last executing test programs: 4.039864191s ago: executing program 0 (id=31292): r0 = syz_open_dev$evdev(&(0x7f0000000440), 0x1, 0x2002) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000100)=0x924) ppoll(&(0x7f0000000280)=[{r0}], 0x1, 0x0, 0x0, 0x0) write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) 3.064650677s ago: executing program 0 (id=31307): r0 = syz_open_dev$media(&(0x7f0000000040), 0xcf7, 0x0) r1 = syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502) ioctl$MEDIA_IOC_G_TOPOLOGY(r1, 0xc0487c04, &(0x7f0000002f00)={0x0, 0xfffffffffffffd41, 0x0, 0x0, 0x62, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000180)=[{}, {0x0, 0x80000000}, {}, {}], 0x0, 0x0, 0x0}) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc01c7c02, &(0x7f0000000140)={r2, 0x0, 0x0}) 3.04893687s ago: executing program 3 (id=31308): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0xa31e3000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) pipe2(&(0x7f0000001040), 0x0) 2.956085573s ago: executing program 0 (id=31309): bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) r0 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), &(0x7f0000000280)) io_uring_enter(r0, 0x15f1, 0xff98, 0x69, 0x0, 0x0) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0) 2.390556329s ago: executing program 1 (id=31315): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310300000000000000000800000008000300", @ANYRES32=r2, @ANYBLOB="080006"], 0x24}}, 0x0) 2.168805054s ago: executing program 1 (id=31319): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x20}) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000040)={0x2}) 2.165148961s ago: executing program 4 (id=31320): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010044bd7000fedbdf255c00000008000300", @ANYRES32=r2, @ANYBLOB='\b\x00k\x00<'], 0x24}, 0x1, 0x0, 0x0, 0x48851}, 0x800) 2.033660851s ago: executing program 0 (id=31322): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x240000000, 0x81, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) 1.932590114s ago: executing program 4 (id=31323): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 1.895329782s ago: executing program 1 (id=31324): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000002c0)={0x0, 0x0, 0x80000, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f0000000500)={r1, 0x0, 0x8, 0x8, 0x8}) 1.824465213s ago: executing program 3 (id=31325): socket$tipc(0x1e, 0x2, 0x0) r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042, 0x7}, 0x10) pselect6(0x40, &(0x7f0000000400)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, &(0x7f0000000000)={0x1f}, 0x0, 0x0, 0x0) 1.644339996s ago: executing program 3 (id=31327): set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) io_setup(0x8, &(0x7f0000000600)=0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x400000}]) 1.631771661s ago: executing program 1 (id=31328): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0xfdef}], 0x1, 0x0, 0x0, 0x800300}, 0x20000801) recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002) recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x1) 1.508294459s ago: executing program 2 (id=31329): mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x108242, 0x78e22799f4a46fa9) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/16, 0x10}], 0x1) write$FUSE_INIT(r0, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x29, 0xbb2, 0x60152602, 0x2, 0xfffc, 0x8, 0x1004, 0x0, 0x0, 0x10, 0x36}}, 0x50) 1.184382539s ago: executing program 2 (id=31330): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x5}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4c00}, 0x0) 866.498842ms ago: executing program 2 (id=31331): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x9, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000202073250000000000202020db1af8ff00000000bfa1fb0fffff"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) io_setup(0x30, &(0x7f0000000600)=0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x24}]) 855.937515ms ago: executing program 3 (id=31332): bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) r0 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), &(0x7f0000000280)) io_uring_enter(r0, 0x15f1, 0xff98, 0x69, 0x0, 0x0) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0) 827.684571ms ago: executing program 4 (id=31333): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x20083, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x40000000, 0x0, 0x6}, {0x40000001, 0x0, 0x7}]}) 634.961422ms ago: executing program 2 (id=31334): listen(0xffffffffffffffff, 0xfffffffd) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x12, 0x0, 0x0, 0xe000, 0x2}}}}}, 0x0) 614.526562ms ago: executing program 1 (id=31335): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x144, 0x10, 0x1, 0xbffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@local, 0x1, 0x794, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x4}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 527.906358ms ago: executing program 4 (id=31336): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0xd, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x5, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa, 0x0, 0x6}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040004}, 0x44080) 434.476645ms ago: executing program 2 (id=31337): r0 = socket(0x2, 0x3, 0xff) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendmmsg$unix(r0, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000500)="7dcc2c9d4eaf588822e6a9cc8eec13d9754bb76c", 0x14}], 0x302}}], 0x2, 0x0) 421.730494ms ago: executing program 0 (id=31338): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000380)={0x300a, r0}, 0x0) 338.832638ms ago: executing program 3 (id=31339): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000780)=@newlink={0x20, 0x10, 0x503}, 0x20}}, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000004c0), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)=ANY=[@ANYBLOB="05000000030000000000000000400000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000002"], 0x38}, 0x300}, 0x0) 283.965169ms ago: executing program 4 (id=31340): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f00000013c0)={&(0x7f0000000040)=@phonet, 0x80, &(0x7f00000012c0)=[{&(0x7f00000000c0)=""/42, 0x2a}], 0x1}, 0x102) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$tipc(r1, &(0x7f0000004200)={0x0, 0x0, &(0x7f00000040c0)=[{&(0x7f0000003a80)='a\t6', 0x3}], 0x1, 0x0, 0x0, 0x880}, 0x40800) 154.134698ms ago: executing program 2 (id=31341): r0 = open(&(0x7f0000000080)='./file0\x00', 0x48141, 0x0) fcntl$setlease(r0, 0x400, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x140, 0x0) fcntl$getflags(r0, 0x401) 122.814095ms ago: executing program 0 (id=31342): syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x800) r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r0, 0x48e9, 0x225e, 0x2, 0x0, 0x0) 52.100078ms ago: executing program 3 (id=31343): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4) sendmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000300009116144f782db44b904021d08000500142603600e120900210000000401a8001600a400014006000000036010fab94dcf4f0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e012dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5d00040000d6e4edef3d93452a92954b43370e970100"/216, 0xd8}], 0x1}, 0x0) 4.445524ms ago: executing program 1 (id=31344): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002"], 0x44}}, 0x0) 0s ago: executing program 4 (id=31345): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x2c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random='n'}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x148c}]]}, 0x2c}}, 0x20004800) kernel console output (not intermixed with test programs): ][ T30] audit: type=1326 audit(1769940479.085:6959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10529 comm="syz.3.28246" exe="/root/syz-executor" sig=0 arch=40000003 syscall=234 compat=1 ip=0xf7f42539 code=0x7ffc0000 [ 1638.231512][ T30] audit: type=1326 audit(1769940479.085:6960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10529 comm="syz.3.28246" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f42539 code=0x7ffc0000 [ 1638.262687][ T30] audit: type=1326 audit(1769940479.085:6961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10529 