last executing test programs: 2.779463873s ago: executing program 4 (id=32058): r0 = eventfd2(0x0, 0x0) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_getevents(r1, 0x3, 0x3, &(0x7f0000001dc0)=[{}, {}, {}], 0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, 0x200, r0, 0x0, 0x0, 0x4, 0x0, 0x1, r0}]) 2.195656209s ago: executing program 2 (id=32075): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x44, &(0x7f0000000140)=0x2004, 0x4) 1.909187994s ago: executing program 2 (id=32081): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000003080)=[{{&(0x7f0000000200)={0xa, 0x0, 0x80, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}, 0x1c, &(0x7f0000000a00)=[{&(0x7f0000001700)="1c", 0x1}], 0x1}}, {{&(0x7f0000001480)={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x5}, 0x1c, &(0x7f00000017c0)=[{&(0x7f0000001780)='\t', 0x1}], 0x1}}], 0x2, 0x40088d5) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000001240)={0x0, 0x9}, &(0x7f0000001300)=0x8) 1.828888048s ago: executing program 2 (id=32083): r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.789836935s ago: executing program 4 (id=32085): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0x5, 0x4}, 0x8) sendto$inet6(r0, &(0x7f0000000580)="81", 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback, 0x81}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x17, 0x0, &(0x7f00000002c0)) 1.692852803s ago: executing program 2 (id=32086): unshare(0x62040200) syz_usb_connect(0x2, 0x56, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000084a48e08d112f74247aa000000010902"], 0x0) r0 = socket$inet(0xa, 0x801, 0x84) getsockopt$IPT_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f00000000c0)={'mangle\x00', 0x0, [0x1, 0x80, 0x207, 0x80004, 0xe]}, &(0x7f0000000040)=0x54) 1.593631021s ago: executing program 0 (id=32088): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000000104010200000180000000000000000008000540000000000500010001"], 0x24}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000280)={0x14, 0x1, 0x4, 0x5}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4000) 1.504549307s ago: executing program 0 (id=32089): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSBRK(r1, 0x5427) 1.429937064s ago: executing program 0 (id=32091): openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) exit(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') write$binfmt_script(r0, 0x0, 0x0) 1.121327008s ago: executing program 3 (id=32099): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x2d, 0x20040040) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e24}, 0x6e) 1.055737497s ago: executing program 3 (id=32100): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x385, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x50) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r1, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}}, 0x0) 1.002143005s ago: executing program 3 (id=32102): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0) fcntl$lock(r0, 0x26, &(0x7f0000000140)={0x0, 0x1, 0x4, 0x8000000000000}) fcntl$lock(r0, 0x7, &(0x7f0000000100)={0x0, 0x1, 0x80000000000036, 0xc1b0}) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x0, 0x2, 0x132ad5bf, 0x1}) 926.512173ms ago: executing program 3 (id=32104): r0 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0xe8ea, 0x400, 0x4, 0x1ab}, &(0x7f0000000280)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file0/file0\x00', 0x0, 0x0, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0) 786.295577ms ago: executing program 1 (id=32106): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@bridge_newneigh={0x30, 0x1c, 0x1, 0x70bd28, 0x25dfdbfe, {0x2, 0x0, 0x0, r2, 0x3f, 0x0, 0xb}, [@NDA_DST_IPV4={0x8, 0x1, @empty}, @NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}, 0x30}}, 0x4000004) 718.205881ms ago: executing program 1 (id=32107): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x4c, 0x10, 0x1, 0x470bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r2, 0x64e10, 0x36a01}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_PRIORITY={0x6, 0x2, 0xe}, @IFLA_BRPORT_STATE={0x5, 0x1, 0xfd}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x400c080}, 0x8002) 677.501844ms ago: executing program 4 (id=32108): r0 = landlock_create_ruleset(&(0x7f00000000c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x80111500, 0x3) 592.602376ms ago: executing program 1 (id=32109): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r1, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xce024d}, 0x9c) 546.81421ms ago: executing program 4 (id=32110): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)={0x1, 0x0, [{0x4b564d07}]}) 507.168355ms ago: executing program 0 (id=32111): unshare(0x2c060000) unshare(0x24020400) symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000080)={0x200000, 0x0, 0x10}, 0x18) 471.856448ms ago: executing program 1 (id=32121): rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r0 = gettid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x7, &(0x7f0000000080)={0x1, 0x0, 0x4}) 471.127977ms ago: executing program 3 (id=32112): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 332.243374ms ago: executing program 2 (id=32113): syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaa270005d70000f608060001"], 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) 332.095832ms ago: executing program 1 (id=32114): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) 295.146716ms ago: executing program 0 (id=32115): r0 = socket$netlink(0x10, 0x3, 0x400000000000004) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800}, 0x20) writev(r0, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) 217.221795ms ago: executing program 4 (id=32116): r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000140)={r2, 0x3, 0x0, 0x1, &(0x7f0000000100)=[{0x6, 0x7fff, 0x6, 0x9}]}) 107.511174ms ago: executing program 3 (id=32117): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x8, 0x20132, 0xffffffffffffffff, 0xb2993000) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$poke(0x4, r0, &(0x7f00000011c0), 0xfffffffffffffffe) 88.047948ms ago: executing program 0 (id=32118): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') fcntl$setstatus(r1, 0x4, 0x42c00) write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) 69.440173ms ago: executing program 2 (id=32119): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) set_mempolicy_home_node(&(0x7f0000a10000/0x3000)=nil, 0x3000, 0x3, 0x0) 46.096185ms ago: executing program 1 (id=32120): io_setup(0x9, &(0x7f0000000b80)=0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0xff, 0x0, 0x7fc00100}]}) io_getevents(0x0, 0xfffe, 0x0, 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 0s ago: executing program 4 (id=32122): symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') unshare(0x2c060000) unshare(0x22020600) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1ff) kernel console output (not intermixed with test programs): uid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13714 comm="syz.1.28741" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7fc00000 [ 1470.108876][ T7113] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 1470.290620][ T7113] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 1470.316168][ T7113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1470.339495][ T7113] usb 3-1: Product: syz [ 1470.346270][ T7113] usb 3-1: Manufacturer: syz [ 1470.362958][ T7113] usb 3-1: SerialNumber: syz [ 1470.376219][ T7113] usb 3-1: config 0 descriptor?? [ 1470.425841][T14060] program syz.1.28821 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1470.650600][T13404] usb 3-1: USB disconnect, device number 110 [ 1471.455648][T14121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.28836'. [ 1471.508887][T14121] netlink: 'syz.3.28836': attribute type 30 has an invalid length. [ 1471.539984][T14121] netlink: 4 bytes leftover after parsing attributes in process `syz.3.28836'. [ 1471.597733][T14131] netlink: 200 bytes leftover after parsing attributes in process `syz.1.28841'. [ 1472.018785][T13398] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 1472.182554][T13398] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1472.219082][T13398] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1472.235307][T13398] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1472.251011][T13398] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1472.260732][T13398] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1472.273357][T13398] usb 3-1: config 0 descriptor?? [ 1472.399740][T14178] 8021q: adding VLAN 0 to HW filter on device team0 [ 1472.439383][T14178] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1472.501961][T14186] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1472.561656][T14180] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1472.733099][T13398] hid_parser_main: 24 callbacks suppressed [ 1472.733121][T13398] plantronics 0003:047F:FFFF.0068: unknown main item tag 0x0 [ 1472.767394][T13398] plantronics 0003:047F:FFFF.0068: unknown main item tag 0x0 [ 1472.780689][T13398] plantronics 0003:047F:FFFF.0068: unknown main item tag 0x0 [ 1472.794560][T13398] plantronics 0003:047F:FFFF.0068: unknown main item tag 0x0 [ 1472.804254][T13398] plantronics 0003:047F:FFFF.0068: unknown main item tag 0x0 [ 1472.817052][T13398] plantronics 0003:047F:FFFF.0068: unknown main item tag 0x0 [ 1472.867258][T13398] plantronics 0003:047F:FFFF.0068: unknown main item tag 0x0 [ 1472.881699][T13398] plantronics 0003:047F:FFFF.0068: unknown main item tag 0x0 [ 1472.903836][T13398] plantronics 0003:047F:FFFF.0068: unknown main item tag 0x0 [ 1472.922335][T13398] plantronics 0003:047F:FFFF.0068: unknown main item tag 0x0 [ 1472.978978][T13398] plantronics 0003:047F:FFFF.0068: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1473.027446][T13398] usb 3-1: USB disconnect, device number 111 [ 1473.153532][T14222] fido_id[14222]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1473.385187][T14235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.28869'. [ 1473.414041][T14235] netlink: 104 bytes leftover after parsing attributes in process `syz.1.28869'. [ 1473.431106][T14235] netlink: 104 bytes leftover after parsing attributes in process `syz.1.28869'. [ 1473.739560][T14207] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1473.802381][T14207] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1474.317577][T14207] veth1_to_hsr: left allmulticast mode [ 1474.340143][ T147] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1474.368518][ T147] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 256 - 0 [ 1474.387060][ T147] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1474.402699][ T147] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 256 - 0 [ 1474.424747][ T147] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1474.438729][ T147] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 256 - 0 [ 1474.457823][ T147] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1474.467968][ T147] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 256 - 0 [ 1474.773723][T14279] batadv_slave_0: entered promiscuous mode [ 1474.788720][T14279] batadv_slave_0: entered allmulticast mode [ 1475.539659][T14398] netlink: 12 bytes leftover after parsing attributes in process `syz.1.28897'. [ 1479.882638][T14591] netlink: 76 bytes leftover after parsing attributes in process `syz.1.28954'. [ 1479.892047][T14591] netlink: 76 bytes leftover after parsing attributes in process `syz.1.28954'. [ 1481.058475][ T9626] usb 3-1: new high-speed USB device number 112 using dummy_hcd [ 1481.208438][ T9626] usb 3-1: Using ep0 maxpacket: 16 [ 1481.215788][ T9626] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1481.227343][ T9626] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1481.238811][ T9626] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1481.252030][ T9626] usb 3-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 1481.261271][ T9626] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1481.272642][ T9626] usb 3-1: config 0 descriptor?? [ 1481.736955][ T9626] lenovo 0003:17EF:6062.0069: hidraw0: USB HID v0.08 Device [HID 17ef:6062] on usb-dummy_hcd.2-1/input0 [ 1481.906338][ T9626] usb 3-1: USB disconnect, device number 112 [ 1484.142367][T14820] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29025'. [ 1484.182397][T14820] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29025'. [ 1484.573061][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.579651][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1486.679737][ T30] audit: type=1326 audit(1764883860.105:7965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.1.29056" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1486.721189][ T30] audit: type=1326 audit(1764883860.125:7966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.1.29056" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1486.770284][ T30] audit: type=1326 audit(1764883860.125:7967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.1.29056" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1486.793057][ T30] audit: type=1326 audit(1764883860.125:7968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.1.29056" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1486.815842][ T30] audit: type=1326 audit(1764883860.135:7969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.1.29056" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1486.890182][ T30] audit: type=1326 audit(1764883860.145:7970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.1.29056" exe="/root/syz-executor" sig=0 arch=40000003 syscall=254 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1486.923284][ T30] audit: type=1326 audit(1764883860.145:7971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.1.29056" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1486.946275][ T30] audit: type=1326 audit(1764883860.145:7972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.1.29056" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1486.969147][ T30] audit: type=1326 audit(1764883860.165:7973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.1.29056" exe="/root/syz-executor" sig=0 arch=40000003 syscall=255 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1487.044510][ T30] audit: type=1326 audit(1764883860.165:7974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.1.29056" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1487.128885][ T367] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 1487.278365][ T367] usb 2-1: Using ep0 maxpacket: 8 [ 1487.291979][ T367] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1487.312031][ T367] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1487.348436][ T367] usb 2-1: Product: syz [ 1487.352814][ T367] usb 2-1: Manufacturer: syz [ 1487.357816][ T367] usb 2-1: SerialNumber: syz [ 1487.398629][ T367] usb 2-1: config 0 descriptor?? [ 1487.625469][ T367] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1488.073743][T14953] netlink: 4 bytes leftover after parsing attributes in process `syz.0.29078'. [ 1488.245706][ T367] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1488.274268][ T367] usb 2-1: USB disconnect, device number 100 [ 1488.968818][T15012] netlink: 'syz.4.29090': attribute type 15 has an invalid length. [ 1489.046088][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1489.057282][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1489.067577][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1489.076335][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1489.084215][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1489.108153][ T9626] usb 3-1: new high-speed USB device number 113 using dummy_hcd [ 1489.208898][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1489.291766][ T9626] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1489.314517][ T9626] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1489.332943][ T9626] usb 3-1: config 0 descriptor?? [ 1489.371791][ T9626] cp210x 3-1:0.0: cp210x converter detected [ 1489.489456][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 1489.539001][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 1489.552604][T15021] chnl_net:caif_netlink_parms(): no params data found [ 1489.703857][T15164] netlink: 'syz.0.29098': attribute type 11 has an invalid length. [ 1489.772254][ T9626] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 1489.797227][ T9626] cp210x 3-1:0.0: GPIO initialisation failed: -524 [ 1489.823958][ T9626] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1489.982991][T15021] bridge0: port 1(bridge_slave_0) entered blocking state [ 1490.002564][ T2616] usb 3-1: USB disconnect, device number 113 [ 1490.013171][T15021] bridge0: port 1(bridge_slave_0) entered disabled state [ 1490.028785][ T2616] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1490.039540][T15021] bridge_slave_0: entered allmulticast mode [ 1490.052880][ T2616] cp210x 3-1:0.0: device disconnected [ 1490.060313][T15021] bridge_slave_0: entered promiscuous mode [ 1490.083095][T15021] bridge0: port 2(bridge_slave_1) entered blocking state [ 1490.104368][T15021] bridge0: port 2(bridge_slave_1) entered disabled state [ 1490.119895][T15021] bridge_slave_1: entered allmulticast mode [ 1490.130829][T15021] bridge_slave_1: entered promiscuous mode [ 