last executing test programs: 6.011495549s ago: executing program 0 (id=1634): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="6000000002060108000000000000000005000003050005000a000000050001000700000005000400000000000900020073797a310000000014000300686173683a69702c706f72742c69700014000780080006400000020008000840", @ANYRES32], 0x60}, 0x1, 0x0, 0x0, 0x404c014}, 0xd4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="6c000000090601020000000000000000030000000900020073797a31000000000500010007000000440007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f00000500070084"], 0x6c}, 0x1, 0x0, 0x0, 0xe730d03276346fbd}, 0x0) 5.848449124s ago: executing program 0 (id=1637): r0 = eventfd2(0x0, 0x0) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000380)=""/95, 0x5f}], 0x1) write$eventfd(r0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x44080) pipe(0x0) setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000080)=ANY=[], 0x18) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x8}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) syz_io_uring_setup(0x38a9, &(0x7f0000000300)={0x0, 0xffffdfff, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000000), &(0x7f0000000140)) 4.870164961s ago: executing program 3 (id=1645): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000003c0)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000002200), r3}}, 0x18) 4.728507363s ago: executing program 4 (id=1646): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000011c0)=@multiplanar_overlay={0xbc8c, 0xa, 0x4, 0x2000, 0x6, {0x0, 0xea60}, {0x3, 0x2, 0xf7, 0xa, 0x3, 0x80, "16d3973f"}, 0x4, 0x3, {0x0}}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) syz_open_procfs$pagemap(0x0, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000cc0)={'syz1\x00', {}, 0x3, [0xfffffffd, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x9, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f9, 0x100, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x3, 0xe, 0x721a2d63, 0x5, 0x0, 0x0, 0x1, 0xfffffffe, 0x0, 0x1, 0x5, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x63c, 0x10, 0xa, 0x7f, 0x0, 0x0, 0x5, 0x197a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x289, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa46, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x71, 0x0, 0x0, 0x0, 0xffffffff, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4010000], [0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0xffffffff, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1000008, 0xc7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8, 0x0, 0x0, 0x7, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffd, 0x400, 0x1, 0xfffffffc, 0x40, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r3, 0x5502) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x19, 0x4, 0x8, 0x5}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r5, r1}, 0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r4}, &(0x7f0000000380), &(0x7f0000000580)=r5}, 0x20) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r6, 0x8924, &(0x7f0000000000)={'veth0_vlan\x00', @random="010000201000"}) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000000)={'vlan0\x00', @random="010000201000"}) syz_emit_ethernet(0x42, &(0x7f0000000380)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60010700000cba3842b83a2e6dfe0000000000"], 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_vlan={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{}, 0x3}}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) 4.577314614s ago: executing program 0 (id=1648): ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405668, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000200)=@multiplanar_userptr={0x9, 0x1, 0x4, 0x1000, 0x4, {0x0, 0x2710}, {0x0, 0xc, 0xf8, 0x7, 0x8, 0x0, "03c91c46"}, 0x10000, 0x2, {0x0}, 0x1}) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f046}) 4.236260485s ago: executing program 1 (id=1650): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000c8000000060a010400000000000000000100000008000b4000000000a0000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000680001800c00010062697477697365005800028008000340000000020800014000000014080002400000001204000580380004803200010062f3c28f5903bfd8381fa9db77e64d61f603d4eea43ea03cf3f525258f974e20182262570e75"], 0x13c}}, 0x0) 4.23609207s ago: executing program 3 (id=1651): write$binfmt_register(0xffffffffffffffff, &(0x7f0000000300)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x8000011000000009, 0x3a, 'B\xd4GGI\x82\\4\xbb\xbb\xbb\xb3\xd4)\xed\x8f\xaa\xf4\xd2{\xc5\t\xa9\xed\xf8e\xaa\xb9\xf5\r\xe3T\x0e\x8a\xd6\x9a_?G\x05\x00\x00\x00\x00\x00\x00\x00\x1e\x9a\xce\xac&x3\x15\x14y\xbf\xc6)\xa8\b/\x01\x00\x00\f\x8e1\xc4\xa1\xb2]I\xa5\x13}9\x1b0x0}) sendto$packet(r0, &(0x7f00000002c0)="050316fcd3fc142e00004788031c09102c", 0x11, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 4.056152702s ago: executing program 0 (id=1652): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = epoll_create1(0x0) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000000)={0x90000001}) 3.94417472s ago: executing program 4 (id=1654): r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x20000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x3ff, @private0, 0x9}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000480)='\r', 0x1}], 0x1}}], 0x1, 0x931766f6319eed40) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.847711645s ago: executing program 3 (id=1655): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='source', 0x0, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x0, {0x2, @remote, 'tunl0\x00'}}, 0x1e) sendmmsg(0xffffffffffffffff, &(0x7f0000002340), 0x0, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, 0x0, 0x40000) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0) r3 = openat$sequencer(0xffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r3, 0xc0046d00, &(0x7f0000001500)) 3.841067244s ago: executing program 1 (id=1656): unshare(0x2040400) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = dup(0xffffffffffffffff) write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c) r1 = syz_io_uring_setup(0x118a, &(0x7f00000000c0)={0x0, 0x5d97, 0x80, 0x0, 0xee, 0x0, r0}, &(0x7f00000003c0)=0x0, &(0x7f0000000200)=0x0) epoll_create1(0x80000) openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @multicast}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r0, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r1, 0x47f5, 0x0, 0x0, 0x0, 0x0) 2.838050951s ago: executing program 4 (id=1658): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf250100000004"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000) recvmmsg(r0, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}, 0xaf}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f0000001680)=""/129, 0x81}, {&(0x7f0000001740)=""/72, 0x48}, {&(0x7f0000000500)=""/43, 0x2b}], 0x4}, 0x7}], 0x3, 0x2000, 0x0) 2.536169562s ago: executing program 3 (id=1660): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmmsg$unix(r1, &(0x7f0000005a40)=[{{0x0, 0x0, &(0x7f0000000180)=[{0x0}], 0x1, 0x0, 0x0, 0x811}}], 0x1, 0x4880) setsockopt$inet6_tcp_int(r1, 0x6, 0x1, &(0x7f0000000000)=0x82b, 0x4) 2.534983072s ago: executing program 2 (id=1661): setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0xfffffffffffff006}) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000300)={0x28, 0x2, r2, r1, 0x0, 0x0, 0xdead, 0x4, &(0x7f00000002c0)}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r1, 0x0, &(0x7f0000000000/0x800000)=nil, 0x800000, 0x1004000}) 2.418136502s ago: executing program 1 (id=1662): r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002) ioctl$FE_SET_FRONTEND(r0, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @qam={0x3, 0x2, 0xa}}) ioctl$FE_READ_STATUS(r0, 0x80046f45, &(0x7f0000000280)) 2.343864186s ago: executing program 3 (id=1663): unshare(0x6a040000) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x3) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) r2 = openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x8, 0x0, 0xff91, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x800, 0x0) ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMRU1(r3, 0x40047454, 0x0) 2.177044599s ago: executing program 1 (id=1664): syz_open_dev$mouse(0x0, 0x7ff, 0x8000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f000007e000/0x1000)=nil) socket$kcm(0xa, 0x2, 0x0) socket$kcm(0xa, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x66) 2.123625685s ago: executing program 2 (id=1665): write$binfmt_register(0xffffffffffffffff, &(0x7f0000000300)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x8000011000000009, 0x3a, 'B\xd4GGI\x82\\4\xbb\xbb\xbb\xb3\xd4)\xed\x8f\xaa\xf4\xd2{\xc5\t\xa9\xed\xf8e\xaa\xb9\xf5\r\xe3T\x0e\x8a\xd6\x9a_?G\x05\x00\x00\x00\x00\x00\x00\x00\x1e\x9a\xce\xac&x3\x15\x14y\xbf\xc6)\xa8\b/\x01\x00\x00\f\x8e1\xc4\xa1\xb2]I\xa5\x13}9\x1b0x0}) sendto$packet(r0, &(0x7f00000002c0)="050316fcd3fc142e00004788031c09102c", 0x11, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 1.901439232s ago: executing program 4 (id=1666): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300), &(0x7f0000000180)=[0x5, 0x0, 0x2], 0x0, 0x1ffffe73, 0x1}}, 0x40) r1 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2, 0x809}, {0xa, 0x8, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0x0, 0xffffffff, 0x8]}}, 0x5c) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, 0x0, 0x0) setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x4e22, 0x800, @empty}, 0x0, {[0x0, 0x8000, 0x0, 0xfffffffc]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, {0xa, 0x0, 0x4, @empty}, 0x0, {[0x3, 0x0, 0x0, 0x1, 0x89f, 0x8, 0x1]}}, 0x5c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000"], 0x0, 0x26}, 0x28) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000340)=0x6, 0x4) 1.842933571s ago: executing program 2 (id=1667): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000001, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='batadv0\x00', 0x10) write(r0, &(0x7f0000000080)="822a0a65ee79cd726b", 0x9) 1.787596717s ago: executing program 3 (id=1668): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_disconnect(r0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000380)={&(0x7f0000000340)=[{0x4, 0x8029, 0x0, 0x0}], 0x1}) 1.708115329s ago: executing program 0 (id=1669): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x80b42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000340)={0x81, 0x0, 0x3}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000100)={0xffffffff, 0x1, 0xfffffffd, 0x1, 0x2}) 1.638654232s ago: executing program 4 (id=1670): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r1, 0x5421, &(0x7f0000000100)=0x9) connect$inet(r1, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) close(r1) 1.637992s ago: executing program 2 (id=1671): r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) 1.436075089s ago: executing program 4 (id=1672): unshare(0x2040400) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = dup(0xffffffffffffffff) write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c) r1 = syz_io_uring_setup(0x118a, &(0x7f00000000c0)={0x0, 0x5d97, 0x80, 0x0, 0xee, 0x0, r0}, &(0x7f00000003c0)=0x0, &(0x7f0000000200)=0x0) epoll_create1(0x80000) openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @multicast}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r0, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r1, 0x47f5, 0x0, 0x0, 0x0, 0x0) 1.435780382s ago: executing program 2 (id=1673): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmmsg$unix(r1, &(0x7f0000005a40)=[{{0x0, 0x0, &(0x7f0000000180)=[{0x0}], 0x1, 0x0, 0x0, 0x811}}], 0x1, 0x4880) setsockopt$inet6_tcp_int(r1, 0x6, 0x1, &(0x7f0000000000)=0x82b, 0x4) 1.414138667s ago: executing program 0 (id=1674): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e1c}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0", 0x49}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmmsg$unix(r3, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000c00)=""/4096, 0x1000}], 0x1}}], 0x1, 0x40004041, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xfffffffd, @empty}, 0x1c) mq_open(&(0x7f0000000240)=':\xb6/][#\x00', 0x40, 0x181, &(0x7f00000002c0)={0x10001, 0x5, 0x80000000, 0x1ff}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffe0, 0xa}, {0x1, 0xe}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8}, @TCA_CODEL_TARGET={0x8, 0x1, 0x2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x55}, 0xc010) shutdown(0xffffffffffffffff, 0x1) 1.399879375s ago: executing program 2 (id=1675): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) personality(0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) listen(r1, 0x0) creat(0x0, 0x122) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x7) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x5, 0x6, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x3, 0x8, 0x7ffd}, 0x48) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r9], 0x5c}}, 0x40) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) 1.208414412s ago: executing program 1 (id=1676): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2717, 0x0, &(0x7f0000000100)) 0s ago: executing program 1 (id=1677): write$binfmt_register(0xffffffffffffffff, &(0x7f0000000300)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x8000011000000009, 0x3a, 'B\xd4GGI\x82\\4\xbb\xbb\xbb\xb3\xd4)\xed\x8f\xaa\xf4\xd2{\xc5\t\xa9\xed\xf8e\xaa\xb9\xf5\r\xe3T\x0e\x8a\xd6\x9a_?G\x05\x00\x00\x00\x00\x00\x00\x00\x1e\x9a\xce\xac&x3\x15\x14y\xbf\xc6)\xa8\b/\x01\x00\x00\f\x8e1\xc4\xa1\xb2]I\xa5\x13}9\x1b0x0}) sendto$packet(r0, &(0x7f00000002c0)="050316fcd3fc142e00004788031c09102c", 0x11, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) kernel console output (not intermixed with test programs): g 11 bulk endpoint 0x6 has invalid maxpacket 255 [ 117.012007][ T5916] usb 2-1: config 0 interface 0 altsetting 11 has 1 endpoint descriptor, different from the interface descriptor's value: 36 [ 117.087065][ T5916] usb 2-1: config 0 interface 0 has no altsetting 0 [ 117.151199][ T5916] usb 2-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d [ 117.169969][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.194978][ T5916] usb 2-1: Product: syz [ 117.229873][ T5916] usb 2-1: Manufacturer: syz [ 117.260506][ T5916] usb 2-1: SerialNumber: syz [ 117.283612][ T5916] usb 2-1: config 0 descriptor?? [ 117.325586][ T6264] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 117.650654][ T5916] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 117.984974][ T5916] usb 2-1: USB disconnect, device number 6 [ 118.131762][ T6282] netlink: 'syz.3.65': attribute type 1 has an invalid length. [ 118.181019][ T6283] netlink: 'syz.1.66': attribute type 1 has an invalid length. [ 118.290499][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 118.290519][ T30] audit: type=1326 audit(1771209493.604:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.3.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f9bf79 code=0x7ffc0000 [ 118.477020][ T30] audit: type=1326 audit(1771209493.604:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.3.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f9bf79 code=0x7ffc0000 [ 118.609018][ T30] audit: type=1326 audit(1771209493.604:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.3.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63d2f9bf79 code=0x7ffc0000 [ 118.656099][ T30] audit: type=1326 audit(1771209493.614:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.3.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f9bf79 code=0x7ffc0000 [ 118.707376][ T6296] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 119.101596][ T30] audit: type=1326 audit(1771209493.624:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.3.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f9bf79 code=0x7ffc0000 [ 119.384452][ T30] audit: type=1326 audit(1771209493.624:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.3.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f63d2f9bf79 code=0x7ffc0000 [ 119.419768][ T30] audit: type=1326 audit(1771209493.624:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.3.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f9bf79 code=0x7ffc0000 [ 119.442297][ T30] audit: type=1326 audit(1771209493.624:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.3.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f9bf79 code=0x7ffc0000 [ 119.559907][ T30] audit: type=1326 audit(1771209493.624:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.3.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f63d2f9bf79 code=0x7ffc0000 [ 119.868401][ T30] audit: type=1326 audit(1771209493.624:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.3.