comm="syz.3.28246" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f42539 code=0x7ffc0000 [ 1638.356250][T10544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.28253'. [ 1638.392750][T10544] openvswitch: netlink: Unknown nsh attribute 0 [ 1638.535236][T10554] [U] k [ 1638.871267][T10566] bond9: option ad_select: invalid value (34) [ 1638.917326][T10566] bond9 (unregistering): Released all slaves [ 1639.488397][T10666] atomic_op ffff888026f24998 conn xmit_atomic 0000000000000000 [ 1639.978666][ T30] audit: type=1326 audit(1769940481.145:6962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10683 comm="syz.3.28285" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f42539 code=0x7ffc0000 [ 1640.039456][ T30] audit: type=1326 audit(1769940481.145:6963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10683 comm="syz.3.28285" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f42539 code=0x7ffc0000 [ 1640.933553][T25268] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 1641.123539][T25268] usb 4-1: Using ep0 maxpacket: 32 [ 1641.154428][T25268] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1641.162500][T25268] usb 4-1: config 0 has no interface number 0 [ 1641.196374][T25268] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 1641.216027][T25268] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1641.238682][T25268] usb 4-1: Product: syz [ 1641.242920][T25268] usb 4-1: Manufacturer: syz [ 1641.258019][T25268] usb 4-1: SerialNumber: syz [ 1641.275756][T25268] usb 4-1: config 0 descriptor?? [ 1641.303178][T25268] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 1641.330628][T25268] usb 4-1: selecting invalid altsetting 1 [ 1641.352158][T25268] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 1641.379867][T25268] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1641.401595][T25268] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 1641.422947][T25268] usb 4-1: media controller created [ 1641.462290][T25268] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1641.557864][T25268] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 1641.567969][T25268] zl10353_read_register: readreg error (reg=127, ret==-71) [ 1641.587885][T25268] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 1641.697744][T25268] usb 4-1: USB disconnect, device number 110 [ 1646.069084][T11007] program syz.1.28426 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1646.187043][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 1646.187064][ T30] audit: type=1326 audit(1769940487.355:6977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11014 comm="syz.1.28430" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf739d539 code=0x0 [ 1646.987095][T11026] netlink: 'syz.4.28434': attribute type 30 has an invalid length. [ 1647.501324][T11053] netlink: 316 bytes leftover after parsing attributes in process `syz.1.28445'. [ 1647.754408][T11063] program syz.4.28448 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1649.304619][T11107] netlink: 'syz.4.28467': attribute type 16 has an invalid length. [ 1649.757100][T11134] netlink: 8 bytes leftover after parsing attributes in process `syz.3.28476'. [ 1649.938435][T11143] bridge_slave_1: invalid flags given to default FDB implementation [ 1650.456078][T11169] team0: Cannot enslave team device to itself [ 1650.472533][ T30] audit: type=1326 audit(1769940491.635:6978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11168 comm="syz.1.28492" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1650.519481][ T30] audit: type=1326 audit(1769940491.635:6979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11168 comm="syz.1.28492" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1650.611754][ T30] audit: type=1326 audit(1769940491.635:6980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11168 comm="syz.1.28492" exe="/root/syz-executor" sig=0 arch=40000003 syscall=447 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1650.641576][ T30] audit: type=1326 audit(1769940491.635:6981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11168 comm="syz.1.28492" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1650.733625][ T30] audit: type=1326 audit(1769940491.635:6982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11168 comm="syz.1.28492" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1650.827336][ T30] audit: type=1326 audit(1769940491.635:6983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11168 comm="syz.1.28492" exe="/root/syz-executor" sig=0 arch=40000003 syscall=298 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1650.867225][ T30] audit: type=1326 audit(1769940491.635:6984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11168 comm="syz.1.28492" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1651.041949][ T30] audit: type=1326 audit(1769940491.635:6985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11168 comm="syz.1.28492" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1651.208310][T11195] veth0_virt_wifi: entered promiscuous mode [ 1651.228691][T11195] veth0_virt_wifi: left promiscuous mode [ 1651.330617][T11205] sctp: [Deprecated]: syz.2.28508 (pid 11205) Use of int in maxseg socket option. [ 1651.330617][T11205] Use struct sctp_assoc_value instead [ 1652.523931][T25252] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 1652.685605][T25252] usb 4-1: config 0 has an invalid interface number: 4 but max is 0 [ 1652.705262][T25252] usb 4-1: config 0 has no interface number 0 [ 1652.711457][T25252] usb 4-1: config 0 interface 4 has no altsetting 0 [ 1652.720701][T25252] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1652.730978][T25252] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1652.743769][T25252] usb 4-1: config 0 descriptor?? [ 1652.760773][T25252] cp210x 4-1:0.4: cp210x converter detected [ 1652.843738][T11261] program syz.2.28530 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1653.159968][T25252] cp210x 4-1:0.4: failed to get vendor val 0x000e size 3: -71 [ 1653.194077][T25252] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1653.231641][T25252] usb 4-1: USB disconnect, device number 111 [ 1653.263173][T25252] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1653.298259][T25252] cp210x 4-1:0.4: device disconnected [ 1654.703504][T25252] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 1654.853659][T25252] usb 4-1: Using ep0 maxpacket: 16 [ 1654.860750][T25252] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1654.871342][T25252] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 52, changing to 9 [ 1654.903222][T25252] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 8241, setting to 1024 [ 1654.917106][T25252] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1654.942639][T25252] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 1654.952416][T25252] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1654.961189][T25252] usb 4-1: Product: syz [ 1654.973669][T25252] usb 4-1: Manufacturer: syz [ 1654.984101][T25252] usb 4-1: SerialNumber: syz [ 1655.009456][T25252] usb 4-1: config 0 descriptor?? [ 1655.253943][T25252] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input223 [ 1655.458261][T25252] usb 4-1: USB disconnect, device number 112 [ 1655.707521][T11429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.28589'. [ 1655.727002][T11429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.28589'. [ 1655.747018][T11429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.28589'. [ 1656.592372][T11472] netlink: 'syz.1.28608': attribute type 1 has an invalid length. [ 1656.865266][T11487] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1657.103291][ T30] audit: type=1326 audit(1769940498.265:6986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11497 comm="syz.4.28621" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1657.166405][ T30] audit: type=1326 audit(1769940498.265:6987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11497 comm="syz.4.28621" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1657.211791][ T30] audit: type=1326 audit(1769940498.305:6988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11497 comm="syz.4.28621" exe="/root/syz-executor" sig=0 arch=40000003 syscall=277 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1657.248247][ T30] audit: type=1326 audit(1769940498.305:6989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11497 