1490.224526][T15021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1490.232516][T15252] netlink: 40 bytes leftover after parsing attributes in process `syz.0.29104'. [ 1490.253322][T15021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1490.362904][T15273] netlink: 148 bytes leftover after parsing attributes in process `syz.0.29106'. [ 1490.390279][T15021] team0: Port device team_slave_0 added [ 1490.419824][T15021] team0: Port device team_slave_1 added [ 1490.510323][T15021] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1490.528459][T15021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1490.575816][T15021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1490.589356][T15021] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1490.596644][T15021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1490.623893][T15021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1490.741789][T15021] hsr_slave_0: entered promiscuous mode [ 1490.754016][T15021] hsr_slave_1: entered promiscuous mode [ 1490.762674][T15021] debugfs: 'hsr0' already exists in 'hsr' [ 1490.769173][T15021] Cannot create hsr debugfs directory [ 1490.878824][ T367] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1491.044359][ T367] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 1491.071568][ T367] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1491.092616][ T367] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1491.116634][ T367] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1491.131612][ T5852] Bluetooth: hci1: command tx timeout [ 1491.150610][ T367] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1491.168459][ T367] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1491.190016][ T367] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1491.208083][ T367] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1491.218641][ T367] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1491.234133][ T367] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1491.242399][ T367] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1491.254440][ T367] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1491.275858][ T367] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1491.287275][ T367] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1491.296478][ T367] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1491.314155][ T367] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1491.322867][ T367] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1491.332295][T15427] tap0: tun_chr_ioctl cmd 1074025677 [ 1491.337817][T15427] tap0: linktype set to 773 [ 1491.343260][ T367] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1491.356945][ T367] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1491.376138][ T367] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1491.385471][ T367] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1491.399057][ T367] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1491.409936][ T367] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1491.419068][ T367] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1491.438001][ T367] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1491.447482][ T367] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1491.460847][ T367] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1491.469836][ T367] usb 2-1: Product: syz [ 1491.474462][ T367] usb 2-1: Manufacturer: syz [ 1491.483034][ T367] usb 2-1: SerialNumber: syz [ 1491.494349][ T367] usb 2-1: config 0 descriptor?? [ 1491.506041][ T367] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 1491.791865][T15021] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1491.807074][ T367] usb 2-1: USB disconnect, device number 101 [ 1491.819325][ T367] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 1491.827020][T15021] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1491.891711][T15021] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1491.915223][T15021] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1492.110844][T15021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1492.155803][T15021] 8021q: adding VLAN 0 to HW filter on device team0 [ 1492.186860][ T5088] bridge0: port 1(bridge_slave_0) entered blocking state [ 1492.194086][ T5088] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1492.236124][T17695] bridge0: port 2(bridge_slave_1) entered blocking state [ 1492.243346][T17695] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1492.403075][T15021] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1492.465537][T15021] veth0_vlan: entered promiscuous mode [ 1492.497962][T15021] veth1_vlan: entered promiscuous mode [ 1492.593088][T15021] veth0_macvtap: entered promiscuous mode [ 1492.614707][T15021] veth1_macvtap: entered promiscuous mode [ 1492.665167][T15021] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1492.718949][T15021] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1492.753964][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1492.790305][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1492.818041][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1492.852599][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1493.063855][T14355] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1493.078841][T14355] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1493.198957][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1493.209491][ T5852] Bluetooth: hci1: command tx timeout [ 1493.235742][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1493.565704][T15568] netlink: 'syz.3.29084': attribute type 15 has an invalid length. [ 1493.575435][T15568] netlink: 20 bytes leftover after parsing attributes in process `syz.3.29084'. [ 1493.590914][T15568] bond0: option resend_igmp: invalid value (196616) [ 1493.597686][T15568] bond0: option resend_igmp: allowed values 0 - 255 [ 1493.788406][ T7113] usb 3-1: new high-speed USB device number 114 using dummy_hcd [ 1493.958854][ T7113] usb 3-1: Using ep0 maxpacket: 16 [ 1493.970095][ T7113] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1493.998357][ T7113] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1494.027791][ T7113] usb 3-1: Product: syz [ 1494.043466][ T7113] usb 3-1: Manufacturer: syz [ 1494.060854][ T7113] usb 3-1: SerialNumber: syz [ 1494.089494][ T7113] usb 3-1: config 0 descriptor?? [ 1494.368130][ T2572] usb 3-1: USB disconnect, device number 114 [ 1494.416107][T15618] tun0: tun_chr_ioctl cmd 2148553947 [ 1495.288584][ T5852] Bluetooth: hci1: command tx timeout [ 1495.438416][ T7113] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 1495.598417][ T7113] usb 3-1: Using ep0 maxpacket: 16 [ 1495.613941][ T7113] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1495.641949][ T7113] usb 3-1: config 0 has no interface number 0 [ 1495.670067][ T7113] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1495.701795][ T7113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1495.718888][ T7113] usb 3-1: Product: syz [ 1495.723809][ T7113] usb 3-1: Manufacturer: syz [ 1495.730035][ T7113] usb 3-1: SerialNumber: syz [ 1495.750032][ T7113] usb 3-1: config 0 descriptor?? [ 1495.765194][ T7113] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 1495.898695][T15692] netlink: 'syz.0.29183': attribute type 5 has an invalid length. [ 1496.070848][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1496.070864][ T30] audit: type=1326 audit(1764883869.495:7976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.29175" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7fc00000 [ 1496.128452][ T30] audit: type=1326 audit(1764883869.495:7977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.29175" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f63539 code=0x7fc00000 [ 1496.168686][ T30] audit: type=1326 audit(1764883869.495:7978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.29175" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7fc00000 [ 1496.219984][ T30] audit: type=1326 audit(1764883869.495:7979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.29175" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7fc00000 [ 1496.268588][ T30] audit: type=1326 audit(1764883869.495:7980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.29175" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7fc00000 [ 1496.308461][ T30] audit: type=1326 audit(1764883869.495:7981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.29175" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7fc00000 [ 1496.338360][ T30] audit: type=1326 audit(1764883869.495:7982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.29175" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7fc00000 [ 1496.388474][ T30] audit: type=1326 audit(1764883869.495:7983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.29175" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7fc00000 [ 1496.426743][ T30] audit: type=1326 audit(1764883869.495:7984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.29175" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7fc00000 [ 1496.449242][ T30] audit: type=1326 audit(1764883869.495:7985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15668 comm="syz.4.29175" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7fc00000 [ 1496.578651][ T7113] gspca_spca1528: reg_w err -71 [ 1496.599145][ T7113] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71 [ 1496.632697][ T7113] usb 3-1: USB disconnect, device number 115 [ 1496.696362][T15718] netlink: 8 bytes leftover after parsing attributes in process `syz.4.29189'. [ 1497.259778][T15754] vivid-003: disconnect [ 1497.268032][T15753] vivid-003: reconnect [ 1497.371181][ T5852] Bluetooth: hci1: command tx timeout [ 1497.683636][T15771] netlink: 32 bytes leftover after parsing attributes in process `syz.3.29207'. [ 1497.718117][T15771] netlink: 16 bytes leftover after parsing attributes in process `syz.3.29207'. [ 1498.224666][T15801] netlink: 11 bytes leftover after parsing attributes in process `syz.4.29217'. [ 1498.380607][T15809] netlink: 'syz.3.29219': attribute type 4 has an invalid length. [ 1499.055675][T15830] netlink: 'syz.0.29227': attribute type 5 has an invalid length. [ 1499.857307][T15866] netlink: 104 bytes leftover after parsing attributes in process `syz.4.29241'. [ 1499.878491][T15866] netlink: 104 bytes leftover after parsing attributes in process `syz.4.29241'. [ 1501.695599][T15986] dvmrp1: tun_chr_ioctl cmd 1074025673 [ 1503.079295][ T9626] usb 3-1: new high-speed USB device number 116 using dummy_hcd [ 1503.248374][ T9626] usb 3-1: Using ep0 maxpacket: 8 [ 1503.259797][ T9626] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 1503.275027][T16087] netlink: 104 bytes leftover after parsing attributes in process `syz.1.29297'. [ 1503.278360][ T9626] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1503.287650][T16087] netlink: 104 bytes leftover after parsing attributes in process `syz.1.29297'. [ 1503.308396][ T9626] usb 3-1: config 0 has no interface number 0 [ 1503.320546][ T9626] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 1503.331759][ T9626] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1503.344537][ T9626] usb 3-1: Product: syz [ 1503.348911][ T9626] usb 3-1: Manufacturer: syz [ 1503.353553][ T9626] usb 3-1: SerialNumber: syz [ 1503.360918][ T9626] usb 3-1: config 0 descriptor?? [ 1503.373958][ T9626] uvcvideo 3-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 1503.406473][ T9626] uvcvideo 3-1:0.31: No valid video chain found. [ 1503.437695][T16093] netlink: 8 bytes leftover after parsing attributes in process `syz.1.29298'. [ 1503.561231][T16097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29300'. [ 1503.572926][T16097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29300'. [ 1503.639317][ T7113] usb 3-1: USB disconnect, device number 116 [ 1504.600265][T16147] netlink: 48 bytes leftover after parsing attributes in process `syz.3.29315'. [ 1505.262585][T16183] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29329'. [ 1505.335568][T16189] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29331'. [ 1505.381566][T16192] tap0: tun_chr_ioctl cmd 2147767506 [ 1505.464685][T16200] input: syz1 as /devices/virtual/input/input194 [ 1506.517777][T16247] binder: 16246:16247 ioctl c0306201 80000640 returned -22 [ 1508.647661][T16378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29386'. [ 1508.837030][T16391] erspan0: entered promiscuous mode [ 1509.187608][T16408] netlink: 'syz.2.29400': attribute type 11 has an invalid length. [ 1509.203970][T16408] netlink: 199828 bytes leftover after parsing attributes in process `syz.2.29400'. [ 1509.539491][T16425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.29406'. [ 1509.565719][T16425] bond0: option min_links: invalid value (18446744073707782144) [ 1509.598502][T16425] bond0: option min_links: allowed values 0 - 2147483647 [ 1510.908697][ T2578] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1511.078845][ T2578] usb 2-1: Using ep0 maxpacket: 16 [ 1511.085862][ T2578] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1511.139528][ T2578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1511.179994][ T2578] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1511.196853][ T2578] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1511.238230][ T2578] usb 2-1: Product: syz [ 1511.243340][ T2578] usb 2-1: Manufacturer: syz [ 1511.268631][ T2578] usb 2-1: SerialNumber: syz [ 1511.294268][ T2578] usb 2-1: config 0 descriptor?? [ 1511.313093][ T2578] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1511.334104][ T2578] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 1511.916457][ T2578] em28xx 2-1:0.0: chip ID is em2710 [ 1512.124662][ T2578] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 1512.139353][ T2578] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 1512.159447][ T2578] em28xx 2-1:0.0: No AC97 audio processor [ 1512.197068][ T2578] usb 2-1: USB disconnect, device number 102 [ 1512.212273][ T2578] em28xx 2-1:0.0: Disconnecting em28xx [ 1512.230901][ T2578] em28xx 2-1:0.0: Freeing device [ 1513.425467][T16643] netlink: 112 bytes leftover after parsing attributes in process `syz.2.29462'. [ 1513.452299][T16643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29462'. [ 1513.581749][T16654] netlink: 268 bytes leftover after parsing attributes in process `syz.4.29465'. [ 1513.624376][T16663] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29466'. [ 1513.649493][T16663] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29466'. [ 1514.501341][T16708] netlink: 'syz.1.29480': attribute type 3 has an invalid length. [ 1516.128570][ T9626] usb 3-1: new high-speed USB device number 117 using dummy_hcd [ 1516.290274][ T9626] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 1516.301071][ T9626] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1516.312773][ T9626] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1516.323667][ T9626] usb 3-1: config 220 has no interface number 2 [ 1516.332144][ T9626] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1516.359714][ T9626] usb 3-1: config 220 interface 0 has no altsetting 0 [ 1516.366535][ T9626] usb 3-1: config 220 interface 76 has no altsetting 0 [ 1516.385171][ T9626] usb 3-1: config 220 interface 1 has no altsetting 0 [ 1516.408132][ T9626] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1516.418211][ T9626] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1516.426978][ T9626] usb 3-1: Product: syz [ 1516.432227][ T9626] usb 3-1: Manufacturer: syz [ 1516.443420][ T9626] usb 3-1: SerialNumber: syz [ 1516.683234][ T9626] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 1516.691296][ T9626] uvcvideo 3-1:220.0: No valid video chain found. [ 1516.698007][ T9626] usb 3-1: selecting invalid altsetting 0 [ 1516.711960][ T9626] usb 3-1: selecting invalid altsetting 0 [ 1516.718666][ T9626] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 1516.734772][ T9626] usb 3-1: USB disconnect, device number 117 [ 1516.878423][ T7113] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1517.031660][ T7113] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1517.053596][ T7113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1517.082834][ T7113] usb 2-1: config 0 descriptor?? [ 1517.100704][ T7113] cp210x 2-1:0.0: cp210x converter detected [ 1517.504502][ T7113] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1517.529376][ T7113] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1517.668419][ T9626] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 1517.717026][T16896] bond0: option all_slaves_active: invalid value (8) [ 1517.722603][ T7113] usb 2-1: USB disconnect, device number 103 [ 1517.747783][ T7113] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1517.771244][ T7113] cp210x 2-1:0.0: device disconnected [ 1517.838572][ T9626] usb 3-1: Using ep0 maxpacket: 8 [ 1517.846626][ T9626] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1517.864369][ T9626] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1517.874176][ T9626] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1517.892534][ T9626] usb 3-1: config 0 descriptor?? [ 1518.125217][ T9626] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1518.353292][ T9626] usb 3-1: USB disconnect, device number 118 [ 1521.328025][T17094] lo: entered promiscuous mode [ 