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f9bf79 code=0x7ffc0000 [ 121.362366][ T6335] usb usb8: usbfs: process 6335 (syz.4.74) did not claim interface 0 before use [ 121.745286][ T5833] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 121.884713][ T6355] loop8: detected capacity change from 0 to 7 [ 121.894789][ T5987] Dev loop8: unable to read RDB block 7 [ 121.895348][ T5833] usb 5-1: device descriptor read/64, error -71 [ 121.913248][ T5987] loop8: AHDI p1 p2 p3 [ 121.917888][ T5987] loop8: partition table partially beyond EOD, truncated [ 121.928315][ T5987] loop8: p1 start 1601398130 is beyond EOD, truncated [ 121.950765][ T5987] loop8: p2 start 1702059890 is beyond EOD, truncated [ 121.961147][ T6355] Dev loop8: unable to read RDB block 7 [ 121.984638][ T6355] loop8: AHDI p1 p2 p3 [ 121.989161][ T6355] loop8: partition table partially beyond EOD, truncated [ 122.001169][ T6357] loop5: detected capacity change from 0 to 3 [ 122.008795][ T5931] Dev loop5: unable to read RDB block 3 [ 122.014406][ T5931] loop5: unable to read partition table [ 122.026118][ T6355] loop8: p1 start 1601398130 is beyond EOD, truncated [ 122.033263][ T5931] loop5: partition table beyond EOD, truncated [ 122.050041][ T6355] loop8: p2 start 1702059890 is beyond EOD, truncated [ 122.061325][ T5916] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 122.138053][ T6357] Dev loop5: unable to read RDB block 3 [ 122.143692][ T6357] loop5: unable to read partition table [ 122.159462][ T6357] loop5: partition table beyond EOD, truncated [ 122.166728][ T6355] netlink: 72 bytes leftover after parsing attributes in process `syz.0.78'. [ 122.169630][ T6357] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 122.186066][ T5833] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 122.197568][ T6355] netlink: 64 bytes leftover after parsing attributes in process `syz.0.78'. [ 122.227295][ T5916] usb 3-1: Using ep0 maxpacket: 16 [ 122.238319][ T5916] usb 3-1: config 166 has an invalid interface number: 177 but max is 1 [ 122.246917][ T5916] usb 3-1: config 166 has an invalid interface number: 34 but max is 1 [ 122.259196][ T5916] usb 3-1: config 166 has no interface number 0 [ 122.280913][ T5916] usb 3-1: config 166 has no interface number 1 [ 122.305579][ T5916] usb 3-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 122.321064][ T5916] usb 3-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 122.335553][ T5833] usb 5-1: device descriptor read/64, error -71 [ 122.337579][ T5916] usb 3-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 122.354381][ T5916] usb 3-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 122.394983][ T5916] usb 3-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 122.435094][ T5916] usb 3-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 122.459020][ T5833] usb usb5-port1: attempt power cycle [ 122.465986][ T5916] usb 3-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 122.477237][ T5916] usb 3-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0 [ 122.489666][ T5916] usb 3-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 122.509990][ T5916] usb 3-1: config 166 interface 177 has no altsetting 0 [ 122.521666][ T5916] usb 3-1: config 166 interface 34 has no altsetting 0 [ 122.536767][ T5916] usb 3-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 122.548066][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.556309][ T5916] usb 3-1: Product: syz [ 122.564989][ T5916] usb 3-1: Manufacturer: syz [ 122.589363][ T5916] usb 3-1: SerialNumber: syz [ 122.894953][ T5833] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 122.915759][ T5833] usb 5-1: device descriptor read/8, error -71 [ 123.154619][ T6371] usb usb8: usbfs: process 6371 (syz.3.82) did not claim interface 0 before use [ 123.183514][ T6371] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 123.192655][ T6371] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 123.201223][ T6371] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 123.825023][ T5833] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 123.875734][ T5833] usb 5-1: device descriptor read/8, error -71 [ 124.012440][ T5833] usb usb5-port1: unable to enumerate USB device [ 124.159915][ T6376] netlink: 'syz.3.84': attribute type 4 has an invalid length. [ 124.480526][ T6380] syz.0.85 uses obsolete (PF_INET,SOCK_PACKET) [ 124.530632][ T5916] ums-realtek 3-1:166.177: USB Mass Storage device detected [ 124.654552][ T5916] ums-realtek 3-1:166.34: USB Mass Storage device detected [ 124.767340][ T5916] ums-realtek 3-1:166.34: probe with driver ums-realtek failed with error -5 [ 124.779430][ T5916] uvcvideo 3-1:166.34: Found UVC 0.00 device syz (0bda:0138) [ 124.820531][ T5916] uvcvideo 3-1:166.34: No valid video chain found. [ 125.039426][ T5916] usb 3-1: USB disconnect, device number 4 [ 126.275170][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.91'. [ 126.416202][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.91'. [ 126.592416][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.91'. [ 126.672364][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.91'. [ 126.702317][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.91'. [ 126.727620][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.91'. [ 126.736619][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.91'. [ 126.783474][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.91'. [ 126.959129][ T6422] program syz.4.96 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 127.426363][ T5916] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 127.448795][ T6430] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 127.520725][ T6430] __nla_validate_parse: 26 callbacks suppressed [ 127.520747][ T6430] netlink: 20 bytes leftover after parsing attributes in process `syz.3.97'. [ 127.585132][ T5916] usb 5-1: Using ep0 maxpacket: 16 [ 127.604200][ T5916] usb 5-1: config 5 has an invalid interface number: 168 but max is 0 [ 127.615362][ T5916] usb 5-1: config 5 has no interface number 0 [ 127.631189][ T5916] usb 5-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 127.646663][ T6430] vlan2: entered promiscuous mode [ 127.651780][ T6430] bond0: entered promiscuous mode [ 127.657352][ T6430] bond_slave_0: entered promiscuous mode [ 127.663032][ T5916] usb 5-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024 [ 127.673690][ T6430] bond_slave_1: entered promiscuous mode [ 127.781206][ T5916] usb 5-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0x23, changing to 0x3 [ 127.803553][ T5916] usb 5-1: config 5 interface 168 altsetting 7 endpoint 0x3 has invalid wMaxPacketSize 0 [ 127.854367][ T5916] usb 5-1: config 5 interface 168 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 0 [ 127.866200][ T5916] usb 5-1: config 5 interface 168 has no altsetting 0 [ 127.890637][ T5916] usb 5-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 127.900330][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.909027][ T5916] usb 5-1: Product: syz [ 127.917934][ T5916] usb 5-1: Manufacturer: syz [ 127.926447][ T5916] usb 5-1: SerialNumber: syz [ 127.947861][ T6422] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 128.191296][ T5916] usb 5-1: NFC: Unable to get FW version [ 128.216897][ T5916] pn533_usb 5-1:5.168: probe with driver pn533_usb failed with error -90 [ 128.236033][ T5938] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 128.250357][ T5916] usb 5-1: USB disconnect, device number 7 [ 128.403364][ T6447] netlink: 28 bytes leftover after parsing attributes in process `syz.0.103'. [ 128.415176][ T6447] net_ratelimit: 92 callbacks suppressed [ 128.415194][ T6447] openvswitch: netlink: Flow key attr not present in new flow. [ 128.438393][ T6447] netdevsim netdevsim0: Direct firmware load for / [ 128.438393][ T6447] failed with error -2 [ 128.449455][ T6447] netdevsim netdevsim0: Falling back to sysfs fallback for: / [ 128.449455][ T6447] [ 128.484760][ T5938] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 128.498410][ T5938] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 128.514593][ T5938] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 128.527181][ T5938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 128.551886][ T5938] usb 2-1: SerialNumber: syz [ 128.796473][ T5916] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 129.018988][ T5916] usb 4-1: New USB device found, idVendor=0547, idProduct=6801, bcdDevice=43.6f [ 129.058363][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.085342][ T5916] usb 4-1: Product: syz [ 129.089603][ T5916] usb 4-1: Manufacturer: syz [ 129.094252][ T5916] usb 4-1: SerialNumber: syz [ 129.123440][ T5916] usb 4-1: config 0 descriptor?? [ 129.142711][ T5916] gspca_main: touptek-2.14.0 probing 0547:6801 [ 130.844775][ T5938] usb 2-1: 0:2 : does not exist [ 130.870273][ T5938] usb 2-1: unit 5: unexpected type 0x09 [ 130.964009][ T5938] usb 2-1: USB disconnect, device number 7 [ 131.665221][ T6465] netlink: 180 bytes leftover after parsing attributes in process `syz.4.107'. [ 131.675896][ T5917] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 131.838639][ T5917] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 131.849069][ T5917] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 131.874219][ T5917] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 131.957104][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.031291][ T1208] usb 4-1: USB disconnect, device number 8 [ 132.206886][ T5917] usb 1-1: Product: syz [ 132.217338][ T5917] usb 1-1: Manufacturer: syz [ 132.222008][ T5917] usb 1-1: SerialNumber: syz [ 132.315651][ T6482] netlink: 20 bytes leftover after parsing attributes in process `syz.3.112'. [ 132.629860][ T6489] netlink: 36 bytes leftover after parsing attributes in process `syz.4.113'. [ 132.757340][ T5917] usb 1-1: cannot find UAC_HEADER [ 132.936116][ T1208] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 132.960142][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.968997][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.062240][ T5917] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 133.101822][ T5917] usb 1-1: USB disconnect, device number 4 [ 133.109104][ T1208] usb 2-1: Using ep0 maxpacket: 8 [ 133.120465][ T1208] usb 2-1: unable to get BOS descriptor or descriptor too short [ 133.134959][ T5938] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 133.139948][ T1208] usb 2-1: config 4 interface 0 has no altsetting 0 [ 133.156462][ T5987] udevd[5987]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 133.213971][ T1208] usb 2-1: string descriptor 0 read error: -22 [ 133.233135][ T1208] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 133.242744][ T1208] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.273211][ T1208] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 133.285718][ T5938] usb 4-1: Using ep0 maxpacket: 8 [ 133.301530][ T1208] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 133.363400][ T5938] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 133.381829][ T1208] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 133.383078][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.398783][ T1208] usb 2-1: media controller created [ 133.427660][ T5938] usb 4-1: Product: syz [ 133.442195][ T5938] usb 4-1: Manufacturer: syz [ 133.452375][ T5938] usb 4-1: SerialNumber: syz [ 133.473645][ T5938] usb 4-1: config 0 descriptor?? [ 133.480898][ T1208] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 133.608637][ T1208] zl10353_read_register: readreg error (reg=127, ret==0) [ 133.738236][ T5938] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 133.775730][ T1208] usb 2-1: USB disconnect, device number 8 [ 133.858697][ T6504] vlan2: entered promiscuous mode [ 133.874619][ T6504] bridge0: entered promiscuous mode [ 133.929629][ T6505] team0: Port device macvlan2 added [ 134.246148][ T6510] netlink: 'syz.0.122': attribute type 1 has an invalid length. [ 134.395280][ T6514] netlink: 20 bytes leftover after parsing attributes in process `syz.1.124'. [ 134.490053][ T6492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.536602][ T30] kauditd_printk_skb: 78 callbacks suppressed [ 134.536619][ T30] audit: type=1326 audit(1771209509.884:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.0.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff643b9bf79 code=0x7ffc0000 [ 134.580685][ T6492] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.609543][ T30] audit: type=1326 audit(1771209509.884:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.0.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff643b9bf79 code=0x7ffc0000 [ 134.766091][ T5938] gspca_sunplus: reg_w_riv err -110 [ 134.771542][ T5938] sunplus 4-1:0.0: probe with driver sunplus failed with error -110 [ 135.136346][ T30] audit: type=1326 audit(1771209509.914:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.0.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff643b9bf79 code=0x7ffc0000 [ 135.160541][ T30] audit: type=1326 audit(1771209509.914:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.0.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff643b9bf79 code=0x7ffc0000 [ 135.219175][ T6514] vlan2: entered promiscuous mode [ 135.232195][ T6514] bond0: entered promiscuous mode [ 135.242353][ T6514] bond_slave_0: entered promiscuous mode [ 135.248290][ T30] audit: type=1326 audit(1771209509.914:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.0.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff643b9bf79 code=0x7ffc0000 [ 135.274250][ T6514] bond_slave_1: entered promiscuous mode [ 135.275737][ T5916] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 135.320069][ T30] audit: type=1326 audit(1771209509.914:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.0.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff643b9bf79 code=0x7ffc0000 [ 135.384280][ T6523] bond1: (slave gretap1): making interface the new active one [ 135.407200][ T30] audit: type=1326 audit(1771209509.914:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.0.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff643b9bf79 code=0x7ffc0000 [ 135.441644][ T6523] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 135.474054][ T5916] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 135.488661][ T30] audit: type=1326 audit(1771209509.914:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.0.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff643b9bf79 code=0x7ffc0000 [ 135.512979][ T5916] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 135.524975][ T5916] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 135.535414][ T5916] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 135.544605][ T30] audit: type=1326 audit(1771209509.914:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.0.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff643b9bf79 code=0x7ffc0000 [ 135.595563][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.672580][ T30] audit: type=1326 audit(1771209509.914:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.0.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff643b9bf79 code=0x7ffc0000 [ 135.865053][ T5916] aiptek 5-1:17.0: Aiptek using 400 ms programming speed [ 135.920795][ T5916] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input5 [ 135.978496][ T5916] input: failed to attach handler kbd to device input5, error: -5 [ 136.058861][ T5916] usb 5-1: USB disconnect, device number 8 [ 136.722586][ T6537] kvm: emulating exchange as write [ 136.761501][ T1208] usb 4-1: USB disconnect, device number 9 [ 136.885456][ T6548] netlink: 'syz.3.131': attribute type 21 has an invalid length. [ 136.984072][ T6550] loop2: detected capacity change from 0 to 7 [ 136.992989][ T6550] loop2: p4 [ 137.045133][ T6550] loop2: partition table partially beyond EOD, truncated [ 137.077446][ T6550] loop2: p4 size 4294967295 extends beyond EOD, truncated [ 137.133857][ T5190] loop2: p4 [ 137.152493][ T5190] loop2: partition table partially beyond EOD, truncated [ 137.174169][ T5190] loop2: p4 size 4294967295 extends beyond EOD, truncated [ 137.435231][ T5987] udevd[5987]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 137.546634][ T5987] udevd[5987]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 137.598195][ T6569] random: crng reseeded on system resumption [ 138.381384][ T6594] input: syz1 as /devices/virtual/input/input6 [ 138.388616][ T6594] input: failed to attach handler leds to device input6, error: -6 [ 140.941871][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 140.943492][ T6627] process 'syz.1.155' launched './file2' with NULL argv: empty string added [ 140.973545][ T30] audit: type=1326 audit(1771209516.284:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6621 comm="syz.1.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff28d79bf79 code=0x7ffc0000 [ 140.999558][ T30] audit: type=1326 audit(1771209516.284:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6621 comm="syz.1.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff28d79bf79 code=0x7ffc0000 [ 141.030611][ T30] audit: type=1326 audit(1771209516.284:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6621 comm="syz.1.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff28d79bf79 code=0x7ffc0000 [ 141.130896][ T30] audit: type=1326 audit(1771209516.284:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6621 comm="syz.1.