comm="syz.4.28621" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1657.286511][ T30] audit: type=1326 audit(1769940498.305:6990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11497 comm="syz.4.28621" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1657.320698][ T30] audit: type=1326 audit(1769940498.305:6991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11497 comm="syz.4.28621" exe="/root/syz-executor" sig=0 arch=40000003 syscall=278 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1657.359120][ T30] audit: type=1326 audit(1769940498.305:6992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11497 comm="syz.4.28621" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1657.859420][T11531] MPI: mpi too large (113288 bits) [ 1658.686847][T11560] netlink: 20 bytes leftover after parsing attributes in process `syz.1.28657'. [ 1658.727765][T11560] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1659.119011][T11575] sg_write: data in/out 124/4 bytes for SCSI command 0x1c-- guessing data in; [ 1659.119011][T11575] program syz.3.28654 not setting count and/or reply_len properly [ 1659.285403][T11585] IPv6: NLM_F_CREATE should be specified when creating new route [ 1660.034034][T25259] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1660.199584][T25259] usb 5-1: config 0 has an invalid interface number: 50 but max is 0 [ 1660.235840][T25259] usb 5-1: config 0 has no interface number 0 [ 1660.242029][T25259] usb 5-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1660.276498][T25259] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 1660.313625][T25259] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1660.321706][T25259] usb 5-1: Product: syz [ 1660.353730][T25259] usb 5-1: Manufacturer: syz [ 1660.358510][T25259] usb 5-1: SerialNumber: syz [ 1660.410536][T25259] usb 5-1: config 0 descriptor?? [ 1660.437183][T25259] yurex 5-1:0.50: USB YUREX device now attached to Yurex #0 [ 1660.614016][T11668] loop9: detected capacity change from 0 to 7 [ 1660.623052][T11668] buffer_io_error: 80 callbacks suppressed [ 1660.623075][T11668] Buffer I/O error on dev loop9, logical block 0, async page read [ 1660.648950][T11668] Buffer I/O error on dev loop9, logical block 0, async page read [ 1660.659296][T11668] Buffer I/O error on dev loop9, logical block 0, async page read [ 1660.664476][T25259] usb 5-1: USB disconnect, device number 7 [ 1660.689444][T25259] yurex 5-1:0.50: USB YUREX #0 now disconnected [ 1660.690148][T11668] Buffer I/O error on dev loop9, logical block 0, async page read [ 1660.726754][T11668] Buffer I/O error on dev loop9, logical block 0, async page read [ 1660.740497][T11668] Buffer I/O error on dev loop9, logical block 0, async page read [ 1660.750284][T11668] Buffer I/O error on dev loop9, logical block 0, async page read [ 1660.759222][T11668] ldm_validate_partition_table(): Disk read failed. [ 1660.769122][T11668] Buffer I/O error on dev loop9, logical block 0, async page read [ 1660.777829][T11668] Buffer I/O error on dev loop9, logical block 0, async page read [ 1660.788687][T11668] Buffer I/O error on dev loop9, logical block 0, async page read [ 1660.797596][T11668] Dev loop9: unable to read RDB block 0 [ 1660.804022][T11668] loop9: unable to read partition table [ 1660.810042][T11668] loop9: partition table beyond EOD, truncated [ 1660.817259][T11668] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 1660.817259][T11668] ) failed (rc=-5) [ 1661.973878][T25252] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 1661.991284][T11758] 9p: p9: multiple sources not supported [ 1662.071003][T11765] kvm: user requested TSC rate below hardware speed [ 1662.133630][T25252] usb 4-1: Using ep0 maxpacket: 32 [ 1662.140995][T25252] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1662.151947][T25252] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1662.162401][T25252] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1662.174158][T25252] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1662.184650][T25252] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1662.198956][T25252] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1662.217079][T25252] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1662.235208][T25252] usb 4-1: config 0 descriptor?? [ 1662.274052][T25947] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1662.436200][T25947] usb 5-1: Using ep0 maxpacket: 16 [ 1662.446714][T25947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1662.458403][T25947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1662.470381][T25947] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 1662.482657][T25947] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1662.493029][T25252] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 113 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1662.504708][T25947] usb 5-1: config 0 descriptor?? [ 1662.542744][T11784] binder: 11783:11784 ioctl c0306201 800004c0 returned -22 [ 1662.957853][T25947] corsair 0003:1B1C:1B02.008E: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.4-1/input0 [ 1663.003224][T11901] loop4: detected capacity change from 0 to 1 [ 1663.019819][T11024] Dev loop4: unable to read RDB block 1 [ 1663.026250][T11024] loop4: unable to read partition table [ 1663.032272][T11024] loop4: partition table beyond EOD, truncated [ 1663.046025][T11901] Dev loop4: unable to read RDB block 1 [ 1663.056182][T11901] loop4: unable to read partition table [ 1663.062573][T11901] loop4: partition table beyond EOD, truncated [ 1663.069849][T11901] loop_reread_partitions: partition scan of loop4 (被x^> ) failed (rc=-5) [ 1663.099259][ T5196] Dev loop4: unable to read RDB block 1 [ 1663.105643][ T5196] loop4: unable to read partition table [ 1663.111628][ T5196] loop4: partition table beyond EOD, truncated [ 1663.137694][T25947] corsair 0003:1B1C:1B02.008E: Read invalid backlight brightness: f7. [ 1663.344436][T25947] usb 5-1: USB disconnect, device number 8 [ 1663.535959][T11937] netlink: 'syz.1.28739': attribute type 2 has an invalid length. [ 1664.043539][T25947] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1664.200620][T11982] vivid-004: disconnect [ 1664.207597][T11981] vivid-004: reconnect [ 1664.228028][T25947] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1664.239650][T25947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1664.248537][T25947] usb 2-1: Product: syz [ 1664.252853][T25947] usb 2-1: Manufacturer: syz [ 1664.257861][T25947] usb 2-1: SerialNumber: syz [ 1664.758881][T25259] usb 4-1: USB disconnect, device number 113 [ 1664.769032][T25259] usblp0: removed [ 1664.829613][T12002] tap0: tun_chr_ioctl cmd 1074025694 [ 1664.889867][T25947] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 1664.935276][T25947] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 1664.948598][T25947] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 1664.961368][T25947] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1664.971683][T25947] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1665.016202][T25947] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 1665.065601][T25947] usb 2-1: USB disconnect, device number 9 [ 1665.344243][T12039] netlink: 'syz.2.28766': attribute type 2 has an invalid length. [ 1665.352329][T12039] netlink: 100 bytes leftover after parsing attributes in process `syz.2.28766'. [ 1665.680114][T12060] futex_wake_op: syz.4.28773 tries to shift op by 35; fix this program [ 1666.458165][T12102] netlink: 80 bytes leftover after parsing attributes in process `syz.2.28790'. [ 1666.492202][T12102] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1667.553753][T25947] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 1667.570581][ T30] audit: type=1326 audit(1769940508.735:6993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.28812" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1667.613757][ T30] audit: type=1326 audit(1769940508.765:6994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.28812" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1667.662259][ T30] audit: type=1326 audit(1769940508.775:6995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.28812" exe="/root/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1667.714173][ T30] audit: type=1326 audit(1769940508.775:6996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.28812" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1667.746939][T25947] usb 