last executing test programs: 2m7.29849899s ago: executing program 4 (id=5156): unshare(0x22020600) pipe2(&(0x7f0000000240)={0x0, 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0) splice(r1, &(0x7f0000000180)=0x4, r0, 0x0, 0x8, 0x0) 2m7.085165967s ago: executing program 4 (id=5158): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00aa19ce670d25010000020000040000009fc404000000c788b277beee1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e468eea3fcfcf498278a315f5b87e1c26433a8acd715f5888b2007f00000000000000000100000000000000010015d60605000053350000000034a70c2ab40c7cf5691db43a5c00000000000000f030007ce2c6f800000000000000e75a89faff01218087560cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bef5d7d617da7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf050000008600a62e96b7cb8e52cbdc2ba9d580609e31c30879d6fce424c2208af6c3784a1975fa657de38a3a32e4fd67ce446adb431d07db79241aca1dd9ba02453bbb5ee8babe1745e645f091231b986e952afdac972f342c6f184777d05d988d6edc71df0100000013a38300cabf2b554380ad215c789bef4cc574109b8df8d9a9db669557b3809d8c396d2c0361629d1822f722ec23812770d72cd00100000078a75dea785be550dbb420287e0789b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b8a0ae6fb5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fc7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff25184d4e3c6f7f623559435b2c505fb711300000000040000000000000000000000000000e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7a49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd029406000000433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671a5767014b09ddbf69b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7b49991be06b950ccd48f4e49833f3c4a02bbd06c84680549f9eb16682ecb722e8ffaca907a3eaaebfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c52108d9c0d51dc30209872ec602af42eb29d54a37be0fdfdcd74c2d859a566ee5c30677173a2592a4617ae08bec07422d52d2ba7271550a5c20e3a8d1c8c8fd3025ff00607b2249ae9a18391e01b21b36169790b8e96f7955754b6b01a75165d3573d1dec5cf1b08b6115b43203a5654cce2277eb4c02ef4817b4cb989ac178895810eff7b697f2dc9b308aa2460e3cb85cdc4833571a62bf310700000000000000cc7f923284230ada8c756096a66119d4b6b2f159585c3cf8e7bfdd619e294b1d21cd491b8cfd4a253856e485fe29c6ad177a9fb078ca905782b9ed3c30675b89a784bb8031cac0de95178a5acff029a0f0fe972df22b20afe95fba722056f94ab15f1cf605c33df627311f1b614684d77549"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000001f80)=r0, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x14, 0x2, 0x6, 0x5}, 0x14}}, 0x0) 2m6.866632079s ago: executing program 4 (id=5161): syz_open_dev$sndctrl(&(0x7f0000000000), 0x3, 0x0) r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000001c0)={r2, @in={{0x2, 0x4e21, @remote}}, [0xfffffffffffffff9, 0xf, 0xffffffffffffffff, 0x0, 0xffff, 0x8000000000000000, 0x8000000000000001, 0x1, 0x1eb, 0xff, 0x6, 0x56ea, 0xe, 0xc8c2, 0x3]}, &(0x7f0000000040)=0x100) 2m6.765182104s ago: executing program 4 (id=5163): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 2m5.863713959s ago: executing program 4 (id=5172): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_int(r0, 0x11a, 0x3, 0x0, 0x0) 2m5.385198316s ago: executing program 4 (id=5180): r0 = epoll_create1(0x80000) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000005c0)={0x2004}) r2 = socket$key(0xf, 0x3, 0x2) dup3(r2, r1, 0x0) 2m4.890584607s ago: executing program 32 (id=5180): r0 = epoll_create1(0x80000) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000005c0)={0x2004}) r2 = socket$key(0xf, 0x3, 0x2) dup3(r2, r1, 0x0) 4.389120156s ago: executing program 3 (id=6451): signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0) r0 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) 3.46757584s ago: executing program 3 (id=6458): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="f10000020600"], 0x2a) 3.156176274s ago: executing program 3 (id=6463): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x8, 0x4}) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000100)={0x3, r2, 0xffffffff, 0x5, 0xa, 0x1ff, 0x1}) 3.047820467s ago: executing program 3 (id=6465): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, &(0x7f0000000100)) 2.919190769s ago: executing program 3 (id=6468): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) utime(&(0x7f0000000000)='./file0\x00', 0x0) 2.226970426s ago: executing program 2 (id=6476): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x3, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) 2.191237755s ago: executing program 3 (id=6477): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x5, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x200, 0x8, 0x1, {0x22, 0x394}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCINITREPORT(r1, 0x4805, 0x0) 2.120950958s ago: executing program 2 (id=6478): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) 2.041621834s ago: executing program 2 (id=6480): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x28}) capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000280)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) 1.966907546s ago: executing program 2 (id=6481): r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0x2a382) r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\nt\"\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0x0) socket$netlink(0x10, 0x3, 0x15) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$xdp(0x2c, 0x3, 0x0) io_submit(r0, 0x2, &(0x7f0000001400)=[&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x1000, r2, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x5, 0x5, r1, &(0x7f0000001140), 0x0, 0x4}]) 1.762527098s ago: executing program 2 (id=6486): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="e6", 0x1}], 0x1}}], 0x1, 0x24040890) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x40000011}) 1.5833241s ago: executing program 0 (id=6489): syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabaaaaaaaaabb86dd60cedd0000103afffee0000000000000020000000000008d5a650b37bbfe8000000000000000000000000000aa8900907800fc000000000024"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5}) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)=ANY=[]) 1.293265257s ago: executing program 0 (id=6491): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000000440)=ANY=[]) 1.098415773s ago: executing program 0 (id=6495): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0x1, 0x0, 0x5}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 956.586316ms ago: executing program 1 (id=6498): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000030000000500000000000000000000000500000000000000ffffffff"]) 759.361722ms ago: executing program 2 (id=6500): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000090024206d041cc34000000000010902"], 0x0) close(0x3) syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000000)=ANY=[], 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) 731.726641ms ago: executing program 5 (id=6501): r0 = syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00') fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f00000000c0)=""/52, 0x34) getdents(r1, 0x0, 0x58) 616.430073ms ago: executing program 1 (id=6502): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0', [], 0xa, "1f411d2552ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bda4de504f5a3c7c04055f1f70e4064d46b2bb9e5100d446bb6a"}, 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='\t'], 0x28) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 615.591431ms ago: executing program 5 (id=6503): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x38, 0x12, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x800) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f00000002c0)={0x0, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r0) 500.522849ms ago: executing program 1 (id=6504): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) close(0x3) 499.210553ms ago: executing program 5 (id=6505): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000340)={@remote, 0x57, r1}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000004c40)={@remote, r1}, 0x14) close(r0) 415.117718ms ago: executing program 1 (id=6506): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000100000001c0"]) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)=ANY=[]) 367.006687ms ago: executing program 5 (id=6507): r0 = socket$inet(0x2, 0x3, 0x33) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000002240)={0x24, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x24}, 0x1, 0x0, 0x0, 0x8080}, 0x40) 292.061276ms ago: executing program 5 (id=6508): syz_emit_ethernet(0x7e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "156909", 0x48, 0x2f, 0x0, @private2, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x88a8, 0x0, 0x0, [0x9, 0x0]}, {}, {}, {0xa888, 0x88be, 0x8000000}}}}}}}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x121041) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {0x74, 0x2}}) write$evdev(r0, &(0x7f0000000040), 0x373) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000200)=""/36) 193.15288ms ago: executing program 1 (id=6509): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x4, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb6}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}], {0x95, 0x0, 0x5a5}}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001c00c92427bd7000000002000700"], 0x1c}, 0x1, 0x0, 0x0, 0xc0041}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000005e"], 0x1c}}, 0x0) 185.144772ms ago: executing program 0 (id=6510): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00') read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) r1 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r1, 0x0) read$FUSE(r0, &(0x7f0000004440)={0x2020}, 0x2020) 107.135433ms ago: executing program 1 (id=6511): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1e030800d3ff71ef288543"], 0xffdd) 99.215884ms ago: executing program 5 (id=6512): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x8801}, 0x9f4032d06ab2d0f3) syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) preadv(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)=""/173, 0xad}], 0x1, 0x24, 0x6) 0s ago: executing program 0 (id=6513): bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0900000007000000000001"], 0x50) r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01) r1 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x800) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) kernel console output (not intermixed with test programs): slave bond_slave_0): Releasing backup interface [ 526.798469][ T30] audit: type=1326 audit(1746263770.768:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.3.5019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de558 code=0x7ffc0000 [ 526.804198][T17858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 526.824212][ T30] audit: type=1326 audit(1746263770.768:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.3.5019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000 [ 526.852338][T17858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 526.862039][T17868] bond0: (slave bond_slave_1): Releasing backup interface [ 526.890812][T17868] team0: Port device team_slave_0 removed [ 526.908474][T17873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5023'. [ 526.916767][ T30] audit: type=1326 audit(1746263770.778:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.3.5019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de558 code=0x7ffc0000 [ 526.945165][T17873] netlink: 'syz.2.5023': attribute type 18 has an invalid length. [ 526.954908][T17868] team0: Port device team_slave_1 removed [ 526.960850][T17873] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5023'. [ 526.974694][T17868] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 526.990756][T17868] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 527.008793][T16848] usbhid 2-1:0.0: can't add hid device: -71 [ 527.018529][T16848] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 527.034571][T17869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 527.050915][T16848] usb 2-1: USB disconnect, device number 56 [ 527.077509][T17869] team0: Port device bond0 added [ 527.403458][T16838] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 527.565246][T16838] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 527.577262][T16838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 527.591344][T16838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 527.606509][T16838] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 527.621874][T16838] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 527.632000][T16838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.645536][T16838] usb 4-1: config 0 descriptor?? [ 527.651450][T17875] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 527.763486][T16841] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 527.933157][T16841] usb 2-1: Using ep0 maxpacket: 32 [ 527.940388][T16841] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 527.951944][T16841] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 527.961862][T16841] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 527.973509][T16841] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.990174][T16841] usb 2-1: config 0 descriptor?? [ 527.999193][T16841] hub 2-1:0.0: USB hub found [ 528.079730][T16838] plantronics 0003:047F:FFFF.002C: reserved main item tag 0xd [ 528.110181][T16838] plantronics 0003:047F:FFFF.002C: No inputs registered, leaving [ 528.155583][T16838] plantronics 0003:047F:FFFF.002C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 528.210586][T16841] hub 2-1:0.0: 2 ports detected [ 528.391877][T16838] usb 4-1: USB disconnect, device number 55 [ 528.473266][T17912] loop8: detected capacity change from 0 to 8 [ 528.484959][T17912] Dev loop8: unable to read RDB block 8 [ 528.490600][T17912] loop8: unable to read partition table [ 528.497811][T17912] loop8: partition table beyond EOD, truncated [ 528.520691][T17912] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 529.276194][T17932] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 529.305779][T16841] hub 2-1:0.0: hub_hub_status failed (err = -32) [ 529.321219][T16841] hub 2-1:0.0: config failed, can't get hub status (err -32) [ 529.357829][T16841] usbhid 2-1:0.0: can't add hid device: -32 [ 529.365975][T16841] usbhid 2-1:0.0: probe with driver usbhid failed with error -32 [ 529.536184][T16838] usb 5-1: new full-speed USB device number 45 using dummy_hcd [ 529.669731][T16841] usb 2-1: USB disconnect, device number 57 [ 529.737756][T16838] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 529.773771][T16838] usb 5-1: config 0 interface 0 altsetting 254 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 529.792459][T16838] usb 5-1: config 0 interface 0 has no altsetting 0 [ 529.803690][T16838] usb 5-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00 [ 529.819509][T16838] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.834762][T16838] usb 5-1: config 0 descriptor?? [ 529.865355][T16838] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 530.076540][T16838] usb 5-1: USB disconnect, device number 45 [ 530.754236][T17982] input: syz0 as /devices/virtual/input/input72 [ 530.760864][T17982] input: failed to attach handler leds to device input72, error: -6 [ 531.035827][T16841] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 531.052666][T16841] hid-generic 0000:0000:0000.002D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 532.123278][T16841] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 532.283119][T16841] usb 5-1: Using ep0 maxpacket: 16 [ 532.294758][T16841] usb 5-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 532.310125][T16841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.336370][T16841] usb 5-1: Product: syz [ 532.343590][T16841] usb 5-1: Manufacturer: syz [ 532.348261][T16841] usb 5-1: SerialNumber: syz [ 532.367163][T16841] usb 5-1: config 0 descriptor?? [ 532.390793][T16841] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 532.595955][T16841] gp8psk: usb in 128 operation failed. [ 532.609068][T16841] gp8psk: usb in 137 operation failed. [ 532.623152][T16841] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 532.643835][T16841] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 532.675912][T16841] usb 5-1: media controller created [ 532.748620][T16841] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 532.799627][T16841] gp8psk_fe: Frontend revision 1 attached [ 532.811204][T16841] usb 5-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 532.825337][T16841] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 532.971482][T16841] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 532.993645][T16841] gp8psk: found Genpix USB device pID = 201 (hex) [ 533.315029][T16838] usb 5-1: USB disconnect, device number 46 [ 533.562621][T16838] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 534.097857][ T30] kauditd_printk_skb: 91 callbacks suppressed [ 534.097877][ T30] audit: type=1326 audit(1746263778.518:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18060 comm="syz.0.5101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 534.240346][ T30] audit: type=1326 