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff28d79bf79 code=0x7ffc0000 [ 141.205388][ T6624] netlink: 44 bytes leftover after parsing attributes in process `syz.2.154'. [ 141.266187][ T30] audit: type=1326 audit(1771209516.284:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6621 comm="syz.1.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7ff28d79bf79 code=0x7ffc0000 [ 141.335066][ T30] audit: type=1326 audit(1771209516.284:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6621 comm="syz.1.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff28d79bf79 code=0x7ffc0000 [ 141.379626][ T30] audit: type=1326 audit(1771209516.284:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6621 comm="syz.1.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7ff28d79bf79 code=0x7ffc0000 [ 141.494063][ T30] audit: type=1326 audit(1771209516.284:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6621 comm="syz.1.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff28d79bf79 code=0x7ffc0000 [ 141.644931][ T30] audit: type=1326 audit(1771209516.284:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6621 comm="syz.1.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7ff28d79bf79 code=0x7ffc0000 [ 141.667714][ T30] audit: type=1326 audit(1771209516.304:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6621 comm="syz.1.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff28d79bf79 code=0x7ffc0000 [ 142.298476][ T6640] netlink: 'syz.3.158': attribute type 3 has an invalid length. [ 142.312353][ T6642] netlink: 8 bytes leftover after parsing attributes in process `syz.4.159'. [ 142.714973][ T24] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 142.905333][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 142.927589][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.966075][ T24] usb 3-1: config 0 has no interfaces? [ 142.998237][ T24] usb 3-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 5.00 [ 143.044973][ T24] usb 3-1: New USB device strings: Mfr=253, Product=255, SerialNumber=0 [ 143.076591][ T24] usb 3-1: Product: syz [ 143.080827][ T24] usb 3-1: Manufacturer: syz [ 143.112045][ T24] usb 3-1: config 0 descriptor?? [ 143.411895][ T5889] usb 3-1: USB disconnect, device number 5 [ 144.515299][ T6693] netlink: 40 bytes leftover after parsing attributes in process `syz.0.178'. [ 144.569798][ T6695] binder: BINDER_SET_CONTEXT_MGR already set [ 144.599053][ T6695] binder: 6694:6695 ioctl 4018620d 200000000040 returned -16 [ 144.673877][ T6699] netlink: 8 bytes leftover after parsing attributes in process `syz.2.181'. [ 144.874939][ T5938] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 145.036794][ T5938] usb 4-1: config 0 has an invalid interface number: 120 but max is 0 [ 145.058217][ T5938] usb 4-1: config 0 has no interface number 0 [ 145.066012][ T5938] usb 4-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 145.088522][ T5938] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 145.107769][ T5938] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 145.135044][ T5938] usb 4-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 145.204391][ T5938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.212783][ T5916] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 145.240005][ T5938] usb 4-1: config 0 descriptor?? [ 145.253686][ T5938] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.120/input/input7 [ 145.380693][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.453165][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.465789][ T5916] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 145.483741][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.509932][ T5916] usb 2-1: config 0 descriptor?? [ 145.557671][ T5833] usb 4-1: USB disconnect, device number 10 [ 145.923435][ T6726] kvm: pic: non byte read [ 145.935092][ T6726] kvm: pic: non byte read [ 145.941913][ T6726] kvm: pic: non byte read [ 145.948988][ T6726] kvm: pic: non byte read [ 145.953585][ T6726] kvm: pic: non byte read [ 145.958555][ T6726] kvm: pic: non byte read [ 145.963119][ T6726] kvm: pic: non byte read [ 146.027146][ T5916] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 146.056052][ T5916] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 146.084400][ T5916] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0002/input/input8 [ 146.461196][ T5916] cm6533_jd 0003:0D8C:0022.0002: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 146.531745][ T5916] usb 2-1: USB disconnect, device number 9 [ 146.808258][ T6734] fido_id[6734]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 147.154949][ T5833] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 147.686466][ T5833] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30 [ 147.723378][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.781154][ T5833] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 147.878049][ T5833] usb 5-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00 [ 147.934919][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.980105][ T5833] usb 5-1: config 0 descriptor?? [ 148.063364][ T5833] usbhid 5-1:0.0: can't add hid device: -22 [ 148.178192][ T5833] usbhid 5-1:0.0: probe with driver usbhid failed with error -22 [ 149.222144][ T6763] tipc: Started in network mode [ 149.268783][ T6763] tipc: Node identity 4, cluster identity 4711 [ 149.402454][ T6763] tipc: Node number set to 4 [ 149.840701][ T10] usb 5-1: USB disconnect, device number 9 [ 150.603002][ T6792] openvswitch: netlink: Flow key attr not present in new flow. [ 150.611081][ T5833] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 150.870834][ T5833] usb 5-1: Using ep0 maxpacket: 8 [ 150.986373][ T5833] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 151.075830][ T5833] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 151.094981][ T5833] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.113217][ T5833] usb 5-1: Product: syz [ 151.123630][ T5833] usb 5-1: Manufacturer: syz [ 151.142739][ T5833] usb 5-1: SerialNumber: syz [ 151.181994][ T5833] usb 5-1: config 0 descriptor?? [ 151.199848][ T5833] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 151.228378][ T5833] usb 5-1: setting power ON [ 151.274992][ T5833] dvb-usb: bulk message failed: -22 (2/0) [ 151.291800][ T5833] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 151.315724][ T5833] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 151.332024][ T5833] usb 5-1: media controller created [ 151.401220][ T6785] dvb-usb: bulk message failed: -22 (3/0) [ 151.408005][ T6785] dvb-usb: bulk message failed: -22 (3/0) [ 151.416161][ T5833] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 151.455771][ T5833] usb 5-1: selecting invalid altsetting 6 [ 151.473160][ T5833] usb 5-1: digital interface selection failed (-22) [ 151.483312][ T5833] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 151.513241][ T5833] usb 5-1: setting power OFF [ 151.544908][ T5833] dvb-usb: bulk message failed: -22 (2/0) [ 151.561041][ T5833] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 151.594970][ T5833] (NULL device *): no alternate interface [ 151.626729][ T6800] netlink: 8 bytes leftover after parsing attributes in process `syz.0.215'. [ 151.786130][ T5833] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 151.861725][ T5833] usb 5-1: USB disconnect, device number 10 [ 152.535246][ T5833] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 152.707871][ T5833] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 152.718502][ T6821] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 152.731322][ T5833] usb 3-1: config 0 has no interface number 0 [ 152.747949][ T5833] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 152.763449][ T5833] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.791475][ T5833] usb 3-1: Product: syz [ 152.799067][ T5833] usb 3-1: Manufacturer: syz [ 152.810416][ T5833] usb 3-1: SerialNumber: syz [ 152.851843][ T5833] usb 3-1: config 0 descriptor?? [ 153.098192][ T5833] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 153.115388][ T5833] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 153.127334][ T5833] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 153.135848][ T5833] usb 3-1: media controller created [ 153.155700][ T5833] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 153.695738][ T6839] netlink: 12 bytes leftover after parsing attributes in process `syz.3.231'. [ 153.710778][ T6839] bridge: RTM_NEWNEIGH with invalid ether address [ 154.289971][ T6856] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.298578][ T6856] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.314095][ T5833] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 154.412982][ T5833] usb 3-1: USB disconnect, device number 6 [ 154.447326][ T6867] ======================================================= [ 154.447326][ T6867] WARNING: The mand mount option has been deprecated and [ 154.447326][ T6867] and is ignored by this kernel. Remove the mand [ 154.447326][ T6867] option from the mount to silence this warning. [ 154.447326][ T6867] ======================================================= [ 154.596244][ T6856] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.612898][ T6856] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.803458][ T6860] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.811281][ T6860] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.117363][ T6860] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.158986][ T6860] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 155.636832][ T6869] netlink: 12 bytes leftover after parsing attributes in process `syz.1.243'. [ 155.646041][ T6869] bridge_slave_0: default FDB implementation only supports local addresses [ 155.660904][ T36] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.683940][ T36] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.761640][ T36] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.795430][ T36] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.813985][ T36] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.835746][ T36] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.858666][ T36] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.878867][ T36] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.150967][ T6888] can: request_module (can-proto-3) failed. [ 156.406427][ T6900] [U] VÔ3¸ÂFÙ¾"SÇÁ/ÉÊ4:ÃXTZ“W¡T‘’LWµ«= [ 156.772804][ T6907] netlink: 8 bytes leftover after parsing attributes in process `syz.1.254'. [ 156.889798][ T6887] [U] J"—E:ÀÆ" [ 157.305388][ T5833] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 157.520434][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.564916][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.602829][ T5833] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 157.643659][ T5833] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 157.678626][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.727034][ T5833] usb 1-1: config 0 descriptor?? [ 158.225876][ T5833] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd [ 158.329349][ T5833] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 159.603887][ T6937] random: crng reseeded on system resumption [ 159.645371][ T5889] usb 1-1: reset high-speed USB device number 5 using dummy_hcd [ 160.551776][ T6963] capability: warning: `syz.4.274' uses 32-bit capabilities (legacy support in use) [ 160.588064][ T6963] ucma_write: process 129 (syz.4.274) changed security contexts after opening file descriptor, this is not allowed. [ 160.776155][ T10] usb 1-1: USB disconnect, device number 5 [ 161.235006][ T5917] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 161.394997][ T5917] usb 4-1: Using ep0 maxpacket: 32 [ 161.426017][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 161.426032][ T30] audit: type=1326 audit(1771209536.774:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.2.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c2199bf79 code=0x7fc00000 [ 161.504976][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.517518][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.546839][ T5917] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 161.556317][ T30] audit: type=1326 audit(1771209536.804:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.2.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3c2193d399 code=0x7fc00000 [ 161.593703][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.607701][ T6979] netlink: 4 bytes leftover after parsing attributes in process `syz.1.280'. [ 161.670517][ T5917] usb 4-1: config 0 descriptor?? [ 161.696347][ T30] audit: type=1326 audit(1771209536.804:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.2.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f3c2193d45d code=0x7fc00000 [ 161.789924][ T30] audit: type=1326 audit(1771209536.804:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6960 comm="syz.2.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f3c2199bf79 code=0x7fc00000 [ 162.155105][ T5917] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 162.408377][ T5917] usb 4-1: USB disconnect, device number 11 [ 162.484192][ T6990] fido_id[6990]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 162.995807][ T7006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.288'. [ 163.873463][ T7010] netlink: 'syz.4.289': attribute type 10 has an invalid length. [ 163.924124][ T7010] netlink: 40 bytes leftover after parsing attributes in process `syz.4.289'. [ 164.227747][ T7010] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 164.264940][ T7010] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 164.290197][ T7010] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 165.568902][ T7026] bridge_slave_1: left allmulticast mode [ 165.575965][ T7026] bridge_slave_1: left promiscuous mode [ 165.583763][ T7026] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.770049][ T7026] bridge_slave_0: left allmulticast mode [ 165.784697][ T7026] bridge_slave_0: left promiscuous mode [ 165.791579][ T7026] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.816022][ T7031] netlink: 12 bytes leftover after parsing attributes in process `syz.3.295'. [ 166.994933][ T10] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 167.145518][ T10] usb 2-1: device descriptor read/64, error -71 [ 167.385060][ T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 167.525202][ T10] usb 2-1: device descriptor read/64, error -71 [ 167.636209][ T10] usb usb2-port1: attempt power cycle [ 167.914742][ T7068] netlink: 'syz.0.309': attribute type 1 has an invalid length. [ 168.266314][ T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 168.325643][ T10] usb 2-1: device descriptor read/8, error -71 [ 168.719144][ T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 168.779509][ T10] usb 2-1: device descriptor read/8, error -71 [ 168.905281][ T10] usb usb2-port1: unable to enumerate USB device [ 169.293852][ T7079] syzkaller1: entered promiscuous mode [ 169.300772][ T7079] syzkaller1: entered allmulticast mode [ 170.331654][ T7094] can: request_module (can-proto-3) failed. [ 171.013146][ T7104] [U] VÔ3¸ÂFÙ¾"SÇÁ/ÉÊ4:ÃXTZ“W¡T‘’LWµ«= [ 171.022185][ T7104] [U] J"—E:ÀÆ" [ 173.865737][ T7174] usb usb8: usbfs: process 7174 (syz.4.343) did not claim interface 0 before use [ 175.429531][ T7193] tipc: Enabled bearer , priority 0 [ 175.450193][ T7193] syzkaller0: entered promiscuous mode [ 175.465356][ T7193] syzkaller0: entered allmulticast mode [ 175.512090][ T7193] tipc: Resetting bearer [ 175.518173][ T5938] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 175.545722][ T7192] tipc: Resetting bearer [ 175.596961][ T7192] tipc: Disabling bearer [ 175.694990][ T5938] usb 5-1: Using ep0 maxpacket: 16 [ 175.717834][ T5938] usb 5-1: config 0 has no interfaces? [ 175.728846][ T5938] usb 5-1: config 0 has no interfaces? [ 175.757125][ T5938] usb 5-1: config 0 has no interfaces? [ 175.777848][ T5938] usb 5-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01 [ 175.792945][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 175.802939][ T5938] usb 5-1: Product: syz [ 175.808528][ T5938] usb 5-1: Manufacturer: syz [ 175.850457][ T5938] usb 5-1: config 0 descriptor?? [ 175.945997][ T7205] binder: 7203:7205 ioctl c0306201 200000000380 returned -14 [ 176.099281][ T5938] usb 5-1: USB disconnect, device number 11 [ 177.115382][ T5938] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 177.281455][ T5938] usb 2-1: config 0 has an invalid interface number: 120 but max is 0 [ 177.281489][ T5938] usb 2-1: config 0 has no interface number 0 [ 177.281532][ T5938] usb 2-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 177.281561][ T5938] usb 2-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 177.281590][ T5938] usb 2-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 177.281638][ T5938] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 177.281663][ T5938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.300869][ T5938] usb 2-1: config 0 descriptor?? [ 177.326482][ T5938] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.120/input/input10 [ 177.532275][ T5938] usb 2-1: USB disconnect, device number 14 [ 178.161755][ T30] audit: type=1326 audit(1771209553.484:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9849f9bf79 code=0x7ffc0000 [ 178.541154][ T30] audit: type=1326 audit(1771209553.484:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9849f9bf79 code=0x7ffc0000 [ 178.590312][ T7290] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 178.618069][ T30] audit: type=1326 audit(1771209553.484:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9849f9bf79 code=0x7ffc0000 [ 178.645578][ T30] audit: type=1326 audit(1771209553.484:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9849f9bf79 code=0x7ffc0000 [ 178.671875][ T7293] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 178.684570][ T7293] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 178.697496][ T30] audit: type=1326 audit(1771209553.484:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9849f9bf79 code=0x7ffc0000 [ 178.734954][ T30] audit: type=1326 audit(1771209553.484:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f9849f9bf79 code=0x7ffc0000 [ 178.762739][ T30] audit: type=1326 audit(1771209553.484:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9849f9bf79 code=0x7ffc0000 [ 178.786045][ T30] audit: type=1326 audit(1771209553.484:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9849f9bf79 code=0x7ffc0000 [ 178.808937][ T30] audit: type=1326 audit(1771209553.484:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f9849f9bf79 code=0x7ffc0000 [ 178.915234][ T30] audit: type=1326 audit(1771209553.484:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9849f9bf79 code=0x7ffc0000 [ 180.984903][ T5833] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 181.169241][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.181073][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.191592][ T5833] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 181.201564][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.213297][ T5833] usb 1-1: config 0 descriptor?? [ 181.633013][ T5833] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 181.652414][ T5833] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 181.671545][ T5833] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0005/input/input11 [ 181.742185][ T5833] cm6533_jd 0003:0D8C:0022.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 181.836622][ T5833] usb 1-1: USB disconnect, device number 6 [ 181.922484][ T7381] fido_id[7381]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 183.325032][ T5833] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 183.482595][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.495632][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.506029][ T5833] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 183.546829][ T7434] syz.1.454 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 183.558257][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.576278][ T5833] usb 1-1: config 0 descriptor?? [ 184.007920][ T5833] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0 [ 184.032711][ T5833] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0 [ 184.126966][ T5833] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0006/input/input12 [ 184.163859][ T5833] cm6533_jd 0003:0D8C:0022.0006: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 184.232260][ T5833] usb 1-1: USB disconnect, device number 7 [ 184.417008][ T7442] fido_id[7442]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 184.858047][ T7461] netlink: 76 bytes leftover after parsing attributes in process `syz.4.464'. [ 185.323017][ T7481] input: syz0 as /devices/virtual/input/input13 [ 187.492615][ T7563] netlink: 132 bytes leftover after parsing attributes in process `syz.2.510'. [ 187.696137][ T7569] netlink: 'syz.2.514': attribute type 9 has an invalid length. [ 187.703854][ T7569] netlink: 'syz.2.514': attribute type 11 has an invalid length. [ 187.724520][ T7569] netlink: 'syz.2.514': attribute type 12 has an invalid length. [ 187.732820][ T7569] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.514'. [ 187.742567][ T7569] netlink: 4 bytes leftover after parsing attributes in process `syz.2.514'. [ 188.101235][ T7583] netlink: 8 bytes leftover after parsing attributes in process `syz.1.519'. [ 188.456198][ T7593] netlink: 'syz.3.524': attribute type 29 has an invalid length. [ 188.474237][ T7593] netlink: 'syz.3.524': attribute type 29 has an invalid length. [ 188.775175][ T7608] netlink: 60 bytes leftover after parsing attributes in process `syz.4.531'. [ 190.647447][ T7700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.576'. [ 190.837533][ T7708] netlink: 60 bytes leftover after parsing attributes in process `syz.4.580'. [ 190.866032][ T7708] netlink: 60 bytes leftover after parsing attributes in process `syz.4.580'. [ 190.888049][ T7708] netlink: 60 bytes leftover after parsing attributes in process `syz.4.580'. [ 190.904772][ T7712] netlink: 60 bytes leftover after parsing attributes in process `syz.0.582'. [ 190.926092][ T7712] netlink: 60 bytes leftover after parsing attributes in process `syz.0.582'. [ 191.144257][ T7716] netlink: set zone limit has 4 unknown bytes [ 192.320695][ T7797] netlink: 'syz.3.623': attribute type 9 has an invalid length. [ 192.954029][ T7835] netlink: 'syz.3.643': attribute type 49 has an invalid length. [ 193.466684][ T7860] openvswitch: netlink: Duplicate or invalid key (type 0). [ 193.479932][ T7860] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 194.380157][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.386587][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.683112][ T7916] netlink: 60 bytes leftover after parsing attributes in process `syz.1.682'. [ 194.741609][ T7916] netlink: 60 bytes leftover after parsing attributes in process `syz.1.682'. [ 194.763144][ T7916] netlink: 60 bytes leftover after parsing attributes in process `syz.1.682'. [ 194.802559][ T7916] netlink: 60 bytes leftover after parsing attributes in process `syz.1.682'. [ 196.863894][ T8014] __nla_validate_parse: 4 callbacks suppressed [ 196.863915][ T8014] netlink: 12 bytes leftover after parsing attributes in process `syz.3.729'. [ 196.921482][ T8014] bridge_slave_0: default FDB implementation only supports local addresses [ 197.296885][ T8036] netlink: 8 bytes leftover after parsing attributes in process `syz.2.739'. [ 197.404363][ T8043] netlink: 12 bytes leftover after parsing attributes in process `syz.3.742'. [ 197.415273][ T8043] bridge_slave_0: default FDB implementation only supports local addresses [ 197.839795][ T8060] loop2: detected capacity change from 0 to 7 [ 197.940262][ T8060] Dev loop2: unable to read RDB block 7 [ 197.962072][ T8060] loop2: unable to read partition table [ 198.043860][ T8060] loop2: partition table beyond EOD, truncated [ 198.055097][ T8060] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 198.302739][ T8068] netlink: 8 bytes leftover after parsing attributes in process `syz.1.753'. [ 199.253714][ T8097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.767'. [ 199.584774][ T8106] netlink: set zone limit has 4 unknown bytes [ 199.681930][ T8108] batman_adv: batadv0: Adding interface: gretap1 [ 199.688726][ T8108] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.824742][ T8116] netlink: 16 bytes leftover after parsing attributes in process `syz.0.773'. [ 199.838941][ T8108] batman_adv: batadv0: Interface activated: gretap1 [ 199.853266][ T8118] fuseblk: Bad value for 'fd' [ 200.256662][ T5889] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 200.530078][ T5833] IPVS: starting estimator thread 0... [ 200.599918][ T8131] fuse: Bad value for 'fd' [ 200.619476][ T5889] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 200.628580][ T5889] usb 1-1: can't read configurations, error -61 [ 200.695006][ T8129] IPVS: using max 29 ests per chain, 69600 per kthread [ 200.766374][ T5889] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 200.930306][ T5889] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 200.938863][ T5889] usb 1-1: can't read configurations, error -61 [ 200.956438][ T5889] usb usb1-port1: attempt power cycle [ 201.324987][ T5889] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 201.352386][ T5889] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 201.363444][ T5889] usb 1-1: can't read configurations, error -61 [ 201.506476][ T5889] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 201.626835][ T5889] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 201.639774][ T5889] usb 1-1: can't read configurations, error -61 [ 201.647962][ T5889] usb usb1-port1: unable to enumerate USB device [ 203.147447][ T8155] mmap: syz.1.788 (8155): VmData 45846528 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data. [ 205.194981][ T24] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 205.386221][ T24] usb 5-1: device descriptor read/64, error -71 [ 205.507914][ T5837] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 205.587201][ T8205] netlink: 8 bytes leftover after parsing attributes in process `syz.0.811'. [ 205.625000][ T24] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 205.684537][ T8208] netlink: 44 bytes leftover after parsing attributes in process `syz.1.810'. [ 205.729841][ T8208] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.738404][ T8208] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.789135][ T24] usb 5-1: device descriptor read/64, error -71 [ 205.905153][ T24] usb usb5-port1: attempt power cycle [ 206.105399][ T5837] Bluetooth: hci1: Malformed Event: 0x02 [ 206.328485][ T24] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 206.455892][ T24] usb 5-1: device descriptor read/8, error -71 [ 206.715495][ T24] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 206.755918][ T24] usb 5-1: device descriptor read/8, error -71 [ 206.867669][ T24] usb usb5-port1: unable to enumerate USB device [ 206.939671][ T8241] snd_dummy snd_dummy.0: control 1:-1:-8:syz0:32 is already present [ 207.095434][ T8240] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 207.103515][ T8240] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 207.122608][ T8240] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 207.132145][ T8240] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 207.138481][ T8240] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 207.153564][ T8240] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 207.164137][ T8240] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 207.170689][ T8240] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 207.202239][ T8240] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 207.272517][ T8240] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 207.303130][ T8240] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 207.333785][ T8240] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 207.387815][ T8240] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 207.430115][ T8240] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 207.464590][ T8240] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 208.119296][ T8254] tipc: Failed to remove unknown binding: 66,0,0/0:3999661930/3999661931 [ 208.149082][ T8254] tipc: Failed to remove unknown binding: 66,0,0/0:3999661930/3999661931 [ 208.517000][ T8264] netlink: 24 bytes leftover after parsing attributes in process `syz.1.831'. [ 208.608356][ T8266] netlink: 4 bytes leftover after parsing attributes in process `syz.4.833'. [ 208.625584][ T8266] bridge_slave_1: left allmulticast mode [ 208.631339][ T8266] bridge_slave_1: left promiscuous mode [ 208.637343][ T8266] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.745373][ T24] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 208.870401][ T8266] bridge_slave_0: left allmulticast mode [ 208.876697][ T8266] bridge_slave_0: left promiscuous mode [ 208.891020][ T8266] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.072833][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 209.102879][ T24] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 209.130542][ T24] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 209.174958][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 209.258539][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 209.353670][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 209.415278][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 209.828682][ T24] usb 3-1: Product: syz [ 209.841026][ T24] usb 3-1: Manufacturer: syz [ 209.848782][ T24] usb 3-1: SerialNumber: syz [ 209.869920][ T24] usb 3-1: config 0 descriptor?? [ 209.985882][ T8272] netlink: 12 bytes leftover after parsing attributes in process `syz.0.835'. [ 210.022325][ T8272] bridge: RTM_NEWNEIGH with invalid ether address [ 210.173021][ T10] usb 3-1: USB disconnect, device number 7 [ 210.321995][ T5931] udevd[5931]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 210.850805][ T8283] tipc: Can't bind to reserved service type 2 [ 210.878266][ T8283] netlink: 277 bytes leftover after parsing attributes in process `syz.0.838'. [ 211.112736][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 211.255580][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 211.334890][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 211.415629][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 211.505096][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 212.022077][ T8303] delete_channel: no stack [ 213.188147][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 213.370591][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 213.415041][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 213.481534][ T8342] tipc: Started in network mode [ 213.495041][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 213.524464][ T8342] tipc: Node identity ac1414aa, cluster identity 4711 [ 213.576144][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 213.585927][ T8342] tipc: Enabled bearer , priority 10 [ 214.706704][ T5833] tipc: Node number set to 2886997162 [ 215.327366][ T8386] netlink: zone id is out of range [ 215.333818][ T8386] netlink: zone id is out of range [ 215.339799][ T8386] netlink: zone id is out of range [ 215.345662][ T8386] netlink: zone id is out of range [ 215.350929][ T8386] netlink: zone id is out of range [ 215.358500][ T8386] netlink: del zone limit has 8 unknown bytes [ 215.867006][ T8407] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 216.286604][ T5938] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 216.468000][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.483738][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 216.503836][ T5938] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 216.523233][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.557825][ T5938] usb 1-1: config 0 descriptor?? [ 216.996078][ T5938] cm6533_jd 0003:0D8C:0022.0007: unknown main item tag 0x0 [ 217.013267][ T5938] cm6533_jd 0003:0D8C:0022.0007: unknown main item tag 0x0 [ 217.037342][ T5938] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0007/input/input14 [ 217.075160][ T5833] IPVS: starting estimator thread 0... [ 217.115856][ T5938] cm6533_jd 0003:0D8C:0022.0007: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 217.155095][ T10] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 217.247769][ T5938] usb 1-1: USB disconnect, device number 12 [ 217.265364][ T8431] IPVS: using max 25 ests per chain, 60000 per kthread [ 217.320105][ T8432] fido_id[8432]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 217.387490][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 217.406270][ T10] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 217.437166][ T10] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 217.455915][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.497706][ T10] usb 5-1: config 0 descriptor?? [ 217.517863][ T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 217.539376][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 217.563364][ T10] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 217.591088][ T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 217.604689][ T10] usb 5-1: media controller created [ 217.622874][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 217.665486][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 217.671545][ T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 217.698598][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input15 [ 217.750159][ T10] dvb-usb: schedule remote query interval to 150 msecs. [ 217.765444][ T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 217.807085][ T10] usb 5-1: USB disconnect, device number 16 [ 217.909203][ T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 218.473086][ T8469] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 218.902894][ T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 219.101651][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.112765][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 