4-1: Using ep0 maxpacket: 16 [ 1667.763525][ T30] audit: type=1326 audit(1769940508.775:6997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.28812" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1667.770758][T25947] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1667.799747][T25947] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1667.810397][T25947] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1667.824071][T25947] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1667.833285][T25947] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1667.834834][ T30] audit: type=1326 audit(1769940508.775:6998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.28812" exe="/root/syz-executor" sig=0 arch=40000003 syscall=256 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1667.861415][T25947] usb 4-1: config 0 descriptor?? [ 1667.876640][T12159] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1668.123638][T25259] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 1668.268605][ T30] audit: type=1326 audit(1769940509.435:6999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.28812" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1668.323654][ T30] audit: type=1326 audit(1769940509.435:7000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.28812" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1668.357742][T25259] usb 2-1: config 0 has an invalid interface number: 251 but max is 0 [ 1668.367375][T25947] microsoft 0003:045E:07DA.008F: unknown main item tag 0x1 [ 1668.376342][T25259] usb 2-1: config 0 has no interface number 0 [ 1668.394101][T25259] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 1668.403561][T25259] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1668.404100][T25947] microsoft 0003:045E:07DA.008F: item 0 0 0 9 parsing failed [ 1668.443661][T25259] usb 2-1: Product: syz [ 1668.447948][T25259] usb 2-1: Manufacturer: syz [ 1668.449565][T25947] microsoft 0003:045E:07DA.008F: parse failed [ 1668.452567][T25259] usb 2-1: SerialNumber: syz [ 1668.477491][T25259] usb 2-1: config 0 descriptor?? [ 1668.484728][T25947] microsoft 0003:045E:07DA.008F: probe with driver microsoft failed with error -22 [ 1668.563803][T25947] usb 4-1: USB disconnect, device number 114 [ 1668.907598][T25259] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 1668.918368][T25259] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61 [ 1668.928993][T25259] asix 2-1:0.251: probe with driver asix failed with error -5 [ 1669.137907][T25259] usb 2-1: USB disconnect, device number 10 [ 1669.723846][ T6108] Bluetooth: hci0: command 0x0406 tx timeout [ 1670.738808][T12372] sg_read: process 11370 (syz.2.28839) changed security contexts after opening file descriptor, this is not allowed. [ 1670.953866][T25947] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 1671.124173][T25947] usb 5-1: Using ep0 maxpacket: 16 [ 1671.145931][T25947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1671.163575][T25947] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1671.190586][T25947] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1671.226358][T25947] usb 5-1: config 0 descriptor?? [ 1671.686423][T25947] mcp2221 0003:04D8:00DD.0090: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 1672.078161][T25947] usb 5-1: USB disconnect, device number 9 [ 1672.333791][T25259] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1672.483661][T25259] usb 2-1: Using ep0 maxpacket: 16 [ 1672.491031][T25259] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1672.502833][T25259] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1672.516621][T25259] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1672.527299][T25259] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1672.535663][T25259] usb 2-1: Product: syz [ 1672.539953][T25259] usb 2-1: Manufacturer: syz [ 1672.544830][T25259] usb 2-1: SerialNumber: syz [ 1672.552624][T25259] usb 2-1: config 0 descriptor?? [ 1672.564111][T25259] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1672.573882][T25259] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 1672.957112][T12512] netlink: 8 bytes leftover after parsing attributes in process `syz.3.28881'. [ 1673.172538][T25259] em28xx 2-1:0.0: chip ID is em2870 [ 1673.394368][ T6166] usb 2-1: USB disconnect, device number 11 [ 1673.401771][ T6166] em28xx 2-1:0.0: Disconnecting em28xx [ 1673.411540][ T6166] em28xx 2-1:0.0: Freeing device [ 1673.434483][T25947] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 1673.615168][T25947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1673.626297][T25947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1673.636664][T25947] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 1673.646028][T25947] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1673.657019][T25947] usb 5-1: config 0 descriptor?? [ 1674.077865][T25947] prodikeys 0003:041E:2801.0091: unknown main item tag 0x0 [ 1674.092397][T25947] prodikeys 0003:041E:2801.0091: unknown main item tag 0x0 [ 1674.100363][T25947] prodikeys 0003:041E:2801.0091: unknown main item tag 0x0 [ 1674.110598][T25947] prodikeys 0003:041E:2801.0091: unknown main item tag 0x0 [ 1674.119154][T25947] prodikeys 0003:041E:2801.0091: unknown main item tag 0x0 [ 1674.135306][T25947] prodikeys 0003:041E:2801.0091: unknown main item tag 0x0 [ 1674.135334][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1674.142580][T25947] prodikeys 0003:041E:2801.0091: unknown main item tag 0x0 [ 1674.157037][T25947] prodikeys 0003:041E:2801.0091: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.4-1/input0 [ 1674.165285][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1674.306787][T25259] usb 5-1: USB disconnect, device number 10 [ 1675.071404][T12627] netlink: 'syz.4.28906': attribute type 11 has an invalid length. [ 1675.079875][T12627] netlink: 36 bytes leftover after parsing attributes in process `syz.4.28906'. [ 1675.905133][T12675] netlink: 8 bytes leftover after parsing attributes in process `syz.1.28919'. [ 1677.062913][T12734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.28940'. [ 1677.072452][T12734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.28940'. [ 1677.183610][T25259] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1677.389852][T25259] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1677.421520][T25259] usb 2-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00 [ 1677.450199][T25259] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1677.462275][T25259] usb 2-1: config 0 descriptor?? [ 1677.597250][T12748] netlink: 48 bytes leftover after parsing attributes in process `syz.2.28944'. [ 1677.611276][T12748] netlink: 48 bytes leftover after parsing attributes in process `syz.2.28944'. [ 1677.903630][T25259] hid-alps 0003:044E:1215.0092: hidraw0: USB HID v58.6c Device [HID 044e:1215] on usb-dummy_hcd.1-1/input0 [ 1678.119970][T25947] usb 2-1: USB disconnect, device number 12 [ 1680.199266][ T30] audit: type=1326 audit(1769940521.365:7001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12847 comm="syz.4.28976" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x0 [ 1680.312411][T12852] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode [ 1680.340356][T12852] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1682.536863][T12941] netlink: 16 bytes leftover after parsing attributes in process `syz.0.29009'. [ 1683.011937][T12962] netlink: 8 bytes leftover after parsing attributes in process `syz.3.29015'. [ 1683.062024][T12962] sch_tbf: burst 0 is lower than device lo mtu (1302) ! [ 1683.320075][T12974] netlink: 'syz.4.29020': attribute type 8 has an invalid length. [ 1683.354035][T12974] netlink: 'syz.4.29020': attribute type 4 has an invalid length. [ 1683.392602][T12974] netlink: 164 bytes leftover after parsing attributes in process `syz.4.29020'. [ 1684.253966][T13005] tipc: New replicast peer: 255.255.255.255 [ 1684.261302][T13005] tipc: Enabled bearer , priority 10 [ 1684.288641][T13005] netlink: 'syz.3.29031': attribute type 4 has an invalid length. [ 1684.401085][T13013] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29035'. [ 1685.204159][T13049] netlink: 72 bytes leftover after parsing attributes in process `syz.1.29051'. [ 1685.373558][T25947] tipc: Node number set to 4227858433 [ 1686.313966][T13114] netlink: 