audit(1746263778.518:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18060 comm="syz.0.5101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 534.347532][ T30] audit: type=1326 audit(1746263778.518:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18060 comm="syz.0.5101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8558 code=0x7ffc0000 [ 534.421013][ T30] audit: type=1326 audit(1746263778.518:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18060 comm="syz.0.5101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 534.494850][ T30] audit: type=1326 audit(1746263778.518:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18060 comm="syz.0.5101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 534.579716][ T30] audit: type=1326 audit(1746263778.518:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18060 comm="syz.0.5101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8558 code=0x7ffc0000 [ 534.654536][ T30] audit: type=1326 audit(1746263778.518:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18060 comm="syz.0.5101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 534.678123][ T30] audit: type=1326 audit(1746263778.518:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18060 comm="syz.0.5101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8558 code=0x7ffc0000 [ 534.733260][ T30] audit: type=1326 audit(1746263778.518:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18060 comm="syz.0.5101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 534.773213][ T30] audit: type=1326 audit(1746263778.518:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18060 comm="syz.0.5101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8558 code=0x7ffc0000 [ 535.063086][T16838] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 535.213159][T16838] usb 5-1: Using ep0 maxpacket: 32 [ 535.231553][T16838] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 535.263136][T16838] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 535.287401][T16838] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 535.304584][T16838] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.321223][T16838] usb 5-1: config 0 descriptor?? [ 535.516656][T18102] syzkaller1: entered promiscuous mode [ 535.522334][T18102] syzkaller1: entered allmulticast mode [ 535.773506][T16838] savu 0003:1E7D:2D5A.002E: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 535.807565][T13300] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 535.830439][T18113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5125'. [ 535.837873][T13300] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 535.891747][T18113] ipvlan2: entered promiscuous mode [ 536.067240][T16841] usb 5-1: USB disconnect, device number 47 [ 537.228818][T16838] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 537.344978][T18161] loop2: detected capacity change from 0 to 7 [ 537.354518][ T8076] Dev loop2: unable to read RDB block 7 [ 537.360429][ T8076] loop2: AHDI p2 p3 [ 537.366466][ T8076] loop2: partition table partially beyond EOD, truncated [ 537.376268][ T8076] loop2: p3 start 335544320 is beyond EOD, truncated [ 537.384686][T16838] usb 2-1: Using ep0 maxpacket: 8 [ 537.391933][T16838] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 537.404053][T16838] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 537.415102][T16838] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 537.425173][T18161] Dev loop2: unable to read RDB block 7 [ 537.430888][T18161] loop2: AHDI p2 p3 [ 537.436544][T18161] loop2: partition table partially beyond EOD, truncated [ 537.443766][T16838] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 537.454455][T18161] loop2: p3 start 335544320 is beyond EOD, truncated [ 537.461680][T16838] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 537.483098][T16838] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 537.496832][T16838] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 537.563600][T16848] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 537.663259][T16841] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 537.726497][T16838] usb 2-1: usb_control_msg returned -32 [ 537.732402][T16838] usbtmc 2-1:16.0: can't read capabilities [ 537.738762][T16848] usb 3-1: Using ep0 maxpacket: 16 [ 537.750499][T16848] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 537.761734][T16848] usb 3-1: config 0 has no interface number 0 [ 537.770890][T16848] usb 3-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.01 [ 537.780353][T16848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.788487][T16848] usb 3-1: Product: syz [ 537.792669][T16848] usb 3-1: Manufacturer: syz [ 537.797544][T16848] usb 3-1: SerialNumber: syz [ 537.805565][T16848] usb 3-1: config 0 descriptor?? [ 537.814052][T16848] gspca_main: xirlink-cit-2.14.0 probing 0545:8080 [ 537.815238][T16841] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 537.833564][T16841] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 537.842475][T16841] usb 5-1: config 220 has an invalid descriptor of length 102, skipping remainder of the config [ 537.855374][T16841] usb 5-1: config 220 has no interface number 2 [ 537.861705][T16841] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 537.875186][T16841] usb 5-1: config 220 interface 0 has no altsetting 0 [ 537.882009][T16841] usb 5-1: config 220 interface 76 has no altsetting 0 [ 537.888994][T16841] usb 5-1: config 220 interface 1 has no altsetting 0 [ 537.898153][T16841] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 537.907359][T16841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.915537][T16841] usb 5-1: Product: syz [ 537.919723][T16841] usb 5-1: Manufacturer: syz [ 537.924436][T16841] usb 5-1: SerialNumber: syz [ 538.086254][T18166] usbtmc 2-1:16.0: stb usb_control_msg returned -32 [ 538.095018][T16859] usb 2-1: USB disconnect, device number 58 [ 538.154326][T16841] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 538.160736][T16841] usb 5-1: No valid video chain found. [ 538.166643][T16841] usb 5-1: selecting invalid altsetting 0 [ 538.188508][T16841] usb 5-1: selecting invalid altsetting 0 [ 538.194632][T16841] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 538.206672][T16841] usb 5-1: USB disconnect, device number 48 [ 538.624125][T16848] gspca_xirlink_cit: Failed to write a register (index 0x0400, value 0x01, error -71) [ 538.655266][T16848] gspca_xirlink_cit: Failed to write a register (index 0x0420, value 0x00, error -71) [ 538.670269][T16848] gspca_xirlink_cit: Failed to write a register (index 0x0420, value 0x01, error -71) [ 538.681875][T16848] gspca_xirlink_cit: Failed to write a register (index 0x0409, value 0x0D, error -71) [ 538.698515][T16848] gspca_xirlink_cit: Failed to write a register (index 0x040A, value 0x02, error -71) [ 538.710723][T16848] gspca_xirlink_cit: Failed to write a register (index 0x0405, value 0x18, error -71) [ 538.725214][T16848] gspca_xirlink_cit: Failed to write a register (index 0x0435, value 0x08, error -71) [ 538.746533][T16848] gspca_xirlink_cit: Failed to write a register (index 0x040B, value 0x26, error -71) [ 538.760306][T16848] gspca_xirlink_cit: Failed to write a register (index 0x0437, value 0x07, error -71) [ 538.774161][T16848] gspca_xirlink_cit: Failed to write a register (index 0x042F, value 0x15, error -71) [ 538.788858][T16848] gspca_xirlink_cit: Failed to write a register (index 0x0439, value 0x2B, error -71) [ 538.810416][T16848] gspca_xirlink_cit: Failed to write a register (index 0x043A, value 0x26, error -71) [ 538.821444][T16848] gspca_xirlink_cit: Failed to write a register (index 0x0438, value 0x08, error -71) [ 538.839884][T16848] gspca_xirlink_cit: Failed to write a register (index 0x042B, value 0x1E, error -71) [ 538.850663][T16848] gspca_xirlink_cit: Failed to write a register (index 0x042C, value 0x41, error -71) [ 538.865804][T16848] gspca_xirlink_cit: Failed to write a register (index 0x0100, value 0xC0, error -71) [ 538.884414][T16848] input: xirlink-cit as /devices/platform/dummy_hcd.2/usb3/3-1/input/input73 [ 538.910629][T16848] usb 3-1: USB disconnect, device number 49 [ 540.405394][T18218] loop2: detected capacity change from 0 to 5 [ 540.419882][T18218] Dev loop2: unable to read RDB block 5 [ 540.431484][T18218] loop2: AHDI p2 p3 [ 540.438264][T18218] loop2: partition table partially beyond EOD, truncated [ 540.456343][T18218] loop2: p2 size 1701016946 extends beyond EOD, truncated [ 540.537038][ T8076] udevd[8076]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 540.897279][ T30] kauditd_printk_skb: 123 callbacks suppressed [ 540.897298][ T30] audit: type=1326 audit(1746263785.318:1808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18232 comm="syz.0.5177" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 540.952195][ T30] audit: type=1326 audit(1746263785.318:1809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18232 comm="syz.0.5177" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 540.977648][T18234] syzkaller1: entered promiscuous mode [ 540.988601][ T30] audit: type=1326 audit(1746263785.338:1810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18232 comm="syz.0.5177" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 541.011109][T18234] syzkaller1: entered allmulticast mode [ 541.025802][ T30] audit: type=1326 audit(1746263785.338:1811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18232 comm="syz.0.5177" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 541.096466][ T30] audit: type=1326 audit(1746263785.338:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18232 comm="syz.0.5177" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 541.158893][ T30] audit: type=1326 audit(1746263785.338:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18232 comm="syz.0.5177" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 541.238034][ T30] audit: type=1326 audit(1746263785.338:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18232 comm="syz.0.5177" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 541.291418][ T30] audit: type=1326 audit(1746263785.338:1815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18232 comm="syz.0.5177" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 541.346471][ T30] audit: type=1326 audit(1746263785.338:1816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18232 comm="syz.0.5177" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 541.426620][ T30] audit: type=1326 audit(1746263785.338:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18232 comm="syz.0.5177" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 541.724881][T18244] netlink: zone id is out of range [ 541.743252][T18244] netlink: zone id is out of range [ 541.749209][T18244] netlink: zone id is out of range [ 541.774570][T18244] netlink: zone id is out of range [ 541.781294][T18244] netlink: zone id is out of range [ 541.787936][T18244] netlink: zone id is out of range [ 541.798008][T18244] netlink: zone id is out of range [ 541.805589][T18244] netlink: zone id is out of range [ 541.814898][T18244] netlink: zone id is out of range [ 541.821641][T18244] netlink: zone id is out of range [ 541.943534][T16848] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 542.134466][T16848] usb 4-1: Using ep0 maxpacket: 16 [ 542.189538][T16848] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 542.210492][T16848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.233652][T16848] usb 4-1: Product: syz [ 542.237899][T16848] usb 4-1: Manufacturer: syz [ 542.276608][T16848] usb 4-1: SerialNumber: syz [ 542.294733][T16848] usb 4-1: config 0 descriptor?? [ 542.328315][T16848] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 542.589360][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 542.609668][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 542.618950][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 542.646985][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 542.674993][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 542.866751][ T12] team0: Port device bond0 removed [ 542.886171][ T12] bond0 (unregistering): Released all slaves [ 543.339959][T16848] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 543.348765][T18283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5191'. [ 543.362405][T16848] usb 4-1: USB disconnect, device number 56 [ 544.120334][ T12] hsr_slave_0: left promiscuous mode [ 544.133265][ T12] hsr_slave_1: left promiscuous mode [ 544.627480][T18316] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5206'. [ 544.748956][ T5834] Bluetooth: hci1: command tx timeout [ 545.726022][T18267] chnl_net:caif_netlink_parms(): no params data found [ 546.107468][T18344] input: syz0 as /devices/virtual/input/input74 [ 546.551852][T18267] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.569898][T18267] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.584338][T18267] bridge_slave_0: entered allmulticast mode [ 546.602539][T18267] bridge_slave_0: entered promiscuous mode [ 546.812855][T18267] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.825229][ T5834] Bluetooth: hci1: command tx timeout [ 546.833872][T18267] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.874022][T18267] bridge_slave_1: entered allmulticast mode [ 546.881866][T18267] bridge_slave_1: entered promiscuous mode [ 546.948875][ T12] IPVS: stop unused estimator thread 0... [ 547.097129][T18267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 547.129135][T18267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 547.331490][T18267] team0: Port device team_slave_0 added [ 547.386954][T18267] team0: Port device team_slave_1 added [ 547.529916][T18267] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 547.551633][T18267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.628079][T18267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 547.673320][T18267] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 547.680331][T18267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.747576][T18267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 547.870289][T18400] input: syz0 as /devices/virtual/input/input75 [ 547.918369][T18267] hsr_slave_0: entered promiscuous mode [ 547.937032][T18267] hsr_slave_1: entered promiscuous mode [ 547.951990][T18267] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 547.970264][T18267] Cannot create hsr debugfs directory [ 548.747220][T18267] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 548.783449][T18267] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 548.813763][T18267] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 548.828763][ T5834] Bluetooth: hci3: command 0x0406 tx timeout [ 548.834376][T16848] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 548.841667][T16848] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 548.877607][T18267] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 548.903281][ T5834] Bluetooth: hci1: command tx timeout [ 549.168727][T18267] 8021q: adding VLAN 0 to HW filter on device bond0 [ 549.212670][T18267] 8021q: adding VLAN 0 to HW filter on device team0 [ 549.247586][T13300] bridge0: port 1(bridge_slave_0) entered blocking state [ 549.254852][T13300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 549.298296][T13300] bridge0: port 2(bridge_slave_1) entered blocking state [ 549.305564][T13300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 549.480206][T18267] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 549.556524][T18267] veth0_vlan: entered promiscuous mode [ 549.578283][T18267] veth1_vlan: entered promiscuous mode [ 549.642123][T18267] veth0_macvtap: entered promiscuous mode [ 549.660142][T18267] veth1_macvtap: entered promiscuous mode [ 549.729189][T18267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.753680][T18267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.767834][T18267] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 549.788436][T18267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.799442][T18267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.816322][T18267] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 549.836805][T18267] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.846339][T18267] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.855651][T18267] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.864885][T18267] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.983515][ T5834] Bluetooth: hci1: command tx timeout [ 551.063439][T16848] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 551.063493][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 551.069558][T16848] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 553.143310][T16848] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 553.143630][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 553.149433][T16848] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 553.231106][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 553.245539][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 553.272392][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 553.280354][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 553.873340][T16858] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 