last executing test programs: 2m14.609317068s ago: executing program 1 (id=2636): r0 = syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0x8, r0) wait4(r0, 0x0, 0x2, 0x0) 2m14.543400185s ago: executing program 1 (id=2641): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000140)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mlockall(0x7) 2m14.23146128s ago: executing program 1 (id=2652): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0) 2m14.146747261s ago: executing program 1 (id=2658): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000280)='./file0\x00', 0x0, 0x97801, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x112) 2m14.143536438s ago: executing program 1 (id=2660): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m13.842295982s ago: executing program 1 (id=2671): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x60) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x145040, 0x1ff) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) 2m13.785826095s ago: executing program 32 (id=2671): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x60) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x145040, 0x1ff) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) 2m7.5419661s ago: executing program 2 (id=2848): r0 = syz_open_dev$usbfs(&(0x7f00000002c0), 0xc, 0x101b01) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x2, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0cba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34201113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed00083fe5c5ca033dfce0a82575ef14eee686be0fc58bbf5993943aea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f61e00"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) ioctl$USBDEVFS_FORBID_SUSPEND(r0, 0x5521) 2m7.460813032s ago: executing program 2 (id=2849): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000140)='blkio.throttle.io_serviced\x00', 0x0, 0x0) preadv2(r1, &(0x7f0000000180)=[{&(0x7f0000000340)=""/205, 0xcd}], 0x1, 0x400, 0x0, 0x0) 2m7.459841964s ago: executing program 2 (id=2850): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x80000000, 0x0, 0x6, 0x5, 0x2, 0x40004942}]}) 2m7.297290478s ago: executing program 2 (id=2852): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 2m7.28256835s ago: executing program 2 (id=2854): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0) write$cgroup_freezer_state(r1, &(0x7f0000000080)='FROZEN\x00', 0x7) 2m6.962739891s ago: executing program 2 (id=2867): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x2, &(0x7f0000000080)=0x0) io_submit(r1, 0x1, &(0x7f0000001240)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0300ffff", 0x4}]) 2m6.874290275s ago: executing program 33 (id=2867): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x2, &(0x7f0000000080)=0x0) io_submit(r1, 0x1, &(0x7f0000001240)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0300ffff", 0x4}]) 1m19.74175052s ago: executing program 0 (id=3765): openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b142010400000109023800"], 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl(r0, 0x8b2c, &(0x7f0000000040)) 1m17.812632226s ago: executing program 0 (id=3783): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x0, 0x0, 0x0, 0x93a, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, 0x0}) 1m17.611889403s ago: executing program 0 (id=3782): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x1000, 0x1}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death={0x400c630e}], 0x0, 0x0, 0x0}) 1m17.543166884s ago: executing program 0 (id=3785): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x110) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240), 0x50, 0x0) 1m17.54010203s ago: executing program 0 (id=3787): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'erspan0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0xf6, r1, 0x1, 0xbd, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14) sendto$packet(r0, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x88a8ffff, &(0x7f0000000140)={0x11, 0x88a8, r1}, 0x14) 1m17.211942766s ago: executing program 0 (id=3789): syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1, 0x10b000) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002) r1 = dup(r0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 1m17.144105564s ago: executing program 34 (id=3789): syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1, 0x10b000) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002) r1 = dup(r0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 1.067945713s ago: executing program 6 (id=5552): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 321.740493ms ago: executing program 5 (id=5562): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000100001"], 0x94}}, 0x4040040) r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}, 0x700}], 0x40000cf, 0x0) 321.535484ms ago: executing program 3 (id=5563): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000f40)=ANY=[@ANYBLOB="140000001000160000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080008400000000114000000110001"], 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x14, 0xa, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0xdef98b386264d0e0}, 0x0) 306.027675ms ago: executing program 5 (id=5564): modify_ldt$write2(0x11, &(0x7f0000000100)={0x81, 0x0, 0x4000, 0x1}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x12, r0, 0x0) ftruncate(r0, 0xc17a) modify_ldt$read(0x0, &(0x7f0000002140)=""/4098, 0xfffffffffffffe8e) 301.515919ms ago: executing program 4 (id=5565): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) 231.711302ms ago: executing program 3 (id=5566): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="12000000080000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x4800) 231.43298ms ago: executing program 4 (id=5567): socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40040}, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="600000000406030000000000000000000000000005000100070000000900020073797a3100"], 0x60}}, 0x0) 231.243579ms ago: executing program 3 (id=5568): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000006300)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000390000000000000000000000850000004100000085000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x82, &(0x7f00000000c0)={@local, @empty, @val, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "5f1060", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x22eb}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x86ddffff}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}}, 0x0) 214.327476ms ago: executing program 5 (id=5569): setreuid(0xee01, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_clone(0x248d15ab3ee2a01c, 0x0, 0x0, 0x0, 0x0, 0x0) 213.072703ms ago: executing program 6 (id=5570): bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000001850000000000020000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffff0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x9a) 136.012972ms ago: executing program 3 (id=5571): ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) r0 = socket(0x10, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r1], 0x48}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) 133.379831ms ago: executing program 6 (id=5572): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x98) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00'}}}, &(0x7f0000000040)=0x84) 132.841157ms ago: executing program 4 (id=5573): r0 = socket(0x28, 0x801, 0x0) connect$vsock_stream(r0, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r0, 0x1) shutdown(r0, 0x0) poll(&(0x7f0000000000)=[{r0, 0x5208}], 0x1, 0x800) 127.545439ms ago: executing program 3 (id=5574): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000340)={@val={0xa, 0x883e}, @void, @eth={@multicast, @multicast, @val={@val={0x88a8, 0x4, 0x0, 0x2}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x5, 0x28, 0x64, 0x6000, 0x7, 0x6, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x2f}}, {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x80, 0x4, 0x0, 0x4}}}}}}}, 0x42) 79.175558ms ago: executing program 6 (id=5575): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x18) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000220c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="0000002100000000050000000000000095c333d4c0a3ecdd69086b8e4c36439a8808b90ea579cdf8bd475a470064827701f4169ebebecb5bba94f06f020fb64e5594a86f5f00000000000008c7533dc98a94008d7d2a7d2c23bc3f4cc1992aebd29fd21e95b3c7c49de340c24cb6ba1a33740825c424ecd87a3b02ae7840be900964b6948074a8f2ed867fd6601b0ca02215f4c2a5157135575fa1903abe92246853cb7cb868a3b2524a92bfa8aaeaf3ff3f08fb97ec0c126bfea903ef567bdf48aecb23342c8102732b7257f65b1f7d82adec836fd77d2f5c6e6c18ae428531d9e4d906b0a19827bffab9ced1e24e8f063d44fb76dd59e75486"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@ifindex, r3, 0x11, 0x0, 0x0, @void, @value=r2}, 0x20) 79.030929ms ago: executing program 4 (id=5576): r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) setresgid(0xee00, 0x0, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000b00)='./file0\x00', 0x2) 76.104766ms ago: executing program 5 (id=5577): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x1, @local}, 0x10) connect$inet(r0, &(0x7f0000000280)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in=@empty, 0x10, 0x5, 0x0, 0xb7}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 71.354082ms ago: executing program 6 (id=5578): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0) mount$binder(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0xe2ca6, &(0x7f0000000200)=ANY=[@ANYBLOB='max=0']) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00') read$FUSE(r0, &(0x7f0000000980)={0x2020}, 0x160e) 69.075673ms ago: executing program 4 (id=5579): io_uring_setup(0x3c93, &(0x7f0000000900)={0x0, 0x7b61, 0x40, 0x1, 0x1ac}) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4000, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) 33.885377ms ago: executing program 5 (id=5580): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']}) 33.725058ms ago: executing program 6 (id=5581): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CAP_DISABLE_QUIRKS2(r1, 0x4068aea3, &(0x7f0000000240)={0xd5, 0x0, 0x1b}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 16.012165ms ago: executing program 3 (id=5582): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0xa, 0x2002) write$evdev(r1, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) 13.881973ms ago: executing program 4 (id=5583): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x6, 0x7fc00100}]}) poll(&(0x7f0000000080)=[{r1, 0x4000}], 0x1, 0xfffffffa) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, &(0x7f0000000080)) 0s ago: executing program 5 (id=5584): r0 = epoll_create1(0x80000) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x10) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xe000001a}) finit_module(r1, 0x0, 0x3) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000)) kernel console output (not intermixed with test programs): T14321] bond1: left promiscuous mode [ 230.381931][T14321] gre1: left promiscuous mode [ 230.398252][ T1202] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.405329][ T1202] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.408968][ T1202] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.422758][ T1202] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.300775][T14405] ceph: No mds server is up or the cluster is laggy [ 231.448601][T14417] syzkaller1: entered promiscuous mode [ 231.450999][T14417] syzkaller1: entered allmulticast mode [ 231.694202][ T5749] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 231.866352][ T5749] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 231.871026][ T5749] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 231.876398][ T5749] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 231.880395][ T5749] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 231.886565][ T5749] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 231.890382][ T5749] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.895182][ T5749] usb 9-1: config 0 descriptor?? [ 232.164178][ T6026] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 232.224159][ T60] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 232.309756][ T5749] hid_parser_main: 5 callbacks suppressed [ 232.309769][ T5749] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 232.314073][ T6026] usb 10-1: Using ep0 maxpacket: 8 [ 232.314900][ T5749] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 232.317814][ T6026] usb 10-1: config 0 interface 0 has no altsetting 0 [ 232.319048][ T5749] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 232.321271][ T6026] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 232.324229][ T5749] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 232.327437][ T6026] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.330446][ T5749] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 232.334393][ T6026] usb 10-1: config 0 descriptor?? [ 232.336152][ T5749] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 232.340916][ T5749] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 232.344369][ T5749] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 232.347497][ T5749] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 232.351022][ T5749] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 232.358216][ T5749] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 232.393967][ T60] usb 8-1: Using ep0 maxpacket: 8 [ 232.397073][ T60] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 232.403113][ T60] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 232.406806][ T60] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 232.411058][ T60] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 232.415320][ T60] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 232.418147][ T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.423878][ T60] hub 8-1:1.0: bad descriptor, ignoring hub [ 232.426546][ T60] hub 8-1:1.0: probe with driver hub failed with error -5 [ 232.429221][ T60] cdc_wdm 8-1:1.0: skipping garbage [ 232.430860][ T60] cdc_wdm 8-1:1.0: skipping garbage [ 232.433569][ T60] cdc_wdm 8-1:1.0: cdc-wdm1: USB WDM device [ 232.435809][ T60] cdc_wdm 8-1:1.0: Unknown control protocol [ 232.540887][ T40] audit: type=1326 audit(1765651690.548:5153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf708d579 code=0x0 [ 232.566374][ T9] usb 9-1: USB disconnect, device number 5 [ 232.592131][ T40] audit: type=1326 audit(1765651690.598:5154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.599539][ T40] audit: type=1326 audit(1765651690.598:5155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.606514][ T40] audit: type=1326 audit(1765651690.598:5156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.613707][ T40] audit: type=1326 audit(1765651690.598:5157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.704698][ T40] kauditd_printk_skb: 88 callbacks suppressed [ 232.704711][ T40] audit: type=1326 audit(1765651690.718:5246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.713687][ T40] audit: type=1326 audit(1765651690.718:5247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.720847][ T40] audit: type=1326 audit(1765651690.718:5248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.728713][ T40] audit: type=1326 audit(1765651690.718:5249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.735822][ T40] audit: type=1326 audit(1765651690.718:5250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.742657][ T40] audit: type=1326 audit(1765651690.718:5251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.748146][ T6026] mcp2221 0003:04D8:00DD.000F: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 232.749589][ T40] audit: type=1326 audit(1765651690.718:5252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.762268][ T40] audit: type=1326 audit(1765651690.718:5253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.771532][ T40] audit: type=1326 audit(1765651690.728:5254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.780674][ T40] audit: type=1326 audit(1765651690.728:5255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14435 comm="syz.0.3734" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 232.935377][ T60] usb 8-1: USB disconnect, device number 17 [ 232.950988][ T60] usb 10-1: USB disconnect, device number 5 [ 233.509983][ T6026] libceph: connect (1)[c::]:6789 error -101 [ 233.511328][T14473] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3749'. [ 233.512910][ T6026] libceph: mon0 (1)[c::]:6789 connect error [ 233.544782][T14468] ceph: No mds server is up or the cluster is laggy [ 233.574053][T14480] syzkaller1: entered promiscuous mode [ 233.584374][T14480] syzkaller1: entered allmulticast mode [ 233.858059][T14501] netfs: Couldn't get user pages (rc=-14) [ 233.894389][ T5749] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 234.054004][ T5749] usb 10-1: Using ep0 maxpacket: 32 [ 234.057317][ T5749] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 234.061009][ T5749] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 234.064255][ T5749] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 234.066985][ T5749] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.070617][ T5749] usb 10-1: config 0 descriptor?? [ 234.232461][ T6032] libceph: connect (1)[c::]:6789 error -101 [ 234.234622][ T6032] libceph: mon0 (1)[c::]:6789 connect error [ 234.278649][T14507] ceph: No mds server is up or the cluster is laggy [ 234.354236][ T29] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 234.506382][ T5749] savu 0003:1E7D:2D5A.0010: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 234.516139][ T29] usb 5-1: Using ep0 maxpacket: 16 [ 234.520071][ T29] usb 5-1: config 105 has too many interfaces: 47, using maximum allowed: 32 [ 234.523095][ T29] usb 5-1: config 105 has an invalid descriptor of length 0, skipping remainder of the config [ 234.526722][ T29] usb 5-1: config 105 has 0 interfaces, different from the descriptor's value: 47 [ 234.530415][ T29] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 234.533486][ T29] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 234.536456][ T29] usb 5-1: Manufacturer: syz [ 234.752102][ T29] usb 5-1: USB disconnect, device number 15 [ 234.775457][ T6027] usb 10-1: USB disconnect, device number 6 [ 235.275689][T14530] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3774'. [ 236.261737][ T1140] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 236.265579][ T1140] Bluetooth: hci4: Frame reassembly failed (-84) [ 236.634896][ T1140] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.699189][ T1140] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.819317][ T1140] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.832075][ T5301] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 236.836522][ T5301] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 236.840701][ T5301] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 236.843628][ T5301] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 236.846663][ T5301] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 236.898708][ T1140] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.961198][T14561] chnl_net:caif_netlink_parms(): no params data found [ 237.043151][T14561] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.045819][T14561] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.048194][T14561] bridge_slave_0: entered allmulticast mode [ 237.050788][T14561] bridge_slave_0: entered promiscuous mode [ 237.065153][T14561] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.067448][T14561] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.069786][T14561] bridge_slave_1: entered allmulticast mode [ 237.072438][T14561] bridge_slave_1: entered promiscuous mode [ 237.086259][ T1140] bridge_slave_1: left promiscuous mode [ 237.088087][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.091578][ T1140] bridge_slave_0: left allmulticast mode [ 237.093388][ T1140] bridge_slave_0: left promiscuous mode [ 237.095539][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.217211][ T1140] bond2 (unregistering): (slave gre1): Releasing backup interface [ 237.220621][ T1140] gre1 (unregistering): left promiscuous mode [ 237.314051][ T5749] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 237.370179][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 237.375782][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 237.381105][ T1140] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 237.385790][ T1140] veth1_vlan: left allmulticast mode [ 237.389251][ T1140] bond0 (unregistering): Released all slaves [ 237.398663][ T1140] bond1 (unregistering): Released all slaves [ 237.467193][ T5749] usb 8-1: Using ep0 maxpacket: 8 [ 237.473649][ T1140] bond2 (unregistering): Released all slaves [ 237.477248][ T5749] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 237.480367][ T5749] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 237.484654][ T5749] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 237.488316][ T5749] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 237.492312][ T5749] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 237.503628][ T5749] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 237.505208][T14561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.506915][ T5749] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.520387][T14561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.544992][T14561] team0: Port device team_slave_0 added [ 237.555097][T14561] team0: Port device team_slave_1 added [ 237.570138][ T1140] tipc: Disabling bearer [ 237.578814][ T1140] tipc: Left network mode [ 237.579253][T14561] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.583558][T14561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 237.591829][T14561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 237.597665][T14561] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 237.599869][T14561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 237.608053][T14561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.645949][T14561] hsr_slave_0: entered promiscuous mode [ 237.648209][T14561] hsr_slave_1: entered promiscuous mode [ 237.718779][ T5749] usb 8-1: usb_control_msg returned -32 [ 237.721392][ T5749] usbtmc 8-1:16.0: can't read capabilities [ 237.823718][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 237.826622][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 237.830048][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 237.832951][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 237.845178][ T1140] team_slave_0: left promiscuous mode [ 237.848859][ T1140] team_slave_1: left promiscuous mode [ 237.851174][ T1140] veth1_macvtap: left promiscuous mode [ 237.853559][ T1140] veth0_macvtap: left promiscuous mode [ 237.856474][ T1140] veth1_vlan: left promiscuous mode [ 237.858683][ T1140] veth0_vlan: left promiscuous mode [ 238.160109][ T1140] team0 (unregistering): Port device team_slave_1 removed [ 238.192282][ T1140] team0 (unregistering): Port device team_slave_0 removed [ 238.276215][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 238.276364][ T5952] Bluetooth: hci4: command 0x1003 tx timeout [ 238.452693][T14561] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 238.460197][T14561] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 238.467397][T14561] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 238.477079][T14561] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 238.532653][T14561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.543405][T14561] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.549961][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.552299][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.565471][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.568722][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.611665][T14593] Bluetooth: MGMT ver 1.23 [ 238.735031][T14561] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.744703][ T6027] usb 10-1: new low-speed USB device number 7 using dummy_hcd [ 238.893069][T14561] veth0_vlan: entered promiscuous mode [ 238.897954][T14561] veth1_vlan: entered promiscuous mode [ 238.909881][ T6027] usb 10-1: config 0 has an invalid interface number: 55 but max is 0 [ 238.913999][ T5955] Bluetooth: hci0: command tx timeout [ 238.914055][ T6027] usb 10-1: config 0 has no interface number 0 [ 238.915399][T14561] veth0_macvtap: entered promiscuous mode [ 238.917593][T14561] veth1_macvtap: entered promiscuous mode [ 238.919678][ T6027] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 238.926124][ T6027] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 238.929133][T14561] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 238.929596][ T6027] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 238.936631][ T6027] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 238.940221][ T6027] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 238.943597][ T6027] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 238.946867][T14561] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 238.947992][ T6027] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 238.953513][ T6027] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.957225][ T6027] usb 10-1: config 0 descriptor?? [ 238.957388][ T1140] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.959488][T14590] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 238.962336][ T1140] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.968483][T14590] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 238.968611][ T1140] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.972541][ T6027] ldusb 10-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 238.976390][ T1140] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.017408][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.019878][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.034326][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.037759][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.181555][ T6027] usb 10-1: USB disconnect, device number 7 [ 239.186901][ T6027] ldusb 10-1:0.55: LD USB Device #1 now disconnected [ 239.728071][ T29] usb 11-1: new high-speed USB device number 2 using dummy_hcd [ 239.738423][T14634] vivid-004: disconnect [ 239.740860][T14634] vivid-004: reconnect [ 239.815912][T14638] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 239.884192][ T29] usb 11-1: Using ep0 maxpacket: 8 [ 239.887011][ T29] usb 11-1: config index 0 descriptor too short (expected 301, got 45) [ 239.889648][ T29] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 239.893408][ T29] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 239.898340][ T29] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 239.902273][ T29] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 239.907225][ T29] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 239.910837][ T29] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.974075][ T6027] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 240.092205][ T60] usb 8-1: USB disconnect, device number 18 [ 240.124930][ T29] usb 11-1: usb_control_msg returned -32 [ 240.126893][ T29] usbtmc 11-1:16.0: can't read capabilities [ 240.149369][ T6027] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 240.152772][ T6027] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 240.156925][ T6027] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 240.161038][ T6027] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 240.164042][ T6027] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.169951][ T6027] usb 10-1: config 0 descriptor?? [ 240.582137][ T6027] plantronics 0003:047F:FFFF.0011: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 240.782217][ T6027] usb 10-1: USB disconnect, device number 8 [ 240.994077][ T5955] Bluetooth: hci0: command tx timeout [ 241.474171][ T29] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 241.571566][T14692] Bluetooth: MGMT ver 1.23 [ 241.644022][ T29] usb 9-1: Using ep0 maxpacket: 16 [ 241.647226][ T29] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 241.651764][ T29] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.658120][ T29] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.662359][ T29] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 241.668995][ T29] usb 9-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 241.672701][ T29] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.676858][ T29] usb 9-1: config 0 descriptor?? [ 242.089218][ T29] input: HID 0458:5013 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:0458:5013.0012/input/input32 [ 242.097658][ T29] input: HID 0458:5013 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:0458:5013.0012/input/input33 [ 242.148787][T14718] GUP no longer grows the stack in syz.5.3847 (14718): 80006000-8000a000 (80002000) [ 242.152535][T14718] CPU: 0 UID: 0 PID: 14718 Comm: syz.5.3847 Tainted: G L syzkaller #0 PREEMPT(full) [ 242.152555][T14718] Tainted: [L]=SOFTLOCKUP [ 242.152559][T14718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 242.152567][T14718] Call Trace: [ 242.152571][T14718] [ 242.152576][T14718] dump_stack_lvl+0x16c/0x1f0 [ 242.152595][T14718] gup_vma_lookup+0x1d2/0x220 [ 242.152613][T14718] __get_user_pages+0x241/0x3590 [ 242.152635][T14718] ? find_held_lock+0x2b/0x80 [ 242.152651][T14718] ? __pfx___get_user_pages+0x10/0x10 [ 242.152671][T14718] get_user_pages_remote+0x243/0xab0 [ 242.152689][T14718] ? mas_new_root+0x600/0x6e0 [ 242.152707][T14718] ? __pfx_get_user_pages_remote+0x10/0x10 [ 242.152725][T14718] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 242.152745][T14718] __access_remote_vm+0x24d/0x850 [ 242.152763][T14718] ? do_raw_spin_lock+0x12c/0x2b0 [ 242.152776][T14718] ? __pfx___access_remote_vm+0x10/0x10 [ 242.152795][T14718] proc_pid_cmdline_read+0x4de/0x8e0 [ 242.152809][T14718] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 242.152829][T14718] ? rw_verify_area+0xcf/0x6c0 [ 242.152844][T14718] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 242.152862][T14718] vfs_readv+0x5c1/0x8b0 [ 242.152879][T14718] ? __pfx_vfs_readv+0x10/0x10 [ 242.152906][T14718] ? __fget_files+0x20e/0x3c0 [ 242.152926][T14718] ? do_preadv+0x1a6/0x270 [ 242.152939][T14718] do_preadv+0x1a6/0x270 [ 242.152953][T14718] ? __pfx_do_preadv+0x10/0x10 [ 242.152971][T14718] __do_fast_syscall_32+0xe8/0x680 [ 242.152988][T14718] do_fast_syscall_32+0x32/0x80 [ 242.153002][T14718] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 242.153016][T14718] RIP: 0023:0xf7f21579 [ 242.153026][T14718] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 242.153037][T14718] RSP: 002b:00000000f541655c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 242.153048][T14718] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 242.153054][T14718] RDX: 0000000000000001 RSI: 0000000000000300 RDI: 0000000000000000 [ 242.153061][T14718] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 242.153067][T14718] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 242.153073][T14718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 242.153086][T14718] [ 242.157277][ T29] kye 0003:0458:5013.0012: input,hiddev1,hidraw0: USB HID vff.fa Device [HID 0458:5013] on usb-dummy_hcd.4-1/input0 [ 242.288489][ T29] usb 9-1: USB disconnect, device number 6 [ 242.484828][ T29] usb 11-1: USB disconnect, device number 2 [ 242.935623][T14756] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3864'. [ 243.074008][ T5955] Bluetooth: hci0: command tx timeout [ 243.181155][T14779] input input34: cannot allocate more than FF_MAX_EFFECTS effects [ 243.674177][ T29] usb 11-1: new high-speed USB device number 3 using dummy_hcd [ 243.824081][ T29] usb 11-1: Using ep0 maxpacket: 8 [ 243.827735][ T29] usb 11-1: config 168 descriptor has 1 excess byte, ignoring [ 243.830310][ T29] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 243.834495][ T29] usb 11-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 243.839237][ T29] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 243.844120][ T29] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 243.849706][ T29] usb 11-1: config 168 descriptor has 1 excess byte, ignoring [ 243.852779][ T29] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 243.857787][ T29] usb 11-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 243.862712][ T29] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 243.867856][ T29] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 243.873036][ T29] usb 11-1: config 168 descriptor has 1 excess byte, ignoring [ 243.877492][ T29] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 243.881282][ T29] usb 11-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 243.885054][ T29] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 243.889292][ T29] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 243.896208][ T29] usb 11-1: string descriptor 0 read error: -22 [ 243.898620][ T29] usb 11-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 243.901720][ T29] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.907833][ T29] adutux 11-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 244.110253][ T29] usb 11-1: USB disconnect, device number 3 [ 244.164014][ T9] usb 8-1: new full-speed USB device number 19 using dummy_hcd [ 244.316771][ T9] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 244.319953][ T9] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 244.324285][ T9] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 244.327156][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.394189][ T5749] usb 9-1: new low-speed USB device number 7 using dummy_hcd [ 244.535433][ T9] usb 8-1: usb_control_msg returned -32 [ 244.537258][ T9] usbtmc 8-1:16.0: can't read capabilities [ 244.545964][ T5749] usb 9-1: config 0 has an invalid interface number: 55 but max is 0 [ 244.549141][ T5749] usb 9-1: config 0 has no interface number 0 [ 244.551450][ T5749] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 244.555281][ T5749] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 244.559829][ T5749] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 244.564613][ T5749] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 244.568147][ T5749] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 