last executing test programs: 1m29.15020965s ago: executing program 2 (id=1418): r0 = io_uring_setup(0x3efa, &(0x7f0000000000)={0x0, 0x0, 0x1840, 0x2, 0x10000}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) pselect6(0x40, &(0x7f0000000940)={0x0, 0x0, 0xcf, 0x4, 0x6, 0xffffffff00000000, 0xffffffffffffffff}, 0x0, &(0x7f0000000240)={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0) 1m28.143362431s ago: executing program 2 (id=1426): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0xfef4, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000240)=',', 0x34000}], 0x1) 1m27.94021503s ago: executing program 2 (id=1428): r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2) r1 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x1000000d}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0) 1m27.808899024s ago: executing program 2 (id=1430): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x8, 0xfff3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}, @TCA_CAKE_OVERHEAD={0x8, 0x6, 0xb2}]}}]}, 0x44}}, 0x0) 1m27.632453968s ago: executing program 2 (id=1432): r0 = socket$unix(0x1, 0x2, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000200)=0x10) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 1m27.449114466s ago: executing program 2 (id=1433): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 1m12.294079397s ago: executing program 32 (id=1433): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 25.819133215s ago: executing program 5 (id=2291): r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) ftruncate(r0, 0x8800000) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) sendfile(r1, r0, 0x0, 0x558410e9) 25.429443379s ago: executing program 5 (id=2295): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0x80de02bd3ca0bfdb}, 0x14}}, 0x0) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 25.213758614s ago: executing program 5 (id=2296): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x181802) r0 = syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r0, 0x7368, 0x0, 0x0, 0x0, 0x0) 24.961328391s ago: executing program 5 (id=2299): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdir(&(0x7f0000000140)='./control\x00', 0x5) rmdir(&(0x7f0000000100)='./control\x00') 24.77121363s ago: executing program 5 (id=2301): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'dummy0\x00', 0x0}) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) 24.095471917s ago: executing program 5 (id=2309): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000012000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$rtc(&(0x7f0000000680), 0x0, 0x2a00) ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f00000006c0)) 23.420856581s ago: executing program 33 (id=2309): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000012000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$rtc(&(0x7f0000000680), 0x0, 0x2a00) ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f00000006c0)) 2.002435201s ago: executing program 6 (id=2584): r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0xffffff5d}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) 1.848056816s ago: executing program 6 (id=2587): r0 = socket$inet(0x2b, 0x801, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x5) poll(&(0x7f0000000000)=[{r0, 0x4000}], 0x1, 0xff16) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000040), 0x4) 1.757752285s ago: executing program 1 (id=2589): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.666925461s ago: executing program 3 (id=2590): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) fsmount(0xffffffffffffffff, 0x1, 0x0) 1.60244711s ago: executing program 1 (id=2591): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) 1.515092345s ago: executing program 1 (id=2593): r0 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f00000000c0)={0x2, 0xfffe, @multicast2}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="2309fefffffffcffffff0100000005000700000000000800090000000000060002000100000008000a000400010008001700", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x2000082e}, 0x0) 1.277947934s ago: executing program 4 (id=2595): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002640)=@delchain={0x14c, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x110, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xe8, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_simple={0x84, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x56, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec7b2a9ceab9c40c5f9bd00ceff17d69ca7a27324ef7a1ad28d4b3c6a826826e9c291c16ab3d13e1f337"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_csum={0x30, 0x8, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_FD={0x8}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 1.171347806s ago: executing program 1 (id=2596): socket$vsock_stream(0x28, 0x1, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x5}, 0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) 1.099652924s ago: executing program 4 (id=2597): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c23003f) 945.224952ms ago: executing program 0 (id=2598): socket(0x10, 0x3, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004042, 0x0) r0 = syz_io_uring_setup(0x417a, &(0x7f00000000c0)={0x0, 0x0, 0x10711, 0x1, 0xffffffff}, &(0x7f0000000540)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4004, @fd_index=0x4, 0x10000000000000, &(0x7f0000000400)=[{&(0x7f0000001800)=""/4110, 0x100e}], 0x1}) io_uring_enter(r0, 0x567, 0x20, 0x0, 0x0, 0x0) 848.416794ms ago: executing program 3 (id=2599): mkdir(&(0x7f00000003c0)='./file0\x00', 0x12c) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xc0100, 0x0) getdents64(r0, 0x0, 0x1000000) 823.352587ms ago: executing program 6 (id=2600): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x4) r2 = openat$cgroup_pressure(r1, &(0x7f0000000540)='cpu.pressure\x00', 0x2, 0x0) read(r2, &(0x7f0000000040)=""/252, 0xfc) 774.374173ms ago: executing program 1 (id=2601): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) fchown(r0, r1, 0x0) 739.982868ms ago: executing program 4 (id=2602): r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000000000000850000007b00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) close(r0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000700)={r2}, 0xc) 695.125326ms ago: executing program 0 (id=2603): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) r2 = eventfd(0x401) readv(r2, &(0x7f0000000680)=[{&(0x7f00000010c0)=""/109, 0x6d}], 0x1) 640.131425ms ago: executing program 1 (id=2604): bpf$MAP_CREATE(0x0, 0x0, 0x50) syz_usb_connect(0x0, 0x4b, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003f9aab106d04f0080d5001020301090239000100001647090400000308066200090507000000000000092401"], 0x0) sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) 628.420209ms ago: executing program 3 (id=2605): sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="8f23", 0x2}], 0x1}, 0x4040880) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000040)={0x0, 0x800, 0x752f, 0xffffccb7, 0x3, 0x6}, &(0x7f0000000080)=0x14) 625.680754ms ago: executing program 6 (id=2606): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x5, &(0x7f0000000040)=0x1e6e, 0x4) 502.384325ms ago: executing program 4 (id=2607): r0 = add_key(&(0x7f0000000240)='cifs.spnego\x00', &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x44) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0xffffffffffffffff) keyctl$clear(0x3, r0) 501.352683ms ago: executing program 0 (id=2608): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="c2", 0x1, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private0}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x14) 472.419232ms ago: executing program 6 (id=2609): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) 433.622968ms ago: executing program 3 (id=2610): r0 = openat$smackfs_syslog(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x5) setresuid(0xee01, r2, 0xffffffffffffffff) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000100)='L', 0x1}], 0x1) 393.733178ms ago: executing program 4 (id=2611): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2800003, 0x31, 0xffffffffffffffff, 0x231cd000) r0 = io_uring_setup(0x36bf, &(0x7f0000000000)={0x0, 0xce43, 0x0, 0x5, 0x13d}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) 370.186074ms ago: executing program 0 (id=2612): r0 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000100)={0x80000000, 0x0, &(0x7f0000000500)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000300)={r1, &(0x7f0000000340)=[{}, {0x80000000}], &(0x7f0000000480)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000280)={r3, 0x0, &(0x7f0000000200)=[{{0x80000000, 0x0}, {0x80000000, 0x0}}]}) ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, &(0x7f0000000400)={{r2, r5, 0x3}, {r4, r6}}) 313.780667ms ago: executing program 6 (id=2613): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket(0x10, 0x3, 0x0) r1 = syz_pidfd_open(r0, 0x0) pidfd_getfd(r1, r1, 0x0) 289.010451ms ago: executing program 3 (id=2614): r0 = epoll_create1(0x0) epoll_pwait(r0, &(0x7f0000000000)=[{}], 0x1, 0x1ff, 0x0, 0x0) r1 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000080)=0xffffffffffffffff) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000040)={0x2}) 204.33704ms ago: executing program 0 (id=2615): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) 87.036003ms ago: executing program 3 (id=2616): mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x300000d, 0x6031, 0xffffffffffffffff, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000007c0)={0x48, 0x2, r1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x4, r1, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e}) 61.411678ms ago: executing program 4 (id=2617): r0 = timerfd_create(0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)) timerfd_settime(r0, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) 0s ago: executing program 0 (id=2618): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x26e1, 0x0) close(r0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="d8000000580081044e81f782db44b904021d0800090002", 0x17}], 0x1}, 0x24044880) ioctl$SIOCSIFHWADDR(r0, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00', @random="6c40ff0300"}) kernel console output (not intermixed with test programs): tsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.939120][ T1215] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.988266][ T1215] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 155.016427][ T1215] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.032772][ T1215] usb 1-1: config 0 descriptor?? [ 155.133397][ T30] audit: type=1326 audit(2000004147.622:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7631 comm="syz.2.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94ca58e929 code=0x7ffc0000 [ 155.186735][ T30] audit: type=1326 audit(2000004147.622:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7631 comm="syz.2.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94ca58e929 code=0x7ffc0000 [ 155.225862][ T30] audit: type=1326 audit(2000004147.622:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7631 comm="syz.2.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94ca58e929 code=0x7ffc0000 [ 155.249320][ T981] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 155.266236][ T30] audit: type=1326 audit(2000004147.622:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7631 comm="syz.2.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94ca58e929 code=0x7ffc0000 [ 155.292552][ T30] audit: type=1326 audit(2000004147.622:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7631 comm="syz.2.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94ca58e929 code=0x7ffc0000 [ 155.345647][ T30] audit: type=1326 audit(2000004147.652:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7631 comm="syz.2.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94ca58e929 code=0x7ffc0000 [ 155.376708][ T30] audit: type=1326 audit(2000004147.652:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7631 comm="syz.2.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94ca58e929 code=0x7ffc0000 [ 155.403727][ T30] audit: type=1326 audit(2000004147.652:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7631 comm="syz.2.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f94ca58e929 code=0x7ffc0000 [ 155.434729][ T30] audit: type=1326 audit(2000004147.652:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7631 comm="syz.2.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94ca58e929 code=0x7ffc0000 [ 155.469628][ T981] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 155.480725][ T1215] corsair 0003:1B1C:1B02.0007: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.0-1/input0 [ 155.485358][ T981] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 155.505994][ T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.514709][ T981] usb 4-1: Product: syz [ 155.523323][ T981] usb 4-1: Manufacturer: syz [ 155.528791][ T981] usb 4-1: SerialNumber: syz [ 155.541254][ T981] usb 4-1: config 0 descriptor?? [ 155.667535][ T1215] corsair 0003:1B1C:1B02.0007: Failed to get K90 initial state (error -71). [ 155.680450][ T1215] usb 1-1: USB disconnect, device number 6 [ 155.967072][ T7653] netlink: 4 bytes leftover after parsing attributes in process `syz.1.752'. [ 155.993190][ T981] usb 4-1: USB disconnect, device number 8 [ 156.094551][ T7658] kernel read not supported for file /${$ (pid: 7658 comm: syz.4.754) [ 157.148195][ T7698] netlink: 24 bytes leftover after parsing attributes in process `syz.3.773'. [ 157.520333][ T7710] netlink: 12 bytes leftover after parsing attributes in process `syz.4.779'. [ 158.666374][ T7756] netlink: 132 bytes leftover after parsing attributes in process `syz.4.799'. [ 158.763110][ T7758] netlink: 16 bytes leftover after parsing attributes in process `syz.1.801'. [ 159.054505][ T7773] netlink: 'syz.3.808': attribute type 14 has an invalid length. [ 159.216045][ T7781] netlink: 27 bytes leftover after parsing attributes in process `syz.1.812'. [ 159.252718][ T7783] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 159.421210][ T24] IPVS: starting estimator thread 0... [ 159.536272][ T7795] IPVS: using max 26 ests per chain, 62400 per kthread [ 159.622229][ T7801] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 159.753954][ T7811] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 159.821730][ T7813] netlink: 165 bytes leftover after parsing attributes in process `syz.1.827'. [ 160.298364][ T7836] overlayfs: failed to create directory ./file0/work (errno: 13); mounting read-only [ 160.320342][ T7836] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 160.433300][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 160.433320][ T30] audit: type=1800 audit(2000004152.922:77): pid=7841 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.841" name="dmabuf" dev="dmabuf" ino=3 res=0 errno=0 [ 160.458380][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.853910][ T7853] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.986709][ T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 161.137037][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 161.177444][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.205267][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.227985][ T24] usb 1-1: New USB device found, idVendor=056a, idProduct=0002, bcdDevice= 0.00 [ 161.240531][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.252091][ T24] usb 1-1: config 0 descriptor?? [ 161.726944][ T7892] netlink: 12 bytes leftover after parsing attributes in process `syz.2.865'. [ 161.873150][ T24] usb 1-1: USB disconnect, device number 7 [ 162.235700][ T7910] netlink: 'syz.2.872': attribute type 1 has an invalid length. [ 162.264957][ T7910] netlink: 'syz.2.872': attribute type 2 has an invalid length. [ 162.290991][ T7910] netlink: 'syz.2.872': attribute type 1 has an invalid length. [ 162.311456][ T7910] netlink: 'syz.2.872': attribute type 2 has an invalid length. [ 163.068483][ T981] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 163.236766][ T981] usb 3-1: Using ep0 maxpacket: 8 [ 163.248865][ T981] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 163.276964][ T981] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 163.292972][ T981] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 163.304863][ T981] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 163.323549][ T981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.341900][ T981] usb 3-1: Product: syz [ 163.356398][ T981] usb 3-1: Manufacturer: syz [ 163.365430][ T981] usb 3-1: SerialNumber: syz [ 163.503311][ T7965] netlink: 40 bytes leftover after parsing attributes in process `syz.3.898'. [ 163.586437][ T5917] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 163.611595][ T981] usb 3-1: 0:2 : does not exist [ 163.656770][ T981] usb 3-1: USB disconnect, device number 6 [ 163.735320][ T7975] sg_write: data in/out 524252/17 bytes for SCSI command 0x1-- guessing data in; [ 163.735320][ T7975] program syz.3.903 not