554.043224][T16858] usb 2-1: Using ep0 maxpacket: 16 [ 554.063959][T16858] usb 2-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 554.091081][T16858] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.099814][T16858] usb 2-1: Product: syz [ 554.110814][T16858] usb 2-1: Manufacturer: syz [ 554.118229][T16858] usb 2-1: SerialNumber: syz [ 554.144142][T16858] usb 2-1: config 0 descriptor?? [ 554.158462][T16858] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 554.374304][T16858] gp8psk: usb in 128 operation failed. [ 554.397238][T16858] gp8psk: usb in 137 operation failed. [ 554.402807][T16858] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 554.426416][T16858] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 554.446609][T16858] usb 2-1: media controller created [ 554.527089][T16858] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 554.577136][T16858] gp8psk_fe: Frontend revision 1 attached [ 554.729393][T16858] usb 2-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 554.753308][T16858] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 554.858163][T18562] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5258'. [ 554.930906][T18562] vlan2: entered allmulticast mode [ 554.938687][T18562] gretap0: entered allmulticast mode [ 554.948155][T16858] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 554.965951][T16858] gp8psk: found Genpix USB device pID = 201 (hex) [ 555.264475][T16848] usb 2-1: USB disconnect, device number 59 [ 555.447639][T18580] loop6: detected capacity change from 0 to 524287999 [ 555.514723][T16848] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 555.828951][T18588] netlink: 'syz.2.5271': attribute type 10 has an invalid length. [ 555.854928][T18588] syz_tun: entered promiscuous mode [ 555.897556][T18588] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 556.198860][T18599] input: syz0 as /devices/virtual/input/input76 [ 556.621185][T18607] syzkaller1: entered promiscuous mode [ 556.643860][T18607] syzkaller1: entered allmulticast mode [ 557.051665][T18620] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 557.979974][T18658] loop8: detected capacity change from 0 to 8 [ 557.995553][T18658] Dev loop8: unable to read RDB block 8 [ 558.002867][T18658] loop8: unable to read partition table [ 558.011515][T18658] loop8: partition table beyond EOD, truncated [ 558.025495][T18658] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 558.487659][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 558.487678][ T30] audit: type=1326 audit(1746263802.908:1822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18673 comm="syz.2.5305" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x0 [ 558.663276][T16858] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 558.763249][T16841] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 558.823225][T16858] usb 2-1: Using ep0 maxpacket: 32 [ 558.846937][T16858] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 558.865795][T16858] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 558.881305][T16858] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 558.892759][T16858] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.924603][T16858] usb 2-1: config 0 descriptor?? [ 558.934281][T16841] usb 4-1: config 0 has too many interfaces: 129, using maximum allowed: 32 [ 558.948292][T16841] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 129 [ 558.960711][T16858] hub 2-1:0.0: USB hub found [ 558.987500][T16841] usb 4-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 559.024642][T16841] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.047528][T16841] usb 4-1: Product: syz [ 559.051832][T16841] usb 4-1: Manufacturer: syz [ 559.057419][T16841] usb 4-1: SerialNumber: syz [ 559.078342][T16841] usb 4-1: config 0 descriptor?? [ 559.171787][T16858] hub 2-1:0.0: 1 port detected [ 559.599329][T16858] usb 2-1: USB disconnect, device number 60 [ 559.707081][T16841] mos7840 4-1:0.0: required endpoints missing [ 559.732150][T16841] usb 4-1: USB disconnect, device number 57 [ 560.311413][T18703] net_ratelimit: 73 callbacks suppressed [ 560.311435][T18703] openvswitch: netlink: IPv4 tun info is not correct [ 560.854334][T18726] loop8: detected capacity change from 0 to 8 [ 560.881436][T18726] Dev loop8: unable to read RDB block 8 [ 560.910983][T18726] loop8: unable to read partition table [ 560.966227][T18726] loop8: partition table beyond EOD, truncated [ 561.026748][T18726] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 562.150739][T18778] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5344'. [ 562.185046][T18778] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5344'. [ 562.674859][T18800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5348'. [ 563.147885][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.156121][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.645050][ T30] audit: type=1326 audit(1746263808.068:1823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18837 comm="syz.2.5361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7fc00000 [ 564.043181][T16841] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 564.205391][T16841] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 564.228176][T16841] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 564.252519][T16841] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 564.262212][T16841] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.280388][T16841] usb 2-1: config 0 descriptor?? [ 564.352662][ T30] audit: type=1326 audit(1746263808.768:1824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18837 comm="syz.2.5361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f46539 code=0x7fc00000 [ 564.730726][T16841] hid-steam 0003:28DE:1142.002F: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 564.813992][T16841] hid-steam 0003:28DE:1142.002F: Steam wireless receiver connected [ 564.882908][T16841] hid-steam 0003:28DE:1142.0030: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 564.949798][T16841] usb 2-1: USB disconnect, device number 61 [ 565.010328][T16841] hid-steam 0003:28DE:1142.002F: Steam wireless receiver disconnected [ 566.763478][T18962] sctp: [Deprecated]: syz.3.5388 (pid 18962) Use of struct sctp_assoc_value in delayed_ack socket option. [ 566.763478][T18962] Use struct sctp_sack_info instead [ 566.923081][T16841] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 567.126657][T16841] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.147939][T16841] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 567.171255][T16841] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 567.197384][T16841] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.226058][T16841] usb 6-1: Product: syz [ 567.246334][T16841] usb 6-1: Manufacturer: syz [ 567.263834][T16841] usb 6-1: SerialNumber: syz [ 567.512337][T18957] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 568.162259][T18957] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 568.389746][T16841] cdc_mbim 6-1:1.0: failed to get mac address [ 568.412192][T16841] cdc_mbim 6-1:1.0: bind() failure [ 568.433588][T16841] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71 [ 568.453644][T16841] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71 [ 568.465614][T16841] usbtest 6-1:1.1: probe with driver usbtest failed with error -71 [ 568.497100][T16841] usb 6-1: USB disconnect, device number 2 [ 569.393337][T16844] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 569.553319][T16844] usb 6-1: Using ep0 maxpacket: 8 [ 569.570374][T16844] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 569.603030][T16844] usb 6-1: config 0 has no interface number 0 [ 569.615053][T16844] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 569.645447][T16844] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 569.664840][T16844] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.697285][T16844] usb 6-1: config 0 descriptor?? [ 569.742296][T16844] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 570.997822][T16841] usb 6-1: USB disconnect, device number 3 [ 571.199898][ T30] audit: type=1326 audit(1746263815.618:1825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19085 comm="syz.3.5427" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70de539 code=0x0 [ 571.743773][T16844] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 571.805345][T16848] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 571.903144][T16844] usb 2-1: Using ep0 maxpacket: 16 [ 571.915557][T16844] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 571.951843][T16844] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 571.978640][T16844] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 571.997997][T16848] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 572.006952][T16844] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 572.023386][T16848] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 572.040127][T16844] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 572.054056][T16848] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 572.068747][T16848] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 572.091458][T16844] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 572.117040][T16844] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 572.127193][T16848] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 572.142333][T16844] usb 2-1: Manufacturer: syz [ 572.154459][T16844] usb 2-1: config 0 descriptor?? [ 572.162010][T16848] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 572.187751][T16848] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 572.197347][T16848] usb 6-1: Product: syz [ 572.201593][T16848] usb 6-1: Manufacturer: syz [ 572.219644][T16848] cdc_wdm 6-1:1.0: skipping garbage [ 572.225545][T16848] cdc_wdm 6-1:1.0: skipping garbage [ 572.237227][T16848] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 572.247134][T16848] cdc_wdm 6-1:1.0: Unknown control protocol [ 572.473162][T16844] rc_core: IR keymap rc-hauppauge not found [ 572.493174][T16844] Registered IR keymap rc-empty [ 572.498398][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 572.498524][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 572.500794][T16858] usb 6-1: USB disconnect, device number 4 [ 572.506946][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 572.506969][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 572.506986][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 572.523378][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.573112][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.615428][T16844] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 572.645610][T16844] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input77 [ 572.672225][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.682774][ C0] mceusb 2-1:0.0: long-range (0x14) receiver active [ 572.723357][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.745688][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.784780][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.823386][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.863183][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.883209][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.906165][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.937004][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 572.963408][T16844] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 573.003326][T16844] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 573.022733][T16844] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x14 active) [ 573.049420][T16844] usb 2-1: USB disconnect, device number 62 [ 574.003119][T16844] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 574.198009][T19166] loop8: detected capacity change from 0 to 8 [ 574.217541][T16844] usb 4-1: Using ep0 maxpacket: 16 [ 574.224979][T19166] Dev loop8: unable to read RDB block 8 [ 574.231906][T19166] loop8: unable to read partition table [ 574.234291][T16844] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 574.248231][T19166] loop8: partition table beyond EOD, truncated [ 574.265546][T19166] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 574.274473][T16844] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 574.315244][T16844] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 574.335132][T16844] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.351988][T16844] usb 4-1: config 0 descriptor?? [ 574.794878][T16844] kovaplus 0003:1E7D:2D50.0031: unknown main item tag 0x0 [ 574.802223][T16844] kovaplus 0003:1E7D:2D50.0031: unknown main item tag 0x0 [ 574.849964][T16844] kovaplus 0003:1E7D:2D50.0031: unknown main item tag 0x0 [ 574.869294][T16844] kovaplus 0003:1E7D:2D50.0031: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.3-1/input0 [ 575.145990][T19185] binder: 19184:19185 ioctl c0306201 0 returned -14 [ 575.389945][T16844] kovaplus 0003:1E7D:2D50.0031: couldn't init struct kovaplus_device [ 575.412663][T16844] kovaplus 0003:1E7D:2D50.0031: couldn't install mouse [ 575.429872][T16844] kovaplus 0003:1E7D:2D50.0031: probe with driver kovaplus failed with error -71 [ 575.491511][T16844] usb 4-1: USB disconnect, device number 58 [ 576.386665][T19201] ALSA: seq fatal error: cannot create timer (-19) [ 577.688271][T19237] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5488'. [ 578.874731][T19270] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.904063][T19270] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.064448][T19274] bridge0: entered promiscuous mode [ 579.090863][T19274] macvlan2: entered promiscuous mode [ 579.186945][ T30] audit: type=1804 audit(1746263823.608:1826): pid=19280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.5507" name="/" dev="pidfs" ino=19280 res=1 errno=0 [ 579.259117][T16848] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 579.443809][T19287] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5511'. [ 579.484725][T19287] macvlan3: entered promiscuous mode [ 579.490096][T19287] bond0: entered promiscuous mode [ 579.500881][T19287] bond_slave_0: entered promiscuous mode [ 579.514463][T19287] bond_slave_1: entered promiscuous mode [ 579.521822][T19287] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 580.021808][T16848] usb 2-1: unable to get BOS descriptor or descriptor too short [ 580.046449][T16848] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 580.056092][T16858] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 580.063079][T16848] usb 2-1: can't read configurations, error -71 [ 580.236215][T16858] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 580.250016][T16858] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.261984][T16858] usb 3-1: Product: syz [ 580.270472][T16858] usb 3-1: Manufacturer: syz [ 580.289734][T16858] usb 3-1: SerialNumber: syz [ 580.302866][T16858] usb 3-1: config 0 descriptor?? [ 580.555966][T16841] usb 3-1: USB disconnect, device number 50 [ 582.738328][T19396] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5555'. [ 582.778342][T19396] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5555'. [ 582.793341][T19396] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5555'. [ 583.623530][T19430] syzkaller1: entered promiscuous mode [ 583.629390][T19430] syzkaller1: entered allmulticast mode [ 583.824893][T16843] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 583.993368][T16843] usb 3-1: Using ep0 maxpacket: 16 [ 584.007152][T16843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 584.030697][T16843] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 584.060143][T16843] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 584.072363][T16848] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 584.084843][T16843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.104964][T16843] usb 3-1: config 0 descriptor?? [ 584.304198][T16848] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 584.313573][T16848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.329963][T16848] usb 2-1: Product: syz [ 584.334677][T16848] usb 2-1: Manufacturer: syz [ 584.340787][T16848] usb 2-1: SerialNumber: syz [ 584.349862][T16848] usb 2-1: config 0 descriptor?? [ 584.377276][T16848] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 584.531642][T19450] netlink: 92 bytes leftover after parsing attributes in process `syz.0.5578'. [ 584.548189][T16843] kovaplus 0003:1E7D:2D50.0032: unknown main item tag 0x0 [ 584.565361][T16843] kovaplus 0003:1E7D:2D50.0032: unknown main item tag 0x0 [ 584.582925][T16843] kovaplus 0003:1E7D:2D50.0032: unknown main item tag 0x0 [ 584.618490][T16843] kovaplus 0003:1E7D:2D50.0032: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.2-1/input0 [ 585.160405][T16843] kovaplus 0003:1E7D:2D50.0032: couldn't init struct kovaplus_device [ 585.190227][T16843] kovaplus 0003:1E7D:2D50.0032: couldn't install mouse [ 585.232419][T16843] kovaplus 0003:1E7D:2D50.0032: probe with driver kovaplus failed with error -71 [ 585.280636][T16843] usb 3-1: USB disconnect, device number 51 [ 585.450912][T16848] usb 2-1: USB disconnect, device number 65 [ 586.066950][T16848] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 