'syz.4.29072': attribute type 2 has an invalid length. [ 1686.345408][T13114] : entered promiscuous mode [ 1686.361088][T13114] netlink: 'syz.4.29072': attribute type 2 has an invalid length. [ 1686.384059][T13114] : left promiscuous mode [ 1687.124399][T13160] netlink: 92 bytes leftover after parsing attributes in process `syz.1.29085'. [ 1687.469813][ T30] audit: type=1800 audit(1769940528.635:7002): pid=13175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.29092" name="file1" dev="tmpfs" ino=23907 res=0 errno=0 [ 1687.854257][T25259] usb 4-1: new low-speed USB device number 115 using dummy_hcd [ 1688.005625][T25259] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1688.026087][T25259] usb 4-1: config 0 has no interface number 0 [ 1688.032290][T25259] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1688.050784][T25259] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 1688.068199][T25259] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1688.080023][T25259] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1688.080349][T13223] tipc: Enabling of bearer rejected, already enabled [ 1688.100744][T13223] netlink: 'syz.0.29105': attribute type 4 has an invalid length. [ 1688.111288][T25259] usb 4-1: config 0 descriptor?? [ 1688.116256][T25947] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1688.123277][T13189] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1688.154410][T25259] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1688.293981][T25947] usb 2-1: Using ep0 maxpacket: 16 [ 1688.304721][T25947] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1688.318855][T25947] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1688.330580][T25947] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 1688.360172][ T6166] usb 4-1: USB disconnect, device number 115 [ 1688.393509][T25947] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1688.405774][T25947] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 1688.418294][T25947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1688.448064][T25947] usb 2-1: config 0 descriptor?? [ 1688.870137][T25947] hid (null): unknown global tag 0xc [ 1688.879350][T25947] hid (null): global environment stack underflow [ 1688.889505][T25947] hid (null): unknown global tag 0xe [ 1688.895799][T25947] hid (null): unknown global tag 0xc [ 1688.912301][T25947] hid (null): unknown global tag 0xe [ 1688.917916][T25947] hid (null): unknown global tag 0xd [ 1688.925516][T25947] hid (null): unknown global tag 0xc [ 1688.931639][T25947] hid (null): unknown global tag 0xc [ 1688.938798][T25947] hid (null): unknown global tag 0xc [ 1688.945023][T25947] hid (null): report_id 35694 is invalid [ 1688.951048][T25947] hid (null): invalid report_size 63397 [ 1688.958650][T25947] hid (null): unknown global tag 0xe [ 1688.967846][T25947] hid (null): invalid report_size -1958912434 [ 1688.975303][T25947] hid (null): bogus close delimiter [ 1688.980745][T25947] hid (null): unknown global tag 0xe [ 1688.993592][ T6166] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 1689.073256][T25259] usb 2-1: USB disconnect, device number 13 [ 1689.168165][ T6166] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 1689.189049][ T6166] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 1689.207162][ T6166] usb 5-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 1689.218405][ T6166] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1689.230368][T13288] sch_fq: defrate 0 ignored. [ 1689.232477][ T6166] usb 5-1: config 0 descriptor?? [ 1689.242380][T13257] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1689.489014][ T6166] usbhid 5-1:0.0: can't add hid device: -71 [ 1689.497261][ T6166] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1689.516709][ T6166] usb 5-1: USB disconnect, device number 11 [ 1690.141640][T13343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29134'. [ 1690.185577][T13343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29134'. [ 1690.250055][T13347] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29136'. [ 1691.237490][T13376] netlink: 'syz.0.29145': attribute type 2 has an invalid length. [ 1691.308557][T13376] : entered promiscuous mode [ 1691.318993][T13384] netlink: 'syz.0.29145': attribute type 2 has an invalid length. [ 1691.363992][T13384] : left promiscuous mode [ 1691.417909][ T30] audit: type=1326 audit(1769940532.585:7003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13390 comm="syz.1.29150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1691.494588][ T30] audit: type=1326 audit(1769940532.585:7004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13390 comm="syz.1.29150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1691.538297][ T30] audit: type=1326 audit(1769940532.585:7005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13390 comm="syz.1.29150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1691.568452][ T30] audit: type=1326 audit(1769940532.585:7006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13390 comm="syz.1.29150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1691.616765][ T30] audit: type=1326 audit(1769940532.585:7007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13390 comm="syz.1.29150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=75 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1691.669997][ T30] audit: type=1326 audit(1769940532.585:7008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13390 comm="syz.1.29150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1691.843865][ T30] audit: type=1326 audit(1769940532.595:7009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13390 comm="syz.1.29150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1691.898365][ T30] audit: type=1326 audit(1769940532.595:7010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13390 comm="syz.1.29150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=364 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1691.978695][ T30] audit: type=1326 audit(1769940532.595:7011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13390 comm="syz.1.29150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1692.362967][T13432] netlink: 'syz.3.29164': attribute type 10 has an invalid length. [ 1692.490687][T13437] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 1692.513744][T13437] syzkaller1: linktype set to 769 [ 1692.731318][T13454] netlink: 28 bytes leftover after parsing attributes in process `syz.4.29170'. [ 1693.278915][T13482] sctp: [Deprecated]: syz.3.29180 (pid 13482) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1693.278915][T13482] Use struct sctp_sack_info instead [ 1693.422614][T13488] netlink: 'syz.4.29183': attribute type 3 has an invalid length. [ 1694.660909][T13545] netlink: 'syz.3.29201': attribute type 6 has an invalid length. [ 1696.430599][T13623] bond0: (slave xfrm2): refused to change device type [ 1697.194128][T13663] usb usb8: usbfs: process 13663 (syz.0.29239) did not claim interface 0 before use [ 1697.434236][T13673] sg_write: data in/out 393179/8 bytes for SCSI command 0x0-- guessing data in; [ 1697.434236][T13673] program syz.1.29244 not setting count and/or reply_len properly [ 1697.970945][T21017] syz_tun (unregistering): left allmulticast mode [ 1698.975822][T13710] netlink: 44 bytes leftover after parsing attributes in process `syz.1.29259'. [ 1698.995042][T13715] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1699.016689][T13715] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1699.039329][T13715] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1699.054434][T13715] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1699.068139][T13715] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1699.391401][T25252] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 1699.416686][T25252] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 1699.447346][T25252] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 1699.456397][T25252] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 1699.471234][T25252] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 1699.481922][T25252] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 1699.490064][T25252] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 1699.500648][T25252] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 1699.511729][T13788] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29267'. [ 