219.311362][ T10] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 219.326508][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.414968][ T8486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'. [ 219.490680][ T10] usb 5-1: config 0 descriptor?? [ 219.541057][ T8486] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 219.854566][ T8500] futex_wake_op: syz.1.931 tries to shift op by 32; fix this program [ 219.933205][ T10] cm6533_jd 0003:0D8C:0022.0008: unknown main item tag 0x0 [ 219.985937][ T8502] netlink: 'syz.1.931': attribute type 4 has an invalid length. [ 219.995148][ T8502] netlink: 17 bytes leftover after parsing attributes in process `syz.1.931'. [ 220.055232][ T8502] delete_channel: no stack [ 220.166610][ T5889] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 220.186394][ T10] cm6533_jd 0003:0D8C:0022.0008: unknown main item tag 0x0 [ 220.340339][ T10] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0008/input/input17 [ 220.378767][ T5889] usb 4-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 220.406512][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.417871][ T10] cm6533_jd 0003:0D8C:0022.0008: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 220.452489][ T5889] usb 4-1: config 0 descriptor?? [ 220.471929][ T10] usb 5-1: USB disconnect, device number 17 [ 220.869610][ T8505] fido_id[8505]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 222.325852][ T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 222.504967][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 222.521156][ T10] usb 3-1: config 0 has an invalid interface number: 162 but max is 0 [ 222.534520][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 222.597601][ T10] usb 3-1: config 0 has no interface number 0 [ 222.614169][ T10] usb 3-1: config 0 interface 162 altsetting 2 endpoint 0x83 has invalid wMaxPacketSize 0 [ 222.625408][ T10] usb 3-1: config 0 interface 162 altsetting 2 bulk endpoint 0x83 has invalid maxpacket 0 [ 222.635877][ T10] usb 3-1: config 0 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 222.649997][ T10] usb 3-1: config 0 interface 162 has no altsetting 0 [ 222.659764][ T10] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=46.57 [ 222.669383][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.677659][ T10] usb 3-1: Product: syz [ 222.682102][ T10] usb 3-1: Manufacturer: syz [ 222.687590][ T10] usb 3-1: SerialNumber: syz [ 222.696329][ T10] usb 3-1: config 0 descriptor?? [ 222.704943][ T5916] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 222.723107][ T10] adutux 3-1:0.162: interrupt endpoints not found [ 222.868189][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.879278][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.889384][ T5916] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 222.899097][ T5916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.915918][ T5916] usb 1-1: config 0 descriptor?? [ 222.969206][ T10] usb 3-1: USB disconnect, device number 8 [ 223.339048][ T8537] netlink: 8 bytes leftover after parsing attributes in process `syz.1.945'. [ 223.342643][ T5916] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0 [ 223.364226][ T5916] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0 [ 223.394542][ T5916] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0009/input/input18 [ 223.466561][ T5916] cm6533_jd 0003:0D8C:0022.0009: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 223.555660][ T5916] usb 1-1: USB disconnect, device number 13 [ 223.666137][ T8539] fido_id[8539]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 224.171800][ T5889] usbhid 4-1:0.0: can't add hid device: -71 [ 224.205000][ T5889] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 224.230003][ T5889] usb 4-1: USB disconnect, device number 12 [ 224.657507][ T8584] netlink: 180 bytes leftover after parsing attributes in process `syz.3.965'. [ 224.675293][ T8584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.965'. [ 224.784911][ T5916] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 224.956569][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.974910][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 224.984761][ T5916] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 224.993978][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.025388][ T5916] usb 2-1: config 0 descriptor?? [ 225.399478][ T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 225.442865][ T5916] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 225.454531][ T5916] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 225.482489][ T5916] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.000A/input/input19 [ 225.535465][ T5916] cm6533_jd 0003:0D8C:0022.000A: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 225.578298][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 225.600203][ T10] usb 3-1: config 0 has no interfaces? [ 225.620035][ T10] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 225.635086][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.653976][ T10] usb 3-1: Product: syz [ 225.659292][ T5917] usb 2-1: USB disconnect, device number 15 [ 225.669367][ T10] usb 3-1: Manufacturer: syz [ 225.674185][ T10] usb 3-1: SerialNumber: syz [ 225.708784][ T10] usb 3-1: config 0 descriptor?? [ 225.781506][ T8602] fido_id[8602]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 225.921509][ T8597] netlink: 16 bytes leftover after parsing attributes in process `syz.2.970'. [ 225.933888][ T5917] usb 3-1: USB disconnect, device number 9 [ 226.125684][ T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 226.275289][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 226.283772][ T10] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 226.301253][ T10] usb 4-1: config 0 has no interface number 0 [ 226.314063][ T10] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 226.328197][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.345021][ T10] usb 4-1: Product: syz [ 226.351587][ T10] usb 4-1: Manufacturer: syz [ 226.359495][ T10] usb 4-1: SerialNumber: syz [ 226.375554][ T10] usb 4-1: config 0 descriptor?? [ 226.391408][ T10] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 226.604917][ T10] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 226.634230][ T10] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 226.754915][ T5833] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 226.798174][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - port change to invalid port: 47 [ 226.914933][ T5833] usb 3-1: Using ep0 maxpacket: 16 [ 226.921890][ T5833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 226.944446][ T5833] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 226.964032][ T5833] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.984895][ T5833] usb 3-1: Product: syz [ 226.989149][ T5833] usb 3-1: Manufacturer: syz [ 226.993773][ T5833] usb 3-1: SerialNumber: syz [ 227.008316][ T5833] usb 3-1: config 0 descriptor?? [ 227.012163][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 227.025708][ T10] usb 4-1: USB disconnect, device number 13 [ 227.039403][ T5833] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 227.050168][ T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 227.055349][ T5833] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 227.087224][ T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 227.108724][ T10] quatech2 4-1:0.51: device disconnected [ 227.144920][ T5917] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 227.307835][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 227.320305][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 227.330561][ T5917] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 227.339822][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.352892][ T5917] usb 1-1: config 0 descriptor?? [ 227.655047][ T5833] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 227.768098][ T5917] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0 [ 227.785060][ T5917] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0 [ 227.801579][ T5917] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.000B/input/input20 [ 227.856131][ T5917] cm6533_jd 0003:0D8C:0022.000B: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 227.981312][ T5917] usb 1-1: USB disconnect, device number 14 [ 228.043249][ T8649] fido_id[8649]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 228.089405][ T5833] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 228.120269][ T5833] em28xx 3-1:0.0: board has no eeprom [ 228.484925][ T8669] 8021q: VLANs not supported on ip6gre0 [ 229.155962][ T5833] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 229.176058][ T5833] em28xx 3-1:0.0: dvb set to bulk mode. [ 229.181766][ T5917] em28xx 3-1:0.0: Binding DVB extension [ 229.313106][ T5833] usb 3-1: USB disconnect, device number 10 [ 229.340904][ T5833] em28xx 3-1:0.0: Disconnecting em28xx [ 229.435060][ T5917] em28xx 3-1:0.0: Registering input extension [ 229.470783][ T5833] em28xx 3-1:0.0: Closing input extension [ 229.521714][ T5833] em28xx 3-1:0.0: Freeing device [ 229.654746][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 229.654764][ T30] audit: type=1326 audit(1771209604.994:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.0.1011" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7ff643b95d97 code=0x0 [ 231.089965][ T8718] syzkaller0: entered promiscuous mode [ 231.104992][ T8718] syzkaller0: entered allmulticast mode [ 231.233763][ T5827] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 231.246016][ T5827] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 231.256787][ T5916] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 231.266415][ T5827] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 231.277529][ T5827] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 231.285521][ T5827] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 231.437233][ T36] batman_adv: batadv0: Interface deactivated: gretap1 [ 231.446474][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.529443][ T5916] usb 2-1: New USB device found, idVendor=056a, idProduct=0314, bcdDevice= 0.00 [ 231.575281][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.607729][ T5916] usb 2-1: config 0 descriptor?? [ 232.036879][ T5916] wacom 0003:056A:0314.000C: unknown main item tag 0x0 [ 232.061681][ T36] batman_adv: batadv0: Removing interface: gretap1 [ 232.205336][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 232.224752][ T5916] usb 2-1: USB disconnect, device number 16 [ 232.236123][ T36] bond_slave_0: left promiscuous mode [ 232.257316][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 232.292957][ T36] bond_slave_1: left promiscuous mode [ 232.304203][ T36] bond0 (unregistering): Released all slaves [ 232.328642][ T36] bond1 (unregistering): Released all slaves [ 232.473483][ T36] tipc: Left network mode [ 232.914919][ T5917] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 232.993257][ T36] hsr_slave_0: left promiscuous mode [ 233.010897][ T36] hsr_slave_1: left promiscuous mode [ 233.019745][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 233.031487][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 233.074964][ T5917] usb 3-1: Using ep0 maxpacket: 32 [ 233.091464][ T5917] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 233.116713][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.134486][ T5917] usb 3-1: Product: syz [ 233.146245][ T5917] usb 3-1: Manufacturer: syz [ 233.160663][ T5917] usb 3-1: SerialNumber: syz [ 233.182151][ T5917] usb 3-1: config 0 descriptor?? [ 233.212932][ T5917] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 233.416282][ T5827] Bluetooth: hci4: command tx timeout [ 233.452142][ T36] team0 (unregistering): Port device team_slave_1 removed [ 233.485215][ T36] team0 (unregistering): Port device team_slave_0 removed [ 233.684173][ T5917] gspca_ov534_9: reg_w failed -71 [ 233.797375][ T8723] chnl_net:caif_netlink_parms(): no params data found [ 234.110748][ T5917] gspca_ov534_9: Unknown sensor 0000 [ 234.110851][ T5917] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 234.117888][ T8723] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.140549][ T5917] usb 3-1: USB disconnect, device number 11 [ 234.179921][ T8723] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.191268][ T8723] bridge_slave_0: entered allmulticast mode [ 234.199501][ T8723] bridge_slave_0: entered promiscuous mode [ 234.208710][ T8723] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.235133][ T8723] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.242495][ T8723] bridge_slave_1: entered allmulticast mode [ 234.268996][ T8723] bridge_slave_1: entered promiscuous mode [ 234.374742][ T8723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.407554][ T36] IPVS: stop unused estimator thread 0... [ 234.415851][ T8723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.561236][ T8723] team0: Port device team_slave_0 added [ 234.578069][ T8723] team0: Port device team_slave_1 added [ 234.675392][ T5917] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 234.690991][ T8723] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.710543][ T8723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 234.792534][ T8723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.834348][ T8723] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.844171][ T5917] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 234.870847][ T8723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 234.871135][ T5917] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 234.915694][ T8723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.001867][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 235.039281][ T5917] usb 3-1: Product: syz [ 235.055545][ T5917] usb 3-1: Manufacturer: syz [ 235.072425][ T5917] usb 3-1: SerialNumber: syz [ 235.122074][ T8723] hsr_slave_0: entered promiscuous mode [ 235.158388][ T8723] hsr_slave_1: entered promiscuous mode [ 235.195980][ T8723] debugfs: 'hsr0' already exists in 'hsr' [ 235.216713][ T8723] Cannot create hsr debugfs directory [ 235.359522][ T8792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.395315][ T8792] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.405629][ T5917] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 235.476615][ T5917] usb 3-1: USB disconnect, device number 12 [ 235.495003][ T5827] Bluetooth: hci4: command tx timeout [ 235.524591][ T5917] usblp0: removed [ 236.189466][ T8825] sctp: [Deprecated]: syz.0.1039 (pid 8825) Use of struct sctp_assoc_value in delayed_ack socket option. [ 236.189466][ T8825] Use struct sctp_sack_info instead [ 236.401456][ T5917] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 236.610101][ T5917] usb 3-1: device descriptor read/64, error -71 [ 236.914969][ T5917] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 237.086650][ T5917] usb 3-1: device descriptor read/64, error -71 [ 237.205743][ T5917] usb usb3-port1: attempt power cycle [ 237.275738][ T8723] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 237.316460][ T8723] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 237.330955][ T8723] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 237.372206][ T8723] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 237.564949][ T5917] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 237.575153][ T5827] Bluetooth: hci4: command tx timeout [ 237.615825][ T5917] usb 3-1: device descriptor read/8, error -71 [ 237.679052][ T8723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.748014][ T8723] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.791528][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.798784][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.858802][ T445] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.865595][ T5917] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 237.866329][ T445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.899960][ T5917] usb 3-1: device descriptor read/8, error -71 [ 238.025887][ T5917] usb usb3-port1: unable to enumerate USB device [ 238.073014][ T8723] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.173791][ T8723] veth0_vlan: entered promiscuous mode [ 238.195387][ T8723] veth1_vlan: entered promiscuous mode [ 238.258896][ T8723] veth0_macvtap: entered promiscuous mode [ 238.281148][ T8723] veth1_macvtap: entered promiscuous mode [ 238.326517][ T8723] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 238.355997][ T8723] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 238.385762][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.394899][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.422042][ T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.454435][ T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.981690][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.998342][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.133053][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.161045][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.663365][ T5827] Bluetooth: hci4: command tx timeout [ 240.946168][ T10] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 241.140437][ T10] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 241.148631][ T10] usb 4-1: can't read configurations, error -61 [ 241.247524][ T5938] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 241.301873][ T10] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 241.468844][ T5938] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 241.488752][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.506698][ T10] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 241.524919][ T10] usb 4-1: can't read configurations, error -61 [ 241.531413][ T5938] usb 3-1: Product: syz [ 241.556838][ T5938] usb 3-1: Manufacturer: syz [ 241.561601][ T5938] usb 3-1: SerialNumber: syz [ 241.575571][ T10] usb usb4-port1: attempt power cycle [ 241.599883][ T5938] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 241.659046][ T5916] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 241.935034][ T10] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 241.998414][ T10] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 242.025143][ T10] usb 4-1: can't read configurations, error -61 [ 242.155815][ T9] usb 3-1: USB disconnect, device number 17 [ 242.235934][ T10] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 242.307283][ T10] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 242.326621][ T10] usb 4-1: can't read configurations, error -61 [ 242.335336][ T10] usb usb4-port1: unable to enumerate USB device [ 242.794891][ T5916] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 242.850385][ T5916] ath9k_htc: Failed to initialize the device [ 242.867573][ T9] usb 3-1: ath9k_htc: USB layer deinitialized [ 243.317963][ T8990] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1077'. [ 244.663811][ T9019] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1088'. [ 245.725035][ T9022] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1088'. [ 247.190852][ T24] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 247.354962][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 247.375768][ T24] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 247.410435][ T24] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 247.531650][ T24] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 247.544420][ T24] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 247.613572][ T24] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 247.624105][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.632793][ T24] usb 4-1: Product: syz [ 247.670147][ T24] usb 4-1: Manufacturer: syz [ 247.681895][ T24] usb 4-1: SerialNumber: syz [ 247.730734][ C1] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 247.769434][ T24] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input22 [ 247.968731][ T24] imon:send_packet: packet tx failed (-71) [ 248.024749][ T24] imon 4-1:155.0: panel buttons/knobs setup failed [ 248.045090][ T24] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 248.071723][ T24] (id 0x00) [ 248.325054][ T24] rc_core: IR keymap rc-imon-pad not found [ 248.343719][ T24] Registered IR keymap rc-empty [ 248.354359][ T24] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 248.394091][ T24] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 248.417637][ T24] imon:send_packet: packet tx failed (-71) [ 248.455146][ T24] imon 4-1:155.0: remote input dev register failed [ 248.464736][ T24] imon 4-1:155.0: imon_init_intf0: rc device setup failed [ 248.565473][ T24] imon 4-1:155.0: unable to initialize intf0, err 0 [ 248.572144][ T24] imon:imon_probe: failed to initialize context! [ 248.615602][ T24] imon 4-1:155.0: unable to register, err -19 [ 248.645121][ T24] usb 4-1: USB disconnect, device number 18 [ 250.423992][ T9126] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1127'. [ 251.016465][ T9143] ptrace attach of "./syz-executor exec"[8723] was attempted by "./syz-executor exec"[9143] [ 252.704114][ T9165] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1142'. [ 253.194953][ T5903] IPVS: starting estimator thread 0... [ 253.292714][ T9171] IPVS: using max 38 ests per chain, 91200 per kthread [ 253.551028][ T9178] loop2: detected capacity change from 0 to 7 [ 253.581979][ T5844] Dev loop2: unable to read RDB block 7 [ 253.593802][ T5844] loop2: unable to read partition table [ 253.602108][ T5844] loop2: partition table beyond EOD, truncated [ 253.611274][ T9178] Dev loop2: unable to read RDB block 7 [ 253.618580][ T9178] loop2: unable to read partition table [ 253.624610][ T9178] loop2: partition table beyond EOD, truncated [ 253.644001][ T9178] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5) [ 253.675844][ T5190] Dev loop2: unable to read RDB block 7 [ 253.701110][ T5190] loop2: unable to read partition table [ 253.715338][ T5190] loop2: partition table beyond EOD, truncated [ 253.994388][ T9188] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1153'. [ 254.391776][ T9205] 8021q: VLANs not supported on ip6gre0 [ 254.888986][ T9218] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1167'. [ 255.829330][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.836210][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.044189][ T9242] ªªªªªª: renamed from vlan0 [ 256.582896][ T9257] loop2: detected capacity change from 0 to 7 [ 256.646646][ T9257] Dev loop2: unable to read RDB block 7 [ 256.662046][ T9257] loop2: AHDI p1 p2 p3 [ 256.670659][ T9257] loop2: partition table partially beyond EOD, truncated [ 256.712437][ T9257] loop2: p1 start 1818582900 is beyond EOD, truncated [ 256.740672][ T9257] loop2: p3 start 335544320 is beyond EOD, truncated [ 257.144217][ T9269] netlink: 'syz.1.1188': attribute type 8 has an invalid length. [ 257.230051][ T9274] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 257.377669][ T9282] openvswitch: netlink: Duplicate or invalid key (type 0). [ 257.389151][ T9282] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 257.454831][ T9284] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1196'. [ 257.469300][ T9284] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.514905][ T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 257.638791][ T9289] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1198'. [ 257.984992][ T10] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 257.994111][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.002288][ T10] usb 2-1: Product: syz [ 258.006521][ T10] usb 2-1: Manufacturer: syz [ 258.011117][ T10] usb 2-1: SerialNumber: syz [ 258.211659][ T9302] fuse: Bad value for 'fd' [ 258.231130][ T9302] ipip0: entered promiscuous mode [ 258.237461][ T9302] ipip0: entered allmulticast mode [ 258.266510][ T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 258.579793][ T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 258.597321][ T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 258.635796][ T10] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 258.884130][ T10] usb 2-1: USB disconnect, device number 17 [ 261.005322][ T5827] Bluetooth: hci0: unexpected cc 0x1405 length: 2 < 4 [ 261.012189][ T5827] Bluetooth: hci0: unexpected event for opcode 0x1405 [ 262.065044][ T10] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 262.349053][ T10] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30 [ 262.470106][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 262.508355][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 262.568803][ T10] usb 3-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00 [ 262.625512][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.693284][ T10] usb 3-1: config 0 descriptor?? [ 262.738394][ T10] usbhid 3-1:0.0: can't add hid device: -22 [ 262.755138][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 262.794422][ T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 262.871126][ T9395] input: syz0 as /devices/virtual/input/input24 [ 262.918073][ T9] usb 5-1: config 0 has an invalid interface number: 255 but max is 0 [ 262.944894][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 263.095062][ T9] usb 5-1: config 0 has no interface number 0 [ 263.102682][ T9] usb 5-1: config 0 interface 255 has no altsetting 0 [ 263.159924][ T9] usb 5-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 263.215479][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.639133][ T9] usb 5-1: config 0 descriptor?? [ 263.647571][ T9408] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1245'. [ 263.723906][ T9408] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.879605][ T9] usb 5-1: USB disconnect, device number 18 [ 265.094938][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 265.102563][ T5917] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 265.145757][ T5917] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 265.202313][ T24] usb 3-1: USB disconnect, device number 18 [ 265.965294][ T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 266.115113][ T5938] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 266.137581][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 266.146938][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 266.166565][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 266.187394][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 266.200822][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 266.212358][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 266.226562][ T9476] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1264'. [ 266.247847][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 266.257812][ T9] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 266.268233][ T9] usb 5-1: Manufacturer: syz [ 266.277637][ T5938] usb 3-1: config 0 has an invalid interface number: 120 but max is 0 [ 266.295948][ T9] usb 5-1: config 0 descriptor?? [ 266.301918][ T5938] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 266.325717][ T5938] usb 3-1: config 0 has no interface number 0 [ 266.343519][ T5938] usb 3-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 266.375537][ T5938] usb 3-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 266.394086][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.421576][ T5938] usb 3-1: config 0 descriptor?? [ 266.653567][ T5938] usb 3-1: string descriptor 0 read error: -71 [ 266.671356][ T9] rc_core: IR keymap rc-hauppauge not found [ 266.691294][ T9] Registered IR keymap rc-empty [ 266.699494][ T5938] usb 3-1: USB disconnect, device number 19 [ 266.706393][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 266.738073][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 266.768382][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 266.785317][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input25 [ 266.838922][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 266.876132][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 266.904875][ T24] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 266.905565][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 266.945063][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 266.975019][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 266.996152][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 267.019422][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 267.054964][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 267.064999][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 267.073032][ T24] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 267.081856][ T24] usb 1-1: config 0 has no interface number 0 [ 267.095315][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 267.117170][ T24] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 267.123918][ T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 267.133223][ T24] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 267.178361][ T9] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 267.188720][ T24] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 267.200262][ T24] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 267.208948][ T24] usb 1-1: Product: syz [ 267.209926][ T9] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 267.213562][ T24] usb 1-1: SerialNumber: syz [ 267.259646][ T5827] Bluetooth: hci1: command 0x0c1a tx timeout [ 267.268705][ T5917] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 267.274964][ T5917] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 267.287472][ T9] usb 5-1: USB disconnect, device number 19 [ 267.295885][ T24] usb 1-1: config 0 descriptor?? [ 267.322317][ T24] cm109 1-1:0.8: invalid payload size 0, expected 4 [ 267.331559][ T24] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input26 [ 267.471222][ T9499] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1267'. [ 267.521758][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 267.531099][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 267.538990][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 267.546583][ T24] usb 1-1: USB disconnect, device number 15 [ 267.554136][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 267.561194][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 267.596099][ T24] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 267.855775][ T9509] input: syz0 as /devices/virtual/input/input27 [ 268.498763][ T9538] fuse: Unknown parameter '0x0000000000000007' [ 268.514886][ T24] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 268.677714][ T24] usb 2-1: config 0 has an invalid interface number: 120 but max is 0 [ 268.687163][ T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 268.700503][ T24] usb 2-1: config 0 has no interface number 0 [ 268.707393][ T24] usb 2-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 268.720909][ T24] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 268.730053][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.754134][ T24] usb 2-1: config 0 descriptor?? [ 268.973231][ T5917] Bluetooth: hci2: Opcode 0x0c1a failed: -38 [ 268.995236][ T5917] Bluetooth: hci2: Error when powering off device on rfkill (-38) [ 269.020034][ T24] usb 2-1: string descriptor 0 read error: -71 [ 269.059837][ T24] usb 2-1: USB disconnect, device number 18 [ 269.066154][ T5827] Bluetooth: hci3: unexpected event for opcode 0x1004 [ 269.273925][ T9563] netlink: 'syz.4.1289': attribute type 11 has an invalid length. [ 269.301967][ T9563] netlink: 'syz.4.1289': attribute type 12 has an invalid length. [ 269.342491][ T9563] netlink: 210020 bytes leftover after parsing attributes in process `syz.4.1289'. [ 269.365171][ T9563] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1289'. [ 269.536856][ T9576] openvswitch: netlink: Flow key attr not present in new flow. [ 269.560336][ T9574] netlink: 'syz.0.1291': attribute type 5 has an invalid length. [ 273.708694][ T9574] ip6erspan0: entered promiscuous mode [ 274.225276][ T24] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 274.442867][ T24] usb 1-1: config 0 has an invalid interface number: 120 but max is 0 [ 274.757057][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 274.784021][ T24] usb 1-1: config 0 has no interface number 0 [ 274.804911][ T24] usb 1-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 274.859767][ T24] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 274.885059][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.923989][ T24] usb 1-1: config 0 descriptor?? [ 275.164972][ T24] usb 1-1: string descriptor 0 read error: -71 [ 275.187802][ T24] usb 1-1: USB disconnect, device number 16 [ 276.252848][ T9697] input: syz0 as /devices/virtual/input/input28 [ 276.295502][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 276.301797][ T5917] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 276.311324][ T5917] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 277.284880][ T10] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 277.435349][ T9710] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 277.467002][ T10] usb 3-1: config 0 has an invalid interface number: 120 but max is 0 [ 277.494731][ T10] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 278.029497][ T10] usb 3-1: config 0 has no interface number 0 [ 278.118435][ T10] usb 3-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 278.169971][ T10] usb 3-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 278.198291][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.234315][ T10] usb 3-1: config 0 descriptor?? [ 278.376425][ T5827] Bluetooth: hci4: command 0x0c1a tx timeout [ 278.383730][ T5917] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 278.411853][ T5917] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 278.473025][ T5833] usb 3-1: USB disconnect, device number 20 [ 278.931283][ T9732] input: syz0 as /devices/virtual/input/input29 [ 279.096643][ T5903] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 279.256735][ T5903] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 279.274956][ T5903] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 279.295874][ T5903] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 279.314950][ T5903] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 279.335162][ T5903] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 279.354899][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.365416][ T5903] usb 1-1: config 0 descriptor?? [ 279.375304][ T9728] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 279.809461][ T5903] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x7 [ 279.817170][ T5903] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 279.824664][ T5903] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 279.833370][ T5903] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 279.879573][ T5903] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 280.077405][ T9] usb 1-1: USB disconnect, device number 17 [ 281.115081][ T5903] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 281.135157][ T5938] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 281.287520][ T5903] usb 3-1: Using ep0 maxpacket: 8 [ 281.315009][ T5903] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 281.319153][ T5938] usb 1-1: config 0 has an invalid interface number: 120 but max is 0 [ 281.335215][ T5938] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 281.372211][ T5903] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 281.382358][ T5938] usb 1-1: config 0 has no interface number 0 [ 281.444912][ T5903] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 281.464854][ T5903] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 281.498993][ T5903] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 281.516336][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.550086][ T5938] usb 1-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 281.594938][ T5938] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 281.604045][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.666313][ T5938] usb 1-1: config 0 descriptor?? [ 281.818907][ T5903] usb 3-1: GET_CAPABILITIES returned 0 [ 281.847781][ T5903] usbtmc 3-1:16.0: can't read capabilities [ 281.919448][ T5833] usb 1-1: USB disconnect, device number 18 [ 283.557125][ T9802] delete_channel: no stack [ 284.056121][ T5903] usb 3-1: USB disconnect, device number 21 [ 284.225598][ T9813] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1367'. [ 284.352563][ T9813] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1367'. [ 284.475127][ T5903] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 284.646641][ T5903] usb 4-1: config 0 has an invalid interface number: 120 but max is 0 [ 284.675931][ T5903] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 284.700156][ T5903] usb 4-1: config 0 has no interface number 0 [ 284.719262][ T5903] usb 4-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 284.734238][ T5903] usb 4-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 284.754098][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.785387][ T5903] usb 4-1: config 0 descriptor?? [ 285.019265][ T5917] usb 4-1: USB disconnect, device number 19 [ 285.063407][ T9834] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1377'. [ 285.229390][ T9839] program syz.2.1380 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.260250][ T9839] fuse: Bad value for 'fd' [ 285.781107][ T9858] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1388'. [ 286.574972][ T5938] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 286.754827][ T5938] usb 1-1: Using ep0 maxpacket: 8 [ 286.782250][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.814478][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 286.839781][ T5938] usb 1-1: New USB device found, idVendor=056a, idProduct=0059, bcdDevice= 0.00 [ 286.860897][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.899878][ T5938] usb 1-1: config 0 descriptor?? [ 287.214900][ T5833] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 287.367087][ T5833] usb 2-1: config 0 has an invalid interface number: 120 but max is 0 [ 287.384963][ T5833] usb 2-1: config 0 has no interface number 0 [ 287.391162][ T5833] usb 2-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 287.404470][ T30] audit: type=1800 audit(1771209662.734:206): pid=9879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1396" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 287.425218][ T5833] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 287.434354][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.466963][ T5833] usb 2-1: config 0 descriptor?? [ 287.641441][ T9890] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1401'. [ 287.686275][ T5833] usb 2-1: USB disconnect, device number 19 [ 288.560061][ T9910] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.567370][ T9910] bridge0: port 2(bridge_slave_1) entered listening state [ 288.574880][ T9910] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.582101][ T9910] bridge0: port 1(bridge_slave_0) entered listening state [ 289.468326][ T5938] usbhid 1-1:0.0: can't add hid device: -71 [ 289.474343][ T5938] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 289.499260][ T5938] usb 1-1: USB disconnect, device number 19 [ 291.145401][ T9915] 8021q: VLANs not supported on ip6gre0 [ 291.688366][ T9921] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1412'. [ 291.738640][ T9923] tipc: Started in network mode [ 291.764890][ T9923] tipc: Node identity 4, cluster identity 4711 [ 291.788580][ T9923] tipc: Node number set to 4 [ 292.076030][ T9932] fuse: Bad value for 'fd' [ 292.274865][ T5938] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 292.430725][ T5938] usb 4-1: config 0 has an invalid interface number: 120 but max is 0 [ 292.448110][ T5938] usb 4-1: config 0 has no interface number 0 [ 292.457124][ T5938] usb 4-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 292.471503][ T5938] usb 4-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 292.482338][ T5938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.497139][ T5938] usb 4-1: config 0 descriptor?? [ 292.733528][ T5917] usb 4-1: USB disconnect, device number 20 [ 294.083414][ T9968] fuse: Bad value for 'fd' [ 294.270170][ T9965] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.278002][ T9965] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.374880][ T10] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 294.495410][ T9965] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 294.515665][ T9965] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 294.696687][ T10] usb 2-1: config 0 has an invalid interface number: 111 but max is 0 [ 294.706418][ T10] usb 2-1: config 0 has no interface number 0 [ 294.717903][ T10] usb 2-1: New USB device found, idVendor=05a9, idProduct=8065, bcdDevice=41.96 [ 294.789799][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.845989][ T9974] fuse: Unknown parameter 'user_id00000000000000000000' [ 294.864088][ T10] usb 2-1: config 0 descriptor?? [ 294.886749][ T10] gspca_main: ov534_9-2.14.0 probing 05a9:8065 [ 294.918792][ T61] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.928246][ T9974] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1431'. [ 294.955579][ T61] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.987770][ T61] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.007194][ T61] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.369602][ T9986] loop5: detected capacity change from 0 to 4096 [ 295.914916][ T5917] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 296.068968][ T5917] usb 5-1: config 0 has an invalid interface number: 120 but max is 0 [ 296.092481][ T5917] usb 5-1: config 0 has no interface number 0 [ 296.102730][ T5917] usb 5-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 296.122109][ T5917] usb 5-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 296.132903][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.165546][ T5917] usb 5-1: config 0 descriptor?? [ 296.177633][ T9993] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1438'. [ 296.213556][ T36] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 296.214066][ T9993] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1438'. [ 296.237946][ T36] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 296.246659][ T9995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1438'. [ 296.258438][ T36] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 296.268431][ T36] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 296.280462][ T9995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1438'. [ 296.400810][ T9] usb 5-1: USB disconnect, device number 20 [ 296.691568][T10009] fuse: Bad value for 'fd' [ 297.130530][ T10] gspca_ov534_9: reg_r err -71 [ 297.206419][T10022] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1450'. [ 297.435057][ T10] gspca_ov534_9: Unknown sensor 0000 [ 297.435162][ T10] ov534_9 2-1:0.111: probe with driver ov534_9 failed with error -22 [ 297.467071][ T10] usb 2-1: USB disconnect, device number 20 [ 298.294938][ T5917] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 298.460217][ T5917] usb 5-1: config 0 has an invalid interface number: 120 but max is 0 [ 298.469810][ T5917] usb 5-1: config 0 has no interface number 0 [ 298.479070][ T5917] usb 5-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 298.510535][ T5917] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 298.557358][ T5917] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 298.592726][ T5917] usb 5-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 298.606225][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.620998][ T5917] usb 5-1: config 0 descriptor?? [ 298.655275][ T5917] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.120/input/input35 [ 298.845663][ T5917] usb 5-1: USB disconnect, device number 21 [ 298.866591][T10053] kvm: kvm [10052]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x8bf [ 298.905214][T10053] kvm: kvm [10052]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x8fb [ 298.938970][T10053] kvm: kvm [10052]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x8de [ 298.949032][T10053] kvm: kvm [10052]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x882 [ 299.350330][T10069] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1466'. [ 299.659385][T10077] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.1471'. [ 299.737683][T10083] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1473'. [ 299.925179][ T9] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 300.079719][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 300.102063][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 300.119529][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 300.131459][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 300.146931][ T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 300.156229][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.175939][ T9] usb 3-1: config 0 descriptor?? [ 300.183210][T10080] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 300.277695][ T10] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 300.436650][ T10] usb 1-1: config 0 has an invalid interface number: 120 but max is 0 [ 300.464927][ T10] usb 1-1: config 0 has no interface number 0 [ 300.471402][ T10] usb 1-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 300.503416][ T10] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 300.515790][ T10] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 300.526675][ T10] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 300.537969][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.567229][ T10] usb 1-1: config 0 descriptor?? [ 300.597293][ T10] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.120/input/input36 [ 300.626274][ T9] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x7 [ 300.647111][ T9] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 300.665099][ T9] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 300.673013][ T9] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 300.711957][ T9] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 300.798496][ T5833] usb 1-1: USB disconnect, device number 20 [ 300.815789][ T1208] usb 3-1: USB disconnect, device number 22 [ 301.468056][T10118] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1485'. [ 303.294879][ T9] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 303.326648][T10155] syzkaller1: entered promiscuous mode [ 303.332344][T10155] syzkaller1: entered allmulticast mode [ 303.457421][ T9] usb 4-1: config 0 has an invalid interface number: 120 but max is 0 [ 303.496669][ T9] usb 4-1: config 0 has no interface number 0 [ 303.528296][ T9] usb 4-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 303.611449][ T9] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 303.641906][T10161] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1499'. [ 303.696277][ T9] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 303.749695][ T9] usb 4-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 303.765238][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.783092][ T9] usb 4-1: config 0 descriptor?? [ 303.800881][ T9] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.120/input/input37 [ 303.815662][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 303.824142][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 304.034378][ T9] usb 4-1: USB disconnect, device number 21 [ 305.214643][T10188] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1511'. [ 306.241327][T10215] syzkaller1: entered promiscuous mode [ 306.250872][T10215] syzkaller1: entered allmulticast mode [ 306.432641][T10217] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 307.230708][T10226] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1522'. [ 307.348946][T10228] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 307.356611][T10228] IPv6: NLM_F_CREATE should be set when creating new route [ 309.686482][T10259] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1533'. [ 310.591115][T10271] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1534'. [ 310.994664][T10275] syzkaller1: entered promiscuous mode [ 311.004931][T10275] syzkaller1: entered allmulticast mode [ 312.300142][ T9] IPVS: starting estimator thread 0... [ 312.435819][T10297] IPVS: using max 27 ests per chain, 64800 per kthread [ 312.548234][T10300] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1546'. [ 313.131471][T10311] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1548'. [ 315.208867][T10348] syzkaller1: entered promiscuous mode [ 315.234903][T10348] syzkaller1: entered allmulticast mode [ 315.818025][T10354] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1564'. [ 316.684553][T10368] input: syz0 as /devices/virtual/input/input39 [ 317.261017][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.267687][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.690391][T10395] syzkaller1: entered promiscuous mode [ 317.700650][T10395] syzkaller1: entered allmulticast mode [ 318.468071][T10416] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1588'. [ 318.578328][T10422] syzkaller0: entered promiscuous mode [ 318.594236][T10422] syzkaller0: entered allmulticast mode [ 319.186106][ C0] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.193411][ C0] bridge0: topology change detected, propagating [ 319.200228][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.207767][ C0] bridge0: topology change detected, propagating [ 321.534868][ T5917] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 321.624245][T10476] syzkaller1: entered promiscuous mode [ 321.660428][T10476] syzkaller1: entered allmulticast mode [ 321.750061][ T5917] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 321.768092][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 321.848982][ T5917] usb 5-1: Product: syz [ 321.867988][ T5917] usb 5-1: Manufacturer: syz [ 321.872701][ T5917] usb 5-1: SerialNumber: syz [ 321.900898][ T5917] usb 5-1: config 0 descriptor?? [ 323.434471][T10495] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1613'. [ 324.120334][T10524] syzkaller1: entered promiscuous mode [ 324.125990][T10524] syzkaller1: entered allmulticast mode [ 324.408125][ T9] usb 5-1: USB disconnect, device number 22 [ 324.503519][T10528] netlink: 4560 bytes leftover after parsing attributes in process `syz.4.1625'. [ 324.516775][T10528] netlink: 4560 bytes leftover after parsing attributes in process `syz.4.1625'. [ 326.733070][T10564] syzkaller1: entered promiscuous mode [ 326.738779][T10564] syzkaller1: entered allmulticast mode [ 327.034516][T10571] mmap: syz.3.1641 (10571) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 327.191608][T10576] netlink: 'syz.2.1642': attribute type 19 has an invalid length. [ 327.199972][T10576] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1642'. [ 327.248363][ T61] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 327.258343][T10576] netlink: 'syz.2.1642': attribute type 19 has an invalid length. [ 327.267913][ T61] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 327.279830][ T61] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 