1521.333419][T17094] lo: entered allmulticast mode [ 1522.161409][T17129] binder: BINDER_SET_CONTEXT_MGR already set [ 1522.167557][T17129] binder: 17128:17129 ioctl 4018620d 800002c0 returned -16 [ 1522.190877][T17129] binder: BINDER_SET_CONTEXT_MGR already set [ 1522.198089][T17129] binder: 17128:17129 ioctl 4018620d 80000140 returned -16 [ 1522.552398][T17143] netlink: 'syz.0.29607': attribute type 2 has an invalid length. [ 1522.616330][T17145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29608'. [ 1522.630553][T17145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29608'. [ 1523.485741][T17190] ip6gre1: entered promiscuous mode [ 1523.498467][T17190] ip6gre1: entered allmulticast mode [ 1523.516143][ T3498] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1523.528905][ T3498] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1523.538708][ T2616] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1523.678537][ T2616] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1523.848573][ T2616] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1526.049852][T15538] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 1526.218752][T15538] usb 3-1: Using ep0 maxpacket: 16 [ 1526.229295][T15538] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1526.248523][T15538] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1526.271356][T15538] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1526.307255][T15538] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1526.347666][T15538] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1526.380603][T15538] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1526.408428][T15538] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1526.418743][T15538] usb 3-1: Manufacturer: syz [ 1526.432613][T15538] usb 3-1: config 0 descriptor?? [ 1526.801279][T15538] rc_core: IR keymap rc-hauppauge not found [ 1526.808185][T15538] Registered IR keymap rc-empty [ 1526.820442][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1526.858400][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1526.873097][T17340] C: renamed from team_slave_0 (while UP) [ 1526.881616][T15538] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 1526.903421][T17340] netlink: 'syz.0.29657': attribute type 4 has an invalid length. [ 1526.918588][T15538] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input197 [ 1526.932012][T17340] netlink: 120 bytes leftover after parsing attributes in process `syz.0.29657'. [ 1526.948364][ T2616] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1526.966501][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1526.974294][T17340] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1527.003394][T17350] tipc: Started in network mode [ 1527.009678][T17350] tipc: Node identity ac14140f, cluster identity 4711 [ 1527.016960][T17350] tipc: New replicast peer: 255.255.255.255 [ 1527.018844][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1527.024446][T17350] tipc: Enabled bearer , priority 20 [ 1527.055750][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1527.078407][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1527.084309][T17350] netlink: 'syz.3.29660': attribute type 4 has an invalid length. [ 1527.108539][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1527.118406][ T2616] usb 2-1: Using ep0 maxpacket: 16 [ 1527.127940][ T2616] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1527.146741][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1527.154992][ T2616] usb 2-1: config 0 has no interface number 0 [ 1527.168465][ T2616] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1527.178582][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1527.196463][ T2616] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1527.204922][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1527.212921][ T2616] usb 2-1: Product: syz [ 1527.217446][ T2616] usb 2-1: Manufacturer: syz [ 1527.223336][ T2616] usb 2-1: SerialNumber: syz [ 1527.238548][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1527.248812][ T2616] usb 2-1: config 0 descriptor?? [ 1527.274582][ T2616] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 1527.281815][T15538] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1527.315763][T15538] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 1527.335072][T15538] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1527.368938][T15538] usb 3-1: USB disconnect, device number 119 [ 1527.528464][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1527.579885][T17388] netlink: 12 bytes leftover after parsing attributes in process `syz.3.29669'. [ 1527.612135][T17388] netlink: 12 bytes leftover after parsing attributes in process `syz.3.29669'. [ 1527.686823][T17392] netlink: 'syz.0.29671': attribute type 7 has an invalid length. [ 1527.897346][ T2616] gspca_spca1528: reg_w err -71 [ 1527.930683][ T2616] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71 [ 1527.962619][ T2616] usb 2-1: USB disconnect, device number 104 [ 1528.138908][ T367] tipc: Node number set to 2886997007 [ 1528.210439][T17439] netlink: 40 bytes leftover after parsing attributes in process `syz.4.29682'. [ 1528.477569][T17479] tipc: New replicast peer: 255.255.255.255 [ 1528.494459][T17479] tipc: Enabled bearer , priority 20 [ 1529.059937][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 1529.059954][ T30] audit: type=1326 audit(1764883902.485:8002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17499 comm="syz.4.29696" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1529.098188][ T30] audit: type=1326 audit(1764883902.485:8003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17499 comm="syz.4.29696" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1529.178844][T15538] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1529.330844][T15538] usb 2-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 1529.340806][T15538] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1529.353041][T15538] usb 2-1: config 0 descriptor?? [ 1529.662965][T17541] input: syz0 as /devices/virtual/input/input198 [ 1529.775792][T15538] hid_parser_main: 28 callbacks suppressed [ 1529.775816][T15538] kye 0003:0458:0153.006A: unknown main item tag 0x0 [ 1529.795841][T15538] kye 0003:0458:0153.006A: unknown main item tag 0x0 [ 1529.803017][T15538] kye 0003:0458:0153.006A: unknown main item tag 0x0 [ 1529.811263][T15538] kye 0003:0458:0153.006A: unknown main item tag 0x0 [ 1529.818008][T15538] kye 0003:0458:0153.006A: unknown main item tag 0x0 [ 1529.826733][T15538] kye 0003:0458:0153.006A: unknown main item tag 0x0 [ 1529.834862][T15538] kye 0003:0458:0153.006A: unknown main item tag 0x0 [ 1529.852475][T15538] kye 0003:0458:0153.006A: hidraw0: USB HID v0.00 Device [HID 0458:0153] on usb-dummy_hcd.1-1/input0 [ 1529.982925][T15538] usb 2-1: USB disconnect, device number 105 [ 1530.929901][T17604] netlink: 'syz.0.29730': attribute type 46 has an invalid length. [ 1530.952695][T17604] netlink: 212868 bytes leftover after parsing attributes in process `syz.0.29730'. [ 1531.324277][T17634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29740'. [ 1531.337098][T17634] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29740'. [ 1531.354458][T17637] tipc: New replicast peer: 255.255.255.255 [ 1531.363936][T17637] tipc: Enabled bearer , priority 20 [ 1531.533331][T17646] netlink: 24 bytes leftover after parsing attributes in process `syz.2.29745'. [ 1531.559593][T17646] vlan2: entered promiscuous mode [ 1531.565264][T17646] mac80211_hwsim hwsim49 wlan0: entered promiscuous mode [ 1531.573501][T17646] vlan2: entered allmulticast mode [ 1531.579188][T17646] mac80211_hwsim hwsim49 wlan0: entered allmulticast mode [ 1532.347930][T17693] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29762'. [ 1532.400657][T17701] netlink: 8 bytes leftover after parsing attributes in process `syz.1.29763'. [ 1532.481488][T15538] tipc: Node number set to 132579328 [ 1532.945549][T17748] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29776'. [ 1532.978627][ T367] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 1533.097095][T17759] netlink: 92 bytes leftover after parsing attributes in process `syz.4.29780'. [ 1533.138396][ T367] usb 2-1: Using ep0 maxpacket: 16 [ 1533.158182][ T367] usb 2-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 1533.170857][ T367] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1533.187274][ T367] usb 2-1: Product: syz [ 1533.197318][ T367] usb 2-1: Manufacturer: syz [ 1533.202473][ T367] usb 2-1: SerialNumber: syz [ 1533.221989][ T367] usb 2-1: config 0 descriptor?? [ 1533.234581][ T367] as10x_usb: device has been detected [ 1533.241577][ T367] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 1533.259989][ T367] usb 2-1: DVB: registering adapter 2 frontend 0 (Sky IT Digital Key (green led))... [ 1533.273992][ T367] as10x_usb: error during firmware upload part1 [ 1533.282072][ T367] Registered device Sky IT Digital Key (green led) [ 1533.436477][T17731] random: crng reseeded on system resumption [ 1533.461899][T15538] usb 2-1: USB disconnect, device number 106 [ 1533.485646][T15538] Unregistered device Sky IT Digital Key (green led) [ 1533.487273][T15538] as10x_usb: device has been disconnected [ 1534.082636][ T30] audit: type=1326 audit(1764883907.505:8004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17794 comm="syz.2.29786" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x0 [ 1534.426569][T17819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29794'. [ 1534.439059][T17819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29794'. [ 1534.694991][T17838] erspan0: entered promiscuous mode [ 1535.684350][ T30] audit: type=1326 audit(1764883909.105:8005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17899 comm="syz.3.29827" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1535.749977][ T30] audit: type=1326 audit(1764883909.145:8006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17899 comm="syz.3.29827" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1535.778539][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1535.804644][ T30] audit: type=1326 audit(1764883909.155:8007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17899 comm="syz.3.29827" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1535.846924][ T30] audit: type=1326 audit(1764883909.155:8008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17899 comm="syz.3.29827" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1535.872301][ T30] audit: type=1326 audit(1764883909.155:8009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17899 comm="syz.3.29827" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1535.896405][ T30] audit: type=1326 audit(1764883909.175:8010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17899 comm="syz.3.29827" exe="/root/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1535.919022][ T30] audit: type=1326 audit(1764883909.175:8011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17899 comm="syz.3.29827" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1535.955202][ T30] audit: type=1326 audit(1764883909.175:8012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17899 comm="syz.3.29827" exe="/root/syz-executor" sig=0 arch=40000003 syscall=178 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1535.987391][ T30] audit: type=1326 audit(1764883909.175:8013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17899 comm="syz.3.29827" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1536.992301][T17977] netlink: 'syz.1.29860': attribute type 2 has an invalid length. [ 1537.009255][T17977] netlink: 'syz.1.29860': attribute type 2 has an invalid length. [ 1537.035026][T17977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.29860'. [ 1537.900046][T18010] pim6reg: left allmulticast mode [ 1538.169743][T18028] macsec1: entered allmulticast mode [ 1538.175161][T18028] hsr0: entered allmulticast mode [ 1538.228697][T18028] hsr_slave_0: entered allmulticast mode [ 1538.234382][T18028] hsr_slave_1: entered allmulticast mode [ 1538.267750][T18028] hsr0: left allmulticast mode [ 1538.281512][T18028] hsr_slave_0: left allmulticast mode [ 1538.287956][T18028] hsr_slave_1: left allmulticast mode [ 1539.189114][T18100] xt_CT: No such helper "snmp" [ 1539.238555][ T7113] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 1539.408630][ T7113] usb 3-1: Using ep0 maxpacket: 32 [ 1539.425821][ T7113] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1539.446706][ T7113] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1539.472387][ T7113] usb 3-1: config 0 descriptor?? [ 1539.697631][ T7113] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1539.717737][ T7113] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1539.749389][ T7113] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1539.756590][ T7113] usb 3-1: media controller created [ 1539.802011][ T7113] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1539.899980][ T7113] az6027: usb out operation failed. (-71) [ 1539.913748][ T7113] az6027: usb out operation failed. (-71) [ 1539.924378][ T7113] stb0899_attach: Driver disabled by Kconfig [ 1539.939231][ T7113] az6027: no front-end attached [ 1539.939231][ T7113] [ 1539.949182][ T7113] az6027: usb out operation failed. (-71) [ 1539.955193][ T7113] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1539.970367][ T7113] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input200 [ 1540.006665][ T7113] dvb-usb: schedule remote query interval to 400 msecs. [ 1540.024807][ T7113] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1540.050464][ T7113] usb 3-1: USB disconnect, device number 120 [ 1540.162772][ T7113] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1540.385933][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1540.385950][ T30] audit: type=1326 audit(1764883913.805:8016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18168 comm="syz.0.29919" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb2539 code=0x0 [ 1540.448705][ T367] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1540.531052][ T30] audit: type=1326 audit(1764883913.955:8017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18176 comm="syz.2.29922" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1540.555997][ T30] audit: type=1326 audit(1764883913.955:8018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18176 comm="syz.2.29922" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1540.579426][ T30] audit: type=1326 audit(1764883913.955:8019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18176 comm="syz.2.29922" exe="/root/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1540.603670][ T30] audit: type=1326 audit(1764883913.955:8020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18176 comm="syz.2.29922" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1540.628136][ T30] audit: type=1326 audit(1764883913.955:8021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18176 comm="syz.2.29922" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1540.653252][ T367] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1540.665715][ T367] usb 2-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 1540.676111][ T367] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1540.684759][ T30] audit: type=1326 audit(1764883913.985:8022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18176 comm="syz.2.29922" exe="/root/syz-executor" sig=0 arch=40000003 syscall=338 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1540.711619][ T30] audit: type=1326 audit(1764883913.985:8023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18176 comm="syz.2.29922" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1540.735812][ T367] usb 2-1: config 0 descriptor?? [ 1540.747112][ T30] audit: type=1326 audit(1764883913.985:8024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18176 comm="syz.2.29922" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1540.771124][ T30] audit: type=1326 audit(1764883914.005:8025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18176 comm="syz.2.29922" exe="/root/syz-executor" sig=0 arch=40000003 syscall=339 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1541.153994][ T367] steelseries 0003:1038:12B6.006B: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.1-1/input0 [ 1541.578915][ T367] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 1541.585950][ T2572] usb 2-1: USB disconnect, device number 107 [ 1541.751069][ T367] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1541.763243][ T367] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1541.775422][ T367] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1541.785408][ T367] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1541.807394][ T367] usb 3-1: SerialNumber: syz [ 1542.033011][ T367] usb 3-1: 0:2 : does not exist [ 1542.073040][ T367] usb 3-1: USB disconnect, device number 121 [ 1542.116637][ T5532] udevd[5532]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1542.513593][T18284] tipc: Enabling of bearer rejected, already enabled [ 1543.018566][ T366] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1543.197815][ T366] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 1543.226816][ T366] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1543.245372][ T366] usb 2-1: Product: syz [ 1543.258732][ T366] usb 