setting count and/or reply_len properly [ 163.766289][ T5917] usb 5-1: Using ep0 maxpacket: 16 [ 163.777812][ T5917] usb 5-1: config 0 has no interfaces? [ 163.788297][ T5917] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 163.805864][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.823984][ T5917] usb 5-1: Product: syz [ 163.833044][ T5917] usb 5-1: Manufacturer: syz [ 163.839155][ T5917] usb 5-1: SerialNumber: syz [ 163.859750][ T5917] usb 5-1: config 0 descriptor?? [ 164.088781][ T5917] usb 5-1: USB disconnect, device number 10 [ 164.348624][ T7995] netlink: 16 bytes leftover after parsing attributes in process `syz.3.913'. [ 164.512713][ T8000] netlink: 'syz.3.915': attribute type 1 has an invalid length. [ 164.529318][ T8000] netlink: 208 bytes leftover after parsing attributes in process `syz.3.915'. [ 164.556851][ T8000] netlink: 'syz.3.915': attribute type 1 has an invalid length. [ 164.582431][ T8000] netlink: 12 bytes leftover after parsing attributes in process `syz.3.915'. [ 164.626010][ T8005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.918'. [ 165.150783][ T8028] program syz.0.929 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 165.822748][ T8051] serio: Serial port ptm0 [ 166.904623][ T8086] netlink: 40 bytes leftover after parsing attributes in process `syz.0.955'. [ 166.997128][ T8088] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 167.615634][ T8115] netlink: 'syz.2.969': attribute type 1 has an invalid length. [ 168.038723][ T5917] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 168.084997][ T8128] smc: net device bond0 applied user defined pnetid SYZ0 [ 168.095224][ T8128] smc: net device bond0 erased user defined pnetid SYZ0 [ 168.171809][ T30] audit: type=1400 audit(2000004160.662:78): lsm=SMACK fn=smack_task_setpgid action=denied subject="w" object="_" requested=w pid=8131 comm="syz.4.976" opid=8131 ocomm="syz.4.976" [ 168.237950][ T5917] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 168.256235][ T5917] usb 3-1: config 0 has no interface number 0 [ 168.280739][ T5917] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 168.297156][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.305543][ T5917] usb 3-1: Product: syz [ 168.312099][ T5917] usb 3-1: Manufacturer: syz [ 168.318284][ T5917] usb 3-1: SerialNumber: syz [ 168.330825][ T5917] usb 3-1: config 0 descriptor?? [ 168.563473][ T5917] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 168.583003][ T5917] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 168.616756][ T5917] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 168.625067][ T5917] usb 3-1: media controller created [ 168.686065][ T5917] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 169.781373][ T8176] netlink: 'syz.1.996': attribute type 21 has an invalid length. [ 169.791626][ T5917] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 169.799411][ T8176] netlink: 20 bytes leftover after parsing attributes in process `syz.1.996'. [ 169.819723][ T8176] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 169.867823][ T5917] usb 3-1: USB disconnect, device number 7 [ 169.896424][ T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 170.056334][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 170.064258][ T24] usb 1-1: unable to get BOS descriptor or descriptor too short [ 170.080014][ T24] usb 1-1: config 5 has an invalid interface number: 39 but max is 0 [ 170.097449][ T24] usb 1-1: config 5 has no interface number 0 [ 170.118720][ T24] usb 1-1: config 5 interface 39 altsetting 157 endpoint 0xC has invalid maxpacket 512, setting to 64 [ 170.136729][ T24] usb 1-1: config 5 interface 39 altsetting 157 endpoint 0x8A has an invalid bInterval 122, changing to 10 [ 170.156561][ T24] usb 1-1: config 5 interface 39 has no altsetting 0 [ 170.176384][ T24] usb 1-1: New USB device found, idVendor=050d, idProduct=0128, bcdDevice=1d.35 [ 170.186613][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.195498][ T24] usb 1-1: Product: syz [ 170.199989][ T24] usb 1-1: Manufacturer: syz [ 170.204632][ T24] usb 1-1: SerialNumber: syz [ 170.438368][ T24] ax88179_178a 1-1:5.39: probe with driver ax88179_178a failed with error -22 [ 170.476947][ T24] usb 1-1: USB disconnect, device number 8 [ 171.933734][ T8254] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1030'. [ 172.084973][ T8263] loop5: detected capacity change from 0 to 63 [ 172.136290][ T1215] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 172.159171][ T8265] netlink: 'syz.4.1035': attribute type 1 has an invalid length. [ 172.168069][ T8265] netlink: 'syz.4.1035': attribute type 4 has an invalid length. [ 172.176457][ T8265] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1035'. [ 172.186105][ T8265] NCSI netlink: No device for ifindex 458760 [ 172.248166][ T8267] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1037'. [ 172.298269][ T1215] usb 4-1: Using ep0 maxpacket: 16 [ 172.326216][ T1215] usb 4-1: config 0 has no interfaces? [ 172.337505][ T1215] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 172.363618][ T1215] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 172.403964][ T1215] usb 4-1: Manufacturer: syz [ 172.422741][ T1215] usb 4-1: config 0 descriptor?? [ 172.622967][ T8277] netlink: 'syz.2.1040': attribute type 1 has an invalid length. [ 172.646065][ T8277] netlink: 'syz.2.1040': attribute type 2 has an invalid length. [ 172.664975][ T8277] netlink: 'syz.2.1040': attribute type 1 has an invalid length. [ 172.689675][ T8277] netlink: 1156 bytes leftover after parsing attributes in process `syz.2.1040'. [ 172.709604][ T1215] usb 4-1: USB disconnect, device number 9 [ 173.436339][ T1215] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 173.601240][ T1215] usb 2-1: Using ep0 maxpacket: 32 [ 173.608622][ T1215] usb 2-1: config 2 has an invalid interface number: 117 but max is 0 [ 173.628609][ T1215] usb 2-1: config 2 has no interface number 0 [ 173.648820][ T1215] usb 2-1: config 2 interface 117 has no altsetting 0 [ 173.670249][ T1215] usb 2-1: New USB device found, idVendor=0781, idProduct=0100, bcdDevice= 1.00 [ 173.687284][ T1215] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.705760][ T1215] usb 2-1: Product: syz [ 173.714491][ T1215] usb 2-1: Manufacturer: syz [ 173.724580][ T1215] usb 2-1: SerialNumber: syz [ 173.746783][ T1215] usb-storage 2-1:2.117: USB Mass Storage device detected [ 173.769265][ T1215] usb-storage 2-1:2.117: Quirks match for vid 0781 pid 0100: 1 [ 173.896374][ T5917] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 173.980032][ T5902] usb 2-1: USB disconnect, device number 6 [ 174.049601][ T5917] usb 4-1: Using ep0 maxpacket: 16 [ 174.058614][ T5917] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 174.068013][ T5917] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 174.078654][ T5917] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 174.099801][ T5917] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 174.110258][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.118719][ T5917] usb 4-1: Product: syz [ 174.125464][ T5917] usb 4-1: Manufacturer: syz [ 174.136273][ T5917] usb 4-1: SerialNumber: syz [ 174.562224][ T5917] usb 4-1: 0:2 : does not exist [ 174.588333][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 174.960699][ T8349] team0: Device gtp0 is of different type [ 174.981873][ T5917] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1) [ 175.026688][ T5917] usb 4-1: USB disconnect, device number 10 [ 175.752107][ T8383] netlink: 16215 bytes leftover after parsing attributes in process `syz.1.1086'. [ 176.100914][ T8397] loop2: detected capacity change from 0 to 7 [ 176.129895][ T8397] Dev loop2: unable to read RDB block 7 [ 176.146380][ T8397] loop2: unable to read partition table [ 176.166515][ T8397] loop2: partition table beyond EOD, truncated [ 176.180173][ T8397] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 176.226345][ T8402] tipc: Started in network mode [ 176.236328][ T8402] tipc: Node identity 7a400000ff7f0000403a002d00002d4, cluster identity 4711 [ 176.433776][ T8409] Illegal XDP return value 2074050560 on prog (id 122) dev N/A, expect packet loss! [ 176.450358][ T8412] random: crng reseeded on system resumption [ 176.508135][ T8412] Restarting kernel threads ... [ 176.521390][ T8412] Done restarting kernel threads. [ 177.193470][ T8436] netlink: 'syz.0.1112': attribute type 83 has an invalid length. [ 177.716557][ T5813] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 177.878144][ T5813] usb 5-1: config 0 has no interfaces? [ 177.901178][ T5813] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9 [ 177.933845][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=234, SerialNumber=2 [ 177.974932][ T5813] usb 5-1: Product: syz [ 177.993656][ T5813] usb 5-1: Manufacturer: syz [ 178.009262][ T5813] usb 5-1: SerialNumber: syz [ 178.040163][ T5813] usb 5-1: config 0 descriptor?? [ 178.291445][ T5813] usb 5-1: USB disconnect, device number 11 [ 178.916269][ T5902] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 178.992349][ T8491] netlink: del zone limit has 4 unknown bytes [ 179.077958][ T5902] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 179.102302][ T5902] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 179.102539][ T8500] team0: Device gtp0 is of different type [ 179.124464][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.140709][ T5902] usb 1-1: Product: syz [ 179.155786][ T5902] usb 1-1: Manufacturer: syz [ 179.161784][ T5902] usb 1-1: SerialNumber: syz [ 179.182029][ T5902] usb 1-1: config 0 descriptor?? [ 179.654762][ T5902] usb 1-1: USB disconnect, device number 9 [ 179.776485][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 180.953278][ T8556] mac80211_hwsim hwsim9 wlan0: vlans aren't supported yet for dev_uc|mc_add() [ 181.036981][ T1215] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 181.157471][ T8561] block nbd0: server does not support multiple connections per device. [ 181.170740][ T8561] block nbd0: shutting down sockets [ 181.186275][ T5902] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 181.206338][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 181.218848][ T1215] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 181.250733][ T1215] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 181.305413][ T1215] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 181.324844][ T1215] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 181.339105][ T1215] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 181.369063][ T1215] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 181.378519][ T1215] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 181.388598][ T5902] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 181.396303][ T1215] usb 1-1: Product: syz [ 181.403106][ T1215] usb 1-1: Manufacturer: syz [ 181.407865][ T5902] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 181.407896][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.407918][ T5902] usb 5-1: Product: syz [ 181.407936][ T5902] usb 5-1: Manufacturer: syz [ 181.407952][ T5902] usb 5-1: SerialNumber: syz [ 181.412806][ T5902] usb 5-1: config 0 descriptor?? [ 181.444518][ T1215] usb 1-1: SerialNumber: syz [ 181.868259][ T1215] usb 1-1: config 0 descriptor?? [ 182.094513][ T1215] radio-si470x 1-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 182.122236][ T1215] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -5 [ 182.281419][ T8578] input: syz1 as /devices/virtual/input/input14 [ 182.362521][ T5813] usb 1-1: USB disconnect, device number 10 [ 182.496263][ T1215] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 182.513623][ T5902] usb 5-1: USB disconnect, device number 12 [ 182.649912][ T1215] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 182.664549][ T1215] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.675335][ T1215] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 182.685294][ T1215] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.696666][ T1215] usb 3-1: config 0 descriptor?? [ 182.950654][ T8603] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1189'. [ 183.106279][ T5813] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 183.286460][ T5813] usb 2-1: Using ep0 maxpacket: 16 [ 183.303661][ T5813] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 183.324779][ T5813] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 183.348580][ T5813] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 183.372399][ T5813] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 183.397795][ T5813] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 183.415044][ T5813] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 183.415933][ T8617] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1195'. [ 183.435213][ T5813] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 183.459331][ T5813] usb 2-1: Manufacturer: syz [ 183.479497][ T5813] usb 2-1: config 0 descriptor?? [ 183.544959][ T1215] uclogic 0003:256C:006D.0009: failed retrieving Huion firmware version: -71 [ 183.586277][ T1215] uclogic 0003:256C:006D.0009: failed probing parameters: -71 [ 183.594003][ T1215] uclogic 0003:256C:006D.0009: probe with driver uclogic failed with error -71 [ 183.651895][ T1215] usb 3-1: USB disconnect, device number 8 [ 183.777436][ T5813] rc_core: IR keymap rc-hauppauge not found [ 183.784215][ T5813] Registered IR keymap rc-empty [ 183.802839][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 183.840914][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 183.877965][ T5813] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 183.919947][ T5813] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input15 [ 183.963201][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 184.026732][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 184.059037][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 184.084672][ T8636] dummy0: entered promiscuous mode [ 184.091591][ T8636] macsec2: entered promiscuous mode [ 184.096394][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 184.121547][ T8636] macsec2: entered allmulticast mode [ 184.126356][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 184.139464][ T8636] dummy0: entered allmulticast mode [ 184.156433][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 184.165387][ T8636] dummy0: left allmulticast mode [ 184.175980][ T8636] dummy0: left promiscuous mode [ 184.201546][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 184.242884][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 184.279248][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 184.306735][ T5813] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 184.349993][ T5813] mceusb 2-1:0.0: Registered with mce emulator interface version 1 [ 184.389372][ T5813] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 184.429019][ T5813] usb 2-1: USB disconnect, device number 7 [ 184.725812][ T8659] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1213'. [ 185.060674][ T8669] loop8: detected capacity change from 0 to 1 [ 185.071782][ T8669] Dev loop8: unable to read RDB block 1 [ 185.089818][ T8669] loop8: unable to read partition table [ 185.095736][ T8669] loop8: partition table beyond EOD, truncated [ 185.117029][ T8669] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 185.356375][ T5902] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 185.364975][ T8683] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'. [ 185.406282][ T8683] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.491296][ T8683] bridge_slave_1 (unregistering): left allmulticast mode [ 185.506236][ T8683] bridge_slave_1 (unregistering): left promiscuous mode [ 185.517262][ T5902] usb 3-1: Using ep0 maxpacket: 16 [ 185.526384][ T8683] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.537377][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 185.555045][ T5902] usb 3-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.00 [ 185.585579][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.600107][ T5902] usb 3-1: config 0 descriptor?? [ 185.621479][ T5902] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input16 [ 185.732056][ T30] audit: type=1326 audit(2000004178.222:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8690 comm="syz.4.1226" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f36df38e929 code=0x0 [ 185.934530][ T5179] bcm5974 3-1:0.0: could not read from device [ 185.953706][ T5179] bcm5974 3-1:0.0: could not read from device [ 185.980344][ T5179] bcm5974 3-1:0.0: could not read from device [ 185.988374][ T5902] usb 3-1: USB disconnect, device number 9 [ 186.008994][ T5179] bcm5974 3-1:0.0: could not read from device [ 187.451371][ T8737] netlink: 1152 bytes leftover after parsing attributes in process `syz.1.1246'. [ 187.853432][ T8756] loop2: detected capacity change from 0 to 524287999 [ 189.961250][ T8826] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1284'. [ 189.971242][ T8828] o2cb: This node has not been configured. [ 189.997200][ T8828] o2cb: Cluster check failed. Fix errors before retrying. [ 190.016534][ T8828] (syz.2.1286,8828,0):user_dlm_register:674 ERROR: status = -22 [ 190.032247][ T8828] (syz.2.1286,8828,0):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1" [ 190.404293][ T8846] netlink: 'syz.1.1293': attribute type 2 has an invalid length. [ 190.423923][ T8846] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1293'. [ 190.581339][ T8851] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1295'. [ 190.584799][ T8854] openvswitch: netlink: Multiple metadata blocks provided [ 190.606519][ T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 190.654280][ T8851] nbd: couldn't find device at index 131080 [ 190.668157][ T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 190.776638][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 190.797010][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 190.821208][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 190.836718][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 190.853306][ T10] usb 3-1: config 6 has an invalid interface number: 2 but max is 0 [ 190.853310][ T24] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 190.853338][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.881426][ T10] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 190.913569][ T10] usb 3-1: config 6 has no interface number 0 [ 190.934648][ T10] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 190.956111][ T24] usb 1-1: config 0 descriptor?? [ 190.965001][ T10] usb 3-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 191.015571][ T10] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 191.033790][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.063243][ T10] usb 3-1: Product: syz [ 191.072640][ T10] usb 3-1: Manufacturer: syz [ 191.077749][ T10] usb 3-1: SerialNumber: syz [ 191.099575][ T10] hso 3-1:6.2: Failed to find INT IN ep [ 191.186513][ T1215] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 191.346243][ T1215] usb 5-1: Using ep0 maxpacket: 32 [ 191.362629][ T1215] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 191.381459][ T1215] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 191.401279][ T1215] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 191.424842][ T24] savu 0003:1E7D:2D5A.000A: unknown main item tag 0x0 [ 191.431936][ T1215] usb 5-1: config 1 has no interface number 0 [ 191.446304][ T1215] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 191.457571][ T24] savu 0003:1E7D:2D5A.000A: unknown main item tag 0x0 [ 191.465043][ T24] savu 0003:1E7D:2D5A.000A: unknown main item tag 0x0 [ 191.472100][ T1215] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 191.485186][ T24] savu 0003:1E7D:2D5A.000A: unknown main item tag 0x0 [ 191.492296][ T24] savu 0003:1E7D:2D5A.000A: unknown main item tag 0x0 [ 191.501092][ T1215] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 191.512636][ T24] savu 0003:1E7D:2D5A.000A: unbalanced collection at end of report description [ 191.526234][ T1215] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.537182][ T24] savu 0003:1E7D:2D5A.000A: parse failed [ 191.546260][ T24] savu 0003:1E7D:2D5A.000A: probe with driver savu failed with error -22 [ 191.563067][ T1215] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 191.645822][ T24] usb 1-1: USB disconnect, device number 11 [ 191.718526][ T8882] xt_cgroup: invalid path, errno=-2 [ 191.783280][ T1215] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached [ 191.813720][ T5917] usb 3-1: USB disconnect, device number 10 [ 192.095124][ T59] bond0: (slave bond_slave_0): interface is now down [ 192.104300][ T59] bond0: (slave bond_slave_1): interface is now down [ 192.120603][ T59] bond0: now running without any active interface! [ 192.220322][ T1215] usb 5-1: USB disconnect, device number 13 [ 192.230591][ T1215] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 192.457818][ T8905] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 192.577554][ T8910] loop2: detected capacity change from 0 to 524287999 [ 192.906548][ T5902] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 193.051831][ T8935] team0: Port device virt_wifi0 added [ 193.071199][ T8935] net veth1_virt_wifi virt_wifi0: refused to change device tx_queue_len [ 193.089823][ T5902] usb 3-1: unable to get BOS descriptor or descriptor too short [ 193.091460][ T8935] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 193.116924][ T5902] usb 3-1: not running at top speed; connect to a high speed hub [ 193.126588][ T5902] usb 3-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 64 [ 193.155483][ T5902] usb 3-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 193.186256][ T5902] usb 3-1: config 1 interface 0 has no altsetting 0 [ 193.205947][ T5902] usb 3-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 193.223974][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.235548][ T5902] usb 3-1: Product: syz [ 193.243869][ T5902] usb 3-1: Manufacturer: syz [ 193.249692][ T5902] usb 3-1: SerialNumber: syz [ 193.268402][ T8915] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 193.515934][ T5902] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input17 [ 193.676477][ T8955] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 193.684240][ T8955] macsec1: entered allmulticast mode [ 193.709093][ T8955] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 193.737191][ T8955] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 193.753410][ T8955] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 194.151542][ T5179] bcm5974 3-1:1.0: could not read from device [ 194.156560][ T5895] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 194.163494][ T5902] usb 3-1: USB disconnect, device number 11 [ 194.173375][ T5179] bcm5974 3-1:1.0: could not read from device [ 194.187663][ T5179] bcm5974 3-1:1.0: could not read from device [ 194.250964][ T30] audit: type=1400 audit(2000004186.742:80): lsm=SMACK fn=smack_key_permission action=denied subject="w" object="_" requested=w pid=8974 comm="syz.4.1354" key_serial=651825307 key_desc="_uid_ses.0" [ 194.270392][ C1] vkms_vblank_simulate: vblank timer overrun [ 194.323450][ T8978] netlink: 'syz.4.1355': attribute type 9 has an invalid length. [ 194.329716][ T5895] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.334606][ T8978] netlink: 146708 bytes leftover after parsing attributes in process `syz.4.1355'. [ 194.349239][ T5895] usb 4-1: config 0 has no interfaces? [ 194.365408][ T5895] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 194.375646][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.408884][ T5895] usb 4-1: config 0 descriptor?? [ 194.525721][ T8982] bridge0: port 3(batadv1) entered blocking state [ 194.534502][ T8982] bridge0: port 3(batadv1) entered disabled state [ 194.541771][ T8982] batadv1: entered allmulticast mode [ 194.554999][ T8982] batadv1: entered promiscuous mode [ 194.634553][ T24] usb 4-1: USB disconnect, device number 11 [ 195.027131][ T59] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 195.037329][ T59] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 196.236280][ T5917] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 196.417231][ T5917] usb 3-1: Using ep0 maxpacket: 32 [ 196.443966][ T5917] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 196.470627][ T5917] usb 3-1: config 0 has no interface number 0 [ 196.491819][ T5917] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 196.521717][ T5917] usb 3-1: config 0 interface 85 has no altsetting 0 [ 196.542922][ T5917] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 196.562451][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.596311][ T5917] usb 3-1: Product: syz [ 196.600752][ T5917] usb 3-1: Manufacturer: syz [ 196.605882][ T5917] usb 3-1: SerialNumber: syz [ 196.638092][ T5917] usb 3-1: config 0 descriptor?? [ 196.986464][ T5895] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 197.157616][ T5895] usb 5-1: Using ep0 maxpacket: 32 [ 197.168539][ T5895] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 197.179374][ T5895] usb 5-1: config 0 has no interface number 0 [ 197.185545][ T5895] usb 5-1: config 0 interface 12 has no altsetting 0 [ 197.216096][ T5895] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 197.232556][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.256254][ T5895] usb 5-1: Product: syz [ 197.260499][ T5895] usb 5-1: Manufacturer: syz [ 197.291159][ T5895] usb 5-1: SerialNumber: syz [ 197.317333][ T5895] usb 5-1: config 0 descriptor?? [ 197.356464][ T24] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 197.413433][ T5917] appletouch 3-1:0.85: Geyser mode initialized. [ 197.435772][ T5917] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input18 [ 197.469635][ C0] appletouch 3-1:0.85: appletouch: OVERFLOW with data length 64, actual length is 64 [ 197.528341][ T24] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 197.565672][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.594321][ T24] usb 4-1: Product: syz [ 197.604179][ T24] usb 4-1: Manufacturer: syz [ 197.626260][ T24] usb 4-1: SerialNumber: syz [ 197.649337][ T9065] sock: sock_set_timeout: `syz.0.1394' (pid 9065) tries to set negative timeout [ 197.680952][ T24] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 197.687405][ T5917] usb 3-1: USB disconnect, device number 12 [ 197.736787][ T1215] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 197.750803][ T5917] appletouch 3-1:0.85: input: appletouch disconnected [ 198.178049][ T5895] f81534 5-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 198.195213][ T5895] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71 [ 198.209279][ T5895] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 198.223161][ T9077] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1400'. [ 198.223227][ T5895] f81534 5-1:0.12: probe with driver f81534 failed with error -71 [ 198.276961][ T5917] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 198.277038][ T5895] usb 5-1: USB disconnect, device number 14 [ 198.397841][ T9080] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.434132][ T9080] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.442381][ T5917] usb 1-1: Using ep0 maxpacket: 32 [ 198.455793][ T5917] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 198.458086][ T9082] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1402'. [ 198.474668][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.526078][ T5917] usb 1-1: config 0 descriptor?? [ 198.540309][ T9082] bond1 (unregistering): Released all slaves [ 198.784228][ T5917] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 198.816974][ T5917] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 198.827193][ T1215] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 198.852362][ T5917] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 198.863769][ T1215] ath9k_htc: Failed to initialize the device [ 198.873233][ T5917] usb 1-1: media controller created [ 198.930227][ T1215] usb 4-1: ath9k_htc: USB layer deinitialized [ 198.959359][ T5895] usb 4-1: USB disconnect, device number 12 [ 198.965595][ T5917] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 199.057156][ T5917] az6027: usb out operation failed. (-71) [ 199.068661][ T5917] az6027: usb out operation failed. (-71) [ 199.088959][ T5917] stb0899_attach: Driver disabled by Kconfig [ 199.095135][ T5917] az6027: no front-end attached [ 199.095135][ T5917] [ 199.115329][ T5917] az6027: usb out operation failed. (-71) [ 199.132894][ T5917] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 199.158524][ T5917] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input19 [ 199.219253][ T5917] dvb-usb: schedule remote query interval to 400 msecs. [ 199.236442][ T5917] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 199.357629][ T5917] usb 1-1: USB disconnect, device number 12 [ 199.551646][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.588428][ T5917] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 200.036384][ T1215] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 200.204448][ T1215] usb 4-1: Using ep0 maxpacket: 16 [ 200.302634][ T1215] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.344288][ T1215] usb 4-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.00 [ 200.380429][ T1215] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.407807][ T1215] usb 4-1: config 0 descriptor?? [ 200.425758][ T1215] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input20 [ 200.775155][ T5179] bcm5974 4-1:0.0: could not read from device [ 200.819948][ T1215] usb 4-1: USB disconnect, device number 13 [ 201.202967][ T9164] cgroup: fork rejected by pids controller in /syz0 [ 202.515518][T10103] bridge0: entered promiscuous mode [ 202.524706][T10103] macvlan3: entered promiscuous mode [ 203.120309][T10118] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1446'. [ 204.151598][T10150] pim6reg: entered allmulticast mode [ 205.019625][T10175] tap0: tun_chr_ioctl cmd 1074025677 [ 205.025287][T10175] tap0: linktype set to 778 [ 205.044102][T10178] kernel read not supported for file /3sxt (pid: 10178 comm: syz.3.1473) [ 205.096249][ T30] audit: type=1800 audit(2000004197.572:81): pid=10178 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1473" name=A1BDE3D11EDE16337378741A dev="mqueue" ino=23248 res=0 errno=0 [ 205.173894][T10180] netlink: 277 bytes leftover after parsing attributes in process `syz.1.1475'. [ 205.508613][ T1215] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 205.702412][ T1215] usb 4-1: Using ep0 maxpacket: 32 [ 205.727675][ T1215] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 205.736023][ T1215] usb 4-1: config 0 has no interface number 0 [ 205.760655][ T1215] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 205.774758][ T1215] usb 4-1: New USB device strings: Mfr=1, Product=229, SerialNumber=2 [ 205.806533][ T1215] usb 4-1: Product: syz [ 205.818947][ T1215] usb 4-1: Manufacturer: syz [ 205.823655][ T1215] usb 4-1: SerialNumber: syz [ 205.862977][ T1215] usb 4-1: config 0 descriptor?? [ 205.874840][ T1215] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 205.923122][T10207] kernel profiling enabled (shift: 17) [ 206.085688][ T1215] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 206.127292][ T1215] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 206.305157][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - xmit_empty message too short [ 206.506449][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 206.507705][ T5917] usb 4-1: USB disconnect, device number 14 [ 206.532257][ T5917] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 206.587176][ T5917] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 206.621707][ T5917] quatech2 4-1:0.51: device disconnected [ 207.113667][T10230] ptp: physical clock is free running [ 207.131455][ T59] Bluetooth: hci5: Frame reassembly failed (-84) [ 207.163845][T10227] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 207.193380][T10233] bridge_slave_0: invalid flags given to default FDB implementation [ 208.087726][ T5917] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 208.265357][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1022, setting to 64 [ 208.295848][ T5917] usb 4-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 208.314046][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.337804][ T5917] usb 4-1: config 0 descriptor?? [ 208.345299][T10255] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 208.791321][ T5917] kye 0003:0458:0087.000B: hidraw0: USB HID v4.01 Device [HID 0458:0087] on usb-dummy_hcd.3-1/input0 [ 208.896330][ T1215] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 208.987900][ T24] usb 4-1: USB disconnect, device number 15 [ 209.059105][ T1215] usb 2-1: config 0 has an invalid interface number: 93 but max is 0 [ 209.080674][ T1215] usb 2-1: config 0 has no interface number 0 [ 209.101605][ T1215] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65 [ 209.127769][ T1215] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.146653][ T5835] Bluetooth: hci5: command 0x1003 tx timeout [ 209.154718][ T5828] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 209.156555][ T1215] usb 2-1: Product: syz [ 209.213504][ T1215] usb 2-1: Manufacturer: syz [ 209.226525][ T1215] usb 2-1: SerialNumber: syz [ 209.269371][ T1215] usb 2-1: config 0 descriptor?? [ 209.498144][ T1215] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state. [ 209.540909][ T1215] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 209.568945][ T1215] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 209.586449][ T1215] usb 2-1: media controller created [ 209.617391][ T1215] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 209.796320][ T1215] DVB: Unable to find symbol dib7000p_attach() [ 209.802610][ T1215] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 209.846931][ T1215] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 209.886991][ T1215] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 209.928287][ T1215] usb 2-1: media controller created [ 209.959521][ T1215] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 210.011845][ T1215] dib0700: the master dib7090 has to