586.117818][T16843] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 586.237477][T16848] usb 3-1: Using ep0 maxpacket: 8 [ 586.251608][T16848] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 586.262289][T16848] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 586.285645][T16848] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 586.300747][T16848] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 586.314649][T16843] usb 4-1: Using ep0 maxpacket: 16 [ 586.329260][T16848] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 586.341417][T16848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.349898][T16843] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.373028][T16843] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 586.405949][T16843] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 586.437705][T16843] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 586.447771][T16843] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.468438][T16843] usb 4-1: config 0 descriptor?? [ 586.581048][T19500] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5598'. [ 586.603577][T16848] usb 3-1: GET_CAPABILITIES returned 0 [ 586.603794][T19500] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5598'. [ 586.609770][T16848] usbtmc 3-1:16.0: can't read capabilities [ 586.790015][T19504] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 586.813252][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 586.829180][T16841] usb 3-1: USB disconnect, device number 52 [ 586.905814][T16843] HID 045e:07da: Invalid code 65791 type 1 [ 586.933296][T16843] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0033/input/input78 [ 586.954230][T19507] input: syz0 as /devices/virtual/input/input79 [ 586.985129][T16843] microsoft 0003:045E:07DA.0033: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 587.155874][T16860] usb 4-1: USB disconnect, device number 59 [ 588.291139][T16860] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 588.366486][T19540] input: syz0 as /devices/virtual/input/input80 [ 588.453605][T16860] usb 2-1: Using ep0 maxpacket: 32 [ 588.463692][T16860] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 588.480375][T16860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.533786][T16860] usb 2-1: config 0 descriptor?? [ 588.548264][T16860] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 588.991627][ T30] audit: type=1326 audit(1746263833.408:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19548 comm="syz.2.5617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46558 code=0x7ffc0000 [ 589.062353][ T30] audit: type=1326 audit(1746263833.408:1828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19548 comm="syz.2.5617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46558 code=0x7ffc0000 [ 589.129142][ T30] audit: type=1326 audit(1746263833.408:1829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19548 comm="syz.2.5617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46558 code=0x7ffc0000 [ 589.186922][ T30] audit: type=1326 audit(1746263833.408:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19548 comm="syz.2.5617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 589.243280][ T30] audit: type=1326 audit(1746263833.408:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19548 comm="syz.2.5617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 589.317769][ T30] audit: type=1326 audit(1746263833.438:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19548 comm="syz.2.5617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46558 code=0x7ffc0000 [ 589.437493][ T30] audit: type=1326 audit(1746263833.438:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19548 comm="syz.2.5617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 589.513949][ T30] audit: type=1326 audit(1746263833.438:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19548 comm="syz.2.5617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 589.532739][T19553] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 589.582104][T16860] gspca_vc032x: reg_w err -71 [ 589.582170][ T30] audit: type=1326 audit(1746263833.438:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19548 comm="syz.2.5617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46558 code=0x7ffc0000 [ 589.604029][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 589.653413][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 589.689306][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 589.743079][ T30] audit: type=1326 audit(1746263833.438:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19548 comm="syz.2.5617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 589.747788][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 589.765280][ C0] vkms_vblank_simulate: vblank timer overrun [ 589.906324][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 589.914766][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 589.929338][T19559] input: syz0 as /devices/virtual/input/input81 [ 589.940531][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 589.953573][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 589.969082][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 589.977629][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 589.988292][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 590.011277][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 590.035680][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 590.051880][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 590.065546][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 590.078465][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 590.087399][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 590.100635][T16860] gspca_vc032x: I2c Bus Busy Wait 00 [ 590.115438][T16860] gspca_vc032x: Unknown sensor... [ 590.128800][T16860] vc032x 2-1:0.0: probe with driver vc032x failed with error -22 [ 590.170764][T16860] usb 2-1: USB disconnect, device number 66 [ 590.913935][T19593] loop2: detected capacity change from 0 to 7 [ 590.921127][T19593] Dev loop2: unable to read RDB block 7 [ 590.933190][T19593] loop2: unable to read partition table [ 590.940970][T19593] loop2: partition table beyond EOD, truncated [ 590.955392][T19593] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 592.068986][T19638] loop2: detected capacity change from 0 to 7 [ 592.077004][T19638] Dev loop2: unable to read RDB block 7 [ 592.082810][T19638] loop2: unable to read partition table [ 592.094718][T19638] loop2: partition table beyond EOD, truncated [ 592.110357][T19638] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 592.123135][T16858] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 592.233853][T19642] loop7: detected capacity change from 0 to 7 [ 592.263132][T19642] Dev loop7: unable to read RDB block 7 [ 592.282151][T19642] loop7: unable to read partition table [ 592.293219][T19642] loop7: partition table beyond EOD, truncated [ 592.315752][T16858] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 592.333864][T19642] loop_reread_partitions: partition scan of loop7 (被x ) failed (rc=-5) [ 592.335265][T16858] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.367830][T16858] usb 4-1: Product: syz [ 592.372273][T16858] usb 4-1: Manufacturer: syz [ 592.378074][T16858] usb 4-1: SerialNumber: syz [ 592.401479][T16858] usb 4-1: config 0 descriptor?? [ 592.452924][T19647] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not bonding slave [ 592.505029][T19647] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) [ 592.695765][T16848] usb 4-1: USB disconnect, device number 60 [ 592.773458][T16858] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 592.933245][T16858] usb 6-1: Using ep0 maxpacket: 16 [ 592.954227][T16858] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 592.980163][T16858] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.999427][T16858] usb 6-1: Product: syz [ 593.020133][T16858] usb 6-1: Manufacturer: syz [ 593.034075][T16858] usb 6-1: SerialNumber: syz [ 593.052822][T16858] usb 6-1: config 0 descriptor?? [ 593.068735][T16858] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 593.097418][T16858] usb 6-1: Detected FT232H [ 593.285811][T16858] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 593.713565][T16858] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 593.947359][T16858] usb 6-1: USB disconnect, device number 5 [ 593.971422][T16858] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 594.009676][T16858] ftdi_sio 6-1:0.0: device disconnected [ 594.447253][T19677] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 594.491713][T19677] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 594.621010][T19677] veth0_vlan: left allmulticast mode [ 594.761880][T19677] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.798924][T19677] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.818748][T19677] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.841666][T19677] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.946526][T19677] mac80211_hwsim hwsim12 wlan0: left allmulticast mode [ 594.958935][T19677] macvlan2: left allmulticast mode [ 594.971033][T19677] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 594.981455][T19677] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 594.990592][T19677] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 594.999553][T19677] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 595.250667][T19704] tipc: Can't bind to reserved service type 0 [ 597.225732][T19770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5709'. [ 597.235599][T19769] syzkaller1: entered promiscuous mode [ 597.253182][T19769] syzkaller1: entered allmulticast mode [ 597.466466][T19774] vlan2: entered allmulticast mode [ 597.487449][T19774] dummy0: entered allmulticast mode [ 598.083569][T16860] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 598.247750][T19797] syzkaller1: entered promiscuous mode [ 598.255752][T16860] usb 2-1: Using ep0 maxpacket: 16 [ 598.263161][T19797] syzkaller1: entered allmulticast mode [ 598.269518][T16860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.291208][T16860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.309712][T16860] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 598.327361][T16860] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 598.336956][T16860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.361150][T16860] usb 2-1: config 0 descriptor?? [ 598.810731][T16860] HID 045e:07da: Invalid code 65791 type 1 [ 598.832456][T16860] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0034/input/input82 [ 598.866571][T16860] microsoft 0003:045E:07DA.0034: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 599.077401][T16843] usb 2-1: USB disconnect, device number 67 [ 599.641258][T19835] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5739'. [ 599.651122][T19835] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5739'. [ 599.670336][T19835] gtp0: entered promiscuous mode [ 599.676348][T19835] gtp0: entered allmulticast mode [ 599.733125][T16860] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 599.881487][T19842] input: syz1 as /devices/virtual/input/input83 [ 599.904814][T16860] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 599.929824][T16860] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 599.941781][T16860] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 599.956776][T16860] usb 3-1: config 0 interface 0 has no altsetting 0 [ 599.964439][T16860] usb 3-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 599.976692][T16860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.987351][T16860] usb 3-1: config 0 descriptor?? [ 600.404584][T16860] kye 0003:0458:5015.0035: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 600.418094][T16860] kye 0003:0458:5015.0035: unknown main item tag 0x0 [ 600.428507][T16860] kye 0003:0458:5015.0035: hidraw0: USB HID v0.04 Device [HID 0458:5015] on usb-dummy_hcd.2-1/input0 [ 600.439948][T16860] kye 0003:0458:5015.0035: tablet-enabling feature report not found [ 600.448145][T16860] kye 0003:0458:5015.0035: tablet enabling failed [ 600.607820][T16843] usb 3-1: USB disconnect, device number 53 [ 600.832341][T19848] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 600.848139][T19848] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 600.923254][T16848] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 600.938317][T19848] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.948072][T19848] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.957055][T19848] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.966390][T19848] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 601.007666][T19848] macvlan2: left promiscuous mode [ 601.014317][T19848] gtp0: left promiscuous mode [ 601.019115][T19848] gtp0: left allmulticast mode [ 601.083398][T16848] usb 2-1: Using ep0 maxpacket: 8 [ 601.104983][T16848] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 601.129416][T16848] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 601.157689][T16848] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 601.170227][T16848] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 601.182646][T16848] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 601.214443][T16848] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 601.242273][T16848] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.475656][T16848] usb 2-1: GET_CAPABILITIES returned 0 [ 601.481227][T16848] usbtmc 2-1:16.0: can't read capabilities [ 601.705956][T16841] usb 2-1: USB disconnect, device number 68 [ 601.768486][ T30] kauditd_printk_skb: 143 callbacks suppressed [ 601.768503][ T30] audit: type=1326 audit(1746263846.188:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19872 comm="syz.0.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 601.837032][ T30] audit: type=1326 audit(1746263846.218:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19872 comm="syz.0.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 601.866499][ T30] audit: type=1326 audit(1746263846.228:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19872 comm="syz.0.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=310 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 601.883385][T16858] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 601.913685][ T30] audit: type=1326 audit(1746263846.228:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19872 comm="syz.0.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 601.946175][ T30] audit: type=1326 audit(1746263846.228:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19872 comm="syz.0.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 601.977237][ T30] audit: type=1326 audit(1746263846.228:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19872 comm="syz.0.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=399 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 602.004750][ T30] audit: type=1326 audit(1746263846.228:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19872 comm="syz.0.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 602.049362][ T30] audit: type=1326 audit(1746263846.228:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19872 comm="syz.0.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 602.054842][T19879] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5760'. [ 602.076859][T16858] usb 3-1: Using ep0 maxpacket: 32 [ 602.087579][ T30] audit: type=1326 audit(1746263846.228:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19872 comm="syz.0.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=400 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 602.113952][T16858] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 602.127161][T16858] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 602.136106][T19879] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5760'. [ 602.137934][ T30] audit: type=1326 audit(1746263846.228:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19872 comm="syz.0.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8539 code=0x7ffc0000 [ 602.174299][T16858] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 602.193199][T16858] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 602.202196][T16858] usb 3-1: config 1 has no interface number 0 [ 602.221391][T16858] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 602.233013][T16858] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.263711][T16858] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 602.484545][T16858] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values [ 602.503596][T16858] snd_usb_pod 3-1:1.1: invalid control EP [ 602.509499][T16858] snd_usb_pod 3-1:1.1: cannot start listening: -22 [ 602.526020][T16858] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 602.534245][T16858] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 602.729217][T16843] usb 3-1: USB disconnect, device number 54 [ 602.893642][T16848] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 603.053510][T16848] usb 6-1: Using ep0 maxpacket: 16 [ 603.069280][T16848] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.087095][T16848] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 603.101856][T16848] usb 6-1: config 0 interface 0 has no altsetting 0 [ 603.108894][T16848] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 603.123197][T16848] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.134460][T16848] usb 6-1: config 0 descriptor?? [ 603.568032][T16848] hid (null): unknown global tag 0xd [ 603.618530][T16848] hid (null): invalid report_size -1755079905 [ 603.626372][T16848] hid (null): report_id 499631086 is invalid [ 603.633448][T16848] hid (null): unknown global tag 0xe [ 603.643692][T16848] hid (null): global environment stack overflow [ 603.733979][T16858] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 603.796160][T16848] usb 6-1: USB disconnect, device number 6 [ 603.895092][T16858] usb 2-1: Using ep0 maxpacket: 16 [ 603.918253][T16858] usb 2-1: config 0 has an invalid interface number: 199 but max is 0 [ 603.933227][T16858] usb 2-1: config 0 has no interface number 0 [ 603.939370][T16858] usb 2-1: config 0 interface 199 altsetting 2 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 603.973345][T16858] usb 2-1: config 0 interface 199 has no altsetting 0 [ 603.980189][T16858] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=fc.71 [ 604.012998][T16858] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.029731][T16858] usb 2-1: config 0 descriptor?? [ 604.048093][T16858] port100 2-1:0.199: NFC: Could not find bulk-in or bulk-out endpoint [ 604.286697][T16858] usb 2-1: USB disconnect, device number 69 [ 604.576974][T19948] futex_wake_op: syz.2.5789 tries to shift op by -1; fix this program [ 605.538183][T19989] VFS: Mount too revealing [ 605.973198][T20004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5816'. [ 605.982314][T20004] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 606.020664][T20004] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 606.373074][T16848] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 606.554675][T16848] usb 6-1: Using ep0 maxpacket: 8 [ 606.608148][T16848] usb 6-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 606.695737][T16848] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.708150][T16848] usb 6-1: Product: syz [ 606.712355][T16848] usb 6-1: Manufacturer: syz [ 606.718442][T16848] usb 6-1: SerialNumber: syz [ 606.738723][T16848] usb 6-1: config 0 descriptor?? [ 606.747674][T16848] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 606.837268][ T30] kauditd_printk_skb: 90 callbacks suppressed [ 606.837288][ T30] audit: type=1326 audit(1746263851.258:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20009 comm="syz.2.5819" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46558 code=0x7ffc0000 [ 607.007770][ T30] audit: type=1326 audit(1746263851.258:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20009 comm="syz.2.5819" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 607.097759][ T30] audit: type=1326 audit(1746263851.258:2082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20009 comm="syz.2.5819" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46558 code=0x7ffc0000 [ 607.152429][ T30] audit: type=1326 audit(1746263851.258:2083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20009 comm="syz.2.5819" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46558 code=0x7ffc0000 [ 607.183086][ T30] audit: type=1326 audit(1746263851.258:2084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20009 comm="syz.2.5819" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 607.300030][ T30] audit: type=1326 audit(1746263851.258:2085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20009 comm="syz.2.5819" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 607.338759][ T30] audit: type=1326 audit(1746263851.258:2086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20009 comm="syz.2.5819" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 607.383925][ T30] audit: type=1326 audit(1746263851.258:2087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20009 comm="syz.2.5819" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46558 code=0x7ffc0000 [ 607.406024][ C0] vkms_vblank_simulate: vblank timer overrun [ 607.505466][ T30] audit: type=1326 audit(1746263851.258:2088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20009 comm="syz.2.5819" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 607.653175][ T30] audit: type=1326 audit(1746263851.258:2089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20009 comm="syz.2.5819" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x7ffc0000 [ 607.700665][T20042] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 607.774080][T16848] gspca_sonixj: reg_w1 err -71 [ 607.834054][T16848] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 607.848110][T16848] usb 6-1: USB disconnect, device number 7 [ 607.948525][T20050] syzkaller1: entered promiscuous mode [ 607.956762][T20050] syzkaller1: entered allmulticast mode [ 609.190055][T20099] input: syz1 as /devices/virtual/input/input84 [ 610.353162][ T9] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 610.523563][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 610.533562][T20144] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 610.540296][ T9] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 610.569154][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.579200][ T9] usb 2-1: Product: syz [ 610.585597][ T9] usb 2-1: Manufacturer: syz [ 610.590418][ T9] usb 2-1: SerialNumber: syz [ 610.611291][ T9] usb 2-1: config 0 descriptor?? [ 610.629838][ T9] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 610.644942][ T9] usb 2-1: Detected FT232H [ 610.761811][T20149] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5880'. [ 610.772519][T20149] netlink: 'syz.3.5880': attribute type 9 has an invalid length. [ 610.789722][T20149] macvlan2: entered allmulticast mode [ 610.841077][T20149] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode [ 610.849211][ T9] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 611.294858][ T9] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 611.543854][T16860] usb 2-1: USB disconnect, device number 70 [ 611.577121][T16860] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 611.590514][T16860] ftdi_sio 2-1:0.0: device disconnected [ 611.998637][T20180] loop8: detected capacity change from 0 to 8 [ 612.029792][T20180] Dev loop8: unable to read RDB block 8 [ 612.060002][T20180] loop8: unable to read partition table [ 612.066090][T20180] loop8: partition table beyond EOD, truncated [ 612.075775][T20180] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 612.553364][ T9] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 612.723798][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 612.741449][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 612.767335][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 612.783971][ T9] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 612.793428][T16848] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 612.817987][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.843484][T16860] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 612.843818][ T9] usb 4-1: config 0 descriptor?? [ 612.983321][T16848] usb 6-1: Using ep0 maxpacket: 8 [ 612.995061][T16848] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 613.014484][T16848] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 613.015562][T16860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.037616][T16848] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 613.062691][T16860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 613.079467][T16860] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 613.084274][T16848] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 613.108581][T16848] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 613.114286][T16860] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 613.122756][T16848] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 613.144524][T16860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.167282][T16848] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.183883][T16860] usb 2-1: config 0 descriptor?? [ 613.301256][ T9] savu 0003:1E7D:2D5A.0037: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 613.407644][T16848] usb 6-1: usb_control_msg returned -32 [ 613.417728][T16848] usbtmc 6-1:16.0: can't read capabilities [ 613.596729][T16858] usb 4-1: USB disconnect, device number 61 [ 613.642513][T16860] plantronics 0003:047F:FFFF.0038: No inputs registered, leaving [ 613.697678][T16860] plantronics 0003:047F:FFFF.0038: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 613.890156][T16848] usb 2-1: USB disconnect, device number 71 [ 614.617235][T20255] netlink: 14528 bytes leftover after parsing attributes in process `syz.1.5921'. [ 614.929452][T20272] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5929'. [ 615.590434][T16860] usb 6-1: USB disconnect, device number 8 [ 615.774311][T20289] netlink: 788 bytes leftover after parsing attributes in process `syz.5.5935'. [ 616.775121][T20337] sctp: [Deprecated]: syz.3.5952 (pid 20337) Use of struct sctp_assoc_value in delayed_ack socket option. [ 616.775121][T20337] Use struct sctp_sack_info instead [ 619.324508][T20428] sctp: [Deprecated]: syz.3.5992 (pid 20428) Use of struct sctp_assoc_value in delayed_ack socket option. [ 619.324508][T20428] Use struct sctp_sack_info instead [ 619.379753][T20432] syzkaller1: entered promiscuous mode [ 619.387037][T20432] syzkaller1: entered allmulticast mode [ 619.486376][T20436] loop8: detected capacity change from 0 to 8 [ 619.497255][T20436] Dev loop8: unable to read RDB block 8 [ 619.503530][T20436] loop8: unable to read partition table [ 619.509767][T20436] loop8: partition table beyond EOD, truncated [ 619.519496][T20436] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 619.938188][T20449] netlink: 5 bytes leftover after parsing attributes in process `syz.5.6002'. [ 619.958325][T20449] netlink: 5 bytes leftover after parsing attributes in process `syz.5.6002'. [ 620.023346][ T9] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 620.058217][T20451] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6003'. [ 620.216546][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 620.227254][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 620.243581][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 620.271948][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 620.293011][ T9] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 620.320507][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.349727][ T9] usb 3-1: config 0 descriptor?? [ 620.643758][T16848] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 620.823927][T16848] usb 4-1: Using ep0 maxpacket: 8 [ 620.840400][T16848] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 620.866888][T16848] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 620.893001][T16848] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 620.913176][T16848] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 620.934750][T16848] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 620.967478][T16848] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 620.985588][T16848] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 621.000276][ T9] usb 3-1: USB disconnect, device number 55 [ 621.027531][T16848] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 621.060159][T16848] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 621.088490][T16848] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 621.121630][T16848] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 621.129626][T16848] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 621.161538][T16848] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 621.191887][T16848] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 621.206436][T16848] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 621.223426][T16848] usb 4-1: string descriptor 0 read error: -22 [ 621.231985][T16848] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 621.262224][T16848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.290530][T16848] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 621.686704][T16858] usb 4-1: USB disconnect, device number 62 [ 621.687382][T20491] usb 4-1: Couldn't submit interrupt_out_urb -19 [ 622.020497][T20499] sctp: [Deprecated]: syz.2.6023 (pid 20499) Use of int in max_burst socket option. [ 622.020497][T20499] Use struct sctp_assoc_value instead [ 622.573051][T16848] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 622.748555][T16848] usb 3-1: Using ep0 maxpacket: 8 [ 622.755773][T16848] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 622.765610][T16848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.780632][T16848] usb 3-1: config 0 descriptor?? [ 622.785875][T16843] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 622.853057][T16858] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 622.953160][T16843] usb 4-1: Using ep0 maxpacket: 32 [ 622.969829][T16843] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 622.979739][T16843] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.992958][T16843] usb 4-1: Product: syz [ 623.000029][T16843] usb 4-1: Manufacturer: syz [ 623.007445][T16843] usb 4-1: SerialNumber: syz [ 623.013248][T16858] usb 6-1: Using ep0 maxpacket: 8 [ 623.018183][T16843] usb 4-1: config 0 descriptor?? [ 623.029361][T16858] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 623.036829][T16843] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 623.048387][T16858] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 623.057964][T16858] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.089312][T16858] usb 6-1: config 0 descriptor?? [ 623.525505][T16858] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 623.735519][T16858] usb 6-1: USB disconnect, device number 9 [ 623.800009][T20544] netlink: 'syz.1.6043': attribute type 4 has an invalid length. [ 623.828137][T16848] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 623.839888][T16848] asix 3-1:0.0: probe with driver asix failed with error -71 [ 623.859337][T16848] usb 3-1: USB disconnect, device number 56 [ 624.054645][T16843] gspca_ov534_9: reg_w failed -71 [ 624.353399][T16843] gspca_ov534_9: Unknown sensor 0000 [ 624.353492][T16843] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22 [ 624.419447][T16843] usb 4-1: USB disconnect, device number 63 [ 624.587765][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.595896][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.633699][ T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 624.793147][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 624.803569][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 624.816282][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 624.834031][T16848] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 624.852100][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 624.879691][ T9] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 624.905422][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.928468][ T9] usb 6-1: config 0 descriptor?? [ 625.009219][T16843] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 625.023366][T16848] usb 2-1: Using ep0 maxpacket: 32 [ 625.053931][T16848] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 625.062169][T16848] usb 2-1: config 0 has no interface number 0 [ 625.076279][T16848] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 625.085950][T16848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.123040][T16848] usb 2-1: Product: syz [ 625.127436][T16848] usb 2-1: Manufacturer: syz [ 625.132089][T16848] usb 2-1: SerialNumber: syz [ 625.164348][T16848] usb 2-1: config 0 descriptor?? [ 625.195125][T16843] usb 4-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 625.204550][T16848] smsc95xx v2.0.0 [ 625.217147][T16843] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.251623][T16843] usb 4-1: config 0 descriptor?? [ 625.426914][ T9] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.003A/input/input85 [ 625.492448][T16843] kaweth 4-1:0.0: Firmware present in device. [ 625.501670][ T9] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.003A/input/input86 [ 625.599329][T16848] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 625.627369][T16848] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 625.685481][T16843] kaweth 4-1:0.0: Statistics collection: 0 [ 625.699511][T16858] psmouse serio9: Failed to reset mouse on : -5 [ 625.702240][T16843] kaweth 4-1:0.0: Multicast filter limit: 0 [ 625.719205][T16843] kaweth 4-1:0.0: MTU: 0 [ 625.728485][T16843] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00 [ 625.770243][T20595] veth0_to_hsr: entered allmulticast mode [ 625.794978][T20594] veth0_to_hsr: left allmulticast mode [ 625.858038][ T9] kye 0003:0458:5011.003A: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.5-1/input0 [ 625.887333][ T9] usb 6-1: USB disconnect, device number 10 [ 626.083465][T16848] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 626.123561][T16848] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 626.171676][T16848] usb 2-1: USB disconnect, device number 72 [ 626.318219][T16843] kaweth 4-1:0.0: Error setting receive filter [ 626.326699][T16843] kaweth 4-1:0.0: probe with driver kaweth failed with error -5 [ 626.343804][T16843] usb 4-1: USB disconnect, device number 64 [ 626.473174][T16860] usb 3-1: new low-speed USB device number 57 using dummy_hcd [ 626.636095][T16860] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 626.644873][T16860] usb 3-1: config 179 has no interface number 0 [ 626.651270][T16860] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 626.665202][T16860] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 626.676713][T16860] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 626.688579][T16860] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 58368, setting to 8 [ 626.700258][T16860] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 626.703441][T20615] bridge0: port 3(hsr0) entered blocking state [ 626.722106][T20615] bridge0: port 3(hsr0) entered disabled state [ 626.724412][T16860] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 626.730549][T20615] hsr0: entered allmulticast mode [ 626.744281][T16860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.745113][T20615] hsr_slave_0: entered allmulticast mode [ 626.758009][T20604] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 626.771198][T20615] hsr_slave_1: entered allmulticast mode [ 626.772925][T16860] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 626.781832][T20615] hsr0: entered promiscuous mode [ 626.792887][T16860] xpad 3-1:179.65: probe with driver xpad failed with error -5 [ 627.001890][T16860] usb 3-1: USB disconnect, device number 57 [ 627.203252][T16843] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 627.365005][T16843] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 627.374435][T16843] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 627.395419][T16843] usb 2-1: config 0 descriptor?? [ 627.408533][T16843] cp210x 2-1:0.0: cp210x converter detected [ 627.820316][T16843] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 628.061649][T16843] usb 2-1: cp210x converter now attached to ttyUSB0 [ 628.271964][T16848] usb 2-1: USB disconnect, device number 73 [ 628.287231][T16848] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 628.308678][T16848] cp210x 2-1:0.0: device disconnected [ 628.386793][T16843] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 628.555990][T16843] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 628.580971][T16843] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 628.600062][T16843] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 628.609254][T16843] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.624750][T16843] usb 4-1: config 0 descriptor?? [ 629.047183][T16843] hid-led 0003:0FC5:B080.003B: unknown main item tag 0x0 [ 629.123110][T16859] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 629.228204][T20667] sctp: [Deprecated]: syz.5.6099 (pid 20667) Use of struct sctp_assoc_value in delayed_ack socket option. [ 629.228204][T20667] Use struct sctp_sack_info instead [ 629.273193][T16858] misc userio: Buffer overflowed, userio client isn't keeping up [ 629.328659][T16859] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 629.356307][T16859] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 629.395789][T16859] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 629.414351][T16859] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.435579][T16859] usb 3-1: config 0 descriptor?? [ 629.675063][T16843] usb 4-1: USB disconnect, device number 65 [ 629.880350][T20682] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6116'. [ 629.908288][T20682] vlan3: entered promiscuous mode [ 629.920197][T20682] hsr0: entered promiscuous mode [ 630.262711][T16859] hid-led 0003:27B8:01ED.003C: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.2-1/input0 [ 630.354472][T16859] hid-led 0003:27B8:01ED.003C: ThingM blink(1) initialized [ 630.513185][T16859] usb 3-1: USB disconnect, device number 58 [ 630.567483][T16858] input: PS/2 Generic Mouse as /devices/serio9/input/input87 [ 630.863219][T16858] psmouse serio9: Failed to enable mouse on [ 631.521009][T20725] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 631.914739][T16858] psmouse serio10: Failed to reset mouse on : -5 [ 632.213935][T20746] syzkaller1: entered promiscuous mode [ 632.219490][T20746] syzkaller1: entered allmulticast mode [ 632.781011][T20774] input: syz1 as /devices/virtual/input/input89 [ 632.828262][T20766] pim6reg1: entered promiscuous mode [ 632.856422][T20766] pim6reg1: entered allmulticast mode [ 633.743084][T16843] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 633.773319][T16848] usb 2-1: new low-speed USB device number 74 using dummy_hcd [ 633.913307][T16843] usb 6-1: Using ep0 maxpacket: 8 [ 633.920310][T16843] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 633.938997][T16843] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 633.959718][T16843] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 633.970340][T16848] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 633.989123][T16848] usb 2-1: config 179 has no interface number 0 [ 633.995715][T16843] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 634.005881][ T9] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 634.016019][T16848] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 634.033219][T16843] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 634.053080][T16848] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8 [ 634.073051][T16843] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 634.082307][T16848] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 634.103172][T16843] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.111372][T16848] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8 [ 634.150883][T16848] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 634.183900][T16848] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 634.193312][T16848] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.214243][T20801] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 634.221579][T20801] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 634.239458][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 634.250859][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 634.281710][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 634.353402][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 634.384174][T16843] usb 6-1: usb_control_msg returned -32 [ 634.390346][T16843] usbtmc 6-1:16.0: can't read capabilities [ 634.423468][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.494751][ T9] usb 4-1: config 0 descriptor?? [ 634.595720][T16859] usb 2-1: USB disconnect, device number 74 [ 634.595759][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 634.610439][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 634.912382][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 634.926479][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 634.943037][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 634.950657][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 634.958590][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 634.966226][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 634.976361][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 634.986492][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 634.995361][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 635.003360][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 635.010926][ T9] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 635.019933][ T9] plantronics 0003:047F:FFFF.003D: No inputs registered, leaving [ 635.040471][ T9] plantronics 0003:047F:FFFF.003D: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 635.118856][ T9] usb 4-1: USB disconnect, device number 66 [ 635.533134][T16858] misc userio: Buffer overflowed, userio client isn't keeping up [ 636.007282][T20844] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6173'. [ 636.030829][T20844] vlan3: entered promiscuous mode [ 636.039405][T20844] hsr0: entered promiscuous mode [ 636.113060][ T9] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 636.266025][ T9] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 636.281817][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 636.296276][ T9] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 636.313173][ T9] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 636.321458][ T9] usb 4-1: Product: syz [ 636.331572][ T9] usb 4-1: Manufacturer: syz [ 636.339360][ T9] usb 4-1: SerialNumber: syz [ 636.356597][ T9] usb 4-1: config 0 descriptor?? [ 636.381010][ T9] usb 4-1: selecting invalid altsetting 0 [ 636.516589][ T9] usb 6-1: USB disconnect, device number 11 [ 636.643418][T16860] usb 4-1: USB disconnect, device number 67 [ 636.802105][ T30] kauditd_printk_skb: 62 callbacks suppressed [ 636.802123][ T30] audit: type=1326 audit(1746263881.218:2152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20853 comm="syz.1.6178" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x0 [ 636.829985][ C0] vkms_vblank_simulate: vblank timer overrun [ 636.849630][T16858] input: PS/2 Generic Mouse as /devices/serio10/input/input88 [ 637.112897][T20864] sctp: [Deprecated]: syz.5.6183 (pid 20864) Use of int in maxseg socket option. [ 637.112897][T20864] Use struct sctp_assoc_value instead [ 637.113795][T16858] psmouse serio10: Failed to enable mouse on [ 638.072150][T20887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6192'. [ 639.088220][T20911] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6204'. [ 639.144503][T20911] vlan2: entered promiscuous mode [ 639.176902][T20911] hsr0: entered promiscuous mode [ 639.895492][T20939] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6218'. [ 641.770793][T20995] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6244'. [ 641.853568][T16848] usb 3-1: new low-speed USB device number 59 using dummy_hcd [ 642.034828][T16848] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 642.050230][T16848] usb 3-1: config 179 has no interface number 0 [ 642.057107][T16848] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 642.073387][T16848] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8 [ 642.086414][ T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 642.099859][T16848] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 642.118136][T16848] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8 [ 642.129966][T16848] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 642.148055][T16848] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 642.157473][T16843] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 642.166491][T16848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.180041][T20986] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 642.188460][T20986] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 642.263300][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 642.275199][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 642.286398][ T9] usb 6-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 642.295828][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.319850][ T9] usb 6-1: config 0 descriptor?? [ 642.325446][T16843] usb 4-1: Using ep0 maxpacket: 8 [ 642.340631][T16843] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 642.375201][T16843] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 642.385658][T16843] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 642.403375][T16843] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 642.417866][T16843] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 642.428316][T16843] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.509401][T16858] usb 3-1: USB disconnect, device number 59 [ 642.509400][ C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 642.509444][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 642.533810][ C0] vkms_vblank_simulate: vblank timer overrun [ 642.683041][T16843] usb 4-1: GET_CAPABILITIES returned 0 [ 642.689010][T16843] usbtmc 4-1:16.0: can't read capabilities [ 642.783138][ T9] uclogic 0003:5543:0064.003E: No inputs registered, leaving [ 642.808075][ T9] uclogic 0003:5543:0064.003E: hidraw0: USB HID v10.00 Device [HID 5543:0064] on usb-dummy_hcd.5-1/input0 [ 642.886322][ C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 642.915098][T16859] usb 4-1: USB disconnect, device number 68 [ 642.988906][T16843] usb 6-1: USB disconnect, device number 12 [ 643.143339][ T9] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 643.303155][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 643.319930][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 643.330385][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 643.342268][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 643.357240][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 643.385295][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 643.403430][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.636959][ T9] usb 2-1: GET_CAPABILITIES returned 0 [ 643.642669][ T9] usbtmc 2-1:16.0: can't read capabilities [ 643.744399][T16859] usb 4-1: new full-speed USB device number 69 using dummy_hcd [ 643.827294][ T30] audit: type=1326 audit(1746263888.238:2153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.2.6262" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f46539 code=0x0 [ 643.906099][ T9] usb 2-1: USB disconnect, device number 75 [ 643.925316][T16859] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 643.937161][T16859] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 643.967459][T16859] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 643.997141][T16859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.029042][T16859] usb 4-1: config 0 descriptor?? [ 644.268122][T16859] usbhid 4-1:0.0: can't add hid device: -71 [ 644.274294][T16859] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 644.285648][T16859] usb 4-1: USB disconnect, device number 69 [ 644.603291][ T9] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 644.813992][ T9] usb 6-1: config 0 has no interfaces? [ 644.830171][ T9] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 644.860520][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.891385][ T9] usb 6-1: config 0 descriptor?? [ 644.969252][T21057] batadv_slave_1: entered promiscuous mode [ 644.989821][T21057] batadv_slave_1: left promiscuous mode [ 645.224367][T21041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 645.277021][T21041] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 645.358644][T21041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 645.429987][T21041] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 645.472228][ T9] usb 6-1: USB disconnect, device number 13 [ 646.023214][ T9] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 646.186937][ T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 646.199842][ T9] usb 6-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40 [ 646.210189][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.224977][ T9] usb 6-1: Product: syz [ 646.229199][ T9] usb 6-1: Manufacturer: syz [ 646.235838][ T9] usb 6-1: SerialNumber: syz [ 646.253276][T16848] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 646.266050][ T9] usb 6-1: selecting invalid altsetting 1 [ 646.373207][T16843] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 646.413287][T16848] usb 4-1: Using ep0 maxpacket: 8 [ 646.434321][T16848] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 646.463288][T16848] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 646.482981][T16848] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 646.496599][ T9] cdc_ncm 6-1:1.0: bind() failure [ 646.513137][T16848] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 646.535290][ T9] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 646.553829][T16848] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 646.583355][T16843] usb 3-1: Using ep0 maxpacket: 16 [ 646.588828][T16848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.612897][T16843] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 646.621558][T16843] usb 3-1: config 0 has no interface number 0 [ 646.677409][T16843] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 646.689465][T16843] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 646.710252][T16843] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 646.758174][ T9] snd-usb-audio 6-1:1.1: probe with driver snd-usb-audio failed with error -22 [ 646.767963][T16843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.780681][T16843] usb 3-1: config 0 descriptor?? [ 646.804861][ T9] usb 6-1: USB disconnect, device number 14 [ 646.805420][ T5877] udevd[5877]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 646.850583][T16848] usb 4-1: usb_control_msg returned -32 [ 646.867106][T16848] usbtmc 4-1:16.0: can't read capabilities [ 647.223621][T21104] usbtmc 4-1:16.0: INDICATOR_PULSE returned 0 [ 647.402314][T16843] uclogic 0003:28BD:0071.003F: pen parameters not found [ 647.427832][T16843] uclogic 0003:28BD:0071.003F: interface is invalid, ignoring [ 647.437428][ T9] usb 4-1: USB disconnect, device number 70 [ 647.520723][T21116] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6300'. [ 647.633702][T16843] usb 3-1: USB disconnect, device number 60 [ 647.933084][T16858] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 648.115144][T16858] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 648.132273][T16858] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 648.163256][T16858] usb 6-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 648.172349][T16858] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 648.194641][T16858] usb 6-1: config 0 descriptor?? [ 648.623516][T16858] sony 0003:054C:024B.0040: unexpected long global item [ 648.631272][T16858] sony 0003:054C:024B.0040: parse failed [ 648.644722][T16858] sony 0003:054C:024B.0040: probe with driver sony failed with error -22 [ 648.832152][ T9] usb 6-1: USB disconnect, device number 15 [ 648.953067][T16843] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 649.124586][T16843] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 649.143015][T16843] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 649.159416][T16843] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 649.173703][T16843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 649.181756][T16843] usb 3-1: SerialNumber: syz [ 649.438860][T16843] usb 3-1: 0:2 : does not exist [ 649.500221][T16843] usb 3-1: USB disconnect, device number 61 [ 649.574110][ T8076] udevd[8076]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 650.355189][T16858] usb 6-1: new full-speed USB device number 16 using dummy_hcd [ 650.524862][T16858] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 650.553200][T16858] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.573023][T16858] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 650.593043][T16858] usb 6-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 650.602138][T16858] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.627523][T16858] usb 6-1: config 0 descriptor?? [ 650.694601][T21201] kvm: user requested TSC rate below hardware speed [ 650.913135][T16859] usb 4-1: new full-speed USB device number 71 using dummy_hcd [ 651.069092][T16859] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 651.088477][T16858] cherry 0003:046A:0023.0041: unbalanced collection at end of report description [ 651.108395][T16859] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 651.122145][T16858] cherry 0003:046A:0023.0041: probe with driver cherry failed with error -22 [ 651.136156][T16859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 651.191430][T16859] usb 4-1: config 0 descriptor?? [ 651.204951][T21202] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 651.236317][T21209] netlink: 'syz.2.6344': attribute type 11 has an invalid length. [ 651.349734][T16843] usb 6-1: USB disconnect, device number 16 [ 651.613143][T16858] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 651.641594][T16859] elan 0003:04F3:0755.0042: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 651.750913][T21213] @: renamed from vlan0 [ 651.793437][T16858] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 651.813637][T16858] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 651.822576][T16858] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 651.855439][T16859] usb 4-1: USB disconnect, device number 71 [ 651.863730][T16858] usb 3-1: config 0 interface 0 has no altsetting 0 [ 651.886582][T16858] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 651.924243][T16858] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 651.980325][T16858] usb 3-1: config 0 interface 0 has no altsetting 0 [ 651.990311][T16858] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 652.005597][T16858] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 652.018085][T16858] usb 3-1: config 0 interface 0 has no altsetting 0 [ 652.027380][T16858] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 652.041190][T16858] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 652.052760][T16858] usb 3-1: config 0 interface 0 has no altsetting 0 [ 652.060996][T16858] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 652.070930][T16858] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 652.082346][T16858] usb 3-1: config 0 interface 0 has no altsetting 0 [ 652.090301][T16858] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 652.113186][T16858] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 652.139454][T16858] usb 3-1: config 0 interface 0 has no altsetting 0 [ 652.147594][T16858] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 652.157260][T16858] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 652.172271][T16858] usb 3-1: config 0 interface 0 has no altsetting 0 [ 652.179940][T16858] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 652.189094][T16858] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 652.200279][T16858] usb 3-1: config 0 interface 0 has no altsetting 0 [ 652.210853][T16858] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 652.220372][T16858] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 652.229007][T16858] usb 3-1: Product: syz [ 652.233298][T16858] usb 3-1: Manufacturer: syz [ 652.237908][T16858] usb 3-1: SerialNumber: syz [ 652.251772][T16858] usb 3-1: config 0 descriptor?? [ 652.261777][T16858] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 652.499990][T16858] usb 3-1: USB disconnect, device number 62 [ 652.511087][T16858] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 653.183821][T21237] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6356'. [ 653.204963][T21237] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6356'. [ 653.827095][T16858] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 653.994474][T16858] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 654.023531][T16858] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 654.036711][T16858] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 654.067880][T16858] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 654.109413][T16858] usb 2-1: SerialNumber: syz [ 654.294431][T21281] loop6: detected capacity change from 0 to 63 [ 654.367376][T16858] usb 2-1: 0:2 : does not exist [ 654.403061][T16859] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 654.424527][T16858] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 654.480337][T16858] usb 2-1: USB disconnect, device number 76 [ 654.535238][ T8076] udevd[8076]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 654.583320][T16859] usb 6-1: Using ep0 maxpacket: 8 [ 654.602291][T16859] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 654.631822][T16859] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 654.654037][T16859] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 654.698648][T16859] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 654.730910][T16859] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 654.735845][T21293] futex_wake_op: syz.2.6383 tries to shift op by 32; fix this program [ 654.740705][T16859] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.980944][T16859] usb 6-1: GET_CAPABILITIES returned 0 [ 654.987071][T16859] usbtmc 6-1:16.0: can't read capabilities [ 655.212363][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 655.224027][T16859] usb 6-1: USB disconnect, device number 17 [ 656.534212][T21340] loop2: detected capacity change from 0 to 7 [ 656.551159][ T8076] Dev loop2: unable to read RDB block 7 [ 656.563006][ T8076] loop2: AHDI p1 p2 [ 656.567215][ T8076] loop2: partition table partially beyond EOD, truncated [ 656.590939][T21340] Dev loop2: unable to read RDB block 7 [ 656.624856][T21340] loop2: AHDI p1 p2 [ 656.644240][T21340] loop2: partition table partially beyond EOD, truncated [ 657.543721][T21371] input: syz0 as /devices/virtual/input/input90 [ 657.573177][T21371] input: failed to attach handler leds to device input90, error: -6 [ 657.615969][T16860] usb 3-1: new full-speed USB device number 63 using dummy_hcd [ 657.798262][T16860] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 657.813932][T21377] netlink: 'syz.0.6421': attribute type 3 has an invalid length. [ 657.833169][T16860] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 657.889607][T16860] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 657.904294][T16860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.933061][T16860] usb 3-1: Product: syz [ 657.937297][T16860] usb 3-1: Manufacturer: syz [ 657.941927][T16860] usb 3-1: SerialNumber: syz [ 658.192887][T16860] usb 3-1: 0:2 : does not exist [ 658.240616][T16860] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 658.304628][T16860] usb 3-1: USB disconnect, device number 63 [ 658.323380][T16848] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 658.370738][ T8076] udevd[8076]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 658.504815][T16848] usb 4-1: Using ep0 maxpacket: 16 [ 658.525145][T16848] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 658.543099][T16848] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 658.563022][T16848] usb 4-1: config 0 interface 0 has no altsetting 0 [ 658.574422][T16848] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 658.617607][T16848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.659810][T16848] usb 4-1: config 0 descriptor?? [ 659.081494][T16848] hid (null): report_id 11059 is invalid [ 659.093756][T16848] hid (null): unknown global tag 0xfa [ 659.118840][T16848] cougar 0003:060B:500A.0043: usage count exceeds max: fixing up report descriptor [ 659.134581][T16848] cougar 0003:060B:500A.0043: unexpected long global item [ 659.142646][T16848] cougar 0003:060B:500A.0043: parse failed [ 659.149164][T16848] cougar 0003:060B:500A.0043: probe with driver cougar failed with error -22 [ 659.223224][T16843] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 659.321330][T16860] usb 4-1: USB disconnect, device number 72 [ 659.393258][T16843] usb 6-1: Using ep0 maxpacket: 32 [ 659.406469][T16843] usb 6-1: config 0 has an invalid interface number: 85 but max is 0 [ 659.415017][T16843] usb 6-1: config 0 has no interface number 0 [ 659.421224][T16843] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 659.436264][T16843] usb 6-1: config 0 interface 85 has no altsetting 0 [ 659.445676][T16843] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 659.455065][T16843] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.459434][T21404] @: renamed from vlan0 [ 659.463173][T16843] usb 6-1: Product: syz [ 659.463193][T16843] usb 6-1: Manufacturer: syz [ 659.463209][T16843] usb 6-1: SerialNumber: syz [ 659.486033][T16843] usb 6-1: config 0 descriptor?? [ 659.784777][T16848] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 659.937446][T21414] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 659.965422][T16848] usb 2-1: config 0 has no interfaces? [ 659.971473][T16848] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 659.993856][T16848] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.014971][T16848] usb 2-1: config 0 descriptor?? [ 660.099802][T16843] appletouch 6-1:0.85: Geyser mode initialized. [ 660.115556][T16843] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input91 [ 660.253691][T21406] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 660.268124][T21406] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 660.282661][T21406] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 660.294341][T21406] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 660.306726][T16843] usb 2-1: USB disconnect, device number 77 [ 660.319761][T16859] usb 6-1: USB disconnect, device number 18 [ 660.355135][T16859] appletouch 6-1:0.85: input: appletouch disconnected [ 660.833330][T16843] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 661.089906][T16843] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 661.116030][T16843] usb 2-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40 [ 661.150095][T16843] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.173340][T16843] usb 2-1: Product: syz [ 661.177550][T16843] usb 2-1: Manufacturer: syz [ 661.192442][T16843] usb 2-1: SerialNumber: syz [ 661.222024][T16843] usb 2-1: selecting invalid altsetting 1 [ 661.421972][T16843] cdc_ncm 2-1:1.0: bind() failure [ 661.452762][T16843] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 661.580553][T21438] input: syz0 as /devices/virtual/input/input92 [ 661.597417][T21439] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6445'. [ 661.741595][T16843] snd-usb-audio 2-1:1.1: probe with driver snd-usb-audio failed with error -22 [ 661.792547][T16843] usb 2-1: USB disconnect, device number 78 [ 661.847070][ T8076] udevd[8076]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 662.128053][ T30] audit: type=1326 audit(1746263906.548:2154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21447 comm="syz.3.6451" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70de539 code=0x0 [ 662.290028][ T30] audit: type=1326 audit(1746263906.708:2155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21453 comm="syz.1.6452" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f03539 code=0x0 [ 663.064799][T21468] syzkaller1: entered promiscuous mode [ 663.070572][T21468] syzkaller1: entered allmulticast mode [ 663.215618][T21472] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6460'. [ 663.230786][T21472] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6460'. [ 663.543780][T16860] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 663.657772][T21493] netlink: 52 bytes leftover after parsing attributes in process `syz.2.6469'. [ 663.703605][T16860] usb 2-1: Using ep0 maxpacket: 32 [ 663.722595][T16860] usb 2-1: config 0 has no interfaces? [ 663.743304][T16860] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 663.758585][T16860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.767096][T16860] usb 2-1: Product: syz [ 663.771434][T16860] usb 2-1: Manufacturer: syz [ 663.776385][T16860] usb 2-1: SerialNumber: syz [ 663.786126][T16860] usb 2-1: config 0 descriptor?? [ 664.032160][T16860] usb 2-1: USB disconnect, device number 79 [ 664.583704][T16843] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 664.783329][T16843] usb 4-1: Using ep0 maxpacket: 16 [ 664.829879][T16843] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 664.865012][T16843] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 664.893241][T16843] usb 4-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 664.930041][T16843] usb 4-1: config 0 interface 0 has no altsetting 0 [ 664.943044][T16843] usb 4-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 664.952360][T16843] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.973282][T16843] usb 4-1: config 0 descriptor?? [ 665.458996][T16843] input: HID 0458:5010 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5010.0044/input/input93 [ 665.573777][T16843] kye 0003:0458:5010.0044: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.3-1/input0 [ 665.928853][T21569] pimreg: entered allmulticast mode [ 666.033008][T16860] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 666.183203][T16860] usb 3-1: Using ep0 maxpacket: 32 [ 666.213387][T16860] usb 3-1: config 0 has no interfaces? [ 666.218982][T16860] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 666.231563][T16860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.252391][T16860] usb 3-1: config 0 descriptor?? [ 666.484261][T21563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 666.498105][T21563] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 666.529052][T16860] usb 3-1: USB disconnect, device number 64 [ 666.536412][T21589] [ 666.538774][T21589] ===================================================== [ 666.545720][T21589] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 666.553208][T21589] 6.15.0-rc4-syzkaller-00256-g95d3481af6dc #0 Not tainted [ 666.560326][T21589] ----------------------------------------------------- [ 666.567248][T21589] syz.0.6513/21589 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 666.574993][T21589] ffff8880339d77f8 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 666.583731][T21589] [ 666.583731][T21589] and this task is already holding: [ 666.591090][T21589] ffff88805d2a1028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 666.600845][T21589] which would create a new lock dependency: [ 666.606728][T21589] (&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 666.614834][T21589] [ 666.614834][T21589] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 666.624277][T21589] (&client->buffer_lock){..-.}-{3:3} [ 666.624303][T21589] [ 666.624303][T21589] ... which became SOFTIRQ-irq-safe at: [ 666.637362][T21589] lock_acquire+0x120/0x360 [ 666.641988][T21589] _raw_spin_lock+0x2e/0x40 [ 666.646596][T21589] evdev_pass_values+0xb9/0xbd0 [ 666.651542][T21589] evdev_events+0x1e6/0x340 [ 666.656140][T21589] input_pass_values+0x285/0x890 [ 666.661171][T21589] input_event_dispose+0x3e5/0x6b0 [ 666.666373][T21589] input_inject_event+0x1fe/0x320 [ 666.671487][T21589] kd_sound_helper+0x19f/0x210 [ 666.676337][T21589] input_handler_for_each_handle+0xfe/0x1c0 [ 666.682410][T21589] call_timer_fn+0x17b/0x5f0 [ 666.687088][T21589] __run_timer_base+0x61a/0x860 [ 666.692028][T21589] run_timer_softirq+0xb7/0x180 [ 666.696964][T21589] handle_softirqs+0x283/0x870 [ 666.701822][T21589] __irq_exit_rcu+0xca/0x1f0 [ 666.706497][T21589] irq_exit_rcu+0x9/0x30 [ 666.710824][T21589] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 666.716544][T21589] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 666.722610][T21589] lock_acquire+0x175/0x360 [ 666.727204][T21589] down_read+0x46/0x2e0 [ 666.731457][T21589] kernfs_iop_permission+0x7c/0x4e0 [ 666.736773][T21589] inode_permission+0x245/0x490 [ 666.741716][T21589] link_path_walk+0x216/0xe50 [ 666.746487][T21589] path_openat+0x28c/0x3830 [ 666.751074][T21589] do_filp_open+0x1fa/0x410 [ 666.755658][T21589] do_sys_openat2+0x121/0x1c0 [ 666.760451][T21589] __x64_sys_openat+0x138/0x170 [ 666.765402][T21589] do_syscall_64+0xf6/0x210 [ 666.769991][T21589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.776053][T21589] [ 666.776053][T21589] to a SOFTIRQ-irq-unsafe lock: [ 666.783068][T21589] (tasklist_lock){.+.+}-{3:3} [ 666.783094][T21589] [ 666.783094][T21589] ... which became SOFTIRQ-irq-unsafe at: [ 666.795713][T21589] ... [ 666.795723][T21589] lock_acquire+0x120/0x360 [ 666.802993][T21589] _raw_read_lock+0x36/0x50 [ 666.807597][T21589] __do_wait+0xde/0x740 [ 666.811839][T21589] do_wait+0x1f8/0x520 [ 666.815999][T21589] kernel_wait+0xab/0x170 [ 666.820414][T21589] call_usermodehelper_exec_work+0xbe/0x230 [ 666.826397][T21589] process_scheduled_works+0xadb/0x17a0 [ 666.832042][T21589] worker_thread+0x8a0/0xda0 [ 666.836727][T21589] kthread+0x70e/0x8a0 [ 666.840885][T21589] ret_from_fork+0x4b/0x80 [ 666.845397][T21589] ret_from_fork_asm+0x1a/0x30 [ 666.850242][T21589] [ 666.850242][T21589] other info that might help us debug this: [ 666.850242][T21589] [ 666.860460][T21589] Chain exists of: [ 666.860460][T21589] &client->buffer_lock --> &new->fa_lock --> tasklist_lock [ 666.860460][T21589] [ 666.873587][T21589] Possible interrupt unsafe locking scenario: [ 666.873587][T21589] [ 666.881898][T21589] CPU0 CPU1 [ 666.887254][T21589] ---- ---- [ 666.892611][T21589] lock(tasklist_lock); [ 666.896860][T21589] local_irq_disable(); [ 666.903636][T21589] lock(&client->buffer_lock); [ 666.911020][T21589] lock(&new->fa_lock); [ 666.917790][T21589] [ 666.921238][T21589] lock(&client->buffer_lock); [ 666.926264][T21589] [ 666.926264][T21589] *** DEADLOCK *** [ 666.926264][T21589] [ 666.934406][T21589] 7 locks held by syz.0.6513/21589: [ 666.939602][T21589] #0: ffff888147b6b118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 666.948760][T21589] #1: ffff88801fb20230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 [ 666.958868][T21589] #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 [ 666.968532][T21589] #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 666.978106][T21589] #4: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 666.987239][T21589] #5: ffff88805d2a1028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 666.997418][T21589] #6: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 667.006496][T21589] [ 667.006496][T21589] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 667.016893][T21589] -> (&client->buffer_lock){..-.}-{3:3} { [ 667.022627][T21589] IN-SOFTIRQ-W at: [ 667.026613][T21589] lock_acquire+0x120/0x360 [ 667.032777][T21589] _raw_spin_lock+0x2e/0x40 [ 667.038947][T21589] evdev_pass_values+0xb9/0xbd0 [ 667.045465][T21589] evdev_events+0x1e6/0x340 [ 667.051626][T21589] input_pass_values+0x285/0x890 [ 667.058224][T21589] input_event_dispose+0x3e5/0x6b0 [ 667.064991][T21589] input_inject_event+0x1fe/0x320 [ 667.071674][T21589] kd_sound_helper+0x19f/0x210 [ 667.078085][T21589] input_handler_for_each_handle+0xfe/0x1c0 [ 667.085634][T21589] call_timer_fn+0x17b/0x5f0 [ 667.091882][T21589] __run_timer_base+0x61a/0x860 [ 667.098386][T21589] run_timer_softirq+0xb7/0x180 [ 667.104891][T21589] handle_softirqs+0x283/0x870 [ 667.111310][T21589] __irq_exit_rcu+0xca/0x1f0 [ 667.117551][T21589] irq_exit_rcu+0x9/0x30 [ 667.123442][T21589] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 667.130728][T21589] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 667.138365][T21589] lock_acquire+0x175/0x360 [ 667.144523][T21589] down_read+0x46/0x2e0 [ 667.150354][T21589] kernfs_iop_permission+0x7c/0x4e0 [ 667.157207][T21589] inode_permission+0x245/0x490 [ 667.163768][T21589] link_path_walk+0x216/0xe50 [ 667.170101][T21589] path_openat+0x28c/0x3830 [ 667.176256][T21589] do_filp_open+0x1fa/0x410 [ 667.182408][T21589] do_sys_openat2+0x121/0x1c0 [ 667.188744][T21589] __x64_sys_openat+0x138/0x170 [ 667.195269][T21589] do_syscall_64+0xf6/0x210 [ 667.201427][T21589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.208983][T21589] INITIAL USE at: [ 667.212878][T21589] lock_acquire+0x120/0x360 [ 667.218958][T21589] _raw_spin_lock+0x2e/0x40 [ 667.225022][T21589] evdev_pass_values+0xb9/0xbd0 [ 667.231440][T21589] evdev_events+0x1e6/0x340 [ 667.237512][T21589] input_pass_values+0x285/0x890 [ 667.244139][T21589] input_event_dispose+0x330/0x6b0 [ 667.251427][T21589] input_inject_event+0x1fe/0x320 [ 667.258019][T21589] evdev_write+0x2fc/0x480 [ 667.265497][T21589] vfs_write+0x27b/0xa90 [ 667.271321][T21589] ksys_write+0x145/0x250 [ 667.277228][T21589] __do_fast_syscall_32+0xb4/0x110 [ 667.283917][T21589] do_fast_syscall_32+0x34/0x80 [ 667.290345][T21589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 667.298247][T21589] } [ 667.300745][T21589] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 667.308922][T21589] [ 667.308922][T21589] the dependencies between the lock to be acquired [ 667.308934][T21589] and SOFTIRQ-irq-unsafe lock: [ 667.322460][T21589] -> (tasklist_lock){.+.+}-{3:3} { [ 667.327771][T21589] HARDIRQ-ON-R at: [ 667.331932][T21589] lock_acquire+0x120/0x360 [ 667.338445][T21589] _raw_read_lock+0x36/0x50 [ 667.344952][T21589] __do_wait+0xde/0x740 [ 667.351109][T21589] do_wait+0x1f8/0x520 [ 667.357196][T21589] kernel_wait+0xab/0x170 [ 667.363532][T21589] call_usermodehelper_exec_work+0xbe/0x230 [ 667.371432][T21589] process_scheduled_works+0xadb/0x17a0 [ 667.378982][T21589] worker_thread+0x8a0/0xda0 [ 667.385572][T21589] kthread+0x70e/0x8a0 [ 667.391644][T21589] ret_from_fork+0x4b/0x80 [ 667.398062][T21589] ret_from_fork_asm+0x1a/0x30 [ 667.404824][T21589] SOFTIRQ-ON-R at: [ 667.408982][T21589] lock_acquire+0x120/0x360 [ 667.415491][T21589] _raw_read_lock+0x36/0x50 [ 667.421992][T21589] __do_wait+0xde/0x740 [ 667.428152][T21589] do_wait+0x1f8/0x520 [ 667.434222][T21589] kernel_wait+0xab/0x170 [ 667.440554][T21589] call_usermodehelper_exec_work+0xbe/0x230 [ 667.448452][T21589] process_scheduled_works+0xadb/0x17a0 [ 667.456005][T21589] worker_thread+0x8a0/0xda0 [ 667.462598][T21589] kthread+0x70e/0x8a0 [ 667.468671][T21589] ret_from_fork+0x4b/0x80 [ 667.475090][T21589] ret_from_fork_asm+0x1a/0x30 [ 667.481947][T21589] INITIAL USE at: [ 667.486022][T21589] lock_acquire+0x120/0x360 [ 667.492444][T21589] _raw_write_lock_irq+0xa2/0xf0 [ 667.499298][T21589] copy_process+0x21d5/0x3b80 [ 667.505889][T21589] kernel_clone+0x21e/0x870 [ 667.512306][T21589] user_mode_thread+0xdd/0x140 [ 667.519000][T21589] rest_init+0x23/0x300 [ 667.525104][T21589] start_kernel+0x470/0x4f0 [ 667.531521][T21589] x86_64_start_reservations+0x2a/0x30 [ 667.538898][T21589] x86_64_start_kernel+0x66/0x70 [ 667.545760][T21589] common_startup_64+0x13e/0x147 [ 667.552619][T21589] INITIAL READ USE at: [ 667.557124][T21589] lock_acquire+0x120/0x360 [ 667.563980][T21589] _raw_read_lock+0x36/0x50 [ 667.571014][T21589] __do_wait+0xde/0x740 [ 667.577524][T21589] do_wait+0x1f8/0x520 [ 667.583942][T21589] kernel_wait+0xab/0x170 [ 667.590625][T21589] call_usermodehelper_exec_work+0xbe/0x230 [ 667.598875][T21589] process_scheduled_works+0xadb/0x17a0 [ 667.606777][T21589] worker_thread+0x8a0/0xda0 [ 667.613713][T21589] kthread+0x70e/0x8a0 [ 667.620132][T21589] ret_from_fork+0x4b/0x80 [ 667.626897][T21589] ret_from_fork_asm+0x1a/0x30 [ 667.634007][T21589] } [ 667.636677][T21589] ... key at: [] tasklist_lock+0x18/0x40 [ 667.644569][T21589] ... acquired at: [ 667.648539][T21589] lock_acquire+0x120/0x360 [ 667.653223][T21589] _raw_read_lock+0x36/0x50 [ 667.657900][T21589] send_sigurg+0x12b/0x420 [ 667.662533][T21589] sk_send_sigurg+0x6c/0x2e0 [ 667.667321][T21589] queue_oob+0x3d9/0x4e0 [ 667.671755][T21589] unix_stream_sendmsg+0xa41/0xb60 [ 667.677044][T21589] __sock_sendmsg+0x219/0x270 [ 667.681911][T21589] ____sys_sendmsg+0x52d/0x830 [ 667.686856][T21589] ___sys_sendmsg+0x21f/0x2a0 [ 667.691717][T21589] __sys_sendmmsg+0x28e/0x430 [ 667.696586][T21589] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 667.702312][T21589] __do_fast_syscall_32+0xb4/0x110 [ 667.707600][T21589] do_fast_syscall_32+0x34/0x80 [ 667.712652][T21589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 667.719177][T21589] [ 667.721510][T21589] -> (&f_owner->lock){....}-{3:3} { [ 667.726837][T21589] INITIAL USE at: [ 667.730829][T21589] lock_acquire+0x120/0x360 [ 667.737085][T21589] _raw_write_lock_irq+0xa2/0xf0 [ 667.743765][T21589] __f_setown+0x67/0x370 [ 667.749753][T21589] fcntl_dirnotify+0x3d6/0x690 [ 667.756260][T21589] do_fcntl+0x6c7/0x1910 [ 667.762242][T21589] do_compat_fcntl64+0x484/0x720 [ 667.768917][T21589] __do_fast_syscall_32+0xb4/0x110 [ 667.775777][T21589] do_fast_syscall_32+0x34/0x80 [ 667.782370][T21589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 667.790455][T21589] INITIAL READ USE at: [ 667.794878][T21589] lock_acquire+0x120/0x360 [ 667.801573][T21589] _raw_read_lock_irqsave+0xaf/0x100 [ 667.809053][T21589] send_sigio+0x38/0x370 [ 667.815566][T21589] dnotify_handle_event+0x169/0x440 [ 667.822950][T21589] fsnotify+0x1814/0x1a80 [ 667.829461][T21589] path_openat+0x171e/0x3830 [ 667.836222][T21589] do_filp_open+0x1fa/0x410 [ 667.842899][T21589] do_sys_openat2+0x121/0x1c0 [ 667.849793][T21589] __ia32_compat_sys_openat+0x131/0x160 [ 667.857521][T21589] __do_fast_syscall_32+0xb4/0x110 [ 667.864810][T21589] do_fast_syscall_32+0x34/0x80 [ 667.871837][T21589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 667.880344][T21589] } [ 667.882938][T21589] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 667.891894][T21589] ... acquired at: [ 667.895782][T21589] lock_acquire+0x120/0x360 [ 667.900466][T21589] _raw_read_lock_irqsave+0xaf/0x100 [ 667.905925][T21589] send_sigio+0x38/0x370 [ 667.910359][T21589] kill_fasync+0x24d/0x4d0 [ 667.914959][T21589] lease_break_callback+0x26/0x30 [ 667.920180][T21589] __break_lease+0x6a2/0x1620 [ 667.925053][T21589] do_dentry_open+0xd62/0x1970 [ 667.930112][T21589] vfs_open+0x3b/0x340 [ 667.934462][T21589] dentry_open+0x61/0xa0 [ 667.938890][T21589] do_mq_open+0x583/0x750 [ 667.943410][T21589] __ia32_compat_sys_mq_open+0x1f9/0x250 [ 667.949247][T21589] __do_fast_syscall_32+0xb4/0x110 [ 667.954540][T21589] do_fast_syscall_32+0x34/0x80 [ 667.959567][T21589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 667.966080][T21589] [ 667.968402][T21589] -> (&new->fa_lock){....}-{3:3} { [ 667.973632][T21589] INITIAL USE at: [ 667.977531][T21589] lock_acquire+0x120/0x360 [ 667.983610][T21589] _raw_write_lock_irq+0xa2/0xf0 [ 667.990114][T21589] fasync_remove_entry+0xf1/0x1c0 [ 667.996711][T21589] __fput+0x89f/0xa70 [ 668.002263][T21589] task_work_run+0x1d1/0x260 [ 668.008419][T21589] resume_user_mode_work+0x5e/0x80 [ 668.015098][T21589] syscall_exit_to_user_mode+0x9a/0x120 [ 668.022211][T21589] __do_fast_syscall_32+0xc1/0x110 [ 668.028894][T21589] do_fast_syscall_32+0x34/0x80 [ 668.035313][T21589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 668.043204][T21589] INITIAL READ USE at: [ 668.047541][T21589] lock_acquire+0x120/0x360 [ 668.054055][T21589] _raw_read_lock_irqsave+0xaf/0x100 [ 668.061357][T21589] kill_fasync+0x199/0x4d0 [ 668.067955][T21589] fuse_abort_conn+0xcf1/0x1010 [ 668.074818][T21589] cuse_process_init_reply+0x8ba/0xeb0 [ 668.082305][T21589] fuse_request_end+0x7b0/0xa60 [ 668.089156][T21589] fuse_dev_do_write+0x1c21/0x4fa0 [ 668.096298][T21589] fuse_dev_write+0x143/0x1d0 [ 668.102984][T21589] vfs_write+0x548/0xa90 [ 668.109230][T21589] ksys_write+0x145/0x250 [ 668.115575][T21589] __do_fast_syscall_32+0xb4/0x110 [ 668.122694][T21589] do_fast_syscall_32+0x34/0x80 [ 668.129559][T21589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 668.138155][T21589] } [ 668.140656][T21589] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 668.149341][T21589] ... acquired at: [ 668.153142][T21589] lock_acquire+0x120/0x360 [ 668.157824][T21589] _raw_read_lock_irqsave+0xaf/0x100 [ 668.163285][T21589] kill_fasync+0x199/0x4d0 [ 668.167910][T21589] evdev_pass_values+0x627/0xbd0 [ 668.173048][T21589] evdev_events+0x1e6/0x340 [ 668.177748][T21589] input_pass_values+0x285/0x890 [ 668.182880][T21589] input_event_dispose+0x330/0x6b0 [ 668.188181][T21589] input_inject_event+0x1fe/0x320 [ 668.193385][T21589] evdev_write+0x2fc/0x480 [ 668.197985][T21589] vfs_write+0x27b/0xa90 [ 668.202405][T21589] ksys_write+0x145/0x250 [ 668.206911][T21589] __do_fast_syscall_32+0xb4/0x110 [ 668.212201][T21589] do_fast_syscall_32+0x34/0x80 [ 668.217345][T21589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 668.223872][T21589] [ 668.226201][T21589] [ 668.226201][T21589] stack backtrace: [ 668.232111][T21589] CPU: 0 UID: 0 PID: 21589 Comm: syz.0.6513 Not tainted 6.15.0-rc4-syzkaller-00256-g95d3481af6dc #0 PREEMPT(full) [ 668.232136][T21589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 668.232147][T21589] Call Trace: [ 668.232159][T21589] [ 668.232167][T21589] dump_stack_lvl+0x189/0x250 [ 668.232197][T21589] ? __pfx_dump_stack_lvl+0x10/0x10 [ 668.232221][T21589] ? __pfx__printk+0x10/0x10 [ 668.232242][T21589] validate_chain+0x1f05/0x2140 [ 668.232267][T21589] __lock_acquire+0xaac/0xd20 [ 668.232292][T21589] ? kill_fasync+0x199/0x4d0 [ 668.232317][T21589] lock_acquire+0x120/0x360 [ 668.232339][T21589] ? kill_fasync+0x199/0x4d0 [ 668.232365][T21589] ? __lock_acquire+0xaac/0xd20 [ 668.232390][T21589] _raw_read_lock_irqsave+0xaf/0x100 [ 668.232408][T21589] ? kill_fasync+0x199/0x4d0 [ 668.232432][T21589] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 668.232448][T21589] ? do_raw_spin_lock+0x121/0x290 [ 668.232470][T21589] kill_fasync+0x199/0x4d0 [ 668.232495][T21589] ? kill_fasync+0x53/0x4d0 [ 668.232520][T21589] evdev_pass_values+0x627/0xbd0 [ 668.232547][T21589] ? evdev_pass_values+0x5e1/0xbd0 [ 668.232573][T21589] evdev_events+0x1e6/0x340 [ 668.232595][T21589] ? evdev_events+0x79/0x340 [ 668.232619][T21589] ? input_pass_values+0x8d/0x890 [ 668.232641][T21589] input_pass_values+0x285/0x890 [ 668.232666][T21589] ? input_handle_event+0x70c/0xf30 [ 668.232686][T21589] input_event_dispose+0x330/0x6b0 [ 668.232707][T21589] input_inject_event+0x1fe/0x320 [ 668.232726][T21589] ? input_inject_event+0xbc/0x320 [ 668.232746][T21589] evdev_write+0x2fc/0x480 [ 668.232769][T21589] ? wake_up_q+0xca/0x110 [ 668.232796][T21589] ? __pfx_evdev_write+0x10/0x10 [ 668.232821][T21589] ? bpf_lsm_file_permission+0x9/0x20 [ 668.232843][T21589] ? security_file_permission+0x75/0x290 [ 668.232876][T21589] ? rw_verify_area+0x258/0x650 [ 668.232893][T21589] ? __pfx_evdev_write+0x10/0x10 [ 668.232920][T21589] vfs_write+0x27b/0xa90 [ 668.232943][T21589] ? __pfx_vfs_write+0x10/0x10 [ 668.232961][T21589] ? __fget_files+0x2a/0x420 [ 668.232983][T21589] ? __fget_files+0x2a/0x420 [ 668.233003][T21589] ? __fget_files+0x3a0/0x420 [ 668.233023][T21589] ? __fget_files+0x2a/0x420 [ 668.233047][T21589] ksys_write+0x145/0x250 [ 668.233064][T21589] ? rcu_is_watching+0x15/0xb0 [ 668.233089][T21589] ? __pfx_ksys_write+0x10/0x10 [ 668.233108][T21589] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 668.233129][T21589] ? lockdep_hardirqs_on+0x9c/0x150 [ 668.233147][T21589] __do_fast_syscall_32+0xb4/0x110 [ 668.233171][T21589] do_fast_syscall_32+0x34/0x80 [ 668.233191][T21589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 668.233212][T21589] RIP: 0023:0xf7fa8539 [ 668.233228][T21589] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 668.233243][T21589] RSP: 002b:00000000f50c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 668.233262][T21589] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 668.233274][T21589] RDX: 0000000000002250 RSI: 0000000000000000 RDI: 0000000000000000 [ 668.233284][T21589] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 668.233294][T21589] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 668.233304][T21589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 668.233320][T21589] [ 668.564174][ C0] kye 0003:0458:5010.0044: usb_submit_urb(ctrl) failed: -1 [ 668.713097][T16843] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 668.883109][T16843] usb 6-1: Using ep0 maxpacket: 32 [ 668.890918][T16843] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 668.902885][T16843] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 668.911973][T16843] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 668.920317][T16843] usb 6-1: Product: syz [ 668.926000][T16843] usb 6-1: Manufacturer: syz [ 668.930605][T16843] usb 6-1: SerialNumber: syz [ 668.936670][T16843] usb 6-1: config 0 descriptor?? [ 668.942490][T21587] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 669.333433][T16858] usb 6-1: USB disconnect, device number 19 [ 669.343823][T16860] usb 4-1: USB disconnect, device number 73