2-1: Manufacturer: syz [ 1543.264385][ T366] usb 2-1: SerialNumber: syz [ 1543.281933][ T366] usb 2-1: config 0 descriptor?? [ 1543.291245][ T366] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 1543.451366][ T2572] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 1543.620309][ T2572] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 1543.648915][ T2572] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1543.662562][ T2572] usb 3-1: config 0 descriptor?? [ 1544.111297][ T2616] usb 2-1: USB disconnect, device number 108 [ 1544.296445][ T2572] ath6kl: mismatched byte count 0 vs. expected 12 [ 1544.311696][ T2572] ath6kl: Failed to init ath6kl core: -22 [ 1544.318007][ T2572] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 1544.344044][T18396] binder: BC_ACQUIRE_RESULT not supported [ 1544.349979][T18396] binder: 18395:18396 ioctl c0306201 800001c0 returned -22 [ 1544.526216][ T2572] usb 3-1: USB disconnect, device number 122 [ 1545.058389][ T367] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1545.138449][T18441] netlink: 67 bytes leftover after parsing attributes in process `syz.0.29993'. [ 1545.225314][ T367] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1545.246936][ T367] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1545.278693][ T367] usb 2-1: Product: syz [ 1545.283064][ T367] usb 2-1: Manufacturer: syz [ 1545.287677][ T367] usb 2-1: SerialNumber: syz [ 1545.324075][T18453] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29998'. [ 1545.363440][T18453] macsec1: entered allmulticast mode [ 1545.378622][T18453] bridge0: entered allmulticast mode [ 1545.389578][T18453] bridge0: port 3(macsec1) entered blocking state [ 1545.408738][T18453] bridge0: port 3(macsec1) entered disabled state [ 1545.435393][T18453] bridge0: left allmulticast mode [ 1545.736414][ T367] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1545.769142][ T367] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1545.991712][ T367] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000010. ret = -EPROTO [ 1546.011880][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.019755][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.048482][ T367] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1546.083938][ T367] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1546.116957][ T367] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 1546.153712][ T367] usb 2-1: USB disconnect, device number 109 [ 1546.942350][T18528] vlan4: entered promiscuous mode [ 1546.948215][T18528] bond0: entered promiscuous mode [ 1547.076147][T18536] sit0: entered promiscuous mode [ 1547.082239][T18536] netlink: 'syz.4.30023': attribute type 1 has an invalid length. [ 1547.104017][T18536] netlink: 1 bytes leftover after parsing attributes in process `syz.4.30023'. [ 1547.423891][T18549] netlink: 'syz.2.30028': attribute type 3 has an invalid length. [ 1547.456558][T18549] netlink: 8 bytes leftover after parsing attributes in process `syz.2.30028'. [ 1547.723859][T18562] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30034'. [ 1547.733694][T18560] netlink: 'syz.0.30033': attribute type 8 has an invalid length. [ 1547.763178][T18562] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30034'. [ 1547.828772][T18564] netlink: 92 bytes leftover after parsing attributes in process `syz.2.30035'. [ 1548.138373][ T367] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1548.309160][ T367] usb 2-1: Using ep0 maxpacket: 32 [ 1548.321794][ T367] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 1548.344697][ T367] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1548.360371][ T367] usb 2-1: Product: syz [ 1548.367367][ T367] usb 2-1: Manufacturer: syz [ 1548.385375][ T367] usb 2-1: SerialNumber: syz [ 1548.407483][ T367] usb 2-1: config 0 descriptor?? [ 1548.833877][ T367] airspy 2-1:0.0: Board ID: 00 [ 1548.839138][ T367] airspy 2-1:0.0: Firmware version: [ 1549.015518][T18624] netlink: 20 bytes leftover after parsing attributes in process `syz.0.30059'. [ 1549.025069][T18624] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1549.032368][T18624] IPv6: NLM_F_CREATE should be set when creating new route [ 1549.039790][T18624] IPv6: NLM_F_CREATE should be set when creating new route [ 1549.046173][ T367] airspy 2-1:0.0: usb_control_msg() failed -71 request 11 [ 1549.065108][ T367] airspy 2-1:0.0: Registered as swradio24 [ 1549.071781][ T367] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 1549.092361][ T367] usb 2-1: USB disconnect, device number 110 [ 1549.312303][T18646] dlm: non-version read from control device 34 [ 1549.776633][T18669] netlink: 'syz.4.30072': attribute type 8 has an invalid length. [ 1550.438564][ T367] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 1550.605821][ T367] usb 3-1: Using ep0 maxpacket: 8 [ 1550.615041][ T367] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1550.650327][ T367] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1550.667315][ T367] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1550.701350][ T367] usb 3-1: config 0 descriptor?? [ 1550.786013][T18721] erspan0: entered promiscuous mode [ 1550.935969][ T367] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1551.188154][ T367] usb 3-1: USB disconnect, device number 123 [ 1551.768466][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1553.364844][T18814] netlink: 36 bytes leftover after parsing attributes in process `syz.4.30108'. [ 1553.715619][T18834] netlink: 156 bytes leftover after parsing attributes in process `syz.1.30128'. [ 1554.060083][T18858] program syz.2.30136 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1554.947999][T18937] netlink: 4 bytes leftover after parsing attributes in process `syz.4.30156'. [ 1555.101899][T18949] program syz.1.30159 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1555.172387][T18952] program syz.1.30159 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1555.739300][T18975] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.30170'. [ 1557.482309][T19031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30193'. [ 1557.513243][T19031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30193'. [ 1557.616783][T19035] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in; [ 1557.616783][T19035] program syz.2.30195 not setting count and/or reply_len properly [ 1557.878426][ T367] usb 2-1: new full-speed USB device number 111 using dummy_hcd [ 1558.054232][ T367] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1558.064854][ T367] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1558.085707][ T367] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1558.095717][ T367] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1558.337162][ T367] usb 2-1: GET_CAPABILITIES returned 0 [ 1558.344669][ T367] usbtmc 2-1:16.0: can't read capabilities [ 1558.602477][ T367] usb 2-1: USB disconnect, device number 111 [ 1559.405301][T19163] ip6gretap5: entered promiscuous mode [ 1559.983968][T19195] netlink: 236 bytes leftover after parsing attributes in process `syz.3.30243'. [ 1560.106273][T19202] netlink: 28 bytes leftover after parsing attributes in process `syz.1.30244'. [ 1560.115759][T19202] netlink: 28 bytes leftover after parsing attributes in process `syz.1.30244'. [ 1560.172193][T19203] kvm: kvm [19201]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x882 [ 1560.448818][T19218] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30251'. [ 1560.700058][T19228] dummy0: entered promiscuous mode [ 1560.716958][T19228] debugfs: 'hsr0' already exists in 'hsr' [ 1560.724347][T19228] Cannot create hsr debugfs directory [ 1560.730974][T19228] hsr0: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 1560.744363][T19228] hsr0: Slave B (dummy0) is not up; please bring it up to get a fully working HSR network [ 1560.755400][T19228] hsr0: entered promiscuous mode [ 1560.760670][T19228] hsr0: entered allmulticast mode [ 1560.766028][T19228] dummy0: entered allmulticast mode [ 1561.601228][T19283] netlink: 27 bytes leftover after parsing attributes in process `syz.1.30273'. [ 1562.217037][T19314] sch_fq: defrate 0 ignored. [ 1563.079829][T19361] openvswitch: netlink: nsh attribute has 65492 unknown bytes. [ 1563.111451][T19361] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1564.369429][T19400] netlink: 40 bytes leftover after parsing attributes in process `syz.3.30321'. [ 1565.073253][T19431] netlink: 'syz.3.30334': attribute type 29 has an invalid length. [ 1566.284761][T19462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.30346'. [ 1566.338441][T19462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.30346'. [ 1566.397571][T19468] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 1566.786927][T19483] binder: 19480:19483 ioctl 4018620d 0 returned -22 [ 1568.921931][T19558] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 1568.932432][T19558] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 1568.942118][T19558] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1569.203025][T19572] cifs: Unknown parameter 'f,' [ 1569.360193][T19577] netlink: 'syz.4.30392': attribute type 11 has an invalid length. [ 1570.100553][T19609] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30404'. [ 1570.888922][T19660] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30424'. [ 1571.161612][T19675] netlink: 24 bytes leftover after parsing attributes in process `syz.3.30428'. [ 1571.268410][ T366] usb 3-1: new high-speed USB device number 124 using dummy_hcd [ 1571.418630][ T366] usb 3-1: Using ep0 maxpacket: 32 [ 1571.426273][ T366] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 1571.444400][ T366] usb 3-1: config 0 has no interface number 0 [ 1571.451199][ T366] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1571.463503][ T366] usb 3-1: config 0 interface 85 has no altsetting 0 [ 1571.476171][ T366] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1571.495864][ T366] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1571.508620][ T366] usb 3-1: Product: syz [ 1571.512825][ T366] usb 3-1: Manufacturer: syz [ 1571.527933][ T366] usb 3-1: SerialNumber: syz [ 1571.550945][ T366] usb 3-1: config 0 descriptor?? [ 1572.175259][ T366] appletouch 3-1:0.85: Geyser mode initialized. [ 1572.188669][ T366] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input202 [ 1572.429742][ T366] usb 3-1: USB disconnect, device number 124 [ 1572.435906][ C0] appletouch 3-1:0.85: atp_complete: usb_submit_urb failed with result -19 [ 1572.488633][ T366] appletouch 3-1:0.85: input: appletouch disconnected [ 1572.734576][T19774] netlink: 12 bytes leftover after parsing attributes in process `syz.1.30453'. [ 1572.744089][T19774] netlink: 8 bytes leftover after parsing attributes in process `syz.1.30453'. [ 1573.562933][T19829] vivid-006: disconnect [ 1573.571981][T19827] vivid-006: reconnect [ 1573.688584][ T5850] Bluetooth: hci4: command 0x0406 tx timeout [ 1574.218622][ T366] usb 3-1: new high-speed USB device number 125 using dummy_hcd [ 1574.380674][ T366] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1574.402276][ T366] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1574.424902][ T366] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1574.459128][ T366] usb 3-1: New USB device found, idVendor=050d, idProduct=3201, bcdDevice= 0.00 [ 1574.469952][ T366] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1574.490064][ T366] usb 3-1: config 0 descriptor?? [ 1574.920698][ T366] belkin 0003:050D:3201.006C: global environment stack underflow [ 1574.929689][ T366] belkin 0003:050D:3201.006C: item 0 4 1 11 parsing failed [ 1574.937655][ T366] belkin 0003:050D:3201.006C: parse failed [ 1574.944465][ T366] belkin 0003:050D:3201.006C: probe with driver belkin failed with error -22 [ 1575.117997][ T2616] usb 3-1: USB disconnect, device number 125 [ 1575.151304][T19920] netlink: 'syz.3.30506': attribute type 6 has an invalid length. [ 1575.161448][T19920] netlink: 'syz.3.30506': attribute type 6 has an invalid length. [ 1575.204474][T19923] random: crng reseeded on system resumption [ 1575.670814][T19929] netlink: 8 bytes leftover after parsing attributes in process `syz.3.30510'. [ 1575.938394][ T367] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 1576.127656][ T367] usb 3-1: Using ep0 maxpacket: 16 [ 1576.141498][ T367] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1576.163461][ T367] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1576.184177][ T367] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1576.205459][ T367] usb 3-1: config 0 descriptor?? [ 1576.642590][ T367] mcp2221 0003:04D8:00DD.006D: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 1577.040880][ T2572] usb 3-1: USB disconnect, device number 126 [ 1577.285602][T20013] netlink: 44 bytes leftover after parsing attributes in process `syz.0.30535'. [ 1577.354544][T20013] netlink: 43 bytes leftover after parsing attributes in process `syz.0.30535'. [ 1577.386518][T20013] netlink: 'syz.0.30535': attribute type 5 has an invalid length. [ 1577.415535][T20013] netlink: 43 bytes leftover after parsing attributes in process `syz.0.30535'. [ 1578.390611][T20071] netlink: 8 bytes leftover after parsing attributes in process `syz.1.30550'. [ 1578.406118][T20071] netlink: 12 bytes leftover after parsing attributes in process `syz.1.30550'. [ 1578.439418][T20077] netlink: 12 bytes leftover after parsing attributes in process `syz.0.30551'. [ 1581.242807][T20233] netlink: 'syz.3.30593': attribute type 1 has an invalid length. [ 1581.591144][T20252] vimc link validate: Scaler:src:16x16 (0x33424752, 0, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x32314142, 8, 0, 0, 0) [ 1582.283307][T20279] sock: sock_set_timeout: `syz.3.30611' (pid 20279) tries to set negative timeout [ 1582.488543][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1583.544938][T20317] netlink: 'syz.0.30627': attribute type 11 has an invalid length. [ 1583.548342][T20321] netlink: 8 bytes leftover after parsing attributes in process `syz.3.30626'. [ 1583.562635][T20321] netlink: 3 bytes leftover after parsing attributes in process `syz.3.30626'. [ 1583.596333][T20321] batadv1: entered promiscuous mode [ 1583.602275][T20321] batadv1: entered allmulticast mode [ 1584.725611][T20387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.30644'. [ 1584.738672][ T2578] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1584.766846][T20387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.30644'. [ 1584.920197][ T2578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1584.944242][ T2578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1584.976628][ T2578] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1584.986190][ T2578] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1585.001163][ T2578] usb 2-1: config 0 descriptor?? [ 1585.370905][T15538] usb 3-1: new full-speed USB device number 127 using dummy_hcd [ 1585.430225][ T2578] cm6533_jd 0003:0D8C:0022.006E: unknown global tag 0xe [ 1585.440734][ T2578] cm6533_jd 0003:0D8C:0022.006E: item 0 2 1 14 parsing failed [ 1585.450345][ T2578] cm6533_jd 0003:0D8C:0022.006E: parse failed [ 1585.456623][ T2578] cm6533_jd 0003:0D8C:0022.006E: probe with driver cm6533_jd failed with error -22 [ 1585.530741][T15538] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1585.540978][T15538] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1585.555666][T15538] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1585.565506][T15538] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1585.664798][ T367] usb 2-1: USB disconnect, device number 112 [ 1585.795209][T15538] usb 3-1: GET_CAPABILITIES returned 0 [ 1585.808412][T15538] usbtmc 3-1:16.0: can't read capabilities [ 1586.022324][T15538] usb 3-1: USB disconnect, device number 127 [ 1587.328807][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1587.413530][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1587.413546][ T30] audit: type=1400 audit(1764883960.835:8028): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A2020202030202020203920202020302020202030202020202030202020202020203020202020202020202020300A65727370616E303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020203820202020302020202030202020202030202020202020203020202020202020202020300A69705F767469303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020203020202020302020202030202020202030202020202020203020202020202020202020300A6970365F767469303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020203220203333372020202030202020202030202020202020203220202020202020202020300A2020736974303A20202020 [ 1587.912475][T20528] netlink: 16 bytes leftover after parsing attributes in process `syz.0.30690'. [ 1588.552493][T20550] ptrace attach of "./syz-executor exec"[20551] was attempted by "./syz-executor exec"[20550] [ 1589.623814][T20600] netlink: 4 bytes leftover after parsing attributes in process `syz.2.30716'. [ 1592.118216][T20706] syz.4.30758 (20706): drop_caches: 2 [ 1593.299024][ T30] audit: type=1326 audit(1764883966.725:8029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20743 comm="syz.3.30773" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x0 [ 1594.024367][T20781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.30787'. [ 1594.515169][T20807] bond3: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 1594.531990][T20807] bond3 (unregistering): Released all slaves [ 1594.977553][T20887] netlink: 4 bytes leftover after parsing attributes in process `syz.4.30803'. [ 1595.075338][T20893] vivid-006: disconnect [ 1595.080633][T20892] vivid-006: reconnect [ 1595.557776][T20916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30814'. [ 1595.580994][T20916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30814'. [ 1595.653299][T20913] sctp: [Deprecated]: syz.0.30811 (pid 20913) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1595.653299][T20913] Use struct sctp_sack_info instead [ 1595.754003][ T30] audit: type=1326 audit(1764883969.175:8030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20924 comm="syz.3.30820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1595.827874][ T30] audit: type=1326 audit(1764883969.205:8031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20924 comm="syz.3.30820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1595.878616][ T30] audit: type=1326 audit(1764883969.215:8032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20924 comm="syz.3.30820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1595.928013][ T30] audit: type=1326 audit(1764883969.225:8033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20924 comm="syz.3.30820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1595.951967][ T30] audit: type=1326 audit(1764883969.225:8034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20924 comm="syz.3.30820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1595.975398][ T30] audit: type=1326 audit(1764883969.225:8035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20924 comm="syz.3.30820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1596.011091][ T30] audit: type=1326 audit(1764883969.225:8036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20924 comm="syz.3.30820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1596.063319][ T30] audit: type=1326 audit(1764883969.225:8037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20924 comm="syz.3.30820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1596.114808][ T30] audit: type=1326 audit(1764883969.225:8038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20924 comm="syz.3.30820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf707d539 code=0x7ffc0000 [ 1596.769966][T20964] cifs: Unknown parameter 'fd' [ 1598.426759][T21018] kvm: kvm [21017]: vcpu128, guest rIP: 0xfff0 Unhandled RDMSR(0x40000076) [ 1598.709551][T21030] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.30863'. [ 1599.161629][T21046] netlink: 4 bytes leftover after parsing attributes in process `syz.4.30870'. [ 1600.838442][ T367] usb 2-1: new full-speed USB device number 113 using dummy_hcd [ 1600.990583][ T367] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1601.006972][ T367] usb 2-1: not running at top speed; connect to a high speed hub [ 1601.017837][ T367] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1601.029115][ T367] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1601.050256][ T367] usb 2-1: string descriptor 0 read error: -22 [ 1601.059351][ T367] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1601.068914][ T367] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1601.099717][ T367] usb 2-1: 0:2 : does not exist [ 1601.921163][ T367] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1601.955477][ T367] usb 2-1: 5:0: failed to get current value for ch 1 (-22) [ 1602.036186][ T367] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1602.092881][ T367] usb 2-1: USB disconnect, device number 113 [ 1603.048015][T21272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30928'. [ 1603.766182][T21308] usb usb8: usbfs: process 21308 (syz.4.30941) did not claim interface 0 before use [ 1604.251943][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 1604.251959][ T30] audit: type=1326 audit(1764883977.675:8049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21335 comm="syz.2.30954" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1604.282241][ T30] audit: type=1326 audit(1764883977.675:8050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21335 comm="syz.2.30954" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1604.309013][ T30] audit: type=1326 audit(1764883977.675:8051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21335 comm="syz.2.30954" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1604.345778][T21339] netlink: 8 bytes leftover after parsing attributes in process `syz.2.30955'. [ 1604.348994][ T30] audit: type=1326 audit(1764883977.675:8052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21335 comm="syz.2.30954" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1604.356572][T21339] netlink: 12 bytes leftover after parsing attributes in process `syz.2.30955'. [ 1604.387329][ T30] audit: type=1326 audit(1764883977.675:8053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21335 comm="syz.2.30954" exe="/root/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1604.411273][ T30] audit: type=1326 audit(1764883977.675:8054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21335 comm="syz.2.30954" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1604.438120][ T30] audit: type=1326 audit(1764883977.675:8055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21335 comm="syz.2.30954" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1604.485993][ T30] audit: type=1326 audit(1764883977.675:8056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21335 comm="syz.2.30954" exe="/root/syz-executor" sig=0 arch=40000003 syscall=301 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1604.510263][ T30] audit: type=1326 audit(1764883977.685:8057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21335 comm="syz.2.30954" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1604.581548][T21346] netlink: 'syz.2.30957': attribute type 6 has an invalid length. [ 1604.597993][T21346] netlink: 12 bytes leftover after parsing attributes in process `syz.2.30957'. [ 1604.662324][T21360] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1604.669689][T21360] IPv6: NLM_F_CREATE should be set when creating new route [ 1604.676973][T21360] IPv6: NLM_F_CREATE should be set when creating new route [ 1604.684281][T21360] IPv6: NLM_F_CREATE should be set when creating new route [ 1604.695378][T21346] bond3 (unregistering): Released all slaves [ 1604.764269][T21416] netlink: 28 bytes leftover after parsing attributes in process `syz.1.30960'. [ 1604.774041][T21416] netem: change failed [ 1605.723519][ T30] audit: type=1326 audit(1764883979.145:8058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21479 comm="syz.1.30975" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000 [ 1605.790080][T21483] netlink: 'syz.2.30976': attribute type 2 has an invalid length. [ 1606.292041][T21527] netlink: 4 bytes leftover after parsing attributes in process `syz.4.30992'. [ 1606.303342][T21527] netlink: 72 bytes leftover after parsing attributes in process `syz.4.30992'. [ 1606.398650][ T7113] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 1606.558377][ T7113] usb 2-1: Using ep0 maxpacket: 32 [ 1606.567943][ T7113] usb 2-1: New USB device found, idVendor=072f, idProduct=2200, bcdDevice=3f.bf [ 1606.578919][ T7113] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1606.586959][ T7113] usb 2-1: Product: syz [ 1606.591719][ T7113] usb 2-1: Manufacturer: syz [ 1606.596332][ T7113] usb 2-1: SerialNumber: syz [ 1606.622633][ T7113] usb 2-1: config 0 descriptor?? [ 1606.645539][ T7113] pn533_usb 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 1606.759664][T15538] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 1606.874893][ T2578] usb 2-1: USB disconnect, device number 114 [ 1606.949648][T15538] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1606.970582][T15538] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1606.987295][T15538] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1607.028702][T15538] usb 3-1: config 0 descriptor?? [ 1607.040234][T15538] pwc: Askey VC010 type 2 USB webcam detected. [ 1607.444413][T15538] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1607.458153][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.458213][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.680928][T15538] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1607.696293][T15538] pwc: recv_control_msg error -71 req 04 val 1000 [ 1607.703833][T15538] pwc: recv_control_msg error -71 req 04 val 1300 [ 1607.711197][T15538] pwc: recv_control_msg error -71 req 04 val 1400 [ 1607.718512][T15538] pwc: recv_control_msg error -71 req 02 val 2000 [ 1607.725740][T15538] pwc: recv_control_msg error -71 req 02 val 2100 [ 1607.733880][T15538] pwc: recv_control_msg error -71 req 04 val 1500 [ 1607.741848][T15538] pwc: recv_control_msg error -71 req 02 val 2500 [ 1607.750396][T15538] pwc: recv_control_msg error -71 req 02 val 2400 [ 1607.757517][T15538] pwc: recv_control_msg error -71 req 02 val 2600 [ 1607.764860][T15538] pwc: recv_control_msg error -71 req 02 val 2900 [ 1607.774808][T15538] pwc: recv_control_msg error -71 req 02 val 2800 [ 1607.782525][T15538] pwc: recv_control_msg error -71 req 04 val 1100 [ 1607.790445][T15538] pwc: recv_control_msg error -71 req 04 val 1200 [ 1607.799822][T15538] pwc: Registered as video103. [ 1607.808734][T15538] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input205 [ 1607.841869][T15538] usb 3-1: USB disconnect, device number 2 [ 1608.069147][T21609] netlink: 'syz.4.31011': attribute type 10 has an invalid length. [ 1608.097093][T21609] syz_tun: entered allmulticast mode [ 1608.117185][T21609] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1609.931365][T21690] loop7: detected capacity change from 0 to 7 [ 1609.939361][T21690] buffer_io_error: 11 callbacks suppressed [ 1609.939377][T21690] Buffer I/O error on dev loop7, logical block 0, async page read [ 1609.954089][T21690] Buffer I/O error on dev loop7, logical block 0, async page read [ 1609.978659][T21690] Buffer I/O error on dev loop7, logical block 0, async page read [ 1609.988117][T21690] Buffer I/O error on dev loop7, logical block 0, async page read [ 1609.997816][T21690] Buffer I/O error on dev loop7, logical block 0, async page read [ 1610.038530][T21694] loop7: detected capacity change from 7 to 0 [ 1610.047894][T21690] Buffer I/O error on dev loop7, logical block 0, async page read [ 1610.058875][T21690] ldm_validate_partition_table(): Disk read failed. [ 1610.084555][T21690] Dev loop7: unable to read RDB block 0 [ 1610.102251][T21690] loop7: unable to read partition table [ 1610.124481][T21690] loop7: partition table beyond EOD, truncated [ 1610.167698][T21690] loop_reread_partitions: partition scan of loop7 (SJ_+]֋ S'(J^Z (633)eeDϫ?Ƣ4+) failed (rc=-5) [ 1610.501410][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 1610.588621][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1610.597010][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1610.618843][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 1610.658704][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1610.958579][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1611.296026][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 1611.296043][ T30] audit: type=1326 audit(1764883984.715:8068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21766 comm="syz.4.31054" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1611.338175][ T30] audit: type=1326 audit(1764883984.715:8069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21766 comm="syz.4.31054" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1611.386163][ T30] audit: type=1326 audit(1764883984.765:8070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21766 comm="syz.4.31054" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1611.409641][ T30] audit: type=1326 audit(1764883984.765:8071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21766 comm="syz.4.31054" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1611.488549][ T30] audit: type=1326 audit(1764883984.765:8072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21766 comm="syz.4.31054" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1611.546965][ T30] audit: type=1326 audit(1764883984.805:8073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21766 comm="syz.4.31054" exe="/root/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1611.612667][ T30] audit: type=1326 audit(1764883984.855:8074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21766 comm="syz.4.31054" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1611.672590][ T30] audit: type=1326 audit(1764883984.865:8075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21766 comm="syz.4.31054" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1611.788427][ T30] audit: type=1326 audit(1764883985.005:8076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21766 comm="syz.4.31054" exe="/root/syz-executor" sig=0 arch=40000003 syscall=301 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1611.844344][ T30] audit: type=1326 audit(1764883985.005:8077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21766 comm="syz.4.31054" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1612.377008][T21792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.31064'. [ 1614.302476][T21881] kvm: kvm [21880]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x81 [ 1614.653873][ T5852] Bluetooth: hci1: command 0x0406 tx timeout [ 1614.979109][ T367] usb 2-1: new full-speed USB device number 115 using dummy_hcd [ 1615.047280][T21946] netlink: 12 bytes leftover after parsing attributes in process `syz.3.31111'. [ 1615.130684][ T367] usb 2-1: config 0 has no interfaces? [ 1615.140818][ T367] usb 2-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 1615.176446][ T367] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1615.230017][ T367] usb 2-1: config 0 descriptor?? [ 1615.471860][ T367] usb 2-1: USB disconnect, device number 115 [ 1618.898383][ T2578] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 1619.069538][ T2578] usb 2-1: Using ep0 maxpacket: 16 [ 1619.079465][ T2578] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1619.100130][ T2578] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1619.114558][ T2578] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1619.125534][ T2578] usb 2-1: Product: syz [ 1619.143636][ T2578] usb 2-1: Manufacturer: syz [ 1619.153443][ T2578] usb 2-1: SerialNumber: syz [ 1619.164307][ T2578] usb 2-1: config 0 descriptor?? [ 1619.182225][ T2578] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1619.201783][ T2578] usb 2-1: Detected FT232R [ 1619.405861][ T2578] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1619.625683][ T2578] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1619.784191][T22164] netlink: 8 bytes leftover after parsing attributes in process `syz.4.31190'. [ 1619.799122][T22164] netlink: 12 bytes leftover after parsing attributes in process `syz.4.31190'. [ 1619.811752][T22164] netlink: 8 bytes leftover after parsing attributes in process `syz.4.31190'. [ 1619.840217][T22164] netlink: 12 bytes leftover after parsing attributes in process `syz.4.31190'. [ 1619.841997][ T366] usb 2-1: USB disconnect, device number 116 [ 1619.900419][ T366] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1619.915610][ T366] ftdi_sio 2-1:0.0: device disconnected [ 1623.793667][T22363] netlink: 28 bytes leftover after parsing attributes in process `syz.3.31251'. [ 1623.815163][T22363] netlink: 28 bytes leftover after parsing attributes in process `syz.3.31251'. [ 1624.128711][ T2578] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 1624.290491][ T2578] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1624.325267][ T2578] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1624.349971][ T2578] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 1624.371651][ T2578] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1624.401264][ T2578] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1624.430293][T22367] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1624.738831][T15538] usb 2-1: new high-speed USB device number 117 using dummy_hcd [ 1624.910024][T15538] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1624.928550][T15538] usb 2-1: config 0 has no interface number 0 [ 1624.937840][T15538] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1624.957372][T15538] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1624.974484][T15538] usb 2-1: Product: syz [ 1624.979659][T15538] usb 2-1: Manufacturer: syz [ 1624.984279][T15538] usb 2-1: SerialNumber: syz [ 1624.994571][T15538] usb 2-1: config 0 descriptor?? [ 1625.222570][T15538] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 1625.237072][T15538] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1625.249161][T15538] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 1625.266594][T15538] usb 2-1: media controller created [ 1625.297434][T15538] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1625.427692][T15538] i2c i2c-2: ec100: i2c rd failed=-71 reg=33 [ 1625.474734][ T2578] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 1625.494954][ T2578] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input206 [ 1625.519033][T15538] usb 2-1: USB disconnect, device number 117 [ 1625.639646][ T2578] usb 3-1: USB