be initialized first [ 210.019390][T10301] netlink: 'syz.3.1528': attribute type 4 has an invalid length. [ 210.047064][ T1215] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 210.259313][ T1215] rc_core: IR keymap rc-dib0700-rc5 not found [ 210.265649][ T1215] Registered IR keymap rc-empty [ 210.294384][ T1215] dvb-usb: could not initialize remote control. [ 210.314198][ T5917] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 210.332155][ T1215] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected. [ 210.359859][ T5917] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz0] on syz0 [ 210.556997][ T5902] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 210.654260][ T5917] usb 2-1: USB disconnect, device number 8 [ 210.727699][ T5917] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected. [ 210.757580][ T5902] usb 5-1: Using ep0 maxpacket: 16 [ 210.768346][ T5902] usb 5-1: config 0 has no interfaces? [ 210.810384][ T5902] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 210.830588][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.856536][ T5902] usb 5-1: Product: syz [ 210.881738][ T5902] usb 5-1: Manufacturer: syz [ 210.891888][ T5902] usb 5-1: SerialNumber: syz [ 210.904868][ T5902] usb 5-1: config 0 descriptor?? [ 211.137141][ T5902] usb 5-1: USB disconnect, device number 15 [ 212.101110][T10356] sp0: Synchronizing with TNC [ 212.879655][T10381] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1559'. [ 213.803944][T10409] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1570'. [ 214.916385][ T5902] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 215.088413][ T5902] usb 1-1: config index 0 descriptor too short (expected 69, got 36) [ 215.105892][ T5902] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 215.140887][ T5902] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 215.164039][ T5902] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 215.206918][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.225693][ T5902] usb 1-1: Product: syz [ 215.240005][ T5902] usb 1-1: Manufacturer: syz [ 215.244969][ T5902] usb 1-1: SerialNumber: syz [ 215.270136][ T5902] usb 1-1: config 0 descriptor?? [ 215.279474][ T5902] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 215.705639][T10453] bridge0: entered promiscuous mode [ 215.766591][T10453] macvlan2: entered promiscuous mode [ 216.098241][ T5902] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 216.105793][ T5902] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 216.141593][ T5902] usb 1-1: USB disconnect, device number 13 [ 216.986451][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 216.986994][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 216.993520][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 216.999855][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 217.016465][T10479] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 217.286215][ T5813] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 217.466664][ T5813] usb 1-1: config 0 has no interfaces? [ 217.479170][ T5813] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 217.562850][T10490] netlink: 'syz.1.1609': attribute type 1 has an invalid length. [ 217.576219][ T5813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.612355][ T5813] usb 1-1: config 0 descriptor?? [ 217.616420][T10490] netlink: 212 bytes leftover after parsing attributes in process `syz.1.1609'. [ 217.656238][T10490] netlink: 'syz.1.1609': attribute type 1 has an invalid length. [ 217.771615][ T5826] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 217.783059][ T5826] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 217.802291][ T5826] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 217.822050][T10495] sp0: Synchronizing with TNC [ 217.832232][ T5895] usb 1-1: USB disconnect, device number 14 [ 217.847404][ T5826] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 217.857007][ T5826] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 217.923725][T10497] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1611'. [ 217.933799][T10497] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1611'. [ 218.312312][ T1152] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.484636][ T1152] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.662297][ T1152] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.789145][ T1152] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.957397][T10493] chnl_net:caif_netlink_parms(): no params data found [ 219.009684][T10533] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1626'. [ 219.599033][T10493] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.616373][T10493] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.624135][T10493] bridge_slave_0: entered allmulticast mode [ 219.670763][T10493] bridge_slave_0: entered promiscuous mode [ 219.690446][T10493] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.717798][T10493] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.725767][T10493] bridge_slave_1: entered allmulticast mode [ 219.749116][T10493] bridge_slave_1: entered promiscuous mode [ 219.765574][ T1152] bridge_slave_1: left allmulticast mode [ 219.772286][ T1152] bridge_slave_1: left promiscuous mode [ 219.780531][ T1152] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.815094][ T1152] bridge_slave_0: left allmulticast mode [ 219.822191][ T1152] bridge_slave_0: left promiscuous mode [ 219.856866][ T1152] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.946349][ T5826] Bluetooth: hci5: command tx timeout [ 220.283717][T10569] loop6: detected capacity change from 0 to 524287999 [ 220.451998][ T1152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.465491][ T1152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.477830][ T1152] bond0 (unregistering): Released all slaves [ 220.717031][T10493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.910776][T10493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.927106][T10583] bpf: Bad value for 'uid' [ 221.161885][T10493] team0: Port device team_slave_0 added [ 221.190767][T10596] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1653'. [ 221.223003][T10493] team0: Port device team_slave_1 added [ 221.566389][ T30] audit: type=1326 audit(2000004215.052:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10604 comm="syz.3.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 221.608656][T10493] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.615779][T10493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.666282][ T30] audit: type=1326 audit(2000004215.052:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10604 comm="syz.3.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 221.698917][T10493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.726248][ T30] audit: type=1326 audit(2000004215.052:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10604 comm="syz.3.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 221.776321][ T30] audit: type=1326 audit(2000004215.052:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10604 comm="syz.3.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 221.825591][ T30] audit: type=1326 audit(2000004215.052:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10604 comm="syz.3.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 221.889796][ T1152] hsr_slave_0: left promiscuous mode [ 221.906278][ T30] audit: type=1326 audit(2000004215.052:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10604 comm="syz.3.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 221.943031][T10613] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1661'. [ 221.947715][ T1152] hsr_slave_1: left promiscuous mode [ 221.987472][ T1152] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 222.005322][ T30] audit: type=1326 audit(2000004215.052:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10604 comm="syz.3.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 222.046490][ T5826] Bluetooth: hci5: command tx timeout [ 222.056269][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 222.063898][ T30] audit: type=1326 audit(2000004215.052:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10604 comm="syz.3.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 222.090326][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 222.143386][ T1152] veth1_macvtap: left promiscuous mode [ 222.157564][ T1152] veth0_macvtap: left promiscuous mode [ 222.163383][ T1152] veth1_vlan: left promiscuous mode [ 222.175362][ T1152] veth0_vlan: left promiscuous mode [ 223.003894][ T1152] team0 (unregistering): Port device team_slave_1 removed [ 223.052277][ T1152] team0 (unregistering): Port device team_slave_0 removed [ 223.527416][T10493] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 223.534952][T10493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.562347][T10493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 223.617363][T10634] pim6reg: left allmulticast mode [ 223.712795][T10493] hsr_slave_0: entered promiscuous mode [ 223.728559][T10493] hsr_slave_1: entered promiscuous mode [ 223.735976][T10493] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 223.745215][T10493] Cannot create hsr debugfs directory [ 224.106458][ T5826] Bluetooth: hci5: command tx timeout [ 224.146772][ T5902] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 224.337882][ T5902] usb 2-1: unable to get BOS descriptor or descriptor too short [ 224.361559][ T5902] usb 2-1: no configurations [ 224.377361][T10656] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1680'. [ 224.382482][ T5902] usb 2-1: can't read configurations, error -22 [ 224.580042][T10493] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 224.626065][T10493] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 224.663678][T10493] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 224.708155][T10493] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 224.725131][T10664] sp0: Synchronizing with TNC [ 224.838585][T10664] sp0: Synchronizing with TNC [ 224.845230][T10677] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1687'. [ 225.055851][T10493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.143668][T10493] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.212637][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.220373][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.300337][ T753] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.307687][ T753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.418850][T10697] loop6: detected capacity change from 0 to 63 [ 225.437297][T10696] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1697'. [ 225.449384][T10697] buffer_io_error: 40 callbacks suppressed [ 225.449403][T10697] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.478146][T10697] Buffer I/O error on dev loop6, logical block 1, async page read [ 225.499522][T10697] Buffer I/O error on dev loop6, logical block 2, async page read [ 225.503420][T10699] input: syz1 as /devices/virtual/input/input22 [ 225.508383][T10697] Buffer I/O error on dev loop6, logical block 3, async page read [ 225.839357][T10704] IPVS: persistence engine module ip_vs_pe_ not found [ 226.030138][T10722] autofs4:pid:10722:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(132694.524047), cmd(0xc018937b) [ 226.133238][T10722] autofs4:pid:10722:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937b) [ 226.159592][T10493] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.189368][ T5826] Bluetooth: hci5: command tx timeout [ 226.461351][ T981] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 226.481391][T10741] netlink: 'syz.0.1712': attribute type 12 has an invalid length. [ 226.619594][ T981] usb 4-1: Using ep0 maxpacket: 8 [ 226.630025][ T981] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 226.657976][ T981] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.695646][ T981] pvrusb2: Hardware description: Terratec Grabster AV400 [ 226.706555][ T5902] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 226.730206][T10493] veth0_vlan: entered promiscuous mode [ 226.742895][ T981] pvrusb2: ********** [ 226.748153][ T981] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 226.773215][T10493] veth1_vlan: entered promiscuous mode [ 226.779595][ T981] pvrusb2: Important functionality might not be entirely working. [ 226.790478][ T981] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 226.814909][ T981] pvrusb2: ********** [ 226.823803][T10750] sp0: Synchronizing with TNC [ 226.896337][ T5902] usb 2-1: Using ep0 maxpacket: 8 [ 226.913148][T10493] veth0_macvtap: entered promiscuous mode [ 226.922181][ T2348] pvrusb2: Invalid write control endpoint [ 226.931412][ T5902] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 226.951882][T10493] veth1_macvtap: entered promiscuous mode [ 226.958454][ T5902] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 226.979284][ T5902] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 227.013942][T10493] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 227.028522][ T5902] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 227.055632][ T5902] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 227.078738][T10493] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.099612][ T2348] pvrusb2: Invalid write control endpoint [ 227.105797][ T2348] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 227.116070][ T2348] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 227.126879][ T2348] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 227.135839][T10493] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.139155][ T2348] pvrusb2: Device being rendered inoperable [ 227.146813][ T5902] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 227.153815][ T2348] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 227.173395][T10493] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.186762][T10727] pvrusb2: Attempted to execute control transfer when device not ok [ 227.203955][ T2348] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 227.205178][T10493] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.214603][ T2348] pvrusb2: Attached sub-driver cx25840 [ 227.225100][ T981] usb 4-1: USB disconnect, device number 16 [ 227.228972][ T2348] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 227.234974][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.245464][ T2348] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 227.272510][T10493] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.314586][T10757] netlink: 1 bytes leftover after parsing attributes in process `syz.4.1720'. [ 227.507471][ T5902] usb 2-1: GET_CAPABILITIES returned 0 [ 227.518445][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.522393][ T5902] usbtmc 2-1:16.0: can't read capabilities [ 227.547080][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.591893][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.626674][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.663548][T10765] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 227.781953][ T5902] usb 2-1: USB disconnect, device number 11 [ 228.339468][ T30] audit: type=1326 audit(2000004221.832:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.5.1734" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f72a018e929 code=0x0 [ 228.574548][T10808] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.1740'. [ 228.596458][T10808] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 228.609752][T10808] openvswitch: netlink: Duplicate key (type 0). [ 229.627830][T10850] vcan0: tx drop: invalid da for name 0x00000000000000c7 [ 229.996610][T10867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1769'. [ 230.456526][ T5895] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 230.638735][ T5895] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 230.669864][ T5895] usb 1-1: config 0 interface 0 has no altsetting 0 [ 230.699042][ T5895] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 230.724249][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 230.739799][ T5895] usb 1-1: Product: syz [ 230.744188][ T5895] usb 1-1: Manufacturer: syz [ 230.752978][ T5895] usb 1-1: SerialNumber: syz [ 230.764326][ T5895] usb 1-1: config 0 descriptor?? [ 230.790712][ T5895] usb 1-1: selecting invalid altsetting 0 [ 231.026077][ T5813] usb 1-1: USB disconnect, device number 15 [ 231.176334][ T5917] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 231.326380][ T5917] usb 6-1: Using ep0 maxpacket: 16 [ 231.340509][ T5917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.353172][ T5917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 231.373628][ T5917] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 231.388652][ T5917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.401519][ T5917] usb 6-1: config 0 descriptor?? [ 231.584575][ T5813] kernel read not supported for file /dsp (pid: 5813 comm: kworker/1:3) [ 231.887909][ T5917] corsair 0003:1B1C:1B02.000D: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.5-1/input0 [ 232.270844][ T5813] usb 6-1: USB disconnect, device number 2 [ 233.540390][T10980] kvm: kvm [10979]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0xaf [ 233.577112][T10982] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 233.610665][T10982] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 233.783064][T10988] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1826'. [ 233.846465][T10994] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1826'. [ 234.170480][T11008] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1831'. [ 234.220492][T11008] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 234.775785][T11043] use of bytesused == 0 is deprecated and will be removed in the future, [ 234.808688][T11043] use the actual size instead. [ 234.876240][ T5917] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 234.966294][ T89] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 235.049218][ T5917] usb 2-1: config 7 has an invalid interface number: 101 but max is 0 [ 235.064969][ T5917] usb 2-1: config 7 has no interface number 0 [ 235.087041][ T5917] usb 2-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 235.100052][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.118192][ T5917] usb 2-1: Product: syz [ 235.126323][ T89] usb 1-1: Using ep0 maxpacket: 32 [ 235.136279][ T5917] usb 2-1: Manufacturer: syz [ 235.140956][ T5917] usb 2-1: SerialNumber: syz [ 235.157400][ T89] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 235.176201][ T89] usb 1-1: config 0 has no interface number 0 [ 235.193628][ T89] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 235.224144][ T89] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.258909][ T89] usb 1-1: Product: syz [ 235.263209][ T89] usb 1-1: Manufacturer: syz [ 235.286897][ T89] usb 1-1: SerialNumber: syz [ 235.313386][ T89] usb 1-1: config 0 descriptor?? [ 235.339871][ T89] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 235.556347][ T5813] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 235.568793][ T89] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 235.586658][ T89] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 235.679157][T11061] openvswitch: netlink: IPv4 tunnel dst address is zero [ 235.720951][ T5813] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 235.753827][ T5813] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 235.784768][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.808482][ T5813] usb 5-1: Product: syz [ 235.813161][ T5813] usb 5-1: Manufacturer: syz [ 235.815004][T11040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.822853][ T5813] usb 5-1: SerialNumber: syz [ 235.850348][T11040] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.854235][ T5813] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 235.978872][ T5917] as10x_usb: device has been detected [ 235.993274][ T5917] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 236.027978][ T5826] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 236.031112][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 236.059385][ T5917] usb 2-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 236.082343][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 236.092032][ T981] usb 1-1: USB disconnect, device number 16 [ 236.108252][ T981] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 236.125204][ T5917] as10x_usb: error during firmware upload part1 [ 236.135640][ T5917] Registered device Elgato EyeTV DTT Deluxe [ 236.139233][ T981] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 236.161591][ T981] quatech2 1-1:0.51: device disconnected [ 236.212140][ T5917] usb 2-1: USB disconnect, device number 12 [ 236.245336][ T5917] Unregistered device Elgato EyeTV DTT Deluxe [ 236.254192][ T5917] as10x_usb: device has been disconnected [ 236.687245][ T5813] usb 5-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 236.730005][ T5813] usb 5-1: USB disconnect, device number 16 [ 236.843570][T11089] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 237.264716][T11111] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1878'. [ 237.396331][ T5813] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 237.606242][ T5813] usb 6-1: Using ep0 maxpacket: 16 [ 237.645598][ T1215] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 237.657093][ T5813] usb 6-1: config 8 has an invalid interface number: 39 but max is 0 [ 237.665772][ T5813] usb 6-1: config 8 has no interface number 0 [ 237.672527][ T5813] usb 6-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 237.684870][ T5813] usb 6-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 237.695057][ T5813] usb 6-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0 [ 237.705190][ T5813] usb 6-1: config 8 interface 39 has no altsetting 0 [ 237.714734][ T5813] usb 6-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 237.756188][ T5813] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.764401][ T5813] usb 6-1: Product: syz [ 237.776191][ T5813] usb 6-1: Manufacturer: syz [ 237.781291][ T5813] usb 6-1: SerialNumber: syz [ 237.829291][ T1215] usb 5-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a [ 237.838979][ T1215] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.851556][ T1215] usb 5-1: config 0 descriptor?? [ 237.870786][ T1215] gspca_main: sn9c2028-2.14.0 probing 0c45:8001 [ 238.089825][ T1215] gspca_sn9c2028: read1 error -32 [ 238.298422][ T1215] gspca_sn9c2028: read1 error -71 [ 238.304504][ T1215] sn9c2028 5-1:0.0: probe with driver sn9c2028 failed with error -71 [ 238.334488][ T1215] usb 5-1: USB disconnect, device number 17 [ 238.412316][ T5813] ipheth 6-1:8.39: ipheth_enable_ncm: usb_control_msg: 0 [ 238.450805][ T5813] ipheth 6-1:8.39: Apple iPhone USB Ethernet device attached [ 238.650889][ T5813] usb 6-1: USB disconnect, device number 3 [ 238.759899][ T5813] ipheth 6-1:8.39: Apple iPhone USB Ethernet now disconnected [ 239.279193][T11180] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1909'. [ 239.893866][T11207] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1923'. [ 239.919643][ T5840] Bluetooth: hci0: unexpected subevent 0x0e length: 30 > 15 [ 239.927158][ T5840] Bluetooth: hci0: Unable to find connection for dst 36:37:31:20:20:20 sid 0x30 [ 239.972805][T11207] vlan2: entered promiscuous mode [ 239.978330][T11207] gretap0: entered promiscuous mode [ 240.031712][T11212] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 240.327084][ T12] batman_adv: batadv1: IGMP Querier appeared [ 240.333296][ T12] batman_adv: batadv1: MLD Querier appeared [ 240.558355][T11230] overlayfs: workdir and upperdir must be separate subtrees [ 240.818164][T11240] macvlan0: entered promiscuous mode [ 240.828700][T11240] netlink: 'syz.4.1937': attribute type 1 has an invalid length. [ 240.836774][T11240] netlink: 'syz.4.1937': attribute type 2 has an invalid length. [ 240.898602][T11245] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 241.047866][ T981] kernel write not supported for file /sequencer2 (pid: 981 comm: kworker/0:3) [ 242.154920][ T30] audit: type=1326 audit(2000004235.642:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11285 comm="syz.0.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 242.238051][ T30] audit: type=1326 audit(2000004235.682:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11285 comm="syz.0.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 242.284577][ T30] audit: type=1326 audit(2000004235.692:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11285 comm="syz.0.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 242.354911][ T30] audit: type=1326 audit(2000004235.692:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11285 comm="syz.0.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 242.392253][T11293] batman_adv: batadv0: Adding interface: dummy0 [ 242.398096][ T30] audit: type=1326 audit(2000004235.692:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11285 comm="syz.0.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 242.421729][T11293] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.466754][T11293] batman_adv: batadv0: Interface activated: dummy0 [ 242.492521][ T30] audit: type=1326 audit(2000004235.692:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11285 comm="syz.0.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 242.585793][ T30] audit: type=1326 audit(2000004239.701:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11285 comm="syz.0.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 242.634140][T11301] xt_hashlimit: max too large, truncated to 1048576 [ 242.650680][T11304] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1966'. [ 242.656507][T11301] xt_hashlimit: overflow, try lower: 0/0 [ 242.676758][ T30] audit: type=1326 audit(2000004239.701:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11285 comm="syz.0.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 242.775989][ T30] audit: type=1326 audit(2000004239.701:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11285 comm="syz.0.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 242.850081][ T30] audit: type=1326 audit(2000004239.701:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11285 comm="syz.0.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 243.058869][T11322] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 243.146485][ T1215] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 243.355533][ T1215] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 243.372376][ T1215] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 243.395144][ T1215] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 243.411838][ T1215] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.448212][T11339] netlink: 'syz.5.1982': attribute type 10 has an invalid length. [ 243.457391][T11339] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 243.466623][T11316] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 243.479482][ T1215] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 243.483536][T11339] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 243.544741][T11339] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 243.768593][ T5813] usb 1-1: USB disconnect, device number 17 [ 243.838978][T11354] netlink: 'syz.3.1989': attribute type 6 has an invalid length. [ 243.876246][T11354] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1989'. [ 243.953809][T11358] @: renamed from vlan0 (while UP) [ 244.239336][T11372] netlink: 'syz.3.1998': attribute type 1 has an invalid length. [ 244.250705][T11372] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1998'. [ 244.273210][T11372] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1998'. [ 244.636479][ T5917] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 244.646546][ T5895] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 244.806206][ T5917] usb 4-1: Using ep0 maxpacket: 32 [ 244.806732][ T5895] usb 2-1: Using ep0 maxpacket: 8 [ 244.819739][ T5917] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 244.832985][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.845711][ T5895] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 244.858341][ T5917] usb 4-1: config 0 descriptor?? [ 244.864718][ T5895] usb 2-1: config 179 has no interface number 0 [ 244.871609][ T5895] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 244.894220][ T5895] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 244.933880][ T5895] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 244.954017][ T5895] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 244.966216][ T5895] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 244.987103][ T5895] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 245.004160][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.028015][T11378] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 245.081847][ T5917] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 245.099878][ T5917] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 245.122785][ T5917] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 245.139400][ T5917] usb 4-1: media controller created [ 245.200734][ T5917] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 245.292212][ T5917] az6027: usb out operation failed. (-71) [ 245.307184][ T5917] az6027: usb out operation failed. (-71) [ 245.316024][ T5917] stb0899_attach: Driver disabled by Kconfig [ 245.329784][ T5917] az6027: no front-end attached [ 245.329784][ T5917] [ 245.344534][ T5917] az6027: usb out operation failed. (-71) [ 245.354559][ T5917] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 245.385712][ T5917] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input23 [ 245.420364][ T5917] dvb-usb: schedule remote query interval to 400 msecs. [ 245.434983][ T5917] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 245.460011][ T5917] usb 4-1: USB disconnect, device number 17 [ 245.581868][ T5917] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 245.936745][ T5917] usb 2-1: USB disconnect, device number 13 [ 245.936779][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 245.951544][ C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 246.054271][T11418] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2020'. [ 246.924733][T11463] xt_hashlimit: size too large, truncated to 1048576 [ 247.000237][T11466] : renamed from vxcan1 (while UP) [ 247.524700][T11488] netlink: 'syz.3.2051': attribute type 1 has an invalid length. [ 247.556653][T11489] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 247.556653][T11489] The task syz.4.2050 (11489) triggered the difference, watch for misbehavior. [ 247.627563][T11493] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 247.644462][T11492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2052'. [ 248.381537][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 248.381557][ T30] audit: type=1326 audit(2000004245.871:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11529 comm="syz.0.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 248.427182][ T30] audit: type=1326 audit(2000004245.871:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11529 comm="syz.0.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 248.460273][ T30] audit: type=1326 audit(2000004245.871:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11529 comm="syz.0.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 248.502600][ T30] audit: type=1326 audit(2000004245.871:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11529 comm="syz.0.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 248.528652][ T30] audit: type=1326 audit(2000004245.871:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11529 comm="syz.0.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 248.552509][ T30] audit: type=1326 audit(2000004245.871:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11529 comm="syz.0.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 248.584139][ T30] audit: type=1326 audit(2000004245.871:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11529 comm="syz.0.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 248.652350][ T30] audit: type=1326 audit(2000004245.871:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11529 comm="syz.0.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 248.676257][ T5902] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 248.701955][ T30] audit: type=1326 audit(2000004245.891:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11529 comm="syz.0.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 248.734346][ T30] audit: type=1326 audit(2000004245.891:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11529 comm="syz.0.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2649d8e929 code=0x7ffc0000 [ 248.850633][ T5902] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 248.952939][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.968960][ T5902] usb 5-1: Product: syz [ 248.973237][ T5902] usb 5-1: Manufacturer: syz [ 248.978243][ T5902] usb 5-1: SerialNumber: syz [ 248.986098][ T5902] usb 5-1: config 0 descriptor?? [ 249.448940][ T5902] usb 5-1: Firmware: major: 0, minor: 97, hardware type: ATUSB (0) [ 249.657015][ T5902] usb 5-1: failed to fetch extended address, random address set [ 249.740778][ T5902] usb 5-1: USB disconnect, device number 18 [ 250.316283][ T5917] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 250.476263][ T5917] usb 2-1: Using ep0 maxpacket: 16 [ 250.488298][ T5917] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 250.515526][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.538243][ T5917] usb 2-1: config 0 descriptor?? [ 250.551887][ T5917] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 250.752090][ T5917] usb 2-1: Detected FT232B [ 250.967559][ T5917] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 250.991581][ T5917] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 251.185289][ T5917] usb 2-1: USB disconnect, device number 14 [ 251.212480][ T5917] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 251.240081][ T5917] ftdi_sio 2-1:0.0: device disconnected [ 251.907186][T11642] netlink: 'syz.1.2119': attribute type 83 has an invalid length. [ 252.367739][ T5917] kernel write not supported for file bpf-prog (pid: 5917 comm: kworker/0:7) [ 253.001141][T11690] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2141'. [ 253.905933][T11739] ref_ctr_offset mismatch. inode: 0x99d offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4 [ 254.702124][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 254.702146][ T30] audit: type=1326 audit(2000004252.191:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11772 comm="syz.3.2181" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7fdf147858e7 code=0x0 [ 254.796430][ T5813] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 254.966421][ T5813] usb 2-1: Using ep0 maxpacket: 16 [ 254.985333][ T5813] usb 2-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb [ 255.006032][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.036686][ T5813] usb 2-1: Product: syz [ 255.041032][ T5813] usb 2-1: Manufacturer: syz [ 255.045695][ T5813] usb 2-1: SerialNumber: syz [ 255.707750][ T5813] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 255.784606][ T30] audit: type=1326 audit(2000004253.271:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11800 comm="syz.3.