244.571662][ T5749] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 244.575928][ T5749] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 244.578873][ T5749] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.583397][ T5749] usb 9-1: config 0 descriptor?? [ 244.586570][T14824] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 244.589432][T14824] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 244.593274][ T5749] ldusb 9-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 244.797269][ T838] usb 9-1: USB disconnect, device number 7 [ 244.801952][ T838] ldusb 9-1:0.55: LD USB Device #1 now disconnected [ 244.838805][T14840] random: crng reseeded on system resumption [ 244.952858][ T9] IPVS: starting estimator thread 0... [ 245.044107][T14846] IPVS: using max 44 ests per chain, 105600 per kthread [ 245.164318][ T5955] Bluetooth: hci0: command tx timeout [ 245.234598][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 245.344485][T14861] tipc: Started in network mode [ 245.346168][T14861] tipc: Node identity 7f000001, cluster identity 4711 [ 245.348545][T14861] tipc: Enabling of bearer rejected, failed to enable media [ 245.493692][T14868] syzkaller1: entered promiscuous mode [ 245.495877][T14868] syzkaller1: entered allmulticast mode [ 245.606181][T14876] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 245.610100][T14876] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 245.768022][T14893] netlink: 'syz.6.3928': attribute type 7 has an invalid length. [ 245.770914][T14893] netlink: 'syz.6.3928': attribute type 8 has an invalid length. [ 245.773324][T14893] netlink: 'syz.6.3928': attribute type 7 has an invalid length. [ 245.776520][T14893] netlink: 208740 bytes leftover after parsing attributes in process `syz.6.3928'. [ 245.884443][T14901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3932'. [ 245.891241][T14901] tipc: Started in network mode [ 245.893269][T14901] tipc: Node identity ac14140f, cluster identity 4711 [ 245.896050][T14901] tipc: New replicast peer: 255.255.255.255 [ 245.898743][T14901] tipc: Enabled bearer , priority 10 [ 245.950194][T14910] netlink: zone id is out of range [ 245.952383][T14910] netlink: zone id is out of range [ 245.956403][T14910] netlink: set zone limit has 8 unknown bytes [ 245.997453][T14914] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3938'. [ 246.099192][ T40] kauditd_printk_skb: 507 callbacks suppressed [ 246.099210][ T40] audit: type=1326 audit(1765651704.098:5763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14921 comm="syz.5.3942" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f21579 code=0x0 [ 246.274368][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.942393][ T6027] usb 8-1: USB disconnect, device number 19 [ 247.014040][ T60] tipc: Node number set to 2886997007 [ 247.164028][ T9] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 247.314507][ T6099] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.318004][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.334432][ T9] usb 10-1: too many configurations: 9, using maximum allowed: 8 [ 247.337742][ T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.340639][ T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.344372][ T9] usb 10-1: config 0 interface 0 has no altsetting 0 [ 247.347464][ T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.350356][ T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.354247][ T9] usb 10-1: config 0 interface 0 has no altsetting 0 [ 247.357326][ T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.360288][ T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.365510][ T9] usb 10-1: config 0 interface 0 has no altsetting 0 [ 247.368609][ T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.372154][T14973] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.373977][ T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.375524][T14973] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.378505][ T9] usb 10-1: config 0 interface 0 has no altsetting 0 [ 247.379386][ T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.381647][T14973] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.384335][ T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.395191][ T9] usb 10-1: config 0 interface 0 has no altsetting 0 [ 247.398196][ T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.401076][ T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.405479][ T9] usb 10-1: config 0 interface 0 has no altsetting 0 [ 247.408613][ T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.411601][ T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.416024][ T9] usb 10-1: config 0 interface 0 has no altsetting 0 [ 247.419164][ T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.422096][ T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.425753][ T9] usb 10-1: config 0 interface 0 has no altsetting 0 [ 247.429578][ T9] usb 10-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 247.432616][ T9] usb 10-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 247.435564][ T9] usb 10-1: Product: syz [ 247.437104][ T9] usb 10-1: Manufacturer: syz [ 247.438665][ T9] usb 10-1: SerialNumber: syz [ 247.443043][ T9] usb 10-1: config 0 descriptor?? [ 247.449880][ T9] yurex 10-1:0.0: USB YUREX device now attached to Yurex #0 [ 247.654545][ T9] usb 10-1: USB disconnect, device number 9 [ 247.661131][ T9] yurex 10-1:0.0: USB YUREX #0 now disconnected [ 248.134655][T15008] veth0_to_bridge: entered promiscuous mode [ 248.137633][T15007] veth0_to_bridge: left promiscuous mode [ 248.272331][T15014] sp0: Synchronizing with TNC [ 248.345683][T15016] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3981'. [ 249.296885][T15068] kvm: user requested TSC rate below hardware speed [ 249.762267][T15106] input: syz0 as /devices/virtual/input/input35 [ 250.244328][ T40] audit: type=1326 audit(1765651714.261:5764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15124 comm="syz.4.4029" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc4579 code=0x0 [ 250.266378][T15130] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.4031'. [ 250.364160][ T60] net_ratelimit: 14 callbacks suppressed [ 250.364178][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 250.434123][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 250.674560][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 250.677539][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 250.680945][ T6099] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 250.874008][ T6099] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 251.035525][ T6099] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 251.039328][ T6099] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 251.043224][ T6099] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 251.046975][ T6099] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 251.051995][ T6099] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 251.055390][ T6099] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.060732][ T6099] usb 10-1: config 0 descriptor?? [ 251.071316][T15150] netlink: 72 bytes leftover after parsing attributes in process `syz.6.4038'. [ 251.114981][ T9] kernel write not supported for file /sequencer (pid: 9 comm: kworker/0:0) [ 251.474502][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.474935][ T6099] hid_parser_main: 5 callbacks suppressed [ 251.474947][ T6099] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 251.482492][ T6099] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 251.485152][ T6099] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 251.487666][ T6099] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 251.490174][ T6099] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 251.492975][ T6099] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 251.495539][ T6099] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 251.498016][ T6099] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 251.500524][ T6099] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 251.502979][ T6099] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 251.507751][ T6099] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 251.735588][ T6099] usb 10-1: USB disconnect, device number 10 [ 252.514181][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 252.594431][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 252.675323][T15174] netlink: 'syz.4.4046': attribute type 3 has an invalid length. [ 252.908864][T15193] syzkaller1: entered promiscuous mode [ 252.910726][T15193] syzkaller1: entered allmulticast mode [ 253.554172][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 253.725245][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 253.741194][T15262] loop6: detected capacity change from 0 to 2640 [ 253.747542][T15262] buffer_io_error: 5 callbacks suppressed [ 253.747552][T15262] Buffer I/O error on dev loop6, logical block 0, async page read [ 253.754283][T15262] Buffer I/O error on dev loop6, logical block 0, async page read [ 253.757265][T15262] Buffer I/O error on dev loop6, logical block 0, async page read [ 253.759863][T15262] Buffer I/O error on dev loop6, logical block 0, async page read [ 253.762793][T15262] Buffer I/O error on dev loop6, logical block 0, async page read [ 253.765320][T15266] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4092'. [ 253.766352][T15262] Buffer I/O error on dev loop6, logical block 0, async page read [ 253.768505][T15266] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4092'. [ 253.770973][T15262] Buffer I/O error on dev loop6, logical block 0, async page read [ 253.773827][T15266] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4092'. [ 253.779715][T15262] Buffer I/O error on dev loop6, logical block 0, async page read [ 253.782475][T15262] ldm_validate_partition_table(): Disk read failed. [ 253.784772][T15262] Buffer I/O error on dev loop6, logical block 0, async page read [ 253.787250][T15262] Buffer I/O error on dev loop6, logical block 0, async page read [ 253.790014][T15262] Dev loop6: unable to read RDB block 0 [ 253.792636][T15262] loop6: unable to read partition table [ 253.794475][T15264] 9pnet: p9_errstr2errno: server reported unknown error 0x000 [ 253.798150][T15262] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 253.898674][T15275] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 253.908316][T15275] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 253.910246][T15275] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 253.924753][T15275] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 253.930003][T15275] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 253.931952][T15275] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 253.935408][T15275] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 253.938419][T15275] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 253.942168][T15275] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 253.954036][T15275] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 253.958319][T15275] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 254.013327][T15289] input: syz0 as /devices/virtual/input/input36 [ 254.293999][ T5749] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 254.364071][ T60] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 254.445277][ T5749] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 254.449682][ T5749] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.454759][ T5749] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 254.458719][ T5749] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 254.465466][ T5749] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 254.469274][ T5749] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 254.472599][ T5749] usb 9-1: Manufacturer: syz [ 254.476975][ T5749] usb 9-1: config 0 descriptor?? [ 254.484019][ T34] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 254.515196][ T60] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.518697][ T60] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 254.521834][ T60] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 254.525933][ T60] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 254.528712][ T60] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.532621][ T60] usb 10-1: config 0 descriptor?? [ 254.655615][ T34] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 254.659278][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 254.662685][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 254.665860][ T34] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 254.669870][ T34] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 254.672734][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.676976][ T34] usb 8-1: config 0 descriptor?? [ 254.844078][ T9] usb 11-1: new high-speed USB device number 4 using dummy_hcd [ 254.892523][ T5749] appleir 0003:05AC:8243.0014: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 254.947619][ T60] plantronics 0003:047F:FFFF.0015: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 254.995668][ T9] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.000308][ T9] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.004809][ T9] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 255.010191][ T9] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 255.015172][ T9] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.020466][ T9] usb 11-1: config 0 descriptor?? [ 255.088445][ T34] plantronics 0003:047F:FFFF.0016: ignoring exceeding usage max [ 255.094543][ T34] plantronics 0003:047F:FFFF.0016: hiddev2,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 255.146053][ T1022] usb 9-1: USB disconnect, device number 8 [ 255.146207][ T5749] usb 10-1: USB disconnect, device number 11 [ 255.295546][ T838] usb 8-1: USB disconnect, device number 20 [ 255.433885][ T9] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 255.634282][ T838] net_ratelimit: 3 callbacks suppressed [ 255.634298][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 255.685778][ T34] usb 11-1: USB disconnect, device number 4 [ 255.746912][T15305] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4108'. [ 255.795105][T15311] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4111'. [ 255.954075][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout [ 255.954121][ T5952] Bluetooth: hci3: command 0x0c1a tx timeout [ 255.954206][ T5301] Bluetooth: hci2: command 0x0c1a tx timeout [ 255.954224][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout [ 256.074016][ T34] usb 8-1: new full-speed USB device number 21 using dummy_hcd [ 256.074038][ T5749] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 256.227927][ T34] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 256.231662][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 256.235174][ T5749] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 256.236782][ T34] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 256.237904][ T5749] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 256.241680][ T34] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 256.245345][ T5749] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 256.248258][ T34] usb 8-1: Product: syz [ 256.249620][T15320] netlink: 'syz.6.4115': attribute type 12 has an invalid length. [ 256.249633][T15320] netlink: 'syz.6.4115': attribute type 29 has an invalid length. [ 256.249641][T15320] netlink: 148 bytes leftover after parsing attributes in process `syz.6.4115'. [ 256.249651][T15320] netlink: 59 bytes leftover after parsing attributes in process `syz.6.4115'. [ 256.251119][ T5749] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.252991][ T34] usb 8-1: Manufacturer: syz [ 256.256837][ T5749] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 256.256852][ T5749] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 256.256862][ T5749] usb 9-1: Product: syz [ 256.256870][ T5749] usb 9-1: Manufacturer: syz [ 256.259146][ T5749] cdc_wdm 9-1:1.0: skipping garbage [ 256.260583][ T34] usb 8-1: SerialNumber: syz [ 256.274937][ T34] usb 8-1: config 0 descriptor?? [ 256.278860][ T34] usb 8-1: selecting invalid altsetting 0 [ 256.279948][ T5749] cdc_wdm 9-1:1.0: skipping garbage [ 256.290134][ T5749] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 256.292055][ T5749] cdc_wdm 9-1:1.0: Unknown control protocol [ 256.461008][ T5749] usb 9-1: USB disconnect, device number 9 [ 256.486774][ T34] usb 8-1: USB disconnect, device number 21 [ 256.684163][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 256.764313][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 256.768760][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 256.774129][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 257.714207][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 258.035059][ T5952] Bluetooth: hci0: command 0x0c1a tx timeout [ 258.035123][ T5301] Bluetooth: hci3: command 0x0c1a tx timeout [ 258.040182][ T5955] Bluetooth: hci2: command 0x0c1a tx timeout [ 258.245163][T15414] tipc: Started in network mode [ 258.248581][T15414] tipc: Node identity 4, cluster identity 4711 [ 258.251204][T15414] tipc: Node number set to 4 [ 258.754268][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 258.873751][ T40] audit: type=1326 audit(1765651722.881:5765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15448 comm="syz.4.4172" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc4579 code=0x0 [ 259.706571][T15489] pim6reg1: entered promiscuous mode [ 259.708841][T15489] pim6reg1: entered allmulticast mode [ 259.746640][T15495] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4192'. [ 259.794698][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 259.797397][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 260.008514][T15514] bridge1: entered promiscuous mode [ 260.080582][T15523] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4205'. [ 260.114232][ T5955] Bluetooth: hci2: command 0x0c1a tx timeout [ 260.116848][ T5301] Bluetooth: hci3: command 0x0c1a tx timeout [ 260.123983][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout [ 260.195023][T15532] netlink: 'syz.3.4210': attribute type 4 has an invalid length. [ 260.285311][ T1144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 260.304962][T15541] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.4214'. [ 260.423985][ T40] audit: type=1326 audit(1765651724.431:5766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15551 comm="syz.6.4219" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 260.444859][ T40] audit: type=1326 audit(1765651724.441:5767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15551 comm="syz.6.4219" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 260.451570][ T40] audit: type=1326 audit(1765651724.441:5768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15551 comm="syz.6.4219" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 260.460150][ T40] audit: type=1326 audit(1765651724.441:5769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15551 comm="syz.6.4219" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 260.469298][ T40] audit: type=1326 audit(1765651724.441:5770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15551 comm="syz.6.4219" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 260.478165][ T40] audit: type=1326 audit(1765651724.441:5771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15551 comm="syz.6.4219" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 260.499324][ T40] audit: type=1326 audit(1765651724.441:5772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15551 comm="syz.6.4219" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701d598 code=0x7ffc0000 [ 260.508526][ T40] audit: type=1326 audit(1765651724.441:5773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15551 comm="syz.6.4219" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701d598 code=0x7ffc0000 [ 260.516157][ T40] audit: type=1326 audit(1765651724.441:5774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15551 comm="syz.6.4219" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701d598 code=0x7ffc0000 [ 260.568155][T15561] input: syz1 as /devices/virtual/input/input38 [ 260.834162][ T6017] net_ratelimit: 2 callbacks suppressed [ 260.834173][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.262556][T15607] team0 (unregistering): Port device team_slave_0 removed [ 261.269026][T15607] team0 (unregistering): Port device team_slave_1 removed [ 261.413010][T15627] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.426980][T15627] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.430000][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.614314][ T5749] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 261.787246][ T5749] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.795067][ T5749] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.802237][ T5749] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 261.811515][ T5749] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 261.814926][ T5749] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.818764][ T5749] usb 8-1: config 0 descriptor?? [ 261.874120][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 262.194885][ T5955] Bluetooth: hci3: command 0x0c1a tx timeout [ 262.230044][ T5749] hid_parser_main: 21 callbacks suppressed [ 262.230064][ T5749] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 262.234903][ T5749] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 262.237482][ T5749] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 262.240005][ T5749] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 262.242421][ T5749] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 262.245425][ T5749] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 262.248231][ T5749] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 262.251208][ T5749] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 262.254308][ T5749] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 262.257422][ T5749] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 262.263323][ T5749] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 262.486399][ T5749] usb 8-1: USB disconnect, device number 22 [ 262.558960][T15700] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 262.562873][T15700] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 262.566976][T15700] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 262.568959][T15702] netlink: 'syz.4.4287': attribute type 83 has an invalid length. [ 262.574504][T15700] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 262.577956][T15700] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 263.554695][T15772] syzkaller1: entered promiscuous mode [ 263.557477][T15772] syzkaller1: entered allmulticast mode [ 263.980697][ T40] kauditd_printk_skb: 192 callbacks suppressed [ 263.980709][ T40] audit: type=1326 audit(1765651727.991:5967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15817 comm="syz.4.4341" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 263.990201][ T40] audit: type=1326 audit(1765651727.991:5968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15817 comm="syz.4.4341" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 263.997384][ T40] audit: type=1326 audit(1765651727.991:5969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15817 comm="syz.4.4341" exe="/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 264.005686][ T40] audit: type=1326 audit(1765651727.991:5970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15817 comm="syz.4.4341" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 264.012750][ T40] audit: type=1326 audit(1765651727.991:5971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15817 comm="syz.4.4341" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 264.026878][ T40] audit: type=1326 audit(1765651727.991:5972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15817 comm="syz.4.4341" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 264.033681][ T40] audit: type=1326 audit(1765651727.991:5973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15817 comm="syz.4.4341" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 264.054015][ T40] audit: type=1326 audit(1765651727.991:5974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15817 comm="syz.4.4341" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 264.060683][ T40] audit: type=1326 audit(1765651727.991:5975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15817 comm="syz.4.4341" exe="/syz-executor" sig=0 arch=40000003 syscall=247 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 264.063386][T15824] loop5: detected capacity change from 0 to 7 [ 264.067698][ T40] audit: type=1326 audit(1765651728.051:5976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15817 comm="syz.4.4341" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 264.078288][T15824] Dev loop5: unable to read RDB block 7 [ 264.080197][T15824] loop5: unable to read partition table [ 264.082050][T15824] loop5: partition table beyond EOD, truncated [ 264.085124][T15824] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 264.407833][T15841] input: syz1 as /devices/virtual/input/input40 [ 264.928887][T15873] syzkaller1: entered promiscuous mode [ 264.930655][T15873] syzkaller1: entered allmulticast mode [ 265.291663][T15880] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.294775][T15880] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.584082][ T6017] usb 11-1: new high-speed USB device number 5 using dummy_hcd [ 265.744060][ T6017] usb 11-1: Using ep0 maxpacket: 8 [ 265.748677][ T6017] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 265.751900][ T6017] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 265.755354][ T6017] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 265.758948][ T6017] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 265.763136][ T6017] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 265.766165][ T6017] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.774418][ T6027] libceph: connect (1)[c::]:6789 error -101 [ 265.776562][ T6027] libceph: mon0 (1)[c::]:6789 connect error [ 265.814197][T15904] ceph: No mds server is up or the cluster is laggy [ 265.879057][T15909] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 265.954671][ T1022] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 265.973433][ T6017] usb 11-1: GET_CAPABILITIES returned 0 [ 265.975875][ T6017] usbtmc 11-1:16.0: can't read capabilities [ 266.035902][ T1202] net_ratelimit: 19 callbacks suppressed [ 266.035920][ T1202] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 266.041323][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 266.044331][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 266.047874][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 266.124218][ T1022] usb 8-1: Using ep0 maxpacket: 8 [ 266.127349][ T1022] usb 8-1: config 0 interface 0 has no altsetting 0 [ 266.129639][ T1022] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 266.132933][ T1022] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.138311][ T1022] usb 8-1: config 0 descriptor?? [ 266.176746][ T6026] usb 11-1: USB disconnect, device number 5 [ 266.550852][ T1022] mcp2221 0003:04D8:00DD.0019: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 266.751826][ T1022] usb 8-1: USB disconnect, device number 23 [ 266.965198][ T34] usb 11-1: new high-speed USB device number 6 using dummy_hcd [ 267.084173][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.125267][ T34] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 267.128769][ T34] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 267.131966][ T34] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 267.136137][ T34] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 267.138952][ T34] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.143194][ T34] usb 11-1: config 0 descriptor?? [ 267.392630][T15963] netlink: 'syz.5.4402': attribute type 12 has an invalid length. [ 267.396645][T15963] netlink: 'syz.5.4402': attribute type 29 has an invalid length. [ 267.402744][T15963] netlink: 148 bytes leftover after parsing attributes in process `syz.5.4402'. [ 267.407020][T15963] netlink: 59 bytes leftover after parsing attributes in process `syz.5.4402'. [ 267.586345][ T34] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 268.002418][T15994] overlayfs: failed to clone lowerpath [ 268.114111][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.444616][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 269.157982][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 269.589779][T16081] autofs: Invalid uid '0x00000000ffffffff' [ 269.621114][T16085] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4456'. [ 269.684521][ T29] usb 11-1: USB disconnect, device number 6 [ 269.752363][T16096] bridge1: entered promiscuous mode [ 269.822282][T16103] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4463'. [ 269.826289][ T1022] libceph: connect (1)[c::]:6789 error -101 [ 269.829568][ T1022] libceph: mon0 (1)[c::]:6789 connect error [ 269.844172][T16099] ceph: No mds server is up or the cluster is laggy [ 269.877965][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 270.201777][T16122] overlayfs: failed to clone lowerpath [ 270.204148][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 270.547165][T16131] bridge0: port 3(syz_tun) entered blocking state [ 270.550038][T16131] bridge0: port 3(syz_tun) entered forwarding state [ 270.555620][T16131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.559230][T16131] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.799932][ T1022] libceph: connect (1)[c::]:6789 error -101 [ 270.802446][ T1022] libceph: mon0 (1)[c::]:6789 connect error [ 270.825059][T16148] ceph: No mds server is up or the cluster is laggy [ 270.925585][T16160] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.049234][T16176] overlayfs: failed to clone lowerpath [ 271.133996][ T6026] usb 11-1: new high-speed USB device number 7 using dummy_hcd [ 271.234196][ T6027] net_ratelimit: 4 callbacks suppressed [ 271.234209][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 271.285494][ T6026] usb 11-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 271.289752][ T6026] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 271.294575][ T6026] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 271.298576][ T6026] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 271.304161][ T6026] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 271.307449][ T6026] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.311231][ T6026] usb 11-1: config 0 descriptor?? [ 271.474890][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 271.724406][ T6026] hid_parser_main: 5 callbacks suppressed [ 271.724419][ T6026] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 271.728589][ T6026] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 271.730890][ T6026] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 271.733220][ T6026] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 271.735656][ T6026] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 271.737983][ T6026] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 271.740321][ T6026] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 271.742621][ T6026] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 271.745081][ T6026] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 271.747342][ T6026] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 271.751922][ T6026] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 271.996849][ T34] usb 11-1: USB disconnect, device number 7 [ 272.274301][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 272.555375][ T29] libceph: connect (1)[c::]:6789 error -101 [ 272.557554][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 272.585376][T16189] ceph: No mds server is up or the cluster is laggy [ 272.597537][T16194] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4498'. [ 272.834571][T16228] fuse: Bad value for 'fd' [ 273.023470][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 273.023481][ T40] audit: type=1326 audit(1765651738.029:5990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16239 comm="syz.6.4516" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf701d579 code=0x0 [ 273.034690][ T34] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 273.185618][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 273.189194][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 273.192321][ T34] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 273.196456][ T34] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 273.199353][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.203115][ T34] usb 8-1: config 0 descriptor?? [ 273.324177][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 273.456012][T16248] syzkaller1: entered promiscuous mode [ 273.457825][T16248] syzkaller1: entered allmulticast mode [ 273.614824][ T34] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 273.885228][ T34] usb 8-1: USB disconnect, device number 24 [ 273.935181][T16276] netlink: 63 bytes leftover after parsing attributes in process `syz.5.4533'. [ 274.123518][T16286] wireguard: wg0: Could not create IPv4 socket [ 274.364575][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 274.524384][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 274.565775][T16336] lo: Caught tx_queue_len zero misconfig [ 275.085465][ T40] audit: type=1326 audit(1765651740.099:5991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16383 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 275.099277][ T40] audit: type=1326 audit(1765651740.099:5992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16383 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 275.107666][ T40] audit: type=1326 audit(1765651740.099:5993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16383 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 275.116858][ T40] audit: type=1326 audit(1765651740.099:5994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16383 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc4598 code=0x7ffc0000 [ 275.123807][ T40] audit: type=1326 audit(1765651740.099:5995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16383 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 275.130712][ T40] audit: type=1326 audit(1765651740.099:5996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16383 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc4598 code=0x7ffc0000 [ 275.138042][ T40] audit: type=1326 audit(1765651740.099:5997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16383 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc4598 code=0x7ffc0000 [ 275.144691][ T40] audit: type=1326 audit(1765651740.099:5998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16383 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 275.151333][ T40] audit: type=1326 audit(1765651740.109:5999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16383 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc4598 code=0x7ffc0000 [ 275.432139][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.549788][T16426] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4600'. [ 275.644991][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.648297][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.693991][ T6026] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 275.803248][ T5955] Bluetooth: hci0: unexpected cc 0x203e length: 2 > 1 [ 275.807427][ T5955] Bluetooth: hci0: unexpected event for opcode 0x203e [ 275.849275][ T6026] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 275.852910][ T6026] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 275.856598][ T6026] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 275.859624][ T6026] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 275.863632][ T6026] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 275.866909][ T6026] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.871011][ T6026] usb 9-1: config 0 descriptor?? [ 276.298723][ T6026] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 276.335300][T16444] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4607'. [ 276.338852][T16444] netlink: 'syz.5.4607': attribute type 6 has an invalid length. [ 276.341890][T16444] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4607'. [ 276.352461][ T1140] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 276.357781][ T1140] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 276.363061][ T1140] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 276.366604][ T1140] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 276.434205][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 276.513980][ T60] usb 8-1: new high-speed USB device number 25 using dummy_hcd [ 276.524562][T16451] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4610'. [ 276.528555][T16451] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4610'. [ 276.531597][T16451] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4610'. [ 276.556106][ T29] usb 9-1: USB disconnect, device number 10 [ 276.675521][ T60] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 276.679920][ T60] usb 8-1: config 0 interface 0 has no altsetting 0 [ 276.687532][ T60] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 276.691620][ T60] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 276.696040][ T60] usb 8-1: Product: syz [ 276.697927][ T60] usb 8-1: Manufacturer: syz [ 276.700593][ T60] usb 8-1: SerialNumber: syz [ 276.705105][ T60] usb 8-1: config 0 descriptor?? [ 276.711986][ T60] usb 8-1: selecting invalid altsetting 0 [ 276.713062][T16461] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4616'. [ 276.721170][T16461] netlink: 'syz.5.4616': attribute type 1 has an invalid length. [ 276.764643][T16465] input: syz1 as /devices/virtual/input/input42 [ 276.922630][ T6027] usb 8-1: USB disconnect, device number 25 [ 276.962040][T16481] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 276.964868][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 277.464439][ T29] usb 11-1: new high-speed USB device number 8 using dummy_hcd [ 277.474164][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 277.614952][ T29] usb 11-1: too many configurations: 9, using maximum allowed: 8 [ 277.619219][ T29] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 277.623041][ T29] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 277.627646][ T29] usb 11-1: config 0 interface 0 has no altsetting 0 [ 277.631310][ T29] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 277.635079][ T29] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 277.639317][ T29] usb 11-1: config 0 interface 0 has no altsetting 0 [ 277.643614][ T29] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 277.647575][ T29] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 277.651954][ T29] usb 11-1: config 0 interface 0 has no altsetting 0 [ 277.656113][ T29] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 277.660068][ T29] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 277.664649][ T29] usb 11-1: config 0 interface 0 has no altsetting 0 [ 277.668327][ T29] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 277.672049][ T29] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 277.676890][ T29] usb 11-1: config 0 interface 0 has no altsetting 0 [ 277.680695][ T29] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 277.685876][ T29] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 277.690352][ T29] usb 11-1: config 0 interface 0 has no altsetting 0 [ 277.694352][ T29] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 277.697706][ T29] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 277.701163][ T29] usb 11-1: config 0 interface 0 has no altsetting 0 [ 277.704364][ T29] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 277.707282][ T29] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 277.710772][ T29] usb 11-1: config 0 interface 0 has no altsetting 0 [ 277.715022][ T29] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 277.718016][ T29] usb 11-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 277.720627][ T29] usb 11-1: Product: syz [ 277.722009][ T29] usb 11-1: Manufacturer: syz [ 277.723549][ T29] usb 11-1: SerialNumber: syz [ 277.726477][ T29] usb 11-1: config 0 descriptor?? [ 277.730697][ T29] yurex 11-1:0.0: USB YUREX device now attached to Yurex #0 [ 277.945125][ T6026] usb 11-1: USB disconnect, device number 8 [ 277.949934][ T6026] yurex 11-1:0.0: USB YUREX #0 now disconnected [ 278.102153][ T40] kauditd_printk_skb: 40 callbacks suppressed [ 278.102169][ T40] audit: type=1326 audit(1765651743.109:6040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.3.4649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 278.115879][ T40] audit: type=1326 audit(1765651743.109:6041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.3.4649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 278.147723][ T40] audit: type=1326 audit(1765651743.129:6042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.3.4649" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 278.157366][ T40] audit: type=1326 audit(1765651743.129:6043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.3.4649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 278.166472][ T40] audit: type=1326 audit(1765651743.129:6044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.3.4649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 278.175882][ T40] audit: type=1326 audit(1765651743.139:6045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.3.4649" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 278.185265][ T40] audit: type=1326 audit(1765651743.139:6046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.3.4649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 278.194421][ T40] audit: type=1326 audit(1765651743.139:6047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.3.4649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 278.204227][ T40] audit: type=1326 audit(1765651743.139:6048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.3.4649" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 278.213182][ T40] audit: type=1326 audit(1765651743.149:6049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.3.4649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 278.494559][T16562] kernel read not supported for file /rmdF¼ì (pid: 16562 comm: syz.4.4661) [ 278.514140][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 278.550618][ T6017] kernel read not supported for file /rmdF¼ì (pid: 6017 comm: kworker/2:3) [ 278.554527][ T6027] usb 8-1: new full-speed USB device number 26 using dummy_hcd [ 278.618686][T16572] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 278.674717][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 278.725989][ T6027] usb 8-1: config 0 has an invalid interface number: 8 but max is 0 [ 278.744848][ T6027] usb 8-1: config 0 has no interface number 0 [ 278.747462][ T6027] usb 8-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 278.752278][ T6027] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 278.764097][ T6027] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 278.778181][ T6027] usb 8-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 278.781892][ T6027] usb 8-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 278.785794][ T6027] usb 8-1: Product: syz [ 278.787597][ T6027] usb 8-1: SerialNumber: syz [ 278.791618][ T6027] usb 8-1: config 0 descriptor?? [ 278.797467][ T6027] cm109 8-1:0.8: invalid payload size 0, expected 4 [ 278.801262][ T6027] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.8/input/input43 [ 278.831305][T16584] sctp: Trying to GSO but underlying device doesn't support it. [ 279.001143][ C2] cm109 8-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 279.043200][T16591] tun0: tun_chr_ioctl cmd 1074025675 [ 279.045993][T16591] tun0: persist enabled [ 279.048474][T16591] tun0: tun_chr_ioctl cmd 1074025675 [ 279.050730][T16591] tun0: persist enabled [ 279.150639][T16600] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4685'. [ 279.156312][T16600] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4685'. [ 279.265565][ T6027] usb 8-1: USB disconnect, device number 26 [ 279.265609][ C1] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 279.270938][ T6027] cm109 8-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 279.554185][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 279.734753][T16602] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4679'. [ 279.885724][ T5955] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 279.888508][ T5955] Bluetooth: hci0: Injecting HCI hardware error event [ 279.891590][ T5955] Bluetooth: hci0: hardware error 0x00 [ 279.993993][ T29] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 280.146119][ T29] usb 9-1: too many configurations: 9, using maximum allowed: 8 [ 280.150652][ T29] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.153561][ T29] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.157158][ T29] usb 9-1: config 0 interface 0 has no altsetting 0 [ 280.160224][ T29] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.165655][ T29] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.169517][ T29] usb 9-1: config 0 interface 0 has no altsetting 0 [ 280.172371][ T29] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.176627][ T29] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.180847][ T29] usb 9-1: config 0 interface 0 has no altsetting 0 [ 280.183725][ T29] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.187140][ T29] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.189431][T16634] 9p: Bad value for 'rfdno' [ 280.190987][ T29] usb 9-1: config 0 interface 0 has no altsetting 0 [ 280.191780][ T29] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.201938][ T29] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.206496][ T29] usb 9-1: config 0 interface 0 has no altsetting 0 [ 280.214232][ T29] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.217676][ T29] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.221765][ T29] usb 9-1: config 0 interface 0 has no altsetting 0 [ 280.227854][ T29] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.230656][ T29] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.234232][ T29] usb 9-1: config 0 interface 0 has no altsetting 0 [ 280.237095][ T29] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.240142][ T29] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.243707][ T29] usb 9-1: config 0 interface 0 has no altsetting 0 [ 280.247684][ T29] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 280.250582][ T29] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 280.253194][ T29] usb 9-1: Product: syz [ 280.255156][ T29] usb 9-1: Manufacturer: syz [ 280.256661][ T29] usb 9-1: SerialNumber: syz [ 280.259333][ T29] usb 9-1: config 0 descriptor?? [ 280.263217][ T29] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0 [ 280.269601][T16638] hsr0: entered promiscuous mode [ 280.272223][T16638] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4696'. [ 280.276783][T16638] hsr_slave_0: left promiscuous mode [ 280.280373][T16638] hsr_slave_1: left promiscuous mode [ 280.293331][T16638] hsr0 (unregistering): left promiscuous mode [ 280.480143][ T6026] usb 9-1: USB disconnect, device number 11 [ 280.484262][ T6026] yurex 9-1:0.0: USB YUREX #0 now disconnected [ 280.611715][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 280.884181][ T29] usb 11-1: new high-speed USB device number 9 using dummy_hcd [ 281.044226][ T29] usb 11-1: Using ep0 maxpacket: 8 [ 281.047302][ T29] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 281.050369][ T29] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 281.053633][ T29] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 281.056878][ T29] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 281.060931][ T29] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 281.063658][ T29] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.274009][ T29] usb 11-1: GET_CAPABILITIES returned 0 [ 281.275876][ T29] usbtmc 11-1:16.0: can't read capabilities [ 281.479770][ T60] usb 11-1: USB disconnect, device number 9 [ 281.635368][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 281.714201][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 281.954046][ T5955] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 282.007799][T16666] tunl0: Caught tx_queue_len zero misconfig [ 282.096595][T16678] lo: Caught tx_queue_len zero misconfig [ 282.098801][T16678] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4716'. [ 282.674580][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 283.131285][T16753] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 283.134597][T16753] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 283.137487][T16753] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 283.141953][T16753] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 283.144834][T16753] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 283.154647][T16752] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 283.198557][T16760] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4750'. [ 283.715369][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 284.723698][T16859] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4796'. [ 285.415226][ T6027] usb 11-1: new low-speed USB device number 10 using dummy_hcd [ 285.566051][ T6027] usb 11-1: config 0 has an invalid interface number: 55 but max is 0 [ 285.569084][ T6027] usb 11-1: config 0 has no interface number 0 [ 285.571476][ T6027] usb 11-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 285.584084][ T6027] usb 11-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 285.588134][ T6027] usb 11-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 285.591610][ T6027] usb 11-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 285.597932][ T6027] usb 11-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 285.608031][ T6027] usb 11-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 285.612084][ T6027] usb 11-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 285.618517][ T6027] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.622081][ T6027] usb 11-1: config 0 descriptor?? [ 285.624252][T16906] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 285.626553][T16906] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 285.630551][ T6027] ldusb 11-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 285.727702][T16951] futex_wake_op: syz.5.4839 tries to shift op by -1; fix this program [ 285.844934][ T34] usb 11-1: USB disconnect, device number 10 [ 285.849478][ T34] ldusb 11-1:0.55: LD USB Device #0 now disconnected [ 285.986640][T16979] TCP: TCP_TX_DELAY enabled [ 286.043460][T16987] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.4857'. [ 286.091322][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 286.091338][ T40] audit: type=1107 audit(1765651751.099:6054): pid=16993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 286.103858][T16994] geneve2: entered promiscuous mode [ 286.235655][T17009] futex_wake_op: syz.3.4866 tries to shift op by -1; fix this program [ 286.281945][ T5301] Bluetooth: hci4: sending frame failed (-49) [ 286.285195][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 286.693701][T17042] futex_wake_op: syz.6.4878 tries to shift op by -1; fix this program [ 286.834229][ T6027] net_ratelimit: 4 callbacks suppressed [ 286.834241][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.195657][T17054] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.198485][T17054] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.215484][T17054] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.219381][T17054] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.222929][T17054] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.227535][T17052] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.247288][T17060] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4887'. [ 287.365110][T17074] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.4894'. [ 287.673344][T17105] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.684207][T17105] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.685006][T17107] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 287.689569][T17107] IPv6: NLM_F_CREATE should be set when creating new route [ 287.692463][T17105] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.852409][T17119] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4914'. [ 287.860701][T17119] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4914'. [ 288.309338][ T40] audit: type=1326 audit(1765651753.309:6055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17142 comm="syz.4.4921" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 288.314149][T17139] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4920'. [ 288.319260][ T40] audit: type=1326 audit(1765651753.309:6056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17142 comm="syz.4.4921" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 288.327581][ T40] audit: type=1326 audit(1765651753.319:6057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17142 comm="syz.4.4921" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 288.344101][ T40] audit: type=1326 audit(1765651753.319:6058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17142 comm="syz.4.4921" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 288.366205][ T40] audit: type=1326 audit(1765651753.319:6059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17142 comm="syz.4.4921" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 288.373028][ T40] audit: type=1326 audit(1765651753.319:6060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17142 comm="syz.4.4921" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 288.380634][ T40] audit: type=1326 audit(1765651753.319:6061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17142 comm="syz.4.4921" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 288.387986][ T40] audit: type=1326 audit(1765651753.319:6062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17142 comm="syz.4.4921" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 288.396537][ T40] audit: type=1326 audit(1765651753.319:6063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17142 comm="syz.4.4921" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x7ffc0000 [ 288.720501][T17177] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4938'. [ 288.759613][T17180] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4939'. [ 289.102860][T17209] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.4950'. [ 289.659804][T17246] netlink: 'syz.5.4967': attribute type 1 has an invalid length. [ 289.672955][T17246] bond1: entered promiscuous mode [ 289.675826][T17246] 8021q: adding VLAN 0 to HW filter on device bond1 [ 289.702600][T17246] 8021q: adding VLAN 0 to HW filter on device bond2 [ 289.710112][T17246] bond1: (slave bond2): making interface the new active one [ 289.712702][T17246] bond2: entered promiscuous mode [ 289.714796][T17246] bond1: (slave bond2): Enslaving as an active interface with an up link [ 290.800681][T17290] io-wq is not configured for unbound workers [ 291.283599][T17327] overlayfs: invalid origin (000000790066696c6530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 291.552905][T17347] netlink: 'syz.3.5011': attribute type 1 has an invalid length. [ 291.569034][T17347] bond2: entered promiscuous mode [ 291.570884][T17347] 8021q: adding VLAN 0 to HW filter on device bond2 [ 291.602629][T17347] 8021q: adding VLAN 0 to HW filter on device bond3 [ 291.607436][T17347] bond2: (slave bond3): making interface the new active one [ 291.610534][T17347] bond3: entered promiscuous mode [ 291.613518][T17347] bond2: (slave bond3): Enslaving as an active interface with an up link [ 292.034484][ T6017] net_ratelimit: 14 callbacks suppressed [ 292.034496][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 292.154982][ C2] vcan0: j1939_tp_rxtimer: 0xffff888024eca800: rx timeout, send abort [ 292.159435][ C2] vcan0: j1939_xtp_rx_abort_one: 0xffff888024eca800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 292.724928][T17407] loop4: detected capacity change from 0 to 7 [ 292.730324][T17407] Dev loop4: unable to read RDB block 7 [ 292.732690][T17407] loop4: AHDI p1 p2 [ 292.735991][T17407] loop4: partition table partially beyond EOD, truncated [ 292.738787][T17407] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 293.033866][T17427] overlayfs: failed to clone upperpath [ 293.074200][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 293.825335][ T1022] usb 9-1: new full-speed USB device number 12 using dummy_hcd [ 293.911319][T17467] __nla_validate_parse: 2 callbacks suppressed [ 293.911337][T17467] netlink: 212916 bytes leftover after parsing attributes in process `syz.5.5065'. [ 293.953454][T17471] input: syz1 as /devices/virtual/input/input45 [ 293.989025][ T1022] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 4 [ 293.993631][ T1022] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023 [ 294.000064][ T1022] usb 9-1: config 0 interface 0 has no altsetting 0 [ 294.005468][ T1022] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 294.009147][ T1022] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 294.012510][ T1022] usb 9-1: Product: syz [ 294.016488][ T1022] usb 9-1: Manufacturer: syz [ 294.018504][ T1022] usb 9-1: SerialNumber: syz [ 294.022461][ T1022] usb 9-1: config 0 descriptor?? [ 294.030228][ T1022] usb 9-1: selecting invalid altsetting 0 [ 294.125210][ T34] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 294.125285][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.232156][T17446] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 294.238051][ T5749] usb 9-1: USB disconnect, device number 12 [ 294.288124][ T34] usb 8-1: config index 0 descriptor too short (expected 39, got 27) [ 294.293973][ T34] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 294.298033][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 294.312855][ T34] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 294.316594][ T34] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 294.319069][ T34] usb 8-1: Product: syz [ 294.320385][ T34] usb 8-1: Manufacturer: syz [ 294.321836][ T34] usb 8-1: SerialNumber: syz [ 294.323250][T17494] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.323520][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.328058][ T34] usb 8-1: config 0 descriptor?? [ 294.333618][ T34] hub 8-1:0.0: bad descriptor, ignoring hub [ 294.335668][ T34] hub 8-1:0.0: probe with driver hub failed with error -5 [ 294.339721][ T34] usb 8-1: selecting invalid altsetting 0 [ 294.750557][T17514] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5086'. [ 294.755049][T17514] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5086'. [ 294.844507][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.847691][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.899264][T17523] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.939142][T17526] input: syz1 as /devices/virtual/input/input46 [ 295.059759][T17539] Invalid argument reading file caps for ./file0 [ 295.229802][T17553] mkiss: ax0: crc mode is auto. [ 295.236011][T17464] usb 8-1: reset high-speed USB device number 27 using dummy_hcd [ 295.384695][T17464] usb 8-1: device firmware changed [ 295.387083][ T5749] usb 8-1: USB disconnect, device number 27 [ 295.544326][ T5749] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 295.611987][T17584] process '/newroot/575/file0' started with executable stack [ 295.712491][ T5749] usb 8-1: unable to get BOS descriptor or descriptor too short [ 295.715106][T17599] vivid-007: disconnect [ 295.718079][T17598] vivid-007: reconnect [ 295.718815][ T5749] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 295.722436][ T5749] usb 8-1: can't read configurations, error -71 [ 295.753273][T17603] sit0: Caught tx_queue_len zero misconfig [ 295.875128][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.619617][T17631] netlink: 6 bytes leftover after parsing attributes in process `syz.3.5141'. [ 296.624216][T17631] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 296.749958][T17637] netlink: 156 bytes leftover after parsing attributes in process `syz.4.5144'. [ 296.803624][T17645] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.5149'. [ 296.860544][T17653] random: crng reseeded on system resumption [ 297.064429][T17674] netlink: 6 bytes leftover after parsing attributes in process `syz.4.5161'. [ 297.068021][T17674] net_ratelimit: 4 callbacks suppressed [ 297.068030][T17674] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 297.182745][T17686] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5167'. [ 297.339905][T17699] Invalid source name [ 297.341276][T17699] UBIFS error (pid: 17699): cannot open "./file0", error -22 [ 297.394476][ T1022] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 297.400105][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 297.516519][ T40] kauditd_printk_skb: 18 callbacks suppressed [ 297.516530][ T40] audit: type=1326 audit(1765651762.529:6082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17709 comm="syz.4.5176" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc4579 code=0x0 [ 297.788443][T17722] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5181'. [ 297.791904][T17722] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5181'. [ 297.804205][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 297.888556][T17728] gre0: Master is either lo or non-ether device [ 298.616603][ T6017] hid_parser_main: 35 callbacks suppressed [ 298.616615][ T6017] hid-generic 0000:0000:0004.001E: unknown main item tag 0x0 [ 298.627575][ T6017] hid-generic 0000:0000:0004.001E: unknown main item tag 0x0 [ 298.629939][ T6017] hid-generic 0000:0000:0004.001E: unknown main item tag 0x0 [ 298.632972][ T6017] hid-generic 0000:0000:0004.001E: unknown main item tag 0x0 [ 298.636645][ T6017] hid-generic 0000:0000:0004.001E: unknown main item tag 0x0 [ 298.639027][ T6017] hid-generic 0000:0000:0004.001E: unknown main item tag 0x0 [ 298.641448][ T6017] hid-generic 0000:0000:0004.001E: unknown main item tag 0x0 [ 298.643784][ T6017] hid-generic 0000:0000:0004.001E: unknown main item tag 0x0 [ 298.646381][ T6017] hid-generic 0000:0000:0004.001E: unknown main item tag 0x0 [ 298.648742][ T6017] hid-generic 0000:0000:0004.001E: unknown main item tag 0x0 [ 298.652528][ T6017] hid-generic 0000:0000:0004.001E: hidraw0: HID v0.03 Device [syz1] on syz0 [ 298.835445][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 298.892377][T17792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 298.896260][T17792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 298.898999][T17792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 298.902878][T17792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 298.905855][T17792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 298.955815][T17796] erspan0: entered promiscuous mode [ 298.964516][T17796] __nla_validate_parse: 1 callbacks suppressed [ 298.964533][T17796] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5216'. [ 299.232040][T17819] Bluetooth: hci0: expected 2 bytes, got 7 bytes [ 299.794041][ T1022] usb 8-1: new low-speed USB device number 30 using dummy_hcd [ 299.945528][ T1022] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 299.948279][ T1022] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 299.951698][ T1022] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 299.956839][ T1022] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 299.960353][ T1022] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 299.964637][ T1022] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 299.966999][ T1022] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 299.970353][ T1022] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 299.974231][ T1022] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 299.977863][ T1022] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 299.984368][ T1022] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 299.986876][ T1022] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 299.990318][ T1022] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 299.994154][ T1022] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 299.994168][ T6017] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 299.997616][ T1022] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 300.006308][ T1022] usb 8-1: string descriptor 0 read error: -22 [ 300.008332][ T1022] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 300.011168][ T1022] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.018324][ T1022] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 300.144019][ T6017] usb 9-1: Using ep0 maxpacket: 8 [ 300.147952][ T6017] usb 9-1: config 0 interface 0 has no altsetting 0 [ 300.150709][ T6017] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 300.154620][ T6017] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.159882][ T6017] usb 9-1: config 0 descriptor?? [ 300.231044][ T60] usb 8-1: USB disconnect, device number 30 [ 300.587588][ T6017] mcp2221 0003:04D8:00DD.001F: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 300.797351][ T6032] usb 9-1: USB disconnect, device number 13 [ 300.924059][ T6017] usb 11-1: new high-speed USB device number 11 using dummy_hcd [ 301.075467][ T6017] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.079558][ T6017] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 301.083408][ T6017] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 301.090964][ T6017] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 301.094880][ T6017] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.098811][ T6017] usb 11-1: config 0 descriptor?? [ 301.534767][ T6017] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 301.631304][T17912] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 301.664159][ T60] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 301.697326][T17918] netlink: 'syz.3.5269': attribute type 21 has an invalid length. [ 301.700378][T17918] netlink: 176 bytes leftover after parsing attributes in process `syz.3.5269'. [ 301.763496][T17923] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5271'. [ 301.768111][T17923] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5271'. [ 301.794578][ T60] usb 11-1: USB disconnect, device number 11 [ 301.822133][T17931] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5275'. [ 301.984092][ T60] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 302.114303][ T6017] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 302.139623][T17952] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5284'. [ 302.154324][ T6026] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 302.266383][ T6017] usb 9-1: Using ep0 maxpacket: 8 [ 302.270910][ T6017] usb 9-1: config 0 has an invalid interface number: 55 but max is 0 [ 302.273488][ T6017] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 302.274291][T17964] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5289'. [ 302.278454][ T6017] usb 9-1: config 0 has no interface number 0 [ 302.282927][ T6017] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 302.286802][ T6017] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.292045][ T6017] usb 9-1: config 0 descriptor?? [ 302.296756][ T6017] ldusb 9-1:0.55: Interrupt in endpoint not found [ 302.551014][ T6032] usb 9-1: USB disconnect, device number 14 [ 302.824169][ T6026] usb 8-1: new high-speed USB device number 31 using dummy_hcd [ 302.875121][T17995] net_ratelimit: 4 callbacks suppressed [ 302.875138][T17995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.881604][T17995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.885774][T17995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.985772][ T6026] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 302.990086][ T6026] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 302.993665][ T6026] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 302.997082][ T6026] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 302.997173][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 303.001211][ T6026] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 303.001226][ T6026] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.002479][ T6026] usb 8-1: config 0 descriptor?? [ 303.234220][ T1022] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 303.374037][ T60] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 303.419114][ T6026] plantronics 0003:047F:FFFF.0021: ignoring exceeding usage max [ 303.424834][ T6026] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 303.524024][ T60] usb 9-1: Using ep0 maxpacket: 32 [ 303.527818][ T60] usb 9-1: config 0 has an invalid interface number: 12 but max is 0 [ 303.531138][ T60] usb 9-1: config 0 has no interface number 0 [ 303.533670][ T60] usb 9-1: config 0 interface 12 has no altsetting 0 [ 303.538800][ T60] usb 9-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 303.542570][ T60] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.545348][ T60] usb 9-1: Product: syz [ 303.546695][ T60] usb 9-1: Manufacturer: syz [ 303.548185][ T60] usb 9-1: SerialNumber: syz [ 303.551934][ T60] usb 9-1: config 0 descriptor?? [ 303.555910][ T60] f81534 9-1:0.12: required endpoints missing [ 303.761670][ T6032] usb 9-1: USB disconnect, device number 15 [ 303.794280][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 303.927406][T18015] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5312'. [ 303.983993][ T6017] usb 11-1: new low-speed USB device number 12 using dummy_hcd [ 304.035184][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 304.145502][ T6017] usb 11-1: config 168 descriptor has 1 excess byte, ignoring [ 304.147989][ T6017] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 304.151534][ T6017] usb 11-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 304.155714][ T6017] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 304.159509][ T6017] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 304.164968][ T6017] usb 11-1: config 168 descriptor has 1 excess byte, ignoring [ 304.167590][ T6017] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 304.171085][ T6017] usb 11-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 304.176494][ T6017] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 304.181025][ T6017] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 304.186628][ T6017] usb 11-1: config 168 descriptor has 1 excess byte, ignoring [ 304.189536][ T6017] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 304.193971][ T6017] usb 11-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 304.198641][ T6017] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 304.202314][ T6017] usb 11-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 304.208525][ T6017] usb 11-1: string descriptor 0 read error: -22 [ 304.211057][ T6017] usb 11-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 304.213817][ T6017] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.222006][ T6017] adutux 11-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 304.434542][ T6026] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 304.438362][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 304.457340][ T60] usb 11-1: USB disconnect, device number 12 [ 304.808410][T18041] syzkaller1: entered promiscuous mode [ 304.810363][T18041] syzkaller1: entered allmulticast mode [ 305.074173][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 305.076821][ T6027] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 305.363463][T18070] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.5337'. [ 305.377262][ T6026] hid_parser_main: 106 callbacks suppressed [ 305.377280][ T6026] hid-generic 00A0:0006:0003.0022: unknown main item tag 0x0 [ 305.378531][T18071] trusted_key: syz.5.5338 sent an empty control message without MSG_MORE. [ 305.384001][ T6026] hid-generic 00A0:0006:0003.0022: unknown main item tag 0x0 [ 305.389841][ T6026] hid-generic 00A0:0006:0003.0022: unknown main item tag 0x0 [ 305.402141][ T6026] hid-generic 00A0:0006:0003.0022: unknown main item tag 0x0 [ 305.405749][ T6026] hid-generic 00A0:0006:0003.0022: unknown main item tag 0x0 [ 305.408086][ T6026] hid-generic 00A0:0006:0003.0022: unknown main item tag 0x0 [ 305.410657][ T6026] hid-generic 00A0:0006:0003.0022: unknown main item tag 0x0 [ 305.413002][ T6026] hid-generic 00A0:0006:0003.0022: unknown main item tag 0x0 [ 305.416266][ T6026] hid-generic 00A0:0006:0003.0022: unknown main item tag 0x0 [ 305.418592][ T6026] hid-generic 00A0:0006:0003.0022: unknown main item tag 0x0 [ 305.424838][ T6026] hid-generic 00A0:0006:0003.0022: hidraw1: HID v0.05 Device [syz1] on syz0 [ 305.497704][ T5749] usb 8-1: USB disconnect, device number 31 [ 305.634188][ T838] usb 11-1: new full-speed USB device number 13 using dummy_hcd [ 305.710026][T18092] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5347'. [ 305.775894][ T40] audit: type=1326 audit(1765651770.789:6083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18093 comm="syz.3.5348" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70fd579 code=0x0 [ 305.825560][ T838] usb 11-1: config 0 has an invalid interface number: 212 but max is 0 [ 305.828928][ T838] usb 11-1: config 0 has no interface number 0 [ 305.831476][ T838] usb 11-1: config 0 interface 212 has no altsetting 0 [ 305.836483][ T838] usb 11-1: New USB device found, idVendor=1ae7, idProduct=0525, bcdDevice=ca.e6 [ 305.839631][ T838] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.842655][ T838] usb 11-1: Product: syz [ 305.844344][ T838] usb 11-1: Manufacturer: syz [ 305.845956][ T838] usb 11-1: SerialNumber: syz [ 305.849391][ T838] usb 11-1: config 0 descriptor?? [ 305.853538][ T838] HFC-S_USB 11-1:0.212: probe with driver HFC-S_USB failed with error -5 [ 305.853991][ T60] usb 9-1: new high-speed USB device number 16 using dummy_hcd [ 306.004031][ T60] usb 9-1: Using ep0 maxpacket: 8 [ 306.007508][ T60] usb 9-1: config 0 interface 0 has no altsetting 0 [ 306.009629][ T60] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 306.012683][ T60] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.017152][ T60] usb 9-1: config 0 descriptor?? [ 306.059632][ T34] usb 11-1: USB disconnect, device number 13 [ 306.428558][ T60] mcp2221 0003:04D8:00DD.0023: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 306.633746][ T60] usb 9-1: USB disconnect, device number 16 [ 306.699449][T18118] dummy0: entered promiscuous mode [ 306.702286][T18118] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 306.708076][T18118] debugfs: 'hsr0' already exists in 'hsr' [ 306.710370][T18118] Cannot create hsr debugfs directory [ 306.712653][T18118] hsr0: Slave B (netdevsim0) is not up; please bring it up to get a fully working HSR network [ 306.717692][T18118] hsr0: entered allmulticast mode [ 306.719322][T18118] dummy0: entered allmulticast mode [ 306.721091][T18118] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 306.847183][T18134] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 306.852167][T18134] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 307.072464][T18166] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 307.077351][T18166] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 307.086539][T18167] netlink: 96 bytes leftover after parsing attributes in process `syz.5.5378'. [ 307.296407][T18196] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 307.300242][T18196] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 307.363986][ T6026] usb 11-1: new high-speed USB device number 14 using dummy_hcd [ 307.534044][ T6026] usb 11-1: Using ep0 maxpacket: 8 [ 307.539693][ T6026] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 307.543640][ T6026] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 307.547647][ T6026] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 307.551595][ T6026] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 307.556643][ T6026] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 307.559553][ T6026] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.754031][ T5749] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 307.767743][ T6026] usb 11-1: GET_CAPABILITIES returned 0 [ 307.769636][ T6026] usbtmc 11-1:16.0: can't read capabilities [ 307.904367][ T5749] usb 9-1: Using ep0 maxpacket: 8 [ 307.909054][ T5749] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 307.913178][ T5749] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 307.934012][ T5749] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 307.937935][ T5749] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 307.942947][ T5749] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 307.950598][ T5749] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.968838][ T6032] usb 11-1: USB disconnect, device number 14 [ 308.161505][ T5749] usb 9-1: usb_control_msg returned -32 [ 308.164926][ T5749] usbtmc 9-1:16.0: can't read capabilities [ 308.185605][T18248] netlink: 76 bytes leftover after parsing attributes in process `syz.3.5415'. [ 308.194274][ T838] net_ratelimit: 4 callbacks suppressed [ 308.194290][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 308.804403][ T5749] usb 11-1: new high-speed USB device number 15 using dummy_hcd [ 308.954018][ T5749] usb 11-1: Using ep0 maxpacket: 16 [ 308.957337][ T5749] usb 11-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 308.961530][ T5749] usb 11-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 308.966983][ T5749] usb 11-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 308.970952][ T5749] usb 11-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 308.976478][ T5749] usb 11-1: config 7 interface 0 has no altsetting 0 [ 308.979433][ T5749] usb 11-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 308.983546][ T5749] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.076297][T18273] 9pnet: p9_errstr2errno: server reported unknown error [ 309.234176][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 309.316090][T18287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 309.361427][T18291] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5434'. [ 309.410749][ T5749] input: HID 0458:5010 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:7.0/0003:0458:5010.0024/input/input47 [ 309.419874][ T5749] kye 0003:0458:5010.0024: input,hiddev1,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.6-1/input0 [ 309.476752][T18300] netlink: 'syz.3.5439': attribute type 1 has an invalid length. [ 309.480071][T18300] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5439'. [ 309.596082][T18310] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5444'. [ 309.599225][ T5749] usb 11-1: USB disconnect, device number 15 [ 310.195705][ T88] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 310.198929][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 310.202150][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 310.286806][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 310.527866][ T60] usb 9-1: USB disconnect, device number 17 [ 310.544262][T18357] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5465'. [ 310.915040][T18385] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 310.934930][T18385] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 310.938725][T18385] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 310.943615][T18384] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 310.999040][T18398] Invalid ELF header len 5 [ 311.286307][T18421] sit0: entered promiscuous mode [ 311.298847][T18421] netlink: 'syz.5.5493': attribute type 1 has an invalid length. [ 311.302177][T18421] netlink: 1 bytes leftover after parsing attributes in process `syz.5.5493'. [ 311.481844][T18432] batadv_slave_1: entered promiscuous mode [ 311.486439][T18431] batadv_slave_1: left promiscuous mode [ 312.206745][T18489] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 312.350968][T18504] overlayfs: failed to clone upperpath [ 312.381578][T18506] batadv_slave_1: entered promiscuous mode [ 312.384275][T18505] batadv_slave_1: left promiscuous mode [ 312.555430][T18522] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 312.669798][T18533] netlink: 64 bytes leftover after parsing attributes in process `syz.6.5545'. [ 313.397305][ T6017] net_ratelimit: 5 callbacks suppressed [ 313.397317][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 313.655667][T18583] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5567'. [ 313.728897][T18592] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5571'. [ 313.812703][T18604] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 313.892812][T18612] [ 313.893640][T18612] ===================================================== [ 313.896099][T18612] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 313.898568][T18612] syzkaller #0 Tainted: G L [ 313.900907][T18612] ----------------------------------------------------- [ 313.903640][T18612] syz.3.5582/18612 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 313.906725][T18612] ffff88806a8dc360 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 313.910206][T18612] [ 313.910206][T18612] and this task is already holding: [ 313.913060][T18612] ffff88800dfbe028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 313.916190][T18612] which would create a new lock dependency: [ 313.918057][T18612] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 313.920542][T18612] [ 313.920542][T18612] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 313.924034][T18612] (&dev->event_lock#2){..-.}-{3:3} [ 313.924058][T18612] [ 313.924058][T18612] ... which became SOFTIRQ-irq-safe at: [ 313.929165][T18612] lock_acquire+0x179/0x330 [ 313.931036][T18612] _raw_spin_lock_irqsave+0x3a/0x60 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 313.933162][T18612] input_inject_event+0x9f/0x3b0 [ 313.935285][T18612] led_set_brightness+0x217/0x290 [ 313.937401][T18612] led_trigger_event+0xda/0x270 [ 313.939389][T18612] kbd_bh+0x247/0x330 [ 313.941006][T18612] tasklet_action_common+0x254/0x3f0 [ 313.943176][T18612] handle_softirqs+0x219/0x950 [ 313.945205][T18612] run_ksoftirqd+0x3a/0x60 [ 313.947044][T18612] smpboot_thread_fn+0x3f7/0xae0 [ 313.949092][T18612] kthread+0x3c5/0x780 [ 313.950765][T18612] ret_from_fork+0x983/0xb10 [ 313.952687][T18612] ret_from_fork_asm+0x1a/0x30 [ 313.954661][T18612] [ 313.954661][T18612] to a SOFTIRQ-irq-unsafe lock: [ 313.957455][T18612] (tasklist_lock){.+.+}-{3:3} [ 313.957479][T18612] [ 313.957479][T18612] ... which became SOFTIRQ-irq-unsafe at: [ 313.962514][T18612] ... [ 313.962520][T18612] lock_acquire+0x179/0x330 [ 313.965449][T18612] _raw_read_lock+0x5f/0x70 [ 313.967321][T18612] __do_wait+0x105/0x890 [ 313.969004][T18612] do_wait+0x21d/0x570 [ 313.970339][T18612] kernel_wait+0x9f/0x160 [ 313.971799][T18612] call_usermodehelper_exec_work+0xf1/0x170 [ 313.973708][T18612] process_one_work+0x9ba/0x1b20 [ 313.975346][T18612] worker_thread+0x6c8/0xf10 [ 313.976853][T18612] kthread+0x3c5/0x780 [ 313.978183][T18612] ret_from_fork+0x983/0xb10 [ 313.979699][T18612] ret_from_fork_asm+0x1a/0x30 [ 313.981294][T18612] [ 313.981294][T18612] other info that might help us debug this: [ 313.981294][T18612] [ 313.984522][T18612] Chain exists of: [ 313.984522][T18612] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 313.984522][T18612] [ 313.988775][T18612] Possible interrupt unsafe locking scenario: [ 313.988775][T18612] [ 313.991430][T18612] CPU0 CPU1 [ 313.993123][T18612] ---- ---- [ 313.994809][T18612] lock(tasklist_lock); [ 313.996198][T18612] local_irq_disable(); [ 313.998410][T18612] lock(&dev->event_lock#2); [ 314.001053][T18612] lock(&client->buffer_lock); [ 314.003393][T18612] [ 314.004621][T18612] lock(&dev->event_lock#2); [ 314.006574][T18612] [ 314.006574][T18612] *** DEADLOCK *** [ 314.006574][T18612] [ 314.009376][T18612] 7 locks held by syz.3.5582/18612: [ 314.011031][T18612] #0: ffff88802921b118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x184/0x440 [ 314.014337][T18612] #1: ffff8880212e9230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 314.017497][T18612] #2: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 314.020510][T18612] #3: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 314.023516][T18612] #4: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 314.026361][T18612] #5: ffff88800dfbe028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 314.029561][T18612] #6: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 314.032394][T18612] [ 314.032394][T18612] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 314.035662][T18612] -> (&dev->event_lock#2){..-.}-{3:3} { [ 314.037453][T18612] IN-SOFTIRQ-W at: [ 314.038712][T18612] lock_acquire+0x179/0x330 [ 314.040723][T18612] _raw_spin_lock_irqsave+0x3a/0x60 [ 314.042955][T18612] input_inject_event+0x9f/0x3b0 [ 314.045105][T18612] led_set_brightness+0x217/0x290 [ 314.047273][T18612] led_trigger_event+0xda/0x270 [ 314.049393][T18612] kbd_bh+0x247/0x330 [ 314.051284][T18612] tasklet_action_common+0x254/0x3f0 [ 314.053725][T18612] handle_softirqs+0x219/0x950 [ 314.056147][T18612] run_ksoftirqd+0x3a/0x60 [ 314.058347][T18612] smpboot_thread_fn+0x3f7/0xae0 [ 314.060498][T18612] kthread+0x3c5/0x780 [ 314.062415][T18612] ret_from_fork+0x983/0xb10 [ 314.064441][T18612] ret_from_fork_asm+0x1a/0x30 [ 314.066498][T18612] INITIAL USE at: [ 314.067786][T18612] lock_acquire+0x179/0x330 [ 314.069758][T18612] _raw_spin_lock_irqsave+0x3a/0x60 [ 314.071965][T18612] input_inject_event+0x9f/0x3b0 [ 314.074120][T18612] led_set_brightness+0x217/0x290 [ 314.076257][T18612] kbd_led_trigger_activate+0xcb/0x110 [ 314.078500][T18612] led_trigger_set+0x59a/0xc50 [ 314.080488][T18612] led_trigger_set_default+0x1e0/0x2e0 [ 314.082738][T18612] led_classdev_register_ext+0x71d/0xa30 [ 314.085052][T18612] input_leds_connect+0x552/0x8e0 [ 314.087176][T18612] input_attach_handler.isra.0+0x176/0x250 [ 314.089540][T18612] input_register_device+0xab9/0x11b0 [ 314.091770][T18612] atkbd_connect+0x5f8/0xa60 [ 314.093757][T18612] serio_driver_probe+0x7f/0xd0 [ 314.095816][T18612] really_probe+0x241/0xb20 [ 314.097766][T18612] __driver_probe_device+0x1de/0x470 [ 314.099953][T18612] driver_probe_device+0x4c/0x1b0 [ 314.102079][T18612] __driver_attach+0x283/0x5e0 [ 314.104125][T18612] bus_for_each_dev+0x13e/0x1d0 [ 314.106196][T18612] serio_handle_event+0x281/0xb30 [ 314.108332][T18612] process_one_work+0x9ba/0x1b20 [ 314.110423][T18612] worker_thread+0x6c8/0xf10 [ 314.112429][T18612] kthread+0x3c5/0x780 [ 314.114281][T18612] ret_from_fork+0x983/0xb10 [ 314.116283][T18612] ret_from_fork_asm+0x1a/0x30 [ 314.118320][T18612] } [ 314.119139][T18612] ... key at: [] __key.7+0x0/0x40 [ 314.121443][T18612] -> (&client->buffer_lock){....}-{3:3} { [ 314.123315][T18612] INITIAL USE at: [ 314.124730][T18612] lock_acquire+0x179/0x330 [ 314.126647][T18612] _raw_spin_lock_irq+0x36/0x50 [ 314.128720][T18612] evdev_read+0x4c8/0xbc0 [ 314.130658][T18612] vfs_readv+0x5c1/0x8b0 [ 314.132575][T18612] do_readv+0x28c/0x340 [ 314.134393][T18612] __do_fast_syscall_32+0xe8/0x680 [ 314.136551][T18612] do_fast_syscall_32+0x32/0x80 [ 314.138581][T18612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.141058][T18612] } [ 314.141910][T18612] ... key at: [] __key.88+0x0/0x40 [ 314.144451][T18612] ... acquired at: [ 314.145685][T18612] _raw_spin_lock+0x2e/0x40 [ 314.147193][T18612] evdev_pass_values+0x10e/0x9b0 [ 314.148856][T18612] evdev_events+0x104/0x390 [ 314.150374][T18612] input_pass_values+0x138/0x880 [ 314.152072][T18612] input_handle_event+0xf00/0x14d0 [ 314.153748][T18612] input_inject_event+0x1e8/0x3b0 [ 314.155428][T18612] evdev_write+0x2e1/0x440 [ 314.157148][T18612] vfs_write+0x2a0/0x11d0 [ 314.158672][T18612] ksys_write+0x1f8/0x250 [ 314.160151][T18612] __do_fast_syscall_32+0xe8/0x680 [ 314.161823][T18612] do_fast_syscall_32+0x32/0x80 [ 314.163431][T18612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.165479][T18612] [ 314.166299][T18612] [ 314.166299][T18612] the dependencies between the lock to be acquired [ 314.166306][T18612] and SOFTIRQ-irq-unsafe lock: [ 314.170567][T18612] -> (tasklist_lock){.+.+}-{3:3} { [ 314.172296][T18612] HARDIRQ-ON-R at: [ 314.173621][T18612] lock_acquire+0x179/0x330 [ 314.175697][T18612] _raw_read_lock+0x5f/0x70 [ 314.177760][T18612] __do_wait+0x105/0x890 [ 314.179763][T18612] do_wait+0x21d/0x570 [ 314.181701][T18612] kernel_wait+0x9f/0x160 [ 314.183735][T18612] call_usermodehelper_exec_work+0xf1/0x170 [ 314.186187][T18612] process_one_work+0x9ba/0x1b20 [ 314.188369][T18612] worker_thread+0x6c8/0xf10 [ 314.190394][T18612] kthread+0x3c5/0x780 [ 314.192325][T18612] ret_from_fork+0x983/0xb10 [ 314.194431][T18612] ret_from_fork_asm+0x1a/0x30 [ 314.196888][T18612] SOFTIRQ-ON-R at: [ 314.198543][T18612] lock_acquire+0x179/0x330 [ 314.201152][T18612] _raw_read_lock+0x5f/0x70 [ 314.203737][T18612] __do_wait+0x105/0x890 [ 314.206212][T18612] do_wait+0x21d/0x570 [ 314.208645][T18612] kernel_wait+0x9f/0x160 [ 314.210929][T18612] call_usermodehelper_exec_work+0xf1/0x170 [ 314.213458][T18612] process_one_work+0x9ba/0x1b20 [ 314.216211][T18612] worker_thread+0x6c8/0xf10 [ 314.218274][T18612] kthread+0x3c5/0x780 [ 314.220230][T18612] ret_from_fork+0x983/0xb10 [ 314.222321][T18612] ret_from_fork_asm+0x1a/0x30 [ 314.224478][T18612] INITIAL USE at: [ 314.225792][T18612] lock_acquire+0x179/0x330 [ 314.227849][T18612] _raw_write_lock_irq+0x36/0x50 [ 314.230021][T18612] copy_process+0x4668/0x7430 [ 314.232123][T18612] kernel_clone+0xfc/0x910 [ 314.234147][T18612] user_mode_thread+0xc8/0x110 [ 314.236290][T18612] rest_init+0x23/0x2b0 [ 314.238231][T18612] start_kernel+0x3ef/0x4d0 [ 314.240277][T18612] x86_64_start_reservations+0x18/0x30 [ 314.242590][T18612] x86_64_start_kernel+0x130/0x190 [ 314.244809][T18612] common_startup_64+0x13e/0x148 [ 314.247000][T18612] INITIAL READ USE at: [ 314.248498][T18612] lock_acquire+0x179/0x330 [ 314.250928][T18612] _raw_read_lock+0x5f/0x70 [ 314.253182][T18612] __do_wait+0x105/0x890 [ 314.255283][T18612] do_wait+0x21d/0x570 [ 314.257319][T18612] kernel_wait+0x9f/0x160 [ 314.259427][T18612] call_usermodehelper_exec_work+0xf1/0x170 [ 314.262015][T18612] process_one_work+0x9ba/0x1b20 [ 314.264374][T18612] worker_thread+0x6c8/0xf10 [ 314.266548][T18612] kthread+0x3c5/0x780 [ 314.268572][T18612] ret_from_fork+0x983/0xb10 [ 314.270737][T18612] ret_from_fork_asm+0x1a/0x30 [ 314.272990][T18612] } [ 314.273866][T18612] ... key at: [] tasklist_lock+0x18/0x40 [ 314.276345][T18612] ... acquired at: [ 314.277611][T18612] _raw_read_lock+0x5f/0x70 [ 314.279104][T18612] send_sigurg+0xed/0xc80 [ 314.280577][T18612] sk_send_sigurg+0x76/0x360 [ 314.282072][T18612] unix_stream_sendmsg+0xfa3/0x1320 [ 314.283807][T18612] ____sys_sendmsg+0xa5d/0xc30 [ 314.285391][T18612] ___sys_sendmsg+0x134/0x1d0 [ 314.286948][T18612] __sys_sendmsg+0x16d/0x220 [ 314.288479][T18612] __do_fast_syscall_32+0xe8/0x680 [ 314.290156][T18612] do_fast_syscall_32+0x32/0x80 [ 314.291815][T18612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.293861][T18612] [ 314.294637][T18612] -> (&f_owner->lock){....}-{3:3} { [ 314.296329][T18612] INITIAL USE at: [ 314.297608][T18612] lock_acquire+0x179/0x330 [ 314.299583][T18612] _raw_write_lock_irq+0x36/0x50 [ 314.301699][T18612] __f_setown+0x61/0x3c0 [ 314.303605][T18612] generic_setlease+0xf0f/0x1330 [ 314.305714][T18612] kernel_setlease+0x106/0x140 [ 314.307776][T18612] vfs_setlease+0x1e8/0x280 [ 314.309713][T18612] do_fcntl_add_lease+0x3c4/0x550 [ 314.311864][T18612] fcntl_setlease+0xfc/0x180 [ 314.313849][T18612] do_fcntl+0x153b/0x1660 [ 314.315727][T18612] do_compat_fcntl64+0x367/0x710 [ 314.317815][T18612] __do_fast_syscall_32+0xe8/0x680 [ 314.319960][T18612] do_fast_syscall_32+0x32/0x80 [ 314.321925][T18612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.324443][T18612] INITIAL READ USE at: [ 314.325872][T18612] lock_acquire+0x179/0x330 [ 314.327977][T18612] _raw_read_lock_irqsave+0x74/0x90 [ 314.330316][T18612] send_sigio+0x31/0x3e0 [ 314.332333][T18612] kill_fasync+0x214/0x510 [ 314.334382][T18612] lease_break_callback+0x23/0x30 [ 314.336652][T18612] __break_lease+0x6cd/0x1800 [ 314.338798][T18612] do_dentry_open+0x6e7/0x1590 [ 314.340964][T18612] vfs_open+0x82/0x3f0 [ 314.342927][T18612] path_openat+0x2078/0x3140 [ 314.345052][T18612] do_filp_open+0x20b/0x470 [ 314.347129][T18612] do_sys_openat2+0x121/0x290 [ 314.349264][T18612] __ia32_compat_sys_openat+0x16d/0x210 [ 314.351680][T18612] __do_fast_syscall_32+0xe8/0x680 [ 314.353974][T18612] do_fast_syscall_32+0x32/0x80 [ 314.356197][T18612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.358838][T18612] } [ 314.359703][T18612] ... key at: [] __key.1+0x0/0x40 [ 314.361981][T18612] ... acquired at: [ 314.363228][T18612] _raw_read_lock_irqsave+0x74/0x90 [ 314.364941][T18612] send_sigio+0x31/0x3e0 [ 314.366366][T18612] kill_fasync+0x214/0x510 [ 314.367852][T18612] lease_break_callback+0x23/0x30 [ 314.369502][T18612] __break_lease+0x6cd/0x1800 [ 314.371085][T18612] do_dentry_open+0x6e7/0x1590 [ 314.372664][T18612] vfs_open+0x82/0x3f0 [ 314.374016][T18612] path_openat+0x2078/0x3140 [ 314.375563][T18612] do_filp_open+0x20b/0x470 [ 314.377068][T18612] do_sys_openat2+0x121/0x290 [ 314.378605][T18612] __ia32_compat_sys_openat+0x16d/0x210 [ 314.380417][T18612] __do_fast_syscall_32+0xe8/0x680 [ 314.382100][T18612] do_fast_syscall_32+0x32/0x80 [ 314.383708][T18612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.385756][T18612] [ 314.386477][T18612] -> (&new->fa_lock){....}-{3:3} { [ 314.388117][T18612] INITIAL USE at: [ 314.389366][T18612] lock_acquire+0x179/0x330 [ 314.391297][T18612] _raw_write_lock_irq+0x36/0x50 [ 314.393351][T18612] fasync_remove_entry+0xb2/0x1e0 [ 314.395430][T18612] fasync_helper+0xaf/0xd0 [ 314.397328][T18612] lease_modify+0x232/0x500 [ 314.399251][T18612] locks_remove_file+0x29e/0x5c0 [ 314.401342][T18612] __fput+0x351/0xb70 [ 314.403095][T18612] task_work_run+0x150/0x240 [ 314.404986][T18612] exit_to_user_mode_loop+0xfb/0x540 [ 314.407151][T18612] __do_fast_syscall_32+0x4a4/0x680 [ 314.409244][T18612] do_fast_syscall_32+0x32/0x80 [ 314.411319][T18612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.413768][T18612] INITIAL READ USE at: [ 314.415088][T18612] lock_acquire+0x179/0x330 [ 314.417104][T18612] _raw_read_lock_irqsave+0x74/0x90 [ 314.419495][T18612] kill_fasync+0x138/0x510 [ 314.421572][T18612] snd_fasync_work_fn+0x1ac/0x240 [ 314.423756][T18612] process_one_work+0x9ba/0x1b20 [ 314.425917][T18612] worker_thread+0x6c8/0xf10 [ 314.428001][T18612] kthread+0x3c5/0x780 [ 314.429891][T18612] ret_from_fork+0x983/0xb10 [ 314.431989][T18612] ret_from_fork_asm+0x1a/0x30 [ 314.434130][T18612] } [ 314.434963][T18612] ... key at: [] __key.0+0x0/0x40 [ 314.437217][T18612] ... acquired at: [ 314.438451][T18612] lock_acquire+0x179/0x330 [ 314.440010][T18612] _raw_read_lock_irqsave+0x74/0x90 [ 314.441726][T18612] kill_fasync+0x138/0x510 [ 314.443207][T18612] evdev_pass_values+0x619/0x9b0 [ 314.444841][T18612] evdev_events+0x1bb/0x390 [ 314.446325][T18612] input_pass_values+0x74e/0x880 [ 314.447884][T18612] input_handle_event+0xf00/0x14d0 [ 314.449551][T18612] input_inject_event+0x1e8/0x3b0 [ 314.451250][T18612] evdev_write+0x2e1/0x440 [ 314.452924][T18612] vfs_write+0x2a0/0x11d0 [ 314.454535][T18612] ksys_write+0x1f8/0x250 [ 314.456204][T18612] __do_fast_syscall_32+0xe8/0x680 [ 314.458017][T18612] do_fast_syscall_32+0x32/0x80 [ 314.460064][T18612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.462389][T18612] [ 314.463155][T18612] [ 314.463155][T18612] stack backtrace: [ 314.465005][T18612] CPU: 0 UID: 0 PID: 18612 Comm: syz.3.5582 Tainted: G L syzkaller #0 PREEMPT(full) [ 314.465022][T18612] Tainted: [L]=SOFTLOCKUP [ 314.465026][T18612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 314.465033][T18612] Call Trace: [ 314.465039][T18612] [ 314.465043][T18612] dump_stack_lvl+0x116/0x1f0 [ 314.465059][T18612] check_irq_usage+0x8e6/0xbc0 [ 314.465080][T18612] ? check_path.constprop.0+0x24/0x50 [ 314.465098][T18612] ? __lock_acquire+0x167f/0x2890 [ 314.465107][T18612] __lock_acquire+0x167f/0x2890 [ 314.465119][T18612] lock_acquire+0x179/0x330 [ 314.465129][T18612] ? kill_fasync+0x138/0x510 [ 314.465143][T18612] _raw_read_lock_irqsave+0x74/0x90 [ 314.465155][T18612] ? kill_fasync+0x138/0x510 [ 314.465167][T18612] kill_fasync+0x138/0x510 [ 314.465179][T18612] evdev_pass_values+0x619/0x9b0 [ 314.465192][T18612] evdev_events+0x1bb/0x390 [ 314.465204][T18612] input_pass_values+0x74e/0x880 [ 314.465217][T18612] input_handle_event+0xf00/0x14d0 [ 314.465230][T18612] ? _copy_from_user+0x59/0xd0 [ 314.465248][T18612] input_inject_event+0x1e8/0x3b0 [ 314.465264][T18612] evdev_write+0x2e1/0x440 [ 314.465277][T18612] ? __pfx_evdev_write+0x10/0x10 [ 314.465288][T18612] ? bpf_lsm_file_permission+0x9/0x10 [ 314.465302][T18612] ? security_file_permission+0x71/0x210 [ 314.465314][T18612] ? rw_verify_area+0xcf/0x6c0 [ 314.465328][T18612] ? __pfx_evdev_write+0x10/0x10 [ 314.465339][T18612] vfs_write+0x2a0/0x11d0 [ 314.465355][T18612] ? __pfx_vfs_write+0x10/0x10 [ 314.465370][T18612] ? find_held_lock+0x2b/0x80 [ 314.465384][T18612] ? __fget_files+0x204/0x3c0 [ 314.465402][T18612] ? __fget_files+0x20e/0x3c0 [ 314.465420][T18612] ksys_write+0x1f8/0x250 [ 314.465437][T18612] ? __pfx_ksys_write+0x10/0x10 [ 314.465454][T18612] __do_fast_syscall_32+0xe8/0x680 [ 314.465470][T18612] do_fast_syscall_32+0x32/0x80 [ 314.465485][T18612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.465498][T18612] RIP: 0023:0xf70fd579 [ 314.465508][T18612] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 314.465520][T18612] RSP: 002b:00000000f54ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 314.465532][T18612] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 314.465539][T18612] RDX: 0000000000000037 RSI: 0000000000000000 RDI: 0000000000000000 [ 314.465545][T18612] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 314.465551][T18612] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 314.465558][T18612] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 314.465567][T18612] [ 314.467583][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 314.667150][T15127] bridge0: port 3(syz_tun) entered disabled state [ 314.686532][T15127] syz_tun (unregistering): left allmulticast mode [ 314.688574][T15127] syz_tun (unregistering): left promiscuous mode [ 314.690584][T15127] bridge0: port 3(syz_tun) entered disabled state [ 314.854220][ T1149] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.062726][ T1149] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.132822][ T1149] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.231733][ T1149] netdevsim netdevsim5 netdevsim0 (unregistering): left promiscuous mode [ 315.235450][ T1149] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.334068][ T1149] bridge_slave_1: left allmulticast mode [ 315.335910][ T1149] bridge_slave_1: left promiscuous mode [ 315.337868][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.340880][ T1149] bridge_slave_0: left allmulticast mode [ 315.342742][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.474582][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.556251][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 315.560781][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 315.565255][ T1149] bond0 (unregistering): Released all slaves [ 315.571126][ T1149] bond1 (unregistering): (slave bond2): Releasing backup interface [ 315.574491][ T1149] bond2 (unregistering): left promiscuous mode [ 315.577464][ T1149] bond1 (unregistering): Released all slaves [ 315.661105][ T1149] bond2 (unregistering): Released all slaves [ 315.739052][ T1149] tipc: Disabling bearer [ 315.741135][ T1149] tipc: Left network mode [ 315.914669][ T1149] dummy0: left promiscuous mode [ 315.918487][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 315.921436][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 316.526359][ T838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 316.737991][ T1149] IPVS: stop unused estimator thread 0... [ 316.798748][ T1149] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.848129][ T1149] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.897381][ T1149] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.948139][ T1149] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.284322][ T1149] bridge_slave_1: left allmulticast mode [ 317.286152][ T1149] bridge_slave_1: left promiscuous mode [ 317.287988][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.291143][ T1149] bridge_slave_0: left allmulticast mode [ 317.292943][ T1149] bridge_slave_0: left promiscuous mode [ 317.294970][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.298567][ T1149] bridge_slave_1: left allmulticast mode [ 317.300330][ T1149] bridge_slave_1: left promiscuous mode [ 317.302152][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.305512][ T1149] bridge_slave_0: left allmulticast mode [ 317.307298][ T1149] bridge_slave_0: left promiscuous mode [ 317.309468][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.496696][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 317.501110][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 317.504728][ T1149] bond0 (unregistering): Released all slaves [ 317.507734][ T1149] bond1 (unregistering): Released all slaves [ 317.595917][ T1149] bond1 (unregistering): (slave gre1): Releasing backup interface [ 317.804704][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 317.808009][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 317.811340][ T1149] bond0 (unregistering): Released all slaves [ 317.877327][ T1149] bond1 (unregistering): Released all slaves [ 317.941501][ T1149] bond2 (unregistering): (slave bond3): Releasing backup interface [ 317.944174][ T1149] bond3 (unregistering): left promiscuous mode [ 317.946465][ T1149] bond2 (unregistering): Released all slaves [ 318.012490][ T1149] bond3 (unregistering): Released all slaves [ 318.149916][ T1149] tipc: Left network mode [ 318.156801][ T1149] tipc: Left network mode [ 318.522188][ T1149] hsr_slave_0: left promiscuous mode [ 318.524371][ T1149] hsr_slave_1: left promiscuous mode [ 318.526328][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 318.528712][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 318.531339][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 318.533707][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 318.537486][ T1149] hsr_slave_0: left promiscuous mode [ 318.539460][ T1149] hsr_slave_1: left promiscuous mode [ 318.541397][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 318.544056][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 318.548919][ T1149] veth1_macvtap: left promiscuous mode [ 318.550740][ T1149] veth0_macvtap: left promiscuous mode [ 318.611939][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 318.629192][ T1149] team0 (unregistering): Port device team_slave_0 removed [ 318.819756][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 318.841197][ T1149] team0 (unregistering): Port device team_slave_0 removed [ 319.652096][ T1149] IPVS: stop unused estimator thread 0... [ 319.654481][ T1149] IPVS: stop unused estimator thread 0...