327.289405][T10576] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1642'. [ 327.298622][ T61] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 327.308726][T10576] netlink: 'syz.2.1642': attribute type 19 has an invalid length. [ 327.316956][T10576] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1642'. [ 327.727713][T10589] input: syz1 as /devices/virtual/input/input40 [ 328.211855][T10598] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1650'. [ 328.589373][T10611] syzkaller1: entered promiscuous mode [ 328.677852][T10611] syzkaller1: entered allmulticast mode [ 329.838090][T10627] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 329.913967][T10630] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 330.715120][ T5833] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 330.876387][ T5833] usb 4-1: Using ep0 maxpacket: 16 [ 330.885970][ T5833] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 330.908264][ T5833] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 330.924905][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.937775][T10658] syzkaller1: entered promiscuous mode [ 330.943659][ T5833] usb 4-1: Product: syz [ 330.949122][ T5833] usb 4-1: Manufacturer: syz [ 330.953833][ T5833] usb 4-1: SerialNumber: syz [ 330.958637][T10658] syzkaller1: entered allmulticast mode [ 330.982935][ T5833] usb 4-1: config 0 descriptor?? [ 330.996990][ T5833] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 331.019116][ T5833] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 331.059914][T10666] netlink: 'syz.2.1675': attribute type 1 has an invalid length. [ 331.339487][ T5833] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 331.487069][ T5833] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 331.588544][ T5833] em28xx 4-1:0.0: board has no eeprom [ 331.603717][ T30] audit: type=1326 audit(1771209706.944:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10659 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c2199bf79 code=0x7ffc0000 [ 331.677440][ T30] audit: type=1326 audit(1771209706.944:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10659 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c2199bf79 code=0x7ffc0000 [ 331.803784][ T30] audit: type=1326 audit(1771209707.054:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10659 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3c2199bf79 code=0x7ffc0000 [ 331.831068][ T30] audit: type=1326 audit(1771209707.144:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10659 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c2199bf79 code=0x7ffc0000 [ 332.365318][ T5833] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 332.375283][ T5833] em28xx 4-1:0.0: dvb set to bulk mode. [ 332.381220][ T5917] em28xx 4-1:0.0: Binding DVB extension [ 332.399898][ T36] [ 332.402290][ T36] ============================================ [ 332.408465][ T36] WARNING: possible recursive locking detected [ 332.414672][ T36] syzkaller #0 Not tainted [ 332.419115][ T36] -------------------------------------------- [ 332.425296][ T36] kworker/u8:2/36 is trying to acquire lock: [ 332.431301][ T36] ffff88807a142a20 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: inet6_getname+0x15d/0x650 [ 332.440770][ T36] [ 332.440770][ T36] but task is already holding lock: [ 332.448250][ T36] ffff88807a142a20 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_sock_set_cork+0x2c/0x2e0 [ 332.457868][ T36] [ 332.457868][ T36] other info that might help us debug this: [ 332.466103][ T36] Possible unsafe locking scenario: [ 332.466103][ T36] [ 332.473552][ T36] CPU0 [ 332.476840][ T36] ---- [ 332.480155][ T36] lock(k-sk_lock-AF_INET6); [ 332.484844][ T36] lock(k-sk_lock-AF_INET6); [ 332.489551][ T36] [ 332.489551][ T36] *** DEADLOCK *** [ 332.489551][ T36] [ 332.497722][ T36] May be due to missing lock nesting notation [ 332.497722][ T36] [ 332.506144][ T36] 4 locks held by kworker/u8:2/36: [ 332.511294][ T36] #0: ffff888054cf8948 ((wq_completion)krds_cp_wq#2/0){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 332.523005][ T36] #1: ffffc90000ac7c40 ((work_completion)(&(&cp->cp_send_w)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 332.535814][ T36] #2: ffff88807a142a20 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_sock_set_cork+0x2c/0x2e0 [ 332.546010][ T36] #3: ffff88807a142bc8 (k-clock-AF_INET6){++.-}-{3:3}, at: rds_tcp_data_ready+0x113/0x9a0 [ 332.556028][ T36] [ 332.556028][ T36] stack backtrace: [ 332.561937][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 332.561955][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 332.561967][ T36] Workqueue: krds_cp_wq#2/0 rds_send_worker [ 332.561991][ T36] Call Trace: [ 332.561998][ T36] [ 332.562006][ T36] dump_stack_lvl+0xe8/0x150 [ 332.562028][ T36] print_deadlock_bug+0x279/0x290 [ 332.562051][ T36] __lock_acquire+0x253f/0x2cf0 [ 332.562071][ T36] ? __bfs+0x153/0x290 [ 332.562091][ T36] ? check_path+0x21/0x40 [ 332.562111][ T36] ? check_noncircular+0xda/0x150 [ 332.562132][ T36] ? __bfs+0x153/0x290 [ 332.562149][ T36] ? __pfx_usage_match+0x10/0x10 [ 332.562176][ T36] lock_acquire+0xf0/0x2e0 [ 332.562193][ T36] ? inet6_getname+0x15d/0x650 [ 332.562216][ T36] lock_sock_nested+0x48/0x100 [ 332.562235][ T36] ? inet6_getname+0x15d/0x650 [ 332.562254][ T36] inet6_getname+0x15d/0x650 [ 332.562272][ T36] ? do_raw_spin_lock+0x12b/0x2f0 [ 332.562288][ T36] rds_tcp_conn_slots_available+0x288/0x470 [ 332.562309][ T36] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10 [ 332.562335][ T36] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 332.562358][ T36] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10 [ 332.562379][ T36] rds_recv_hs_exthdrs+0x60f/0x7c0 [ 332.562400][ T36] ? rds_send_worker+0x7d/0x2e0 [ 332.562413][ T36] ? process_scheduled_works+0xb02/0x1830 [ 332.562431][ T36] ? worker_thread+0xa50/0xfc0 [ 332.562453][ T36] ? __pfx_rds_recv_hs_exthdrs+0x10/0x10 [ 332.562479][ T36] rds_recv_incoming+0x9f6/0x12d0 [ 332.562503][ T36] ? __pfx_rds_recv_incoming+0x10/0x10 [ 332.562524][ T36] ? skb_copy_bits+0x7e5/0x8f0 [ 332.562550][ T36] rds_tcp_data_recv+0x7f1/0xa40 [ 332.562576][ T36] __tcp_read_sock+0x196/0x970 [ 332.562597][ T36] ? __pfx_rds_tcp_data_recv+0x10/0x10 [ 332.562618][ T36] rds_tcp_data_ready+0x369/0x9a0 [ 332.562637][ T36] ? __pfx_sock_def_readable+0x10/0x10 [ 332.562656][ T36] ? __pfx_rds_tcp_data_ready+0x10/0x10 [ 332.562681][ T36] tcp_data_queue+0x1e2e/0x5e50 [ 332.562704][ T36] ? tcp_urg+0x106/0x410 [ 332.562719][ T36] ? __pfx_tcp_data_queue+0x10/0x10 [ 332.562735][ T36] ? __pfx_tcp_urg+0x10/0x10 [ 332.562749][ T36] ? ktime_get+0x45/0x200 [ 332.562761][ T36] ? seqcount_lockdep_reader_access+0x20/0x100 [ 332.562775][ T36] ? tcp_ecn_received_counters+0x2b7/0x7f0 [ 332.562794][ T36] tcp_rcv_established+0xf45/0x2740 [ 332.562815][ T36] ? __pfx_tcp_rcv_established+0x10/0x10 [ 332.562830][ T36] ? ip6_dst_check+0x50/0x7e0 [ 332.562852][ T36] ? ip6_dst_check+0xe2/0x7e0 [ 332.562872][ T36] ? ip6_dst_check+0x5e3/0x7e0 [ 332.562892][ T36] ? __pfx_ip6_dst_check+0x10/0x10 [ 332.562913][ T36] tcp_v6_do_rcv+0x8eb/0x1ba0 [ 332.562935][ T36] ? __pfx_tcp_v6_do_rcv+0x10/0x10 [ 332.562952][ T36] __release_sock+0x1b8/0x3a0 [ 332.562971][ T36] release_sock+0x5f/0x1f0 [ 332.562991][ T36] ? __pfx_rds_tcp_xmit_path_complete+0x10/0x10 [ 332.563012][ T36] rds_send_xmit+0x207e/0x28d0 [ 332.563046][ T36] ? __pfx_rds_send_xmit+0x10/0x10 [ 332.563071][ T36] rds_send_worker+0x7d/0x2e0 [ 332.563085][ T36] ? process_scheduled_works+0xa25/0x1830 [ 332.563103][ T36] process_scheduled_works+0xb02/0x1830 [ 332.563131][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 332.563151][ T36] ? assign_work+0x3d5/0x5e0 [ 332.563176][ T36] worker_thread+0xa50/0xfc0 [ 332.563205][ T36] kthread+0x388/0x470 [ 332.563218][ T36] ? __pfx_worker_thread+0x10/0x10 [ 332.563236][ T36] ? __pfx_kthread+0x10/0x10 [ 332.563249][ T36] ret_from_fork+0x51e/0xb90 [ 332.563269][ T36] ? __pfx_ret_from_fork+0x10/0x10 [ 332.563288][ T36] ? __switch_to+0xc7d/0x1450 [ 332.563304][ T36] ? __pfx_kthread+0x10/0x10 [ 332.563318][ T36] ret_from_fork_asm+0x1a/0x30 [ 332.563345][ T36] [ 332.928556][ T36] BUG: sleeping function called from invalid context at net/core/sock.c:3782 [ 332.937330][ T36] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 36, name: kworker/u8:2 [ 332.946358][ T36] preempt_count: 201, expected: 0 [ 332.951380][ T36] RCU nest depth: 0, expected: 0 [ 332.956343][ T36] INFO: lockdep is turned off. [ 332.961110][ T36] Preemption disabled at: [ 332.961117][ T36] [<0000000000000000>] 0x0 [ 332.969872][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 332.969891][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 332.969902][ T36] Workqueue: krds_cp_wq#2/0 rds_send_worker [ 332.969920][ T36] Call Trace: [ 332.969927][ T36] [ 332.969934][ T36] dump_stack_lvl+0xe8/0x150 [ 332.969956][ T36] __might_resched+0x378/0x4d0 [ 332.969979][ T36] lock_sock_nested+0x5d/0x100 [ 332.970000][ T36] inet6_getname+0x15d/0x650 [ 332.970019][ T36] ? do_raw_spin_lock+0x12b/0x2f0 [ 332.970036][ T36] rds_tcp_conn_slots_available+0x288/0x470 [ 332.970058][ T36] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10 [ 332.970083][ T36] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 332.970107][ T36] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10 [ 332.970127][ T36] rds_recv_hs_exthdrs+0x60f/0x7c0 [ 332.970149][ T36] ? rds_send_worker+0x7d/0x2e0 [ 332.970162][ T36] ? process_scheduled_works+0xb02/0x1830 [ 332.970180][ T36] ? worker_thread+0xa50/0xfc0 [ 332.970208][ T36] ? __pfx_rds_recv_hs_exthdrs+0x10/0x10 [ 332.970233][ T36] rds_recv_incoming+0x9f6/0x12d0 [ 332.970258][ T36] ? __pfx_rds_recv_incoming+0x10/0x10 [ 332.970279][ T36] ? skb_copy_bits+0x7e5/0x8f0 [ 332.970305][ T36] rds_tcp_data_recv+0x7f1/0xa40 [ 332.970331][ T36] __tcp_read_sock+0x196/0x970 [ 332.970351][ T36] ? __pfx_rds_tcp_data_recv+0x10/0x10 [ 332.970373][ T36] rds_tcp_data_ready+0x369/0x9a0 [ 332.970392][ T36] ? __pfx_sock_def_readable+0x10/0x10 [ 332.970411][ T36] ? __pfx_rds_tcp_data_ready+0x10/0x10 [ 332.970436][ T36] tcp_data_queue+0x1e2e/0x5e50 [ 332.970460][ T36] ? tcp_urg+0x106/0x410 [ 332.970474][ T36] ? __pfx_tcp_data_queue+0x10/0x10 [ 332.970491][ T36] ? __pfx_tcp_urg+0x10/0x10 [ 332.970505][ T36] ? ktime_get+0x45/0x200 [ 332.970517][ T36] ? seqcount_lockdep_reader_access+0x20/0x100 [ 332.970531][ T36] ? tcp_ecn_received_counters+0x2b7/0x7f0 [ 332.970550][ T36] tcp_rcv_established+0xf45/0x2740 [ 332.970571][ T36] ? __pfx_tcp_rcv_established+0x10/0x10 [ 332.970586][ T36] ? ip6_dst_check+0x50/0x7e0 [ 332.970620][ T36] ? ip6_dst_check+0xe2/0x7e0 [ 332.970639][ T36] ? ip6_dst_check+0x5e3/0x7e0 [ 332.970659][ T36] ? __pfx_ip6_dst_check+0x10/0x10 [ 332.970679][ T36] tcp_v6_do_rcv+0x8eb/0x1ba0 [ 332.970700][ T36] ? __pfx_tcp_v6_do_rcv+0x10/0x10 [ 332.970716][ T36] __release_sock+0x1b8/0x3a0 [ 332.970734][ T36] release_sock+0x5f/0x1f0 [ 332.970753][ T36] ? __pfx_rds_tcp_xmit_path_complete+0x10/0x10 [ 332.970773][ T36] rds_send_xmit+0x207e/0x28d0 [ 332.970806][ T36] ? __pfx_rds_send_xmit+0x10/0x10 [ 332.970831][ T36] rds_send_worker+0x7d/0x2e0 [ 332.970844][ T36] ? process_scheduled_works+0xa25/0x1830 [ 332.970861][ T36] process_scheduled_works+0xb02/0x1830 [ 332.970888][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 332.970908][ T36] ? assign_work+0x3d5/0x5e0 [ 332.970926][ T36] worker_thread+0xa50/0xfc0 [ 332.970954][ T36] kthread+0x388/0x470 [ 332.970967][ T36] ? __pfx_worker_thread+0x10/0x10 [ 332.970984][ T36] ? __pfx_kthread+0x10/0x10 [ 332.970997][ T36] ret_from_fork+0x51e/0xb90 [ 332.971016][ T36] ? __pfx_ret_from_fork+0x10/0x10 [ 332.971033][ T36] ? __switch_to+0xc7d/0x1450 [ 332.971049][ T36] ? __pfx_kthread+0x10/0x10 [ 332.971062][ T36] ret_from_fork_asm+0x1a/0x30 [ 332.971088][ T36] [ 332.971096][ T36] BUG: scheduling while atomic: kworker/u8:2/36/0x00000202 [ 333.302822][ T36] INFO: lockdep is turned off. [ 333.307615][ T36] Modules linked in: [ 333.311508][ T36] Preemption disabled at: [ 333.311515][ T36] [<0000000000000000>] 0x0 [ 333.320386][ T36] Kernel panic - not syncing: scheduling while atomic: panic_on_warn set ... [ 333.329162][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Tainted: G W syzkaller #0 PREEMPT(full) [ 333.340018][ T36] Tainted: [W]=WARN [ 333.343843][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 333.353897][ T36] Workqueue: krds_cp_wq#2/0 rds_send_worker [ 333.359795][ T36] Call Trace: [ 333.363085][ T36] [ 333.366014][ T36] vpanic+0x56c/0xa60 [ 333.370006][ T36] ? __pfx_vpanic+0x10/0x10 [ 333.374510][ T36] ? rcu_is_watching+0x15/0xb0 [ 333.379290][ T36] panic+0xc5/0xd0 [ 333.383083][ T36] ? __pfx_panic+0x10/0x10 [ 333.387510][ T36] ? __pfx__printk+0x10/0x10 [ 333.392100][ T36] ? vprintk_emit+0x4eb/0x560 [ 333.396801][ T36] ? __pfx_vprintk_emit+0x10/0x10 [ 333.401832][ T36] ? __irq_work_queue_local+0x1f2/0x590 [ 333.407390][ T36] check_panic_on_warn+0x89/0xb0 [ 333.412331][ T36] __schedule_bug+0xf6/0x150 [ 333.416925][ T36] __schedule+0x16a9/0x5340 [ 333.421461][ T36] ? __wake_up_klogd+0xe6/0x120 [ 333.426419][ T36] ? vprintk_emit+0x4eb/0x560 [ 333.431119][ T36] ? rcu_is_watching+0x15/0xb0 [ 333.435902][ T36] ? __pfx_vprintk_emit+0x10/0x10 [ 333.440937][ T36] ? unwind_next_frame+0xa5/0x23c0 [ 333.446068][ T36] ? do_raw_spin_lock+0x12b/0x2f0 [ 333.451092][ T36] ? __pfx___schedule+0x10/0x10 [ 333.455953][ T36] ? rcu_is_watching+0x15/0xb0 [ 333.460724][ T36] ? rcu_is_watching+0x15/0xb0 [ 333.465502][ T36] ? lock_release+0x4b/0x3d0 [ 333.470141][ T36] ? schedule+0x90/0x360 [ 333.474416][ T36] ? wq_worker_sleeping+0x63/0x250 [ 333.479576][ T36] schedule+0x164/0x360 [ 333.483763][ T36] __lock_sock+0x161/0x2c0 [ 333.488198][ T36] ? __pfx___lock_sock+0x10/0x10 [ 333.493241][ T36] ? do_raw_spin_lock+0x12b/0x2f0 [ 333.498315][ T36] ? __pfx_autoremove_wake_function+0x10/0x10 [ 333.504406][ T36] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 333.509798][ T36] ? lock_acquire+0x57/0x2e0 [ 333.514412][ T36] ? dump_stack_lvl+0x135/0x150 [ 333.519293][ T36] ? lock_sock_nested+0x6a/0x100 [ 333.524307][ T36] lock_sock_nested+0x9f/0x100 [ 333.529188][ T36] inet6_getname+0x15d/0x650 [ 333.533794][ T36] ? do_raw_spin_lock+0x12b/0x2f0 [ 333.538828][ T36] rds_tcp_conn_slots_available+0x288/0x470 [ 333.544735][ T36] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10 [ 333.551200][ T36] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 333.557024][ T36] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10 [ 333.563481][ T36] rds_recv_hs_exthdrs+0x60f/0x7c0 [ 333.568599][ T36] ? rds_send_worker+0x7d/0x2e0 [ 333.573474][ T36] ? process_scheduled_works+0xb02/0x1830 [ 333.579201][ T36] ? worker_thread+0xa50/0xfc0 [ 333.583976][ T36] ? __pfx_rds_recv_hs_exthdrs+0x10/0x10 [ 333.589622][ T36] rds_recv_incoming+0x9f6/0x12d0 [ 333.594656][ T36] ? __pfx_rds_recv_incoming+0x10/0x10 [ 333.600126][ T36] ? skb_copy_bits+0x7e5/0x8f0 [ 333.604913][ T36] rds_tcp_data_recv+0x7f1/0xa40 [ 333.609867][ T36] __tcp_read_sock+0x196/0x970 [ 333.614637][ T36] ? __pfx_rds_tcp_data_recv+0x10/0x10 [ 333.620105][ T36] rds_tcp_data_ready+0x369/0x9a0 [ 333.625140][ T36] ? __pfx_sock_def_readable+0x10/0x10 [ 333.630605][ T36] ? __pfx_rds_tcp_data_ready+0x10/0x10 [ 333.636173][ T36] tcp_data_queue+0x1e2e/0x5e50 [ 333.641065][ T36] ? tcp_urg+0x106/0x410 [ 333.645307][ T36] ? __pfx_tcp_data_queue+0x10/0x10 [ 333.650509][ T36] ? __pfx_tcp_urg+0x10/0x10 [ 333.655110][ T36] ? ktime_get+0x45/0x200 [ 333.659455][ T36] ? seqcount_lockdep_reader_access+0x20/0x100 [ 333.665619][ T36] ? tcp_ecn_received_counters+0x2b7/0x7f0 [ 333.671466][ T36] tcp_rcv_established+0xf45/0x2740 [ 333.676683][ T36] ? __pfx_tcp_rcv_established+0x10/0x10 [ 333.682318][ T36] ? ip6_dst_check+0x50/0x7e0 [ 333.687001][ T36] ? ip6_dst_check+0xe2/0x7e0 [ 333.691699][ T36] ? ip6_dst_check+0x5e3/0x7e0 [ 333.696479][ T36] ? __pfx_ip6_dst_check+0x10/0x10 [ 333.701600][ T36] tcp_v6_do_rcv+0x8eb/0x1ba0 [ 333.706283][ T36] ? __pfx_tcp_v6_do_rcv+0x10/0x10 [ 333.711407][ T36] __release_sock+0x1b8/0x3a0 [ 333.716097][ T36] release_sock+0x5f/0x1f0 [ 333.720541][ T36] ? __pfx_rds_tcp_xmit_path_complete+0x10/0x10 [ 333.726790][ T36] rds_send_xmit+0x207e/0x28d0 [ 333.731573][ T36] ? __pfx_rds_send_xmit+0x10/0x10 [ 333.736692][ T36] rds_send_worker+0x7d/0x2e0 [ 333.741367][ T36] ? process_scheduled_works+0xa25/0x1830 [ 333.747103][ T36] process_scheduled_works+0xb02/0x1830 [ 333.752671][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 333.758657][ T36] ? assign_work+0x3d5/0x5e0 [ 333.763257][ T36] worker_thread+0xa50/0xfc0 [ 333.767865][ T36] kthread+0x388/0x470 [ 333.771934][ T36] ? __pfx_worker_thread+0x10/0x10 [ 333.777064][ T36] ? __pfx_kthread+0x10/0x10 [ 333.781666][ T36] ret_from_fork+0x51e/0xb90 [ 333.786265][ T36] ? __pfx_ret_from_fork+0x10/0x10 [ 333.791399][ T36] ? __switch_to+0xc7d/0x1450 [ 333.796082][ T36] ? __pfx_kthread+0x10/0x10 [ 333.800689][ T36] ret_from_fork_asm+0x1a/0x30 [ 333.805504][ T36] [ 333.809139][ T36] Kernel Offset: disabled [ 333.813470][ T36] Rebooting in 86400 seconds..