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 255.806511][ C0] vkms_vblank_simulate: vblank timer overrun [ 255.840616][ T30] audit: type=1326 audit(2000004253.271:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11800 comm="syz.3.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 255.884758][ T30] audit: type=1326 audit(2000004253.311:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11800 comm="syz.3.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 255.949746][ T5813] snd-usb-audio 2-1:222.0: probe with driver snd-usb-audio failed with error -71 [ 255.968110][ T30] audit: type=1326 audit(2000004253.311:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11800 comm="syz.3.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 256.012872][ T5813] usb 2-1: USB disconnect, device number 15 [ 256.035072][ T30] audit: type=1326 audit(2000004253.311:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11800 comm="syz.3.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 256.101239][ T30] audit: type=1326 audit(2000004253.311:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11800 comm="syz.3.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 256.160409][ T30] audit: type=1326 audit(2000004253.311:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11800 comm="syz.3.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 256.212404][ T30] audit: type=1326 audit(2000004253.311:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11800 comm="syz.3.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 256.263805][ T30] audit: type=1326 audit(2000004253.311:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11800 comm="syz.3.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 256.754886][T11835] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2206'. [ 256.826043][T11838] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2207'. [ 256.858563][T11838] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2207'. [ 256.954766][T11838] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2207'. [ 257.516530][ T5902] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 257.691362][ T5902] usb 2-1: unable to get BOS descriptor or descriptor too short [ 257.720622][ T5902] usb 2-1: no configurations [ 257.744787][ T5902] usb 2-1: can't read configurations, error -22 [ 257.976375][T11871] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2221'. [ 258.526845][ T1215] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 258.688129][ T1215] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 258.730093][ T1215] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 258.763701][ T1215] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 258.789921][ T1215] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 258.819719][ T1215] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 258.852512][ T1215] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 258.875065][ T1215] usb 4-1: Manufacturer: syz [ 258.896899][ T1215] usb 4-1: config 0 descriptor?? [ 259.291199][ T1215] rc_core: IR keymap rc-hauppauge not found [ 259.326464][ T1215] Registered IR keymap rc-empty [ 259.340506][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.396339][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.447403][ T1215] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 259.494494][ T1215] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input25 [ 259.580754][T11919] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 259.588441][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.630454][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.692574][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.707866][ T981] hid-generic 0005:10CF:05DF.000E: item fetching failed at offset 0/1 [ 259.727021][ T981] hid-generic 0005:10CF:05DF.000E: probe with driver hid-generic failed with error -22 [ 259.766641][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.796468][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.836468][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.859785][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.896779][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.937127][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.966894][ T1215] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 260.004318][ T1215] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 260.047533][ T1215] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 260.085044][ T1215] usb 4-1: USB disconnect, device number 18 [ 260.190772][T11937] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2251'. [ 260.313556][ T981] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 260.493201][ T981] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.517485][ T981] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.538714][ T981] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 260.556086][ T981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.592580][ T981] usb 2-1: config 0 descriptor?? [ 260.598294][ T5917] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 260.616543][ T5902] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 260.698211][T11949] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2256'. [ 260.772900][T11952] input: syz1 as /devices/virtual/input/input26 [ 260.791569][ T5917] usb 1-1: Using ep0 maxpacket: 16 [ 260.798424][ T5902] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.813290][ T5902] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.825856][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.846610][ T5902] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 260.859957][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.892557][ T5902] usb 5-1: New USB device found, idVendor=044f, idProduct=b65a, bcdDevice= 0.00 [ 260.903252][ T5917] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 260.919069][ T5902] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.940272][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.955463][ T5902] usb 5-1: config 0 descriptor?? [ 260.972312][ T5917] usb 1-1: config 0 descriptor?? [ 260.991711][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.051889][ T981] playstation 0003:054C:0DF2.000F: unknown main item tag 0x0 [ 261.066581][ T981] playstation 0003:054C:0DF2.000F: unknown main item tag 0x0 [ 261.084520][ T981] playstation 0003:054C:0DF2.000F: unknown main item tag 0x0 [ 261.094657][ T981] playstation 0003:054C:0DF2.000F: unknown main item tag 0x0 [ 261.112892][ T981] playstation 0003:054C:0DF2.000F: unknown main item tag 0x0 [ 261.141329][ T981] playstation 0003:054C:0DF2.000F: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0 [ 261.248932][ T981] playstation 0003:054C:0DF2.000F: Invalid reportID received, expected 9 got 0 [ 261.258336][ T981] playstation 0003:054C:0DF2.000F: Failed to retrieve DualSense pairing info: -22 [ 261.277917][ T981] playstation 0003:054C:0DF2.000F: Failed to get MAC address from DualSense [ 261.287360][ T981] playstation 0003:054C:0DF2.000F: Failed to create dualsense. [ 261.318494][ T981] playstation 0003:054C:0DF2.000F: probe with driver playstation failed with error -22 [ 261.360274][T11963] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 261.378197][ T5902] thrustmaster 0003:044F:B65A.0010: unknown main item tag 0x2 [ 261.400025][ T5917] lua 0003:1E7D:2C2E.0011: report_id 0 is invalid [ 261.407523][ T5902] thrustmaster 0003:044F:B65A.0010: item fetching failed at offset 4/7 [ 261.426237][ T5917] lua 0003:1E7D:2C2E.0011: item 0 4 1 8 parsing failed [ 261.435245][ T5917] lua 0003:1E7D:2C2E.0011: parse failed [ 261.444017][ T5902] thrustmaster 0003:044F:B65A.0010: parse failed [ 261.472016][ T5902] thrustmaster 0003:044F:B65A.0010: probe with driver thrustmaster failed with error -22 [ 261.482187][ T5917] lua 0003:1E7D:2C2E.0011: probe with driver lua failed with error -22 [ 261.498440][ T981] usb 2-1: USB disconnect, device number 18 [ 261.582768][ T1215] usb 5-1: USB disconnect, device number 19 [ 261.630286][ T5902] usb 1-1: USB disconnect, device number 18 [ 262.650023][T11999] macsec0: entered promiscuous mode [ 262.678810][T11999] macvtap1: entered allmulticast mode [ 262.696383][T11999] macsec0: entered allmulticast mode [ 262.715194][T11999] veth1_macvtap: entered allmulticast mode [ 263.820236][T12029] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 264.316616][ T981] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 264.531995][ T981] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 264.622250][ T981] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 264.655422][ T981] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 264.670769][ T981] usb 4-1: SerialNumber: syz [ 265.242173][ T981] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 265.298164][ T981] usb 4-1: USB disconnect, device number 19 [ 265.488045][ T59] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.687392][ T59] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.870615][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 265.870635][ T30] audit: type=1326 audit(2000004263.361:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12062 comm="syz.1.2311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a84b8e929 code=0x7ffc0000 [ 266.016181][ T30] audit: type=1326 audit(2000004263.361:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12062 comm="syz.1.2311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a84b8e929 code=0x7ffc0000 [ 266.069853][ T59] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.096428][ T30] audit: type=1326 audit(2000004263.391:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12062 comm="syz.1.2311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f8a84b8e929 code=0x7ffc0000 [ 266.175654][ T30] audit: type=1326 audit(2000004263.391:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12062 comm="syz.1.2311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a84b8e929 code=0x7ffc0000 [ 266.273622][ T30] audit: type=1326 audit(2000004263.391:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12062 comm="syz.1.2311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a84b8e929 code=0x7ffc0000 [ 266.366238][ T30] audit: type=1326 audit(2000004263.391:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12062 comm="syz.1.2311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f8a84b8e929 code=0x7ffc0000 [ 266.447202][ T59] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.497399][ T30] audit: type=1326 audit(2000004263.391:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12062 comm="syz.1.2311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a84b8e929 code=0x7ffc0000 [ 266.593414][ T30] audit: type=1326 audit(2000004263.411:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12062 comm="syz.1.2311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7f8a84b8e929 code=0x7ffc0000 [ 266.730146][ T30] audit: type=1326 audit(2000004263.411:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12062 comm="syz.1.2311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a84b8e929 code=0x7ffc0000 [ 266.886295][ T30] audit: type=1326 audit(2000004263.411:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12062 comm="syz.1.2311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a84b8e929 code=0x7ffc0000 [ 267.027476][ T5826] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 267.038591][ T5826] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 267.047612][ T5826] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 267.057954][ T5826] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 267.067501][ T5826] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 267.094268][T12085] netlink: 'syz.4.2320': attribute type 25 has an invalid length. [ 267.103527][T12085] netlink: 'syz.4.2320': attribute type 7 has an invalid length. [ 267.116758][ T59] bridge_slave_1: left allmulticast mode [ 267.122733][ T59] bridge_slave_1: left promiscuous mode [ 267.174678][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.217682][ T59] bridge_slave_0: left allmulticast mode [ 267.224074][ T59] bridge_slave_0: left promiscuous mode [ 267.252520][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.374889][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 268.394155][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 268.412623][ T59] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 268.453025][ T59] bond0 (unregistering): Released all slaves [ 268.632207][T12121] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 269.033732][ T59] hsr_slave_0: left promiscuous mode [ 269.042974][ T59] hsr_slave_1: left promiscuous mode [ 269.050752][ T59] batman_adv: batadv0: Interface deactivated: dummy0 [ 269.057880][ T59] batman_adv: batadv0: Removing interface: dummy0 [ 269.067719][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 269.075368][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 269.096218][ T5813] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 269.118206][ T59] veth1_macvtap: left promiscuous mode [ 269.124666][ T59] veth0_macvtap: left promiscuous mode [ 269.131269][ T59] veth1_vlan: left promiscuous mode [ 269.137133][ T59] veth0_vlan: left promiscuous mode [ 269.146650][ T5826] Bluetooth: hci3: command tx timeout [ 269.266818][ T5813] usb 4-1: Using ep0 maxpacket: 8 [ 269.284459][ T5813] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 149, changing to 11 [ 269.315380][ T5813] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 269.329090][ T5813] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 269.350908][ T5813] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.362276][ T5813] usb 4-1: config 0 descriptor?? [ 269.820547][ T5813] savu 0003:1E7D:2D5A.0012: hidraw0: USB HID v0.03 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 269.918864][ T59] team0 (unregistering): Port device team_slave_1 removed [ 269.941380][ T49] tipc: Subscription rejected, illegal request [ 269.990918][ T59] team0 (unregistering): Port device team_slave_0 removed [ 270.063896][ T5895] usb 4-1: USB disconnect, device number 20 [ 270.592588][T12138] netem: incorrect ge model size [ 270.943492][T12080] chnl_net:caif_netlink_parms(): no params data found [ 271.054851][T12168] vivid-001: disconnect [ 271.093103][T12166] vivid-001: reconnect [ 271.125087][T12171] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2358'. [ 271.226529][ T5826] Bluetooth: hci3: command tx timeout [ 271.445941][T12080] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.479957][T12080] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.517466][T12080] bridge_slave_0: entered allmulticast mode [ 271.534825][T12080] bridge_slave_0: entered promiscuous mode [ 271.573351][T12080] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.594967][T12080] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.612577][T12080] bridge_slave_1: entered allmulticast mode [ 271.636934][T12080] bridge_slave_1: entered promiscuous mode [ 272.052877][T12080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 272.118424][T12080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 272.283785][T12080] team0: Port device team_slave_0 added [ 272.318351][T12080] team0: Port device team_slave_1 added [ 272.538051][T12215] netlink: 'syz.4.2376': attribute type 2 has an invalid length. [ 272.563683][T12080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 272.572670][T12080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.608149][T12080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 272.629284][T12080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 272.650850][T12080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.729770][T12080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 272.805233][T12224] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2380'. [ 272.980827][T12080] hsr_slave_0: entered promiscuous mode [ 273.007931][T12080] hsr_slave_1: entered promiscuous mode [ 273.014697][T12080] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 