disconnect, device number 3 [ 1625.645588][ C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 1625.661205][T12686] udevd[12686]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 1626.873541][T22529] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1626.885206][T22529] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1627.002744][T22534] sch_fq: defrate 0 ignored. [ 1627.715035][T22569] netlink: 88 bytes leftover after parsing attributes in process `syz.0.31311'. [ 1628.416613][T22613] netlink: 52 bytes leftover after parsing attributes in process `syz.0.31329'. [ 1628.429300][T22613] bridge0: port 2(bridge_slave_1) entered disabled state [ 1628.439145][T22613] bridge0: port 1(bridge_slave_0) entered disabled state [ 1628.508055][T22620] netlink: 'syz.4.31332': attribute type 5 has an invalid length. [ 1628.711299][T22631] netlink: 28 bytes leftover after parsing attributes in process `syz.2.31335'. [ 1629.218770][ T367] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 1629.455432][ T367] usb 2-1: Using ep0 maxpacket: 32 [ 1629.462635][ T367] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1629.471693][ T367] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1629.488564][ T367] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1629.496604][ T367] usb 2-1: Product: syz [ 1629.510316][ T367] usb 2-1: Manufacturer: syz [ 1629.515073][ T367] usb 2-1: SerialNumber: syz [ 1629.548913][ T367] usb 2-1: config 0 descriptor?? [ 1629.952294][T22680] netlink: 4 bytes leftover after parsing attributes in process `syz.3.31352'. [ 1629.964329][T22680] netlink: 277 bytes leftover after parsing attributes in process `syz.3.31352'. [ 1629.975385][T22680] netlink: 277 bytes leftover after parsing attributes in process `syz.3.31352'. [ 1629.998457][ T367] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 1630.190780][ T367] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 1630.229665][ T367] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22 [ 1630.393161][ T2572] usb 2-1: USB disconnect, device number 118 [ 1630.844413][T22712] vivid-008: disconnect [ 1631.574046][T22711] vivid-008: reconnect [ 1631.578438][ T2578] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 1631.629991][T22732] : renamed from vlan0 [ 1631.753263][T22736] netlink: 'syz.4.31372': attribute type 10 has an invalid length. [ 1631.761292][ T2578] usb 3-1: Using ep0 maxpacket: 32 [ 1631.772621][ T2578] usb 3-1: config 0 interface 0 altsetting 128 has an invalid descriptor for endpoint zero, skipping [ 1631.795578][ T2578] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1631.812769][ T2578] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00 [ 1631.830485][ T2578] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1631.851921][ T2578] usb 3-1: config 0 descriptor?? [ 1632.309697][ T2578] corsair-psu 0003:1B1C:1C09.006F: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.2-1/input0 [ 1632.409356][ T2578] corsair-psu 0003:1B1C:1C09.006F: unable to initialize device (-38) [ 1632.440046][ T2578] corsair-psu 0003:1B1C:1C09.006F: probe with driver corsair-psu failed with error -38 [ 1632.518974][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1632.518992][ T30] audit: type=1326 audit(1764884005.945:8079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22776 comm="syz.1.31385" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f81539 code=0x0 [ 1632.685267][ T2578] usb 3-1: USB disconnect, device number 4 [ 1633.331146][ T2572] hid-generic 0000:0004:0000.0070: unknown main item tag 0x0 [ 1633.342533][T22625] Set syz1 is full, maxelem 65536 reached [ 1633.359171][ T2572] hid-generic 0000:0004:0000.0070: unknown main item tag 0x0 [ 1633.379144][ T2572] hid-generic 0000:0004:0000.0070: unknown main item tag 0x0 [ 1633.392670][ T2572] hid-generic 0000:0004:0000.0070: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1633.857042][T22839] netlink: 4 bytes leftover after parsing attributes in process `syz.2.31404'. [ 1633.899189][T22839] netlink: 277 bytes leftover after parsing attributes in process `syz.2.31404'. [ 1633.931717][T22839] netlink: 277 bytes leftover after parsing attributes in process `syz.2.31404'. [ 1634.179381][ T7113] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 1634.338477][ T7113] usb 2-1: Using ep0 maxpacket: 16 [ 1634.351390][ T7113] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1634.369058][ T7113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1634.384572][ T7113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1634.408735][ T7113] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1634.418602][ T7113] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1634.432838][ T7113] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1634.448375][ T7113] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1634.456480][ T7113] usb 2-1: Manufacturer: syz [ 1634.469325][ T7113] usb 2-1: config 0 descriptor?? [ 1634.749190][ T7113] rc_core: IR keymap rc-hauppauge not found [ 1634.755167][ T7113] Registered IR keymap rc-empty [ 1634.762171][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1634.789984][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1634.819630][ T7113] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 1634.840288][ T7113] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input208 [ 1634.862525][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1634.889237][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1634.908708][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1634.928702][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1634.949144][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1634.971214][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1635.000732][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1635.039655][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1635.071090][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1635.108454][ T7113] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1635.155606][ T7113] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1635.207360][ T7113] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1635.225106][ T7113] usb 2-1: USB disconnect, device number 119 [ 1635.785870][T22948] loop6: detected capacity change from 0 to 2640 [ 1635.794726][ T5532] Buffer I/O error on dev loop6, logical block 0, async page read [ 1635.803419][ T5532] Buffer I/O error on dev loop6, logical block 0, async page read [ 1635.811956][ T5532] Buffer I/O error on dev loop6, logical block 0, async page read [ 1635.820376][ T5532] Buffer I/O error on dev loop6, logical block 0, async page read [ 1635.828637][ T5532] Buffer I/O error on dev loop6, logical block 0, async page read [ 1635.837797][ T5532] Buffer I/O error on dev loop6, logical block 0, async page read [ 1635.909078][ T5532] Buffer I/O error on dev loop6, logical block 0, async page read [ 1635.917120][ T5532] Buffer I/O error on dev loop6, logical block 0, async page read [ 1635.925724][ T5532] ldm_validate_partition_table(): Disk read failed. [ 1635.933163][ T5532] Buffer I/O error on dev loop6, logical block 0, async page read [ 1635.941809][ T5532] Buffer I/O error on dev loop6, logical block 0, async page read [ 1635.950384][ T5532] Dev loop6: unable to read RDB block 0 [ 1635.956814][ T5532] loop6: unable to read partition table [ 1635.969593][T22948] ldm_validate_partition_table(): Disk read failed. [ 1635.989473][T22948] Dev loop6: unable to read RDB block 0 [ 1635.995600][T22948] loop6: unable to read partition table [ 1636.010554][T22948] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1636.445830][T22977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.31444'. [ 1636.478679][T22977] netlink: 20 bytes leftover after parsing attributes in process `syz.1.31444'. [ 1636.663029][T22991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.31448'. [ 1637.110821][T13398] usb 2-1: new high-speed USB device number 120 using dummy_hcd [ 1637.278346][T13398] usb 2-1: Using ep0 maxpacket: 8 [ 1637.285910][T13398] usb 2-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config [ 1637.306356][T13398] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 1637.318035][T13398] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1637.332073][T23024] bond10 (unregistering): Released all slaves [ 1637.345059][T13398] hub 2-1:32.0: bad descriptor, ignoring hub [ 1637.354758][T13398] hub 2-1:32.0: probe with driver hub failed with error -5 [ 1637.721254][ T30] audit: type=1326 audit(1764884011.145:8080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23121 comm="syz.2.31471" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1637.769255][ T30] audit: type=1326 audit(1764884011.165:8081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23121 comm="syz.2.31471" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1637.835451][ T30] audit: type=1326 audit(1764884011.165:8082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23121 comm="syz.2.31471" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1637.859229][ T30] audit: type=1326 audit(1764884011.165:8083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23121 comm="syz.2.31471" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1637.884967][ T30] audit: type=1326 audit(1764884011.165:8084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23121 comm="syz.2.31471" exe="/root/syz-executor" sig=0 arch=40000003 syscall=226 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1637.903197][ T2572] usb 2-1: reset high-speed USB device number 120 using dummy_hcd [ 1637.908877][ T30] audit: type=1326 audit(1764884011.175:8085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23121 comm="syz.2.31471" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1637.939833][ T30] audit: type=1326 audit(1764884011.175:8086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23121 comm="syz.2.31471" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1637.979432][ T30] audit: type=1326 audit(1764884011.175:8087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23121 comm="syz.2.31471" exe="/root/syz-executor" sig=0 arch=40000003 syscall=229 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1638.054707][ T30] audit: type=1326 audit(1764884011.175:8088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23121 comm="syz.2.31471" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1638.094027][ T30] audit: type=1326 audit(1764884011.175:8089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23121 comm="syz.2.31471" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1638.418805][ T2572] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 1638.602674][ T2572] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 1638.614986][ T2572] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1638.636586][ T2572] usb 3-1: config 0 descriptor?? [ 1638.659999][ T2572] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 1638.978653][ T7113] usb 2-1: USB disconnect, device number 120 [ 1639.109524][T23183] netlink: 'syz.1.31487': attribute type 11 has an invalid length. [ 1639.463457][ T2572] usb 3-1: USB disconnect, device number 5 [ 1640.130293][T23229] loop6: detected capacity change from 0 to 2640 [ 1640.138983][T23229] ldm_validate_partition_table(): Disk read failed. [ 1640.145853][T23229] Dev loop6: unable to read RDB block 0 [ 1640.152104][T23229] loop6: unable to read partition table [ 1640.157899][T23229] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1640.598446][ T2578] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 1640.768553][ T2578] usb 3-1: Using ep0 maxpacket: 16 [ 1640.775482][ T2578] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1640.786080][ T2578] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1640.797204][ T2578] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1640.808034][ T2578] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1640.822906][ T2578] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1640.837608][ T2578] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1640.847289][ T2578] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1640.855647][ T2578] usb 3-1: Manufacturer: syz [ 1640.869240][ T2578] usb 3-1: config 0 descriptor?? [ 1641.138805][ T2578] rc_core: IR keymap rc-hauppauge not found [ 1641.145011][ T2578] Registered IR keymap rc-empty [ 1641.150130][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.168765][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.199381][ T2578] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 1641.212860][ T2578] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input209 [ 1641.230620][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.248651][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.268790][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.288857][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.308745][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.328596][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.348786][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.378748][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.408757][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.428670][ T2578] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1641.451234][ T2578] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1641.460818][ T2578] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1641.591913][ T7113] usb 3-1: USB disconnect, device number 6 [ 1642.326628][T23344] netlink: 4 bytes leftover after parsing attributes in process `syz.0.31538'. [ 1643.329536][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 1643.329553][ T30] audit: type=1326 audit(1764884016.755:8103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23405 comm="syz.2.31563" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x0 [ 1644.254478][T23444] netlink: 32 bytes leftover after parsing attributes in process `syz.4.31577'. [ 1644.468847][ T2572] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 1644.621649][ T2572] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1644.643585][ T2572] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 96, setting to 64 [ 1644.663601][ T2572] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 1644.679039][ T2572] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1644.688576][ T2572] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1644.696590][ T2572] usb 3-1: SerialNumber: syz [ 1644.720545][T23445] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1644.737175][ T2572] hub 3-1:1.0: bad descriptor, ignoring hub [ 1644.748814][ T2572] hub 3-1:1.0: probe with driver hub failed with error -5 [ 1644.788176][T23478] could not allocate digest TFM handle _!5(iHP,omxę*71U"~ 2.>~e>/y [ 1644.874240][T23485] netlink: 8 bytes leftover after parsing attributes in process `syz.1.31592'. [ 1644.943561][T23445] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1645.388598][ T2572] cdc_ether 3-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 1645.709996][ T7113] usb 3-1: USB disconnect, device number 7 [ 1645.724192][ T7113] cdc_ether 3-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device [ 1645.739546][T23524] netem: invalid attributes len -3 [ 1645.760666][T23524] netem: change failed [ 1646.572607][ T30] audit: type=1326 audit(1764884019.995:8104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23581 comm="syz.3.31619" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf707d539 code=0x0 [ 1646.718982][ T30] audit: type=1326 audit(1764884020.135:8105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23591 comm="syz.2.31621" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f25539 code=0x0 [ 1647.649400][ T30] audit: type=1326 audit(1764884021.075:8106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23635 comm="syz.4.31633" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1647.704300][ T30] audit: type=1326 audit(1764884021.075:8107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23635 comm="syz.4.31633" exe="/root/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1647.732451][T23639] netlink: 240 bytes leftover after parsing attributes in process `syz.0.31634'. [ 1647.752233][T23639] netlink: 240 bytes leftover after parsing attributes in process `syz.0.31634'. [ 1647.808503][ T30] audit: type=1326 audit(1764884021.075:8108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23635 comm="syz.4.31633" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1647.886072][ T30] audit: type=1326 audit(1764884021.075:8109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23635 comm="syz.4.31633" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1647.942111][ T30] audit: type=1326 audit(1764884021.075:8110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23635 comm="syz.4.31633" exe="/root/syz-executor" sig=0 arch=40000003 syscall=256 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1647.989118][T23652] Attempt to restore checkpoint with obsolete wellknown handles [ 1648.317124][T23666] netlink: 44 bytes leftover after parsing attributes in process `syz.1.31646'. [ 1648.327715][ T30] audit: type=1326 audit(1764884021.745:8111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23635 comm="syz.4.31633" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1648.387817][ T30] audit: type=1326 audit(1764884021.745:8112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23635 comm="syz.4.31633" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63539 code=0x7ffc0000 [ 1648.418858][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1651.645131][T23824] sctp: [Deprecated]: syz.2.31703 (pid 23824) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1651.645131][T23824] Use struct sctp_sack_info instead [ 1651.903107][T23838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.31708'. [ 1652.967554][T23881] veth1_to_bond: entered allmulticast mode [ 1652.978523][T23880] veth1_to_bond: left allmulticast mode [ 1653.750390][T23924] input: syz1 as /devices/virtual/input/input211 [ 1654.154455][T23951] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.31754'. [ 1654.257765][T23956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.31757'. [ 1654.665818][T23978] netlink: 4 bytes leftover after parsing attributes in process `syz.2.31765'. [ 1655.180192][T24007] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 1656.000010][ T2578] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1656.076875][T24051] netlink: 4 bytes leftover after parsing attributes in process `syz.4.31792'. [ 1656.096732][T24051] netlink: 16 bytes leftover after parsing attributes in process `syz.4.31792'. [ 1656.172186][ T2578] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1656.181162][ T2578] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1656.195664][ T2578] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1656.208784][ T2578] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 1656.223586][ T2578] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 1656.259318][ T2578] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1656.278979][ T2578] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1656.288682][ T2578] usb 3-1: Product: syz [ 1656.292938][ T2578] usb 3-1: Manufacturer: syz [ 1656.319298][ T2578] cdc_wdm 3-1:1.0: skipping garbage [ 1656.324552][ T2578] cdc_wdm 3-1:1.0: skipping garbage [ 1656.332802][ T2578] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1656.345616][ T2578] cdc_wdm 3-1:1.0: Unknown control protocol [ 1656.544753][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1656.551691][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1656.558771][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1656.565391][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1656.571865][T13398] usb 3-1: USB disconnect, device number 8 [ 1656.578680][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1656.585300][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1656.591382][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1656.694575][T24085] netlink: 92 bytes leftover after parsing attributes in process `syz.1.31799'. [ 1656.951371][T24102] netlink: 'syz.4.31807': attribute type 16 has an invalid length. [ 1656.960528][T24102] netlink: 'syz.4.31807': attribute type 3 has an invalid length. [ 1656.969154][T24102] netlink: 64066 bytes leftover after parsing attributes in process `syz.4.31807'. [ 1656.991608][T24104] netlink: 24 bytes leftover after parsing attributes in process `syz.1.31808'. [ 1657.005856][T24104] netlink: 24 bytes leftover after parsing attributes in process `syz.1.31808'. [ 1658.290325][T24169] gtp2: entered promiscuous mode [ 1658.295487][T24169] gtp2: entered allmulticast mode [ 1658.716324][T24196] netlink: 'syz.1.31841': attribute type 15 has an invalid length. [ 1658.987374][T24205] netlink: 'syz.2.31845': attribute type 16 has an invalid length. [ 1658.996068][T24205] netlink: 8 bytes leftover after parsing attributes in process `syz.2.31845'. [ 1659.898579][ T2572] usb 2-1: new full-speed USB device number 121 using dummy_hcd [ 1660.060589][ T2572] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1660.071004][ T2572] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1660.080171][ T2572] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1660.089446][ T2572] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1660.099598][ T2572] usb 2-1: config 0 descriptor?? [ 1660.111180][ T2572] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1660.117818][ T2572] dvb-usb: bulk message failed: -22 (3/0) [ 1660.132804][ T2572] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1660.142284][ T2572] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1660.150098][ T2572] usb 2-1: media controller created [ 1660.156869][ T2572] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1660.172694][ T2572] dvb-usb: bulk message failed: -22 (6/0) [ 1660.182078][ T2572] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1660.191725][ T2572] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input212 [ 1660.206528][ T2572] dvb-usb: schedule remote query interval to 150 msecs. [ 1660.214639][ T2572] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1660.329806][ T2572] usb 2-1: USB disconnect, device number 121 [ 1660.362785][ T2572] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1660.750987][T24295] GUP no longer grows the stack in syz.0.31868 (24295): 80009000-8000a000 (80005000) [ 1660.761484][T24295] CPU: 1 UID: 0 PID: 24295 Comm: syz.0.31868 Tainted: G L syzkaller #0 PREEMPT(full) [ 1660.761503][T24295] Tainted: [L]=SOFTLOCKUP [ 1660.761508][T24295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1660.761516][T24295] Call Trace: [ 1660.761521][T24295] [ 1660.761526][T24295] dump_stack_lvl+0x189/0x250 [ 1660.761546][T24295] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1660.761558][T24295] ? __pfx__printk+0x10/0x10 [ 1660.761570][T24295] ? find_vma+0xe7/0x160 [ 1660.761590][T24295] __get_user_pages+0x2470/0x2a00 [ 1660.761602][T24295] ? __lock_acquire+0x6b6/0x2cf0 [ 1660.761624][T24295] ? __gup_longterm_locked+0xc63/0x1660 [ 1660.761636][T24295] ? down_read_killable+0x1bc/0x350 [ 1660.761649][T24295] __gup_longterm_locked+0xde4/0x1660 [ 1660.761664][T24295] ? try_grab_folio_fast+0x1bf/0x6a0 [ 1660.761683][T24295] ? gup_fast_fallback+0x1b86/0x22d0 [ 1660.761704][T24295] gup_fast_fallback+0x1d65/0x22d0 [ 1660.761735][T24295] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1660.761745][T24295] ? __mutex_lock+0x335/0x1350 [ 1660.761764][T24295] ? is_valid_gup_args+0x11f/0x200 [ 1660.761777][T24295] ? get_user_pages_fast+0x4d/0xb0 [ 1660.761790][T24295] __iov_iter_get_pages_alloc+0x39f/0xb40 [ 1660.761806][T24295] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 1660.761817][T24295] ? wait_for_space+0x248/0x2d0 [ 1660.761828][T24295] iov_iter_get_pages2+0x5e/0xa0 [ 1660.761840][T24295] __se_sys_vmsplice+0x548/0x10d0 [ 1660.761861][T24295] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 1660.761871][T24295] ? __pfx_futex_wait+0x10/0x10 [ 1660.761915][T24295] ? __do_fast_syscall_32+0xbe/0x570 [ 1660.761931][T24295] __do_fast_syscall_32+0x1f7/0x570 [ 1660.761944][T24295] ? rcu_is_watching+0x15/0xb0 [ 1660.761955][T24295] ? do_fast_syscall_32+0x34/0x80 [ 1660.761971][T24295] do_fast_syscall_32+0x34/0x80 [ 1660.761985][T24295] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1660.761996][T24295] RIP: 0023:0xf7fb2539 [ 1660.762006][T24295] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1660.762015][T24295] RSP: 002b:00000000f54a655c EFLAGS: 00000206 ORIG_RAX: 000000000000013c [ 1660.762026][T24295] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000280 [ 1660.762032][T24295] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 1660.762038][T24295] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1660.762043][T24295] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1660.762049][T24295] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1660.762064][T24295] [ 1661.266429][ T30] audit: type=1326 audit(1764884034.685:8113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24312 comm="syz.2.31876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1661.326738][ T30] audit: type=1326 audit(1764884034.685:8114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24312 comm="syz.2.31876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1661.354628][ T30] audit: type=1326 audit(1764884034.685:8115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24312 comm="syz.2.31876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1661.380489][ T30] audit: type=1326 audit(1764884034.685:8116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24312 comm="syz.2.31876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1661.406119][ T30] audit: type=1326 audit(1764884034.685:8117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24312 comm="syz.2.31876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1661.429104][ T30] audit: type=1326 audit(1764884034.685:8118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24312 comm="syz.2.31876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=364 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1661.451817][ T30] audit: type=1326 audit(1764884034.695:8119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24312 comm="syz.2.31876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ffc0000 [ 1661.677315][T24331] __nla_validate_parse: 1 callbacks suppressed [ 1661.677335][T24331] netlink: 20 bytes leftover after parsing attributes in process `syz.2.31883'. [ 1662.013194][T24346] netlink: 'syz.1.31890': attribute type 1 has an invalid length. [ 1662.031625][T24346] netlink: 'syz.1.31890': attribute type 2 has an invalid length. [ 1662.316217][T24368] random: crng reseeded on system resumption [ 1662.489142][ T2578] usb 2-1: new high-speed USB device number 122 using dummy_hcd [ 1662.638579][ T2578] usb 2-1: Using ep0 maxpacket: 32 [ 1662.645330][ T2578] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 1662.653859][ T2578] usb 2-1: config 0 has no interface number 0 [ 1662.660213][ T2578] usb 2-1: config 0 interface 12 has no altsetting 0 [ 1662.669199][ T2578] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1662.678756][ T2578] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1662.686739][ T2578] usb 2-1: Product: syz [ 1662.691061][ T2578] usb 2-1: Manufacturer: syz [ 1662.695661][ T2578] usb 2-1: SerialNumber: syz [ 1662.702602][ T2578] usb 2-1: config 0 descriptor?? [ 1663.522685][ T2578] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 1663.541851][ T2578] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 1663.550698][ T2578] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1663.563143][ T2578] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 1663.580404][ T2578] usb 2-1: USB disconnect, device number 122 [ 1663.944805][T24429] loop5: detected capacity change from 0 to 7 [ 1663.969664][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1663.978914][ C0] buffer_io_error: 48 callbacks suppressed [ 1663.978930][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1663.993114][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1664.002336][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1664.011487][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1664.020704][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1664.029188][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1664.038404][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1664.059282][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1664.071945][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1664.081210][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 1664.090264][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1664.099646][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1664.108578][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1664.117770][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1664.125686][T24429] ldm_validate_partition_table(): Disk read failed. [ 1664.133342][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1664.142598][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 1664.159443][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1664.168684][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 1664.177703][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 1664.186307][T24429] Dev loop5: unable to read RDB block 0 [ 1664.226494][T24429] loop5: unable to read partition table [ 1664.233362][T24429] loop5: partition table beyond EOD, truncated [ 1664.240484][T24429] loop_reread_partitions: partition scan of loop5 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 1664.892288][T24477] input: syz1 as /devices/virtual/input/input213 [ 1665.277082][T24506] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1666.057317][T24560] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1666.622189][T24594] netlink: 'syz.0.31971': attribute type 11 has an invalid length. [ 1666.632484][T24594] netlink: 36 bytes leftover after parsing attributes in process `syz.0.31971'. [ 1667.727311][T24649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.31993'. [ 1668.187318][T24668] netlink: 'syz.1.32002': attribute type 1 has an invalid length. [ 1668.891835][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.898773][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.680302][T24722] netlink: 'syz.4.32019': attribute type 11 has an invalid length. [ 1669.692242][T24722] netlink: 190972 bytes leftover after parsing attributes in process `syz.4.32019'. [ 1669.828020][T24730] netlink: 8 bytes leftover after parsing attributes in process `syz.4.32022'. [ 1669.838762][T24730] netlink: 12 bytes leftover after parsing attributes in process `syz.4.32022'. [ 1669.847940][T24730] netlink: 'syz.4.32022': attribute type 20 has an invalid length. [ 1670.339729][T24761] netlink: 'syz.2.32036': attribute type 25 has an invalid length. [ 1670.349203][T24761] netlink: 'syz.2.32036': attribute type 8 has an invalid length. [ 1671.592147][T24811] netlink: 80 bytes leftover after parsing attributes in process `syz.0.32053'. [ 1671.619627][T24811] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1671.709356][T24817] macvlan2: entered promiscuous mode [ 1671.714706][T24817] bridge0: entered promiscuous mode [ 1672.218717][T24857] netlink: 16 bytes leftover after parsing attributes in process `syz.0.32072'. [ 1672.746067][T24883] bridge0: port 3(syz_tun) entered blocking state [ 1672.760521][T24883] bridge0: port 3(syz_tun) entered disabled state [ 1672.771583][T24883] syz_tun: entered allmulticast mode [ 1672.783519][T24883] syz_tun: entered promiscuous mode [ 1673.138503][T13398] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 1673.260356][T24937] netlink: 212340 bytes leftover after parsing attributes in process `syz.3.32096'. [ 1673.271591][T24937] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 1673.300375][T13398] usb 3-1: config 0 has no interfaces? [ 1673.308770][T13398] usb 3-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 1673.317896][T13398] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1673.344774][T13398] usb 3-1: config 0 descriptor?? [ 1673.575736][T13398] usb 3-1: USB disconnect, device number 9 [ 1674.527579][T24995] [ 1674.529938][T24995] ===================================================== [ 1674.536869][T24995] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1674.544346][T24995] syzkaller #0 Tainted: G L [ 1674.550325][T24995] ----------------------------------------------------- [ 1674.557260][T24995] syz.0.32118/24995 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1674.565074][T24995] ffff88807bbbd948 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1674.573796][T24995] [ 1674.573796][T24995] and this task is already holding: [ 1674.581165][T24995] ffff888076ec3028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1674.591017][T24995] which would create a new lock dependency: [ 1674.596984][T24995] (&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1674.605076][T24995] [ 1674.605076][T24995] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1674.614506][T24995] (&client->buffer_lock){..-.}-{3:3} [ 1674.614529][T24995] [ 1674.614529][T24995] ... which became SOFTIRQ-irq-safe at: [ 1674.627621][T24995] lock_acquire+0x117/0x340 [ 1674.632207][T24995] _raw_spin_lock+0x2e/0x40 [ 1674.636789][T24995] evdev_pass_values+0xb9/0xbd0 [ 1674.641708][T24995] evdev_events+0x1e6/0x340 [ 1674.646281][T24995] input_pass_values+0x288/0x890 [ 1674.651293][T24995] input_event_dispose+0x330/0x6b0 [ 1674.656576][T24995] input_event+0x89/0xe0 [ 1674.661004][T24995] xpad360_process_packet+0x641/0xdd0 [ 1674.666495][T24995] xpad_irq_in+0x14e/0x2590 [ 1674.671082][T24995] __usb_hcd_giveback_urb+0x376/0x540 [ 1674.676528][T24995] dummy_timer+0x85f/0x44c0 [ 1674.681108][T24995] __hrtimer_run_queues+0x51c/0xc30 [ 1674.686392][T24995] hrtimer_run_softirq+0x187/0x2b0 [ 1674.691585][T24995] handle_softirqs+0x27d/0x850 [ 1674.696426][T24995] __irq_exit_rcu+0xca/0x1f0 [ 1674.701090][T24995] irq_exit_rcu+0x9/0x30 [ 1674.705403][T24995] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1674.711119][T24995] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1674.717170][T24995] kernel_text_address+0x5/0xe0 [ 1674.722100][T24995] __kernel_text_address+0xd/0x40 [ 1674.727197][T24995] unwind_get_return_address+0x4d/0x90 [ 1674.732730][T24995] arch_stack_walk+0xfc/0x150 [ 1674.737483][T24995] stack_trace_save+0x9c/0xe0 [ 1674.742235][T24995] kasan_save_track+0x3e/0x80 [ 1674.746988][T24995] __kasan_kmalloc+0x93/0xb0 [ 1674.751650][T24995] __kmalloc_noprof+0x411/0x800 [ 1674.756583][T24995] tomoyo_encode+0x28b/0x550 [ 1674.761333][T24995] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1674.767035][T24995] tomoyo_path_perm+0x213/0x4b0 [ 1674.771972][T24995] security_inode_getattr+0x12f/0x330 [ 1674.777419][T24995] vfs_statx+0x18e/0x550 [ 1674.781736][T24995] vfs_fstatat+0x118/0x170 [ 1674.786252][T24995] __x64_sys_newfstatat+0x116/0x190 [ 1674.791541][T24995] do_syscall_64+0xfa/0xf80 [ 1674.796142][T24995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1674.802113][T24995] [ 1674.802113][T24995] to a SOFTIRQ-irq-unsafe lock: [ 1674.809117][T24995] (tasklist_lock){.