1699.521314][T25252] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 1699.530548][T13788] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29267'. [ 1699.541037][T25252] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 1699.554574][T13722] chnl_net:caif_netlink_parms(): no params data found [ 1699.593816][T25252] hid-generic 0000:0000:0000.0094: hidraw0: HID v0.03 Device [syz1] on syz1 [ 1699.710032][T13809] fido_id[13809]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1699.868492][T13722] bridge0: port 1(bridge_slave_0) entered blocking state [ 1699.900576][T13722] bridge0: port 1(bridge_slave_0) entered disabled state [ 1699.920728][T13722] bridge_slave_0: entered allmulticast mode [ 1699.936922][T13722] bridge_slave_0: entered promiscuous mode [ 1699.967854][T13722] bridge0: port 2(bridge_slave_1) entered blocking state [ 1699.981180][T13722] bridge0: port 2(bridge_slave_1) entered disabled state [ 1699.995298][T13722] bridge_slave_1: entered allmulticast mode [ 1700.011935][ T30] audit: type=1326 audit(1769940541.175:7012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13724 comm="syz.1.29263" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7fc00000 [ 1700.035517][T13722] bridge_slave_1: entered promiscuous mode [ 1700.132290][T13722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1700.161952][T13722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1700.418611][T13722] team0: Port device team_slave_0 added [ 1700.437509][T13722] team0: Port device team_slave_1 added [ 1700.701264][T13722] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1700.713130][T13722] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1700.793545][T13722] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1700.807619][T13722] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1700.814710][T13722] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1700.853511][T13722] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1700.999967][T13722] hsr_slave_0: entered promiscuous mode [ 1701.016937][T13722] hsr_slave_1: entered promiscuous mode [ 1701.031921][T13722] debugfs: 'hsr0' already exists in 'hsr' [ 1701.044461][T13722] Cannot create hsr debugfs directory [ 1701.107062][T13983] netlink: 4 bytes leftover after parsing attributes in process `syz.0.29284'. [ 1701.164552][ T6108] Bluetooth: hci3: command tx timeout [ 1701.512068][T13722] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1701.746332][T13722] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1701.925766][T13722] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1702.175973][T13722] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1702.283181][T14084] loop6: detected capacity change from 0 to 524287999 [ 1702.577838][T13722] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1702.634796][T13722] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1702.672541][T13722] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1702.748818][T13722] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1702.866835][ T30] audit: type=1326 audit(1769940544.035:7013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14117 comm="syz.2.29301" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x0 [ 1703.021356][T13722] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1703.065442][T13722] 8021q: adding VLAN 0 to HW filter on device team0 [ 1703.104526][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 1703.111817][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1703.144109][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 1703.151402][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1703.243495][ T6108] Bluetooth: hci3: command tx timeout [ 1703.301074][T13722] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1703.390531][T13722] veth0_vlan: entered promiscuous mode [ 1703.416660][T13722] veth1_vlan: entered promiscuous mode [ 1703.461261][T13722] veth0_macvtap: entered promiscuous mode [ 1703.474443][T13722] veth1_macvtap: entered promiscuous mode [ 1703.526132][T13722] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1703.559188][T13722] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1703.593143][T11869] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1703.613977][T11869] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1703.634799][T11869] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1703.655778][T11869] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1703.834552][ T3464] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1703.857219][ T3464] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1703.965137][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1703.973196][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1704.593108][T14181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.29321'. [ 1705.333811][ T6108] Bluetooth: hci3: command tx timeout [ 1705.770396][T14237] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 1706.019062][T14245] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1706.594460][ T6166] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1706.752664][T14270] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29353'. [ 1706.762122][ T6166] usb 2-1: Using ep0 maxpacket: 16 [ 1706.769403][T14270] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29353'. [ 1706.780792][ T6166] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1706.803897][ T6166] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1706.823600][ T6166] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1706.854689][ T6166] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1706.873488][ T6166] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1706.894644][ T6166] usb 2-1: config 0 descriptor?? [ 1707.350073][ T6166] microsoft 0003:045E:07DA.0095: ignoring exceeding usage max [ 1707.390882][ T6166] hid_parser_main: 73 callbacks suppressed [ 1707.390910][ T6166] microsoft 0003:045E:07DA.0095: unknown main item tag 0x0 [ 1707.419981][ T6108] Bluetooth: hci3: command tx timeout [ 1707.438246][ T6166] microsoft 0003:045E:07DA.0095: unknown main item tag 0x0 [ 1707.456789][ T6166] microsoft 0003:045E:07DA.0095: unknown main item tag 0x0 [ 1707.479723][T14290] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29359'. [ 1707.493832][ T6166] microsoft 0003:045E:07DA.0095: unknown main item tag 0x0 [ 1707.515374][ T6166] microsoft 0003:045E:07DA.0095: unknown main item tag 0x0 [ 1707.536224][ T6166] microsoft 0003:045E:07DA.0095: unknown main item tag 0x0 [ 1707.567361][ T6166] microsoft 0003:045E:07DA.0095: unknown main item tag 0x0 [ 1707.583680][ T6166] microsoft 0003:045E:07DA.0095: unknown main item tag 0x0 [ 1707.590978][ T6166] microsoft 0003:045E:07DA.0095: unknown main item tag 0x0 [ 1707.614120][ T6166] microsoft 0003:045E:07DA.0095: unknown main item tag 0x0 [ 1707.639782][T14295] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29360'. [ 1707.669869][ T6166] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0095/input/input225 [ 1707.785100][ T6166] microsoft 0003:045E:07DA.0095: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 1707.844169][ T6166] usb 2-1: USB disconnect, device number 14 [ 1708.008488][T14306] fido_id[14306]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1709.329633][T14384] loop6: detected capacity change from 0 to 524288000 [ 1709.399191][T14388] sctp: [Deprecated]: syz.3.29387 (pid 14388) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1709.399191][T14388] Use struct sctp_sack_info instead [ 1710.170058][T14424] tmpfs: Unknown parameter '*' [ 1710.555919][ T30] audit: type=1326 audit(1769940551.725:7014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14431 comm="syz.1.29403" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x0 [ 1710.697367][T14443] netlink: 'syz.0.29407': attribute type 11 has an invalid length. [ 1711.733448][ T30] audit: type=1326 audit(1769940552.885:7015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14471 comm="syz.4.29416" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1711.796872][ T30] audit: type=1326 audit(1769940552.885:7016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14471 comm="syz.4.29416" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1711.863438][ T30] audit: type=1326 audit(1769940552.895:7017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14471 