273.036439][T12080] Cannot create hsr debugfs directory [ 273.159972][ T89] kernel write not supported for file /1016/attr/exec (pid: 89 comm: kworker/0:2) [ 273.307845][ T5826] Bluetooth: hci3: command tx timeout [ 273.640706][T12080] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 273.658395][T12080] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 273.683356][T12080] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 273.730425][T12080] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 273.776449][ T89] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 273.938067][T12080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 273.989864][T12080] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.030798][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.038208][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.066356][T12263] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2394'. [ 274.083863][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.091359][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.474487][ T5813] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 274.677370][ T5813] usb 5-1: Using ep0 maxpacket: 16 [ 274.705641][T12080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 274.722178][ T5813] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.734201][ T5813] usb 5-1: config 0 interface 0 has no altsetting 0 [ 274.752607][ T5813] usb 5-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 274.761966][ T5813] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.790371][ T5813] usb 5-1: config 0 descriptor?? [ 274.828516][T12287] kvm: kvm [12284]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000001b) [ 275.225996][ T5813] kye 0003:0458:0138.0013: unknown main item tag 0x4 [ 275.256755][ T5813] kye 0003:0458:0138.0013: unexpected long global item [ 275.286981][ T5813] kye 0003:0458:0138.0013: parse failed [ 275.292785][ T5813] kye 0003:0458:0138.0013: probe with driver kye failed with error -22 [ 275.365407][ T5826] Bluetooth: hci4: adv larger than maximum supported [ 275.365473][ T5826] Bluetooth: hci4: Malformed LE Event: 0x0d [ 275.396495][ T5826] Bluetooth: hci3: command tx timeout [ 275.421693][T12080] veth0_vlan: entered promiscuous mode [ 275.458294][ T89] usb 5-1: USB disconnect, device number 20 [ 275.478981][T12080] veth1_vlan: entered promiscuous mode [ 275.516171][T12080] veth0_macvtap: entered promiscuous mode [ 275.538786][T12080] veth1_macvtap: entered promiscuous mode [ 275.606028][T12080] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 275.628428][T12080] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 275.653383][T12080] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.663867][T12080] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.675287][T12080] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.684626][T12080] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.800357][T10792] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.817409][T10792] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.858114][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.889524][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.403384][T12342] tap0: tun_chr_ioctl cmd 1074025677 [ 276.410467][T12342] tap0: linktype set to 780 [ 276.586620][ T24] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 276.783578][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 276.809904][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.833630][ T24] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 276.842507][T12359] can0: slcan on ttyS3. [ 276.851526][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.890739][ T24] usb 4-1: config 0 descriptor?? [ 276.919685][ T5917] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 276.940335][T12359] can0 (unregistered): slcan off ttyS3. [ 276.959091][T12359] Falling back ldisc for ttyS3. [ 277.086436][ T5917] usb 5-1: Using ep0 maxpacket: 8 [ 277.097651][ T5917] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 277.119971][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.172142][ T5917] pvrusb2: Hardware description: Terratec Grabster AV400 [ 277.200164][ T5917] pvrusb2: ********** [ 277.212143][ T5917] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 277.231690][ T5917] pvrusb2: Important functionality might not be entirely working. [ 277.241974][ T5917] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 277.279164][ T5917] pvrusb2: ********** [ 277.280902][T12368] netlink: 'syz.6.2439': attribute type 14 has an invalid length. [ 277.339365][ T24] isku 0003:1E7D:319C.0014: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.3-1/input0 [ 277.387484][ T2348] pvrusb2: Invalid write control endpoint [ 277.498776][ T2348] pvrusb2: Invalid write control endpoint [ 277.504805][ T2348] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 277.547413][ T2348] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 277.564882][ T2348] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 277.596382][ T2348] pvrusb2: Device being rendered inoperable [ 277.609702][T12379] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2444'. [ 277.621429][ T5917] usb 5-1: USB disconnect, device number 21 [ 277.627150][ T2348] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 277.635559][ T2348] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 277.660248][ T2348] pvrusb2: Attached sub-driver cx25840 [ 277.666009][ T2348] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 277.683176][ T2348] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 277.759258][ T24] usb 4-1: USB disconnect, device number 21 [ 278.386714][T12415] io-wq is not configured for unbound workers [ 278.766411][ T5917] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 279.005164][ T5917] usb 1-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 279.065880][ T5917] usb 1-1: config 0 interface 0 has no altsetting 0 [ 279.073454][ T5917] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 279.110310][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.164286][ T5917] usb 1-1: config 0 descriptor?? [ 279.627811][ T5917] hid-thrustmaster 0003:044F:B65D.0015: hidraw0: USB HID v1.03 Device [HID 044f:b65d] on usb-dummy_hcd.0-1/input0 [ 279.669199][ T5917] hid-thrustmaster 0003:044F:B65D.0015: Wrong number of endpoints? [ 279.841025][ C0] hid-thrustmaster 0003:044F:B65D.0015: Unknown packet type 0x0, unable to proceed further with wheel init [ 280.071560][ T5917] usb 1-1: USB disconnect, device number 19 [ 280.576056][T12471] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 280.626835][ T5917] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 280.792709][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 280.817904][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 280.848634][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 280.871875][ T5917] usb 4-1: New USB device found, idVendor=1e71, idProduct=200f, bcdDevice= 0.00 [ 280.899269][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.926144][ T5917] usb 4-1: config 0 descriptor?? [ 280.932477][T12463] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 280.940526][T12463] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 281.426809][ T5917] nzxt-smart2 0003:1E71:200F.0016: hidraw0: USB HID v0.00 Device [HID 1e71:200f] on usb-dummy_hcd.3-1/input0 [ 281.439194][T12505] netlink: 'syz.4.2503': attribute type 16 has an invalid length. [ 281.439224][T12505] netlink: 'syz.4.2503': attribute type 17 has an invalid length. [ 281.497274][T12505] hsr0: left promiscuous mode [ 281.560639][T12508] tap0: tun_chr_ioctl cmd 35108 [ 281.619250][ T1215] usb 4-1: USB disconnect, device number 22 [ 281.737701][T12512] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2506'. [ 282.470475][T12548] CIFS: VFS: Malformed UNC in devname [ 282.654877][T12552] netlink: 'syz.0.2523': attribute type 3 has an invalid length. [ 282.679637][T12552] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 283.086799][ T981] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 283.170957][ T1215] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 283.256394][ T981] usb 2-1: Using ep0 maxpacket: 16 [ 283.276352][ T981] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 283.340318][ T981] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 283.363191][ T981] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 283.373327][ T981] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 283.398310][ T981] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 283.400041][ T1215] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 283.443634][ T1215] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.451136][ T981] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 283.459363][ T1215] usb 1-1: Product: syz [ 283.470281][ T1215] usb 1-1: Manufacturer: syz [ 283.474964][ T1215] usb 1-1: SerialNumber: syz [ 283.478060][ T981] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 283.504189][ T1215] usb 1-1: config 0 descriptor?? [ 283.508154][ T981] usb 2-1: Manufacturer: syz [ 283.521843][ T981] usb 2-1: config 0 descriptor?? [ 283.546517][ T1215] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 283.919062][ T981] rc_core: IR keymap rc-hauppauge not found [ 283.925228][ T981] Registered IR keymap rc-empty [ 283.934370][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 283.951649][ T5840] Bluetooth: hci4: command 0x0405 tx timeout [ 283.980898][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.028587][ T981] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 284.084739][ T981] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input27 [ 284.136289][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.165312][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.178098][T12600] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2543'. [ 284.199191][T12600] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2543'. [ 284.201656][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.240184][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.282771][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.336021][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.348019][T12604] binder: 12603:12604 ioctl c018620c 200000000700 returned -1 [ 284.368206][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.391786][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.432457][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.464443][ T1215] usb 1-1: USB disconnect, device number 20 [ 284.476415][ T981] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 284.521654][ T981] mceusb 2-1:0.0: Registered with mce emulator interface version 1 [ 284.541783][ T981] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 284.575388][ T981] usb 2-1: USB disconnect, device number 20 [ 284.753029][ T24] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 284.870590][ T5813] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 284.915564][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 284.924216][ T24] usb 4-1: config 1 has an invalid interface number: 242 but max is 0 [ 284.933045][ T24] usb 4-1: config 1 has no interface number 0 [ 284.940063][ T24] usb 4-1: config 1 interface 242 has no altsetting 0 [ 284.951423][ T24] usb 4-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice= 7.df [ 284.961952][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.970563][ T24] usb 4-1: Product: syz [ 284.975107][ T24] usb 4-1: Manufacturer: syz [ 284.981268][ T24] usb 4-1: SerialNumber: syz [ 285.042324][ T5813] usb 7-1: Using ep0 maxpacket: 16 [ 285.055753][ T5813] usb 7-1: config 0 has an invalid interface number: 251 but max is 0 [ 285.075841][ T5813] usb 7-1: config 0 has no interface number 0 [ 285.086775][ T5813] usb 7-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 285.110098][ T5813] usb 7-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 285.141173][ T5813] usb 7-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 285.159212][ T5813] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.179328][ T5813] usb 7-1: Product: syz [ 285.187442][ T5813] usb 7-1: Manufacturer: syz [ 285.198006][ T5813] usb 7-1: SerialNumber: syz [ 285.217068][ T5813] usb 7-1: config 0 descriptor?? [ 285.228406][T12614] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 285.248244][T12614] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 285.497216][T12614] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 285.515040][T12614] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 285.534701][T12637] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 285.891963][ T24] aqc111 4-1:1.242 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71 [ 285.904753][ T24] aqc111 4-1:1.242: probe with driver aqc111 failed with error -71 [ 285.919367][ T24] usb 4-1: USB disconnect, device number 23 [ 285.965421][ T981] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 285.990630][ T5813] asix 7-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 286.002832][ T5813] asix 7-1:0.251: probe with driver asix failed with error -524 [ 286.142804][ T981] usb 5-1: Using ep0 maxpacket: 16 [ 286.159151][ T981] usb 5-1: config 0 has an invalid interface number: 41 but max is 0 [ 286.174972][ T981] usb 5-1: config 0 has no interface number 0 [ 286.181519][ T981] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 286.200858][ T981] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 286.212128][ T981] usb 5-1: config 0 interface 41 has no altsetting 0 [ 286.222549][ T981] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 286.232034][ T981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.240968][ T981] usb 5-1: Product: syz [ 286.245288][ T981] usb 5-1: Manufacturer: syz [ 286.252644][ T981] usb 5-1: SerialNumber: syz [ 286.255797][ T5813] usb 7-1: USB disconnect, device number 2 [ 286.270504][ T981] usb 5-1: config 0 descriptor?? [ 286.280281][T12647] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 286.288365][T12647] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 286.523839][T12647] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 286.532386][T12647] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 286.813184][T12678] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2579'. [ 286.933295][T12682] loop8: detected capacity change from 0 to 7 [ 286.965345][T12684] program syz.3.2582 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 286.975167][ T981] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 286.978444][T12682] Dev loop8: unable to read RDB block 7 [ 287.006117][T12682] loop8: AHDI p3 [ 287.040692][ T5813] IPVS: starting estimator thread 0... [ 287.062587][T12682] loop8: partition table partially beyond EOD, truncated [ 287.147748][T12686] IPVS: using max 29 ests per chain, 69600 per kthread [ 287.208093][ T981] dm9601 5-1:0.41 (unnamed net_device) (uninitialized): Error reading chip ID [ 287.231480][ T981] sr9700 5-1:0.41: probe with driver sr9700 failed with error -71 [ 287.248473][ T981] usb 5-1: USB disconnect, device number 22 [ 287.506741][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 287.506761][ T30] audit: type=1326 audit(2000004284.367:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.3.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf1478e929 code=0x7ffc0000 [ 287.606450][ T30] audit: type=1326 audit(2000004284.367:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.3.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdf1472ab19 code=0x7ffc0000 [ 287.681046][ T30] audit: type=1326 audit(2000004284.367:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.3.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdf1472ab19 code=0x7ffc0000 [ 287.720394][ T30] audit: type=1326 audit(2000004284.367:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.3.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdf1472ab19 code=0x7ffc0000 [ 287.765440][ T30] audit: type=1326 audit(2000004284.367:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.3.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdf1472ab19 code=0x7ffc0000 [ 287.861093][ T30] audit: type=1326 audit(2000004284.367:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.3.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdf1472ab19 code=0x7ffc0000 [ 287.933643][ T30] audit: type=1326 audit(2000004284.367:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.3.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdf1472ab19 code=0x7ffc0000 [ 288.005714][ T30] audit: type=1326 audit(2000004284.367:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.3.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdf1472ab19 code=0x7ffc0000 [ 288.099225][ T30] audit: type=1326 audit(2000004284.367:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.3.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdf1472ab19 code=0x7ffc0000 [ 288.162976][ T30] audit: type=1326 audit(2000004284.367:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.3.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdf1472ab19 code=0x7ffc0000 [ 288.763734][ T89] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 288.954879][ T89] usb 2-1: Using ep0 maxpacket: 16 [ 288.969430][ T89] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 289.002618][ T89] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 289.028050][ T89] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 289.066791][ T89] usb 2-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d [ 289.087396][ T89] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.103037][ T89] usb 2-1: Product: syz [ 289.119880][ T89] usb 2-1: Manufacturer: syz [ 289.129540][ T89] usb 2-1: SerialNumber: syz [ 401.462191][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 401.469298][ C1] rcu: 0-...!: (1 GPs behind) idle=334c/1/0x4000000000000000 softirq=48950/48951 fqs=0 [ 401.480464][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P12760/1:b..l [ 401.488602][ C1] rcu: (detected by 1, t=10506 jiffies, g=45605, q=256 ncpus=2) [ 401.496470][ C1] Sending NMI from CPU 1 to CPUs 0: [ 401.496514][ C0] NMI backtrace for cpu 0 [ 401.496547][ C0] CPU: 0 UID: 0 PID: 12761 Comm: syz.4.2617 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 401.496569][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 401.496581][ C0] RIP: 0010:mark_lock+0x3c/0x190 [ 401.496619][ C0] Code: 00 03 00 83 f9 01 bb 09 00 00 00 83 db 00 83 fa 08 0f 45 da bd 01 00 00 00 89 d9 d3 e5 25 ff 1f 00 00 48 0f a3 05 d4 12 03 12 <73> 10 48 69 c0 c8 00 00 00 48 8d 88 30 73 42 93 eb 48 83 3d 1b a2 [ 401.496636][ C0] RSP: 0018:ffffc90000007b38 EFLAGS: 00000003 [ 401.496651][ C0] RAX: 000000000000006d RBX: 0000000000000008 RCX: 0000000000000008 [ 401.496663][ C0] RDX: 0000000000000008 RSI: ffff888034ef6568 RDI: ffff888034ef5a00 [ 401.496676][ C0] RBP: 0000000000000100 R08: 0000000000000000 R09: ffffffff81ae70c2 [ 401.496689][ C0] R10: dffffc0000000000 R11: fffffbfff1f3fc5f R12: 0000000000000002 [ 401.496702][ C0] R13: 0000000000000002 R14: ffff888034ef6568 R15: 0000000000000000 [ 401.496714][ C0] FS: 0000000000000000(0000) GS:ffff888125c85000(0000) knlGS:0000000000000000 [ 401.496729][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 401.496742][ C0] CR2: 0000001b3001eff8 CR3: 000000000df38000 CR4: 00000000003526f0 [ 401.496758][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 401.496769][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 401.496781][ C0] Call Trace: [ 401.496796][ C0] [ 401.496807][ C0] __lock_acquire+0x6a8/0xd20 [ 401.496837][ C0] ? __hrtimer_run_queues+0x602/0xc60 [ 401.496862][ C0] lock_acquire+0x120/0x360 [ 401.496885][ C0] ? __hrtimer_run_queues+0x602/0xc60 [ 401.496912][ C0] ? advance_sched+0x9f8/0xc90 [ 401.496934][ C0] ? advance_sched+0x9f8/0xc90 [ 401.496961][ C0] ? advance_sched+0x9f8/0xc90 [ 401.496985][ C0] _raw_spin_lock_irq+0xa2/0xf0 [ 401.497009][ C0] ? __hrtimer_run_queues+0x602/0xc60 [ 401.497035][ C0] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 401.497063][ C0] __hrtimer_run_queues+0x602/0xc60 [ 401.497098][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 401.497123][ C0] ? read_tsc+0x9/0x20 [ 401.497148][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 401.497186][ C0] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 401.497215][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 401.497241][ C0] [ 401.497247][ C0] [ 401.497254][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 401.497274][ C0] RIP: 0010:lock_release+0x2b5/0x3e0 [ 401.497297][ C0] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 bb 6b fb 10 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e [ 401.497313][ C0] RSP: 0018:ffffc9000399f4f0 EFLAGS: 00000206 [ 401.497328][ C0] RAX: ca3e6b58a5405700 RBX: 0000000000000206 RCX: ca3e6b58a5405700 [ 401.497341][ C0] RDX: 0000000000000003 RSI: ffffffff8db5a445 RDI: ffffffff8be1b680 [ 401.497354][ C0] RBP: ffff888034ef6568 R08: 0000000000000000 R09: ffffffff822ce1fa [ 401.497367][ C0] R10: dffffc0000000000 R11: fffff94000349dc9 R12: 0000000000000003 [ 401.497380][ C0] R13: 0000000000000003 R14: ffffffff8e13ee20 R15: ffff888034ef5a00 [ 401.497396][ C0] ? pfn_valid+0xba/0x490 [ 401.497424][ C0] ? pfn_valid+0xba/0x490 [ 401.497445][ C0] ? pfn_valid+0xba/0x490 [ 401.497468][ C0] pfn_valid+0x3b2/0x490 [ 401.497491][ C0] page_table_check_clear+0x21/0x700 [ 401.497514][ C0] ? vm_normal_page+0xb7/0x230 [ 401.497542][ C0] unmap_page_range+0x3249/0x41c0 [ 401.497591][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 401.497622][ C0] ? unmap_vmas+0x144/0x580 [ 401.497650][ C0] unmap_vmas+0x399/0x580 [ 401.497679][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 401.497718][ C0] exit_mmap+0x248/0xb50 [ 401.497740][ C0] ? uprobe_clear_state+0x20f/0x290 [ 401.497765][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 401.497785][ C0] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 401.497820][ C0] ? __pfx_exit_aio+0x10/0x10 [ 401.497845][ C0] ? uprobe_clear_state+0x274/0x290 [ 401.497867][ C0] ? mm_update_next_owner+0xa7/0x870 [ 401.497889][ C0] __mmput+0x118/0x420 [ 401.497914][ C0] exit_mm+0x1da/0x2c0 [ 401.497933][ C0] ? __pfx_exit_mm+0x10/0x10 [ 401.497960][ C0] ? rcu_is_watching+0x15/0xb0 [ 401.497988][ C0] do_exit+0x640/0x22e0 [ 401.498010][ C0] ? preempt_schedule_common+0x83/0xd0 [ 401.498035][ C0] ? preempt_schedule+0xae/0xc0 [ 401.498059][ C0] ? __pfx_do_exit+0x10/0x10 [ 401.498080][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 401.498111][ C0] do_group_exit+0x21c/0x2d0 [ 401.498137][ C0] __x64_sys_exit_group+0x3f/0x40 [ 401.498157][ C0] x64_sys_call+0x21ba/0x21c0 [ 401.498175][ C0] do_syscall_64+0xfa/0x3b0 [ 401.498203][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 401.498229][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.498247][ C0] ? clear_bhb_loop+0x60/0xb0 [ 401.498267][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.498285][ C0] RIP: 0033:0x7f36df38e929 [ 401.498304][ C0] Code: Unable to access opcode bytes at 0x7f36df38e8ff. [ 401.498314][ C0] RSP: 002b:00007ffd36710748 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 401.498332][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f36df38e929 [ 401.498344][ C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 401.498355][ C0] RBP: 00007ffd367107ac R08: 000000053671083f R09: 00000000000927c0 [ 401.498368][ C0] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000202 [ 401.498379][ C0] R13: 00000000000927c0 R14: 00000000000465b2 R15: 00007ffd36710800 [ 401.498400][ C0] [ 401.498503][ C1] task:syz.3.2616 state:R running task stack:25832 pid:12760 tgid:12759 ppid:5838 task_flags:0x400140 flags:0x00004000 [ 402.070942][ C1] Call Trace: [ 402.074266][ C1] [ 402.077409][ C1] __schedule+0x16a2/0x4cb0 [ 402.081966][ C1] ? stack_trace_save+0x9c/0xe0 [ 402.086862][ C1] ? preempt_schedule_notrace+0xd1/0x110 [ 402.092635][ C1] ? kasan_save_stack+0x3e/0x60 [ 402.097790][ C1] ? __pfx___schedule+0x10/0x10 [ 402.102951][ C1] ? vma_complete+0x224/0xae0 [ 402.107655][ C1] ? vms_gather_munmap_vmas+0x4ab/0x12b0 [ 402.113329][ C1] ? do_syscall_64+0xfa/0x3b0 [ 402.118400][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.124520][ C1] preempt_schedule_notrace+0xd1/0x110 [ 402.130374][ C1] ? __pfx_preempt_schedule_notrace+0x10/0x10 [ 402.136617][ C1] ? unwind_next_frame+0xa5/0x2390 [ 402.141945][ C1] preempt_schedule_notrace_thunk+0x16/0x30 [ 402.147983][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 402.154304][ C1] ? unwind_next_frame+0xa5/0x2390 [ 402.159455][ C1] rcu_is_watching+0x7f/0xb0 [ 402.164273][ C1] lock_acquire+0x5f/0x360 [ 402.168740][ C1] ? unwind_next_frame+0xa5/0x2390 [ 402.173979][ C1] ? unwind_next_frame+0x19ae/0x2390 [ 402.179311][ C1] ? stack_trace_save+0x9c/0xe0 [ 402.184194][ C1] ? unwind_next_frame+0xa5/0x2390 [ 402.189603][ C1] unwind_next_frame+0xc2/0x2390 [ 402.194610][ C1] ? unwind_next_frame+0xa5/0x2390 [ 402.199856][ C1] ? arch_stack_walk+0xe4/0x150 [ 402.204856][ C1] ? __unwind_start+0x5b9/0x760 [ 402.209761][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 402.216160][ C1] arch_stack_walk+0x11c/0x150 [ 402.221352][ C1] ? stack_trace_save+0x9c/0xe0 [ 402.226517][ C1] stack_trace_save+0x9c/0xe0 [ 402.231460][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 402.237010][ C1] save_stack+0xf7/0x1f0 [ 402.241301][ C1] ? __pfx_save_stack+0x10/0x10 [ 402.246556][ C1] ? seqcount_lockdep_reader_access+0x102/0x180 [ 402.253032][ C1] __set_page_owner+0x8d/0x4a0 [ 402.257849][ C1] ? __pfx___set_page_owner+0x10/0x10 [ 402.263462][ C1] post_alloc_hook+0x240/0x2a0 [ 402.268272][ C1] get_page_from_freelist+0x21d5/0x22b0 [ 402.273953][ C1] ? __lock_acquire+0xab9/0xd20 [ 402.278902][ C1] ? __pfx_get_page_from_freelist+0x10/0x10 [ 402.285464][ C1] ? prepare_alloc_pages+0x213/0x610 [ 402.291521][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 402.298262][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 402.305786][ C1] ? policy_nodemask+0x27c/0x720 [ 402.310774][ C1] alloc_pages_mpol+0x232/0x4a0 [ 402.316364][ C1] folio_alloc_mpol_noprof+0x39/0x70 [ 402.321809][ C1] shmem_alloc_and_add_folio+0x447/0xf60 [ 402.327503][ C1] ? filemap_get_entry+0xad/0x2f0 [ 402.332567][ C1] ? filemap_get_entry+0xad/0x2f0 [ 402.337622][ C1] ? filemap_get_entry+0xad/0x2f0 [ 402.342729][ C1] ? shmem_huge_global_enabled+0x174/0x3a0 [ 402.348576][ C1] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 402.355045][ C1] ? shmem_allowable_huge_orders+0x414/0x420 [ 402.361158][ C1] shmem_get_folio_gfp+0x59d/0x1660 [ 402.366498][ C1] shmem_fault+0x179/0x390 [ 402.371195][ C1] __do_fault+0x138/0x390 [ 402.375684][ C1] __handle_mm_fault+0x37ed/0x5620 [ 402.380941][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 402.386774][ C1] ? follow_page_pte+0x8d6/0x14b0 [ 402.392024][ C1] handle_mm_fault+0x2d5/0x7f0 [ 402.397102][ C1] ? vma_is_secretmem+0xd/0x50 [ 402.402072][ C1] __get_user_pages+0x1af4/0x30b0 [ 402.407242][ C1] ? mt_find+0x15c/0x5f0 [ 402.411548][ C1] ? __pfx___get_user_pages+0x10/0x10 [ 402.417052][ C1] populate_vma_page_range+0x26b/0x340 [ 402.422900][ C1] ? __pfx_populate_vma_page_range+0x10/0x10 [ 402.429177][ C1] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 402.435202][ C1] ? down_read+0x1ad/0x2e0 [ 402.439663][ C1] __mm_populate+0x24c/0x380 [ 402.444295][ C1] ? __pfx___mm_populate+0x10/0x10 [ 402.449613][ C1] ? up_write+0x1c4/0x420 [ 402.454274][ C1] vm_mmap_pgoff+0x3f0/0x4c0 [ 402.459481][ C1] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 402.464993][ C1] ? exc_page_fault+0x76/0xf0 [ 402.469859][ C1] ? ksys_mmap_pgoff+0xf4/0x760 [ 402.475091][ C1] ? __x64_sys_mmap+0x7f/0x140 [ 402.480309][ C1] do_syscall_64+0xfa/0x3b0 [ 402.485441][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 402.490994][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.497208][ C1] ? clear_bhb_loop+0x60/0xb0 [ 402.502338][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.508819][ C1] RIP: 0033:0x7fdf1478e929 [ 402.513867][ C1] RSP: 002b:00007fdf156d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 402.522533][ C1] RAX: ffffffffffffffda RBX: 00007fdf149b5fa0 RCX: 00007fdf1478e929 [ 402.530896][ C1] RDX: 000000000300000d RSI: 0000000000600000 RDI: 00002000009fd000 [ 402.539267][ C1] RBP: 00007fdf14810b39 R08: ffffffffffffffff R09: 0000000000000000 [ 402.547719][ C1] R10: 0000000000006031 R11: 0000000000000246 R12: 0000000000000000 [ 402.555819][ C1] R13: 0000000000000001 R14: 00007fdf149b5fa0 R15: 00007ffff8855228 [ 402.563919][ C1] [ 402.566966][ C1] rcu: rcu_preempt kthread starved for 10506 jiffies! g45605 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 402.578366][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 402.588630][ C1] rcu: RCU grace-period kthread stack dump: [ 402.594717][ C1] task:rcu_preempt state:R running task stack:27320 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 402.608596][ C1] Call Trace: [ 402.612540][ C1] [ 402.616102][ C1] __schedule+0x16a2/0x4cb0 [ 402.620804][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 402.626061][ C1] ? schedule+0x165/0x360 [ 402.630436][ C1] ? __lock_acquire+0xab9/0xd20 [ 402.636289][ C1] ? __pfx___schedule+0x10/0x10 [ 402.641301][ C1] ? schedule+0x91/0x360 [ 402.645950][ C1] schedule+0x165/0x360 [ 402.650427][ C1] schedule_timeout+0x12b/0x270 [ 402.655491][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 402.661045][ C1] ? __pfx_process_timeout+0x10/0x10 [ 402.666697][ C1] ? prepare_to_swait_event+0x341/0x380 [ 402.672482][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 402.678291][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 402.684105][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 402.690283][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 402.695904][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 402.701175][ C1] ? finish_swait+0xcd/0x1f0 [ 402.705905][ C1] rcu_gp_kthread+0x99/0x390 [ 402.710577][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 402.716099][ C1] ? __kthread_parkme+0x7b/0x200 [ 402.721789][ C1] ? __kthread_parkme+0x1a1/0x200 [ 402.726893][ C1] kthread+0x70e/0x8a0 [ 402.731026][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 402.736364][ C1] ? __pfx_kthread+0x10/0x10 [ 402.741004][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 402.746342][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 402.751683][ C1] ? __pfx_kthread+0x10/0x10 [ 402.756323][ C1] ret_from_fork+0x3fc/0x770 [ 402.761068][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 402.766242][ C1] ? __switch_to_asm+0x39/0x70 [ 402.771141][ C1] ? __switch_to_asm+0x33/0x70 [ 402.775953][ C1] ? __pfx_kthread+0x10/0x10 [ 402.780947][ C1] ret_from_fork_asm+0x1a/0x30 [ 402.785881][ C1] [ 402.788952][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 402.795315][ C1] CPU: 1 UID: 0 PID: 5824 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 402.805869][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 402.816310][ C1] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0 [ 402.823050][ C1] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 50 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 fb 73 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 e0 73 0b [ 402.842786][ C1] RSP: 0018:ffffc9000441f580 EFLAGS: 00000293 [ 402.849341][ C1] RAX: ffffffff81b4e760 RBX: ffff8880b873c9c0 RCX: ffff88802f99da00 [ 402.857451][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 402.865550][ C1] RBP: ffffc9000441f6e0 R08: ffffffff8f9fe2f7 R09: 1ffffffff1f3fc5e [ 402.873563][ C1] R10: dffffc0000000000 R11: fffffbfff1f3fc5f R12: 1ffff110170c868d [ 402.881581][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8643468 [ 402.889593][ C1] FS: 00005555673fb500(0000) GS:ffff888125d85000(0000) knlGS:0000000000000000 [ 402.898571][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 402.905370][ C1] CR2: 00007fdf149b7bac CR3: 0000000075dc2000 CR4: 00000000003526f0 [ 402.913561][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 402.922094][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 402.930205][ C1] Call Trace: [ 402.933529][ C1] [ 402.936514][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 402.942912][ C1] ? ldt_dup_context+0x336/0x3e0 [ 402.947944][ C1] ? rcu_is_watching+0x15/0xb0 [ 402.952780][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 402.958028][ C1] on_each_cpu_cond_mask+0x3f/0x80 [ 402.963310][ C1] flush_tlb_mm_range+0x6b1/0x12c0 [ 402.968784][ C1] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 402.974428][ C1] ? up_write+0x1c4/0x420 [ 402.978843][ C1] dup_mmap+0x15a0/0x1ac0 [ 402.983245][ C1] ? __pfx_dup_mmap+0x10/0x10 [ 402.988004][ C1] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 402.994144][ C1] ? mm_init+0xca7/0xf00 [ 402.998628][ C1] copy_mm+0x13c/0x4b0 [ 403.003020][ C1] copy_process+0x1706/0x3c00 [ 403.007783][ C1] ? copy_process+0x97f/0x3c00 [ 403.012651][ C1] ? __pfx_copy_process+0x10/0x10 [ 403.017746][ C1] ? __handle_mm_fault+0x1144/0x5620 [ 403.023279][ C1] kernel_clone+0x224/0x7f0 [ 403.027844][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 403.033370][ C1] __x64_sys_clone+0x18b/0x1e0 [ 403.038269][ C1] ? count_memcg_event_mm+0x21/0x260 [ 403.043603][ C1] ? __pfx___x64_sys_clone+0x10/0x10 [ 403.048954][ C1] ? do_user_addr_fault+0xc8a/0x1390 [ 403.054303][ C1] ? do_syscall_64+0xbe/0x3b0 [ 403.059125][ C1] do_syscall_64+0xfa/0x3b0 [ 403.063693][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 403.068949][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.075067][ C1] ? clear_bhb_loop+0x60/0xb0 [ 403.079885][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.086083][ C1] RIP: 0033:0x7f2649d85193 [ 403.090653][ C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 403.111621][ C1] RSP: 002b:00007ffc46f8d4a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 403.120541][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2649d85193 [ 403.128851][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 403.136857][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 403.144879][ C1] R10: 00005555673fb7d0 R11: 0000000000000246 R12: 0000000000000000 [ 403.152971][ C1] R13: 00000000000927c0 R14: 00000000000465ea R15: 00007ffc46f8d640 [ 403.160993][ C1]