+.+}-{3:3} [ 1674.809143][T24995] [ 1674.809143][T24995] ... which became SOFTIRQ-irq-unsafe at: [ 1674.821742][T24995] ... [ 1674.821752][T24995] lock_acquire+0x117/0x340 [ 1674.828890][T24995] _raw_read_lock+0x36/0x50 [ 1674.833478][T24995] __do_wait+0xde/0x740 [ 1674.837727][T24995] do_wait+0x1e8/0x4f0 [ 1674.841864][T24995] kernel_wait+0xab/0x170 [ 1674.846272][T24995] call_usermodehelper_exec_work+0xbe/0x230 [ 1674.852326][T24995] process_scheduled_works+0xad1/0x1770 [ 1674.857947][T24995] worker_thread+0x8a0/0xda0 [ 1674.862697][T24995] kthread+0x711/0x8a0 [ 1674.866839][T24995] ret_from_fork+0x599/0xb30 [ 1674.871500][T24995] ret_from_fork_asm+0x1a/0x30 [ 1674.876348][T24995] [ 1674.876348][T24995] other info that might help us debug this: [ 1674.876348][T24995] [ 1674.886580][T24995] Chain exists of: [ 1674.886580][T24995] &client->buffer_lock --> &new->fa_lock --> tasklist_lock [ 1674.886580][T24995] [ 1674.899692][T24995] Possible interrupt unsafe locking scenario: [ 1674.899692][T24995] [ 1674.907993][T24995] CPU0 CPU1 [ 1674.913345][T24995] ---- ---- [ 1674.918763][T24995] lock(tasklist_lock); [ 1674.923028][T24995] local_irq_disable(); [ 1674.929776][T24995] lock(&client->buffer_lock); [ 1674.937138][T24995] lock(&new->fa_lock); [ 1674.943887][T24995] [ 1674.947334][T24995] lock(&client->buffer_lock); [ 1674.952345][T24995] [ 1674.952345][T24995] *** DEADLOCK *** [ 1674.952345][T24995] [ 1674.960472][T24995] 7 locks held by syz.0.32118/24995: [ 1674.965739][T24995] #0: ffff888146bcf118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 1674.974872][T24995] #1: ffff888020758230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340 [ 1674.984961][T24995] #2: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340 [ 1674.994624][T24995] #3: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 1675.004178][T24995] #4: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 1675.013305][T24995] #5: ffff888076ec3028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1675.023468][T24995] #6: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1675.032682][T24995] [ 1675.032682][T24995] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1675.043084][T24995] -> (&client->buffer_lock){..-.}-{3:3} { [ 1675.048808][T24995] IN-SOFTIRQ-W at: [ 1675.052771][T24995] lock_acquire+0x117/0x340 [ 1675.058910][T24995] _raw_spin_lock+0x2e/0x40 [ 1675.065055][T24995] evdev_pass_values+0xb9/0xbd0 [ 1675.071544][T24995] evdev_events+0x1e6/0x340 [ 1675.077689][T24995] input_pass_values+0x288/0x890 [ 1675.084260][T24995] input_event_dispose+0x330/0x6b0 [ 1675.091013][T24995] input_event+0x89/0xe0 [ 1675.096901][T24995] xpad360_process_packet+0x641/0xdd0 [ 1675.103924][T24995] xpad_irq_in+0x14e/0x2590 [ 1675.110068][T24995] __usb_hcd_giveback_urb+0x376/0x540 [ 1675.117167][T24995] dummy_timer+0x85f/0x44c0 [ 1675.123307][T24995] __hrtimer_run_queues+0x51c/0xc30 [ 1675.130149][T24995] hrtimer_run_softirq+0x187/0x2b0 [ 1675.136897][T24995] handle_softirqs+0x27d/0x850 [ 1675.143293][T24995] __irq_exit_rcu+0xca/0x1f0 [ 1675.149515][T24995] irq_exit_rcu+0x9/0x30 [ 1675.155390][T24995] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1675.162685][T24995] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1675.170302][T24995] kernel_text_address+0x5/0xe0 [ 1675.176793][T24995] __kernel_text_address+0xd/0x40 [ 1675.183452][T24995] unwind_get_return_address+0x4d/0x90 [ 1675.190553][T24995] arch_stack_walk+0xfc/0x150 [ 1675.196865][T24995] stack_trace_save+0x9c/0xe0 [ 1675.203185][T24995] kasan_save_track+0x3e/0x80 [ 1675.209505][T24995] __kasan_kmalloc+0x93/0xb0 [ 1675.215731][T24995] __kmalloc_noprof+0x411/0x800 [ 1675.222236][T24995] tomoyo_encode+0x28b/0x550 [ 1675.228473][T24995] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1675.235754][T24995] tomoyo_path_perm+0x213/0x4b0 [ 1675.242242][T24995] security_inode_getattr+0x12f/0x330 [ 1675.249251][T24995] vfs_statx+0x18e/0x550 [ 1675.255128][T24995] vfs_fstatat+0x118/0x170 [ 1675.261178][T24995] __x64_sys_newfstatat+0x116/0x190 [ 1675.268100][T24995] do_syscall_64+0xfa/0xf80 [ 1675.274243][T24995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1675.281858][T24995] INITIAL USE at: [ 1675.285740][T24995] lock_acquire+0x117/0x340 [ 1675.291792][T24995] _raw_spin_lock+0x2e/0x40 [ 1675.297845][T24995] evdev_pass_values+0xb9/0xbd0 [ 1675.304250][T24995] evdev_events+0x1e6/0x340 [ 1675.310299][T24995] input_pass_values+0x288/0x890 [ 1675.316782][T24995] input_event_dispose+0x330/0x6b0 [ 1675.323442][T24995] input_event+0x89/0xe0 [ 1675.329236][T24995] xpad360_process_packet+0x641/0xdd0 [ 1675.336164][T24995] xpad_irq_in+0x14e/0x2590 [ 1675.342219][T24995] __usb_hcd_giveback_urb+0x376/0x540 [ 1675.349144][T24995] dummy_timer+0x85f/0x44c0 [ 1675.355196][T24995] __hrtimer_run_queues+0x51c/0xc30 [ 1675.361942][T24995] hrtimer_run_softirq+0x187/0x2b0 [ 1675.368601][T24995] handle_softirqs+0x27d/0x850 [ 1675.374922][T24995] __irq_exit_rcu+0xca/0x1f0 [ 1675.381077][T24995] irq_exit_rcu+0x9/0x30 [ 1675.386867][T24995] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1675.394054][T24995] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1675.401586][T24995] kernel_text_address+0x5/0xe0 [ 1675.408095][T24995] __kernel_text_address+0xd/0x40 [ 1675.414699][T24995] unwind_get_return_address+0x4d/0x90 [ 1675.421714][T24995] arch_stack_walk+0xfc/0x150 [ 1675.427943][T24995] stack_trace_save+0x9c/0xe0 [ 1675.434171][T24995] kasan_save_track+0x3e/0x80 [ 1675.440398][T24995] __kasan_kmalloc+0x93/0xb0 [ 1675.446535][T24995] __kmalloc_noprof+0x411/0x800 [ 1675.452939][T24995] tomoyo_encode+0x28b/0x550 [ 1675.459075][T24995] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1675.466255][T24995] tomoyo_path_perm+0x213/0x4b0 [ 1675.472649][T24995] security_inode_getattr+0x12f/0x330 [ 1675.479598][T24995] vfs_statx+0x18e/0x550 [ 1675.485384][T24995] vfs_fstatat+0x118/0x170 [ 1675.491436][T24995] __x64_sys_newfstatat+0x116/0x190 [ 1675.498177][T24995] do_syscall_64+0xfa/0xf80 [ 1675.504240][T24995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1675.511682][T24995] } [ 1675.514163][T24995] ... key at: [] evdev_open.__key.26+0x0/0x20 [ 1675.522302][T24995] [ 1675.522302][T24995] the dependencies between the lock to be acquired [ 1675.522312][T24995] and SOFTIRQ-irq-unsafe lock: [ 1675.535967][T24995] -> (tasklist_lock){.+.+}-{3:3} { [ 1675.541255][T24995] HARDIRQ-ON-R at: [ 1675.545390][T24995] lock_acquire+0x117/0x340 [ 1675.551872][T24995] _raw_read_lock+0x36/0x50 [ 1675.558358][T24995] __do_wait+0xde/0x740 [ 1675.564508][T24995] do_wait+0x1e8/0x4f0 [ 1675.570588][T24995] kernel_wait+0xab/0x170 [ 1675.576917][T24995] call_usermodehelper_exec_work+0xbe/0x230 [ 1675.584796][T24995] process_scheduled_works+0xad1/0x1770 [ 1675.592327][T24995] worker_thread+0x8a0/0xda0 [ 1675.598903][T24995] kthread+0x711/0x8a0 [ 1675.604955][T24995] ret_from_fork+0x599/0xb30 [ 1675.611526][T24995] ret_from_fork_asm+0x1a/0x30 [ 1675.618288][T24995] SOFTIRQ-ON-R at: [ 1675.622446][T24995] lock_acquire+0x117/0x340 [ 1675.628943][T24995] _raw_read_lock+0x36/0x50 [ 1675.635445][T24995] __do_wait+0xde/0x740 [ 1675.641592][T24995] do_wait+0x1e8/0x4f0 [ 1675.647644][T24995] kernel_wait+0xab/0x170 [ 1675.653964][T24995] call_usermodehelper_exec_work+0xbe/0x230 [ 1675.661839][T24995] process_scheduled_works+0xad1/0x1770 [ 1675.669364][T24995] worker_thread+0x8a0/0xda0 [ 1675.675938][T24995] kthread+0x711/0x8a0 [ 1675.681995][T24995] ret_from_fork+0x599/0xb30 [ 1675.688568][T24995] ret_from_fork_asm+0x1a/0x30 [ 1675.695315][T24995] INITIAL USE at: [ 1675.699366][T24995] lock_acquire+0x117/0x340 [ 1675.705760][T24995] _raw_write_lock_irq+0xa2/0xf0 [ 1675.712596][T24995] copy_process+0x2185/0x3950 [ 1675.719169][T24995] kernel_clone+0x21e/0x820 [ 1675.725565][T24995] user_mode_thread+0xdd/0x140 [ 1675.732227][T24995] rest_init+0x23/0x300 [ 1675.738290][T24995] start_kernel+0x3ae/0x410 [ 1675.744692][T24995] x86_64_start_reservations+0x24/0x30 [ 1675.752064][T24995] x86_64_start_kernel+0x143/0x1c0 [ 1675.759075][T24995] common_startup_64+0x13e/0x147 [ 1675.765910][T24995] INITIAL READ USE at: [ 1675.770398][T24995] lock_acquire+0x117/0x340 [ 1675.777228][T24995] _raw_read_lock+0x36/0x50 [ 1675.784059][T24995] __do_wait+0xde/0x740 [ 1675.790550][T24995] do_wait+0x1e8/0x4f0 [ 1675.796957][T24995] kernel_wait+0xab/0x170 [ 1675.803620][T24995] call_usermodehelper_exec_work+0xbe/0x230 [ 1675.811855][T24995] process_scheduled_works+0xad1/0x1770 [ 1675.819743][T24995] worker_thread+0x8a0/0xda0 [ 1675.826673][T24995] kthread+0x711/0x8a0 [ 1675.833078][T24995] ret_from_fork+0x599/0xb30 [ 1675.840003][T24995] ret_from_fork_asm+0x1a/0x30 [ 1675.847106][T24995] } [ 1675.849761][T24995] ... key at: [] tasklist_lock+0x18/0x40 [ 1675.857818][T24995] ... acquired at: [ 1675.861772][T24995] _raw_read_lock+0x36/0x50 [ 1675.866451][T24995] send_sigurg+0x12b/0x420 [ 1675.871115][T24995] sk_send_sigurg+0x6c/0x2e0 [ 1675.875867][T24995] queue_oob+0x420/0x4f0 [ 1675.880279][T24995] unix_stream_sendmsg+0xc32/0xde0 [ 1675.885553][T24995] __sock_sendmsg+0x21c/0x270 [ 1675.890417][T24995] ____sys_sendmsg+0x505/0x820 [ 1675.895350][T24995] ___sys_sendmsg+0x21f/0x2a0 [ 1675.900202][T24995] __sys_sendmsg+0x164/0x220 [ 1675.905046][T24995] __do_fast_syscall_32+0x1f7/0x570 [ 1675.910498][T24995] do_fast_syscall_32+0x34/0x80 [ 1675.915510][T24995] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1675.921999][T24995] [ 1675.924308][T24995] -> (&f_owner->lock){....}-{3:3} { [ 1675.929683][T24995] INITIAL USE at: [ 1675.933653][T24995] lock_acquire+0x117/0x340 [ 1675.939879][T24995] _raw_write_lock_irq+0xa2/0xf0 [ 1675.946544][T24995] __f_setown+0x67/0x370 [ 1675.952508][T24995] fcntl_dirnotify+0x3fa/0x6a0 [ 1675.958997][T24995] do_fcntl+0x745/0x1a50 [ 1675.965074][T24995] do_compat_fcntl64+0x477/0x720 [ 1675.972446][T24995] __do_fast_syscall_32+0x1f7/0x570 [ 1675.979385][T24995] do_fast_syscall_32+0x34/0x80 [ 1675.985976][T24995] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1675.994051][T24995] INITIAL READ USE at: [ 1675.998462][T24995] lock_acquire+0x117/0x340 [ 1676.005575][T24995] _raw_read_lock_irq+0xaa/0xf0 [ 1676.012602][T24995] do_fcntl+0x2f9/0x1a50 [ 1676.019017][T24995] do_compat_fcntl64+0x477/0x720 [ 1676.026205][T24995] __do_fast_syscall_32+0x1f7/0x570 [ 1676.033573][T24995] do_fast_syscall_32+0x34/0x80 [ 1676.040683][T24995] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1676.049263][T24995] } [ 1676.051830][T24995] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1676.060762][T24995] ... acquired at: [ 1676.064638][T24995] _raw_read_lock_irqsave+0xaf/0x100 [ 1676.070092][T24995] send_sigio+0x38/0x370 [ 1676.074501][T24995] kill_fasync+0x24d/0x4d0 [ 1676.079076][T24995] sock_wake_async+0x137/0x160 [ 1676.084085][T24995] sk_wake_async+0x184/0x280 [ 1676.088834][T24995] unix_release_sock+0x747/0xc70 [ 1676.093939][T24995] unix_release+0x92/0xd0 [ 1676.098438][T24995] sock_close+0xc3/0x240 [ 1676.102847][T24995] __fput+0x44c/0xa70 [ 1676.107017][T24995] task_work_run+0x1d4/0x260 [ 1676.111766][T24995] exit_to_user_mode_loop+0xff/0x4f0 [ 1676.117554][T24995] __do_fast_syscall_32+0x3cb/0x570 [ 1676.122918][T24995] do_fast_syscall_32+0x34/0x80 [ 1676.127940][T24995] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1676.134429][T24995] [ 1676.136739][T24995] -> (&new->fa_lock){....}-{3:3} { [ 1676.141847][T24995] INITIAL USE at: [ 1676.145724][T24995] lock_acquire+0x117/0x340 [ 1676.151776][T24995] _raw_write_lock_irq+0xa2/0xf0 [ 1676.158267][T24995] fasync_remove_entry+0xf1/0x1c0 [ 1676.164842][T24995] __fput+0x8a2/0xa70 [ 1676.170478][T24995] task_work_run+0x1d4/0x260 [ 1676.176638][T24995] exit_to_user_mode_loop+0xff/0x4f0 [ 1676.183477][T24995] __do_fast_syscall_32+0x3cb/0x570 [ 1676.190240][T24995] do_fast_syscall_32+0x34/0x80 [ 1676.196647][T24995] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1676.204533][T24995] INITIAL READ USE at: [ 1676.208937][T24995] lock_acquire+0x117/0x340 [ 1676.215436][T24995] _raw_read_lock_irqsave+0xaf/0x100 [ 1676.222721][T24995] kill_fasync+0x199/0x4d0 [ 1676.229139][T24995] pipe_release+0x19c/0x330 [ 1676.235722][T24995] __fput+0x44c/0xa70 [ 1676.241686][T24995] task_work_run+0x1d4/0x260 [ 1676.248264][T24995] exit_to_user_mode_loop+0xff/0x4f0 [ 1676.255534][T24995] __do_fast_syscall_32+0x3cb/0x570 [ 1676.262720][T24995] do_fast_syscall_32+0x34/0x80 [ 1676.269567][T24995] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1676.277877][T24995] } [ 1676.280408][T24995] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1676.289074][T24995] ... acquired at: [ 1676.292859][T24995] _raw_read_lock_irqsave+0xaf/0x100 [ 1676.298311][T24995] kill_fasync+0x199/0x4d0 [ 1676.302887][T24995] evdev_pass_values+0x627/0xbd0 [ 1676.307983][T24995] evdev_events+0x1e6/0x340 [ 1676.312640][T24995] input_pass_values+0x288/0x890 [ 1676.317730][T24995] input_event_dispose+0x330/0x6b0 [ 1676.322999][T24995] input_inject_event+0x1dd/0x340 [ 1676.328194][T24995] evdev_write+0x2fc/0x480 [ 1676.332770][T24995] vfs_write+0x27e/0xb30 [ 1676.337174][T24995] ksys_write+0x145/0x250 [ 1676.341669][T24995] __do_fast_syscall_32+0x1f7/0x570 [ 1676.347031][T24995] do_fast_syscall_32+0x34/0x80 [ 1676.352068][T24995] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1676.358551][T24995] [ 1676.360867][T24995] [ 1676.360867][T24995] stack backtrace: [ 1676.366777][T24995] CPU: 1 UID: 0 PID: 24995 Comm: syz.0.32118 Tainted: G L syzkaller #0 PREEMPT(full) [ 1676.366798][T24995] Tainted: [L]=SOFTLOCKUP [ 1676.366804][T24995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1676.366813][T24995] Call Trace: [ 1676.366822][T24995] [ 1676.366829][T24995] dump_stack_lvl+0x189/0x250 [ 1676.366848][T24995] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1676.366862][T24995] ? __pfx__printk+0x10/0x10 [ 1676.366882][T24995] __lock_acquire+0x2a95/0x2cf0 [ 1676.366903][T24995] ? kill_fasync+0x199/0x4d0 [ 1676.366919][T24995] lock_acquire+0x117/0x340 [ 1676.366932][T24995] ? kill_fasync+0x199/0x4d0 [ 1676.366950][T24995] _raw_read_lock_irqsave+0xaf/0x100 [ 1676.366968][T24995] ? kill_fasync+0x199/0x4d0 [ 1676.366982][T24995] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1676.366997][T24995] ? do_raw_spin_lock+0x121/0x290 [ 1676.367017][T24995] kill_fasync+0x199/0x4d0 [ 1676.367032][T24995] ? kill_fasync+0x53/0x4d0 [ 1676.367047][T24995] evdev_pass_values+0x627/0xbd0 [ 1676.367063][T24995] ? evdev_pass_values+0x5f1/0xbd0 [ 1676.367078][T24995] evdev_events+0x1e6/0x340 [ 1676.367090][T24995] ? evdev_events+0x79/0x340 [ 1676.367102][T24995] ? input_pass_values+0x8d/0x890 [ 1676.367114][T24995] input_pass_values+0x288/0x890 [ 1676.367128][T24995] ? input_handle_event+0x70c/0xf30 [ 1676.367145][T24995] input_event_dispose+0x330/0x6b0 [ 1676.367163][T24995] input_inject_event+0x1dd/0x340 [ 1676.367179][T24995] ? input_inject_event+0xb6/0x340 [ 1676.367196][T24995] evdev_write+0x2fc/0x480 [ 1676.367210][T24995] ? __pfx_evdev_write+0x10/0x10 [ 1676.367230][T24995] ? bpf_lsm_file_permission+0x9/0x20 [ 1676.367243][T24995] ? security_file_permission+0x75/0x290 [ 1676.367262][T24995] ? rw_verify_area+0x255/0x4d0 [ 1676.367278][T24995] ? __pfx_evdev_write+0x10/0x10 [ 1676.367292][T24995] vfs_write+0x27e/0xb30 [ 1676.367310][T24995] ? __pfx_vfs_write+0x10/0x10 [ 1676.367326][T24995] ? __fget_files+0x2a/0x420 [ 1676.367340][T24995] ? __fget_files+0x2a/0x420 [ 1676.367352][T24995] ? __fget_files+0x3a0/0x420 [ 1676.367363][T24995] ? __fget_files+0x2a/0x420 [ 1676.367378][T24995] ksys_write+0x145/0x250 [ 1676.367395][T24995] ? __pfx_ksys_write+0x10/0x10 [ 1676.367412][T24995] ? __do_fast_syscall_32+0xbe/0x570 [ 1676.367431][T24995] __do_fast_syscall_32+0x1f7/0x570 [ 1676.367449][T24995] ? rcu_is_watching+0x15/0xb0 [ 1676.367465][T24995] ? do_fast_syscall_32+0x34/0x80 [ 1676.367484][T24995] do_fast_syscall_32+0x34/0x80 [ 1676.367502][T24995] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1676.367518][T24995] RIP: 0023:0xf7fb2539 [ 1676.367531][T24995] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1676.367544][T24995] RSP: 002b:00000000f54a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1676.367560][T24995] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 1676.367570][T24995] RDX: 0000000000000037 RSI: 0000000000000000 RDI: 0000000000000000 [ 1676.367578][T24995] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1676.367585][T24995] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1676.367594][T24995] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1676.367607][T24995] [ 1676.742167][ T30] audit: type=1326 audit(1764884050.165:8120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24998 comm="syz.1.32120" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7fc00000