comm="syz.4.29416" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1711.941372][ T30] audit: type=1326 audit(1769940552.895:7018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14471 comm="syz.4.29416" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1711.999445][ T30] audit: type=1326 audit(1769940552.895:7019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14471 comm="syz.4.29416" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1712.075156][ T30] audit: type=1326 audit(1769940552.895:7020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14471 comm="syz.4.29416" exe="/root/syz-executor" sig=0 arch=40000003 syscall=428 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1712.121288][ T30] audit: type=1326 audit(1769940552.895:7021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14471 comm="syz.4.29416" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1712.163550][ T129] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 1712.181519][ T30] audit: type=1326 audit(1769940552.895:7022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14471 comm="syz.4.29416" exe="/root/syz-executor" sig=0 arch=40000003 syscall=429 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1712.233496][ T30] audit: type=1326 audit(1769940552.895:7023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14471 comm="syz.4.29416" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1712.336247][ T129] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 1712.377305][ T129] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1712.403602][ T129] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1712.433713][ T129] usb 5-1: Product: syz [ 1712.437963][ T129] usb 5-1: Manufacturer: syz [ 1712.441189][T14493] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.29423'. [ 1712.462059][ T129] usb 5-1: SerialNumber: syz [ 1712.699082][T14480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1712.725368][T14480] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1712.743039][ T129] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 1712.765784][ T129] usb 5-1: USB disconnect, device number 12 [ 1713.056812][T14514] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29428'. [ 1713.084956][T14514] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29428'. [ 1713.203702][ T129] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 1713.401632][ T129] usb 5-1: Using ep0 maxpacket: 8 [ 1713.420988][ T129] usb 5-1: config index 0 descriptor too short (expected 301, got 72) [ 1713.450890][ T129] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1713.492074][ T129] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1713.516686][ T129] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1713.544070][ T129] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1713.573721][ T129] usb 5-1: config 16 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 3 [ 1713.612527][ T129] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1713.623823][ T129] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1713.879778][ T129] usb 5-1: usb_control_msg returned -71 [ 1713.905737][ T129] usbtmc 5-1:16.0: can't read capabilities [ 1713.930872][ T129] usbtmc 5-1:16.0: Failed to submit iin_urb [ 1713.941192][ T129] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -90 [ 1713.966734][ T129] usb 5-1: USB disconnect, device number 13 [ 1714.271658][T14559] netlink: 16 bytes leftover after parsing attributes in process `syz.1.29439'. [ 1714.458217][ T50] tipc: Subscription rejected, illegal request [ 1714.616759][T14580] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29446'. [ 1716.206262][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1716.371200][T14648] bond1: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 1716.415796][T14648] bond1 (unregistering): Released all slaves [ 1716.479159][T14717] netlink: 28 bytes leftover after parsing attributes in process `syz.1.29470'. [ 1716.539147][T14718] netlink: 'syz.4.29473': attribute type 2 has an invalid length. [ 1716.574951][T14718] !: entered promiscuous mode [ 1716.607080][T14718] netlink: 'syz.4.29473': attribute type 2 has an invalid length. [ 1717.243816][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1717.815841][T25268] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1717.973441][T25268] usb 5-1: Using ep0 maxpacket: 16 [ 1717.985398][T25268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1718.003414][T25268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1718.014769][T25268] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1718.028249][T25268] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1718.038136][T25268] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1718.052109][T25268] usb 5-1: config 0 descriptor?? [ 1718.285780][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1718.489753][T25268] microsoft 0003:045E:07DA.0096: ignoring exceeding usage max [ 1718.511128][T25268] hid_parser_main: 3 callbacks suppressed [ 1718.511148][T25268] microsoft 0003:045E:07DA.0096: unknown main item tag 0x0 [ 1718.525646][T25268] microsoft 0003:045E:07DA.0096: unknown main item tag 0x0 [ 1718.533000][T25268] microsoft 0003:045E:07DA.0096: unknown main item tag 0x0 [ 1718.541345][T25268] microsoft 0003:045E:07DA.0096: unknown main item tag 0x0 [ 1718.549277][T25268] microsoft 0003:045E:07DA.0096: unknown main item tag 0x0 [ 1718.559701][T25268] microsoft 0003:045E:07DA.0096: unknown main item tag 0x0 [ 1718.567912][T25268] microsoft 0003:045E:07DA.0096: unknown main item tag 0x0 [ 1718.576162][T25268] microsoft 0003:045E:07DA.0096: unknown main item tag 0x0 [ 1718.583972][T25268] microsoft 0003:045E:07DA.0096: unknown main item tag 0x0 [ 1718.591794][T25268] microsoft 0003:045E:07DA.0096: unknown main item tag 0x0 [ 1718.621814][T25268] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0096/input/input226 [ 1718.721906][T25268] microsoft 0003:045E:07DA.0096: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 1718.780303][T25268] usb 5-1: USB disconnect, device number 14 [ 1718.887160][T14814] fido_id[14814]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 1719.896617][T14871] netlink: 40 bytes leftover after parsing attributes in process `syz.1.29514'. [ 1720.584620][T14896] netlink: 'syz.1.29522': attribute type 12 has an invalid length. [ 1720.608020][T14896] netlink: 190972 bytes leftover after parsing attributes in process `syz.1.29522'. [ 1720.623172][T14898] netlink: 'syz.4.29523': attribute type 29 has an invalid length. [ 1722.444343][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1722.465435][T14936] bond7: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 1722.485407][T14936] bond7 (unregistering): Released all slaves [ 1723.093415][T15017] tap0: tun_chr_ioctl cmd 1074025677 [ 1723.099047][T15017] tap0: linktype set to 1 [ 1723.483694][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1723.664652][T15040] netlink: 'syz.4.29551': attribute type 8 has an invalid length. [ 1724.477618][T15068] input: syz0 as /devices/virtual/input/input227 [ 1724.523602][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1724.674001][T25252] usb 4-1: new high-speed USB device number 116 using dummy_hcd [ 1724.854205][T25252] usb 4-1: config 0 has no interfaces? [ 1724.859769][T25252] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1724.884869][T25252] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1724.913216][T25252] usb 4-1: config 0 descriptor?? [ 1725.139199][T25947] usb 4-1: USB disconnect, device number 116 [ 1725.478323][T15122] dlm: non-version read from control device 34 [ 1725.637017][T15128] bridge0: entered promiscuous mode [ 1725.652811][T15128] macvlan3: entered promiscuous mode [ 1726.587476][T15166] netlink: 'syz.3.29591': attribute type 1 has an invalid length. [ 1726.619373][T15166] netlink: 'syz.3.29591': attribute type 2 has an invalid length. [ 1728.684171][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1728.737436][T25947] hid_parser_main: 3 callbacks suppressed [ 1728.737461][T25947] hid-generic 0003:0004:0000.0097: unknown main item tag 0x0 [ 1728.752553][T15264] netlink: 8 bytes leftover after parsing attributes in process `syz.4.29625'. [ 1728.764842][T25947] hid-generic 0003:0004:0000.0097: unknown main item tag 0x0 [ 1728.772301][T25947] hid-generic 0003:0004:0000.0097: unknown main item tag 0x0 [ 1728.846980][T25947] hid-generic 0003:0004:0000.0097: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 1729.018905][T15272] fido_id[15272]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1729.331954][T15299] random: crng reseeded on system resumption [ 1729.723844][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1729.782556][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1729.782577][ T30] audit: type=1326 audit(1769940570.945:7025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15320 comm="syz.2.29645" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf749d539 code=0x0 [ 1730.763818][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1730.978647][T15360] netlink: 24 bytes leftover after parsing attributes in process `syz.2.29657'. [ 1731.419411][T15379] loop6: detected capacity change from 0 to 515899392 [ 1731.893182][T15403] netlink: 28 bytes leftover after parsing attributes in process `syz.1.29673'. [ 1732.984103][T15477] netlink: 12 bytes leftover after parsing attributes in process `syz.3.29692'. [ 1734.064825][T15505] blkio.reset_stats is deprecated [ 1734.924253][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1735.129352][ T30] audit: type=1326 audit(1769940576.235:7026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.29718" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1735.158303][ T30] audit: type=1326 audit(1769940576.245:7027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.29718" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1735.250874][ T30] audit: type=1326 audit(1769940576.245:7028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.29718" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1735.347842][ T30] audit: type=1326 audit(1769940576.245:7029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.29718" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1735.434276][ T30] audit: type=1326 audit(1769940576.245:7030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.29718" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1735.457311][ T30] audit: type=1326 audit(1769940576.255:7031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.29718" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1735.480903][ T30] audit: type=1326 audit(1769940576.255:7032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.29718" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1735.568340][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1735.575329][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1735.590890][ T30] audit: type=1326 audit(1769940576.255:7033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.29718" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1735.654225][ T30] audit: type=1326 audit(1769940576.255:7034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.29718" exe="/root/syz-executor" sig=0 arch=40000003 syscall=371 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1735.680220][ T30] audit: type=1326 audit(1769940576.255:7035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.29718" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739d539 code=0x7ffc0000 [ 1735.964082][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1736.024526][T15585] netlink: 28 bytes leftover after parsing attributes in process `syz.4.29729'. [ 1736.122938][T15590] bond0: (slave ipip1): refused to change device type [ 1736.340340][T15603] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.29733'. [ 1737.003635][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1739.332346][T15760] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 1739.778360][T15777] netlink: 4 bytes leftover after parsing attributes in process `syz.4.29798'. [ 1740.093516][ T129] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1740.289088][ T129] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1740.301494][T25252] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 1740.309707][ T129] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1740.325545][ T129] usb 2-1: Product: syz [ 1740.330888][ T129] usb 2-1: Manufacturer: syz [ 1740.349800][ T129] usb 2-1: SerialNumber: syz [ 1740.473625][T25252] usb 5-1: Using ep0 maxpacket: 16 [ 1740.482778][T25252] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1740.494980][T25252] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1740.504662][T25252] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1740.519629][T25252] usb 5-1: config 0 descriptor?? [ 1740.770973][ T129] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1740.783898][ T129] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1740.951741][T25252] mcp2221 0003:04D8:00DD.0098: unknown main item tag 0x0 [ 1740.965057][T25252] mcp2221 0003:04D8:00DD.0098: unknown main item tag 0x0 [ 1740.972290][T25252] mcp2221 0003:04D8:00DD.0098: unknown main item tag 0x0 [ 1740.981293][T25252] mcp2221 0003:04D8:00DD.0098: unknown main item tag 0x0 [ 1740.992025][T25252] mcp2221 0003:04D8:00DD.0098: unknown main item tag 0x0 [ 1741.001171][ T129] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000010. ret = -EPROTO [ 1741.013764][T25252] mcp2221 0003:04D8:00DD.0098: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 1741.030164][ T129] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1741.041709][ T129] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1741.055057][ T129] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 1741.072533][ T129] usb 2-1: USB disconnect, device number 15 [ 1741.163988][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1741.242115][T15839] bond_slave_0: entered promiscuous mode [ 1741.247988][T15839] bond_slave_1: entered promiscuous mode [ 1741.256364][T15839] macsec1: entered allmulticast mode [ 1741.261770][T15839] bond0: entered allmulticast mode [ 1741.268070][T15839] bond_slave_0: entered allmulticast mode [ 1741.274758][T15839] bond_slave_1: entered allmulticast mode [ 1741.285778][T15839] bond0: left allmulticast mode [ 1741.291117][T15839] bond_slave_0: left allmulticast mode [ 1741.298170][T15839] bond_slave_1: left allmulticast mode [ 1741.304691][T15839] bond_slave_0: left promiscuous mode [ 1741.310238][T15839] bond_slave_1: left promiscuous mode [ 1741.355234][ T129] usb 5-1: USB disconnect, device number 15 [ 1741.987749][T15873] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29821'. [ 1742.074397][T15875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1742.085452][T15875] bond0: (slave ipip0): The slave device specified does not support setting the MAC address [ 1742.112925][T15875] bond0: (slave ipip0): Error -95 calling set_mac_address [ 1742.204056][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1742.232304][T15889] netlink: 12 bytes leftover after parsing attributes in process `syz.4.29823'. [ 1742.263908][T15889] netlink: 12 bytes leftover after parsing attributes in process `syz.4.29823'. [ 1743.243656][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1743.344370][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1743.396029][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1743.397910][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1743.484144][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 1744.128084][T15971] netlink: 272 bytes leftover after parsing attributes in process `syz.0.29856'. [ 1744.810770][T15999] futex_wake_op: syz.0.29866 tries to shift op by -1; fix this program [ 1745.215256][T16017] netlink: 'syz.2.29872': attribute type 11 has an invalid length. [ 1745.226023][T16017] netlink: 212332 bytes leftover after parsing attributes in process `syz.2.29872'. [ 1745.437428][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1745.460434][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1745.469888][ T129] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1745.880692][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1745.880713][ T30] audit: type=1326 audit(1769940587.045:7037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16009 comm="syz.4.29870" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7fc00000 [ 1746.034089][T25256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1746.124138][T25256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1746.322492][T16047] veth0_to_hsr: entered promiscuous mode [ 1746.328388][T16047] netdevsim netdevsim4 2: entered promiscuous mode [ 1746.353752][T16047] macