11111] ? clear_bhb_loop+0x35/0x90 [ 283.300498][T11111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.306470][T11111] RIP: 0033:0x7f7025179eb9 [ 283.310937][T11111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.330589][T11111] RSP: 002b:00007f7025fe9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 283.339133][T11111] RAX: ffffffffffffffda RBX: 00007f7025315f80 RCX: 00007f7025179eb9 [ 283.347146][T11111] RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000020001000 [ 283.355183][T11111] RBP: 00007f70251e793e R08: 0000000000000003 R09: 0000000000000000 [ 283.363217][T11111] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 283.371320][T11111] R13: 0000000000000000 R14: 00007f7025315f80 R15: 00007ffcff3ff3c8 [ 283.379349][T11111] [ 283.382395][T11111] [ 283.384737][T11111] Allocated by task 5221: [ 283.389082][T11111] kasan_save_track+0x3f/0x80 [ 283.394059][T11111] __kasan_kmalloc+0x98/0xb0 [ 283.398809][T11111] __kmalloc_noprof+0x1fc/0x400 [ 283.403715][T11111] tomoyo_encode+0x26f/0x540 [ 283.408357][T11111] tomoyo_realpath_from_path+0x59e/0x5e0 [ 283.414044][T11111] tomoyo_path_perm+0x2b7/0x740 [ 283.419029][T11111] security_inode_getattr+0xd8/0x130 [ 283.424364][T11111] vfs_getattr+0x45/0x430 [ 283.428738][T11111] vfs_statx+0x199/0x490 [ 283.433036][T11111] vfs_fstatat+0x145/0x190 [ 283.437585][T11111] __x64_sys_newfstatat+0x11d/0x1a0 [ 283.442936][T11111] do_syscall_64+0xf3/0x230 [ 283.447485][T11111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.453426][T11111] [ 283.455770][T11111] Freed by task 5221: [ 283.459775][T11111] kasan_save_track+0x3f/0x80 [ 283.464492][T11111] kasan_save_free_info+0x40/0x50 [ 283.469576][T11111] poison_slab_object+0xe0/0x150 [ 283.474560][T11111] __kasan_slab_free+0x37/0x60 [ 283.479377][T11111] kfree+0x149/0x360 [ 283.483327][T11111] tomoyo_path_perm+0x5ab/0x740 [ 283.488225][T11111] security_inode_getattr+0xd8/0x130 [ 283.493690][T11111] vfs_getattr+0x45/0x430 [ 283.498062][T11111] vfs_statx+0x199/0x490 [ 283.502376][T11111] vfs_fstatat+0x145/0x190 [ 283.506832][T11111] __x64_sys_newfstatat+0x11d/0x1a0 [ 283.512074][T11111] do_syscall_64+0xf3/0x230 [ 283.516612][T11111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.522551][T11111] [ 283.524937][T11111] The buggy address belongs to the object at ffff888034e10680 [ 283.524937][T11111] which belongs to the cache kmalloc-64 of size 64 [ 283.539026][T11111] The buggy address is located 48 bytes inside of [ 283.539026][T11111] freed 64-byte region [ffff888034e10680, ffff888034e106c0) [ 283.552866][T11111] [ 283.555313][T11111] The buggy address belongs to the physical page: [ 283.561764][T11111] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34e10 [ 283.570573][T11111] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 283.578155][T11111] page_type: 0xfdffffff(slab) [ 283.582878][T11111] raw: 00fff00000000000 ffff88801a8418c0 ffffea0000c63240 dead000000000005 [ 283.591503][T11111] raw: 0000000000000000 0000000000200020 00000001fdffffff 0000000000000000 [ 283.600123][T11111] page dumped because: kasan: bad access detected [ 283.606586][T11111] page_owner tracks the page as allocated [ 283.612335][T11111] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6797, tgid 6797 (syz-executor), ts 143430381899, free_ts 142658161168 [ 283.633051][T11111] post_alloc_hook+0x1f3/0x230 [ 283.637946][T11111] get_page_from_freelist+0x2e4c/0x2f10 [ 283.643542][T11111] __alloc_pages_noprof+0x256/0x6c0 [ 283.648792][T11111] alloc_slab_page+0x5f/0x120 [ 283.653551][T11111] allocate_slab+0x5a/0x2f0 [ 283.658102][T11111] ___slab_alloc+0xcd1/0x14b0 [ 283.662923][T11111] __slab_alloc+0x58/0xa0 [ 283.667410][T11111] __kmalloc_noprof+0x25a/0x400 [ 283.672317][T11111] tomoyo_encode+0x26f/0x540 [ 283.676949][T11111] tomoyo_realpath_from_path+0x59e/0x5e0 [ 283.682623][T11111] tomoyo_path_perm+0x2b7/0x740 [ 283.687598][T11111] tomoyo_path_symlink+0xde/0x120 [ 283.692672][T11111] security_path_symlink+0xe3/0x140 [ 283.697908][T11111] do_symlinkat+0x136/0x3a0 [ 283.702468][T11111] __x64_sys_symlinkat+0x95/0xb0 [ 283.707468][T11111] do_syscall_64+0xf3/0x230 [ 283.712018][T11111] page last free pid 6762 tgid 6762 stack trace: [ 283.718403][T11111] free_unref_page+0xd19/0xea0 [ 283.723228][T11111] __folio_put+0x2c8/0x440 [ 283.727696][T11111] free_large_kmalloc+0x105/0x1c0 [ 283.732789][T11111] kfree+0x1c4/0x360 [ 283.736730][T11111] device_release+0x99/0x1c0 [ 283.741375][T11111] kobject_put+0x22f/0x480 [ 283.745845][T11111] netdev_run_todo+0xe79/0x1000 [ 283.750755][T11111] tun_chr_close+0x13a/0x1b0 [ 283.755567][T11111] __fput+0x24a/0x8a0 [ 283.759597][T11111] task_work_run+0x24f/0x310 [ 283.764331][T11111] syscall_exit_to_user_mode+0x168/0x370 [ 283.770095][T11111] do_syscall_64+0x100/0x230 [ 283.774786][T11111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.780791][T11111] [ 283.783127][T11111] Memory state around the buggy address: [ 283.788810][T11111] ffff888034e10580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 283.796889][T11111] ffff888034e10600: 00 00 00 00 06 fc fc fc fc fc fc fc fc fc fc fc [ 283.805055][T11111] >ffff888034e10680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 283.813220][T11111] ^ [ 283.818861][T11111] ffff888034e10700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 283.827121][T11111] ffff888034e10780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 283.835223][T11111] ================================================================== [ 283.847789][ T5279] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 283.856856][T11111] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 283.864107][T11111] CPU: 0 UID: 0 PID: 11111 Comm: syz.4.2457 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0 [ 283.875087][T11111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 283.885352][T11111] Call Trace: [ 283.888751][T11111] [ 283.891712][T11111] dump_stack_lvl+0x241/0x360 [ 283.896443][T11111] ? __pfx_dump_stack_lvl+0x10/0x10 [ 283.901692][T11111] ? __pfx__printk+0x10/0x10 [ 283.906358][T11111] ? preempt_schedule+0xe1/0xf0 [ 283.911267][T11111] ? vscnprintf+0x5d/0x90 [ 283.915646][T11111] panic+0x349/0x860 [ 283.919590][T11111] ? check_panic_on_warn+0x21/0xb0 [ 283.924833][T11111] ? __pfx_panic+0x10/0x10 [ 283.929298][T11111] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 283.935377][T11111] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 283.941764][T11111] ? print_report+0x502/0x550 [ 283.946495][T11111] check_panic_on_warn+0x86/0xb0 [ 283.951481][T11111] ? uprobe_mmap+0xb9a/0x11a0 [ 283.956306][T11111] end_report+0x77/0x160 [ 283.960597][T11111] kasan_report+0x154/0x180 [ 283.965185][T11111] ? uprobe_mmap+0xb9a/0x11a0 [ 283.969993][T11111] uprobe_mmap+0xb9a/0x11a0 [ 283.974630][T11111] ? __pfx_uprobe_mmap+0x10/0x10 [ 283.979586][T11111] mmap_region+0x1891/0x2090 [ 283.984190][T11111] ? mark_lock+0x9a/0x350 [ 283.988561][T11111] ? __pfx_mmap_region+0x10/0x10 [ 283.993507][T11111] ? mm_get_unmapped_area+0xa5/0xd0 [ 283.998738][T11111] ? shmem_get_unmapped_area+0x2a7/0x8f0 [ 284.004381][T11111] ? cap_mmap_addr+0x163/0x2c0 [ 284.009161][T11111] ? __get_unmapped_area+0x2f0/0x360 [ 284.014480][T11111] do_mmap+0x8f9/0x1010 [ 284.018771][T11111] ? __pfx_do_mmap+0x10/0x10 [ 284.023376][T11111] ? __pfx_down_write_killable+0x10/0x10 [ 284.029048][T11111] ? __pfx_ima_file_mmap+0x10/0x10 [ 284.034174][T11111] ? security_mmap_file+0x178/0x1a0 [ 284.039387][T11111] vm_mmap_pgoff+0x1dd/0x3d0 [ 284.043994][T11111] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 284.049111][T11111] ? __fget_files+0x29/0x470 [ 284.053708][T11111] ? __fget_files+0x3f6/0x470 [ 284.058395][T11111] ksys_mmap_pgoff+0x4f1/0x720 [ 284.063175][T11111] ? __x64_sys_mmap+0x7f/0x140 [ 284.067959][T11111] do_syscall_64+0xf3/0x230 [ 284.072474][T11111] ? clear_bhb_loop+0x35/0x90 [ 284.077161][T11111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.083110][T11111] RIP: 0033:0x7f7025179eb9 [ 284.087556][T11111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.107375][T11111] RSP: 002b:00007f7025fe9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 284.115857][T11111] RAX: ffffffffffffffda RBX: 00007f7025315f80 RCX: 00007f7025179eb9 [ 284.124024][T11111] RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000020001000 [ 284.132018][T11111] RBP: 00007f70251e793e R08: 0000000000000003 R09: 0000000000000000 [ 284.140006][T11111] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 284.148164][T11111] R13: 0000000000000000 R14: 00007f7025315f80 R15: 00007ffcff3ff3c8 [ 284.156187][T11111] [ 284.159625][T11111] Kernel Offset: disabled [ 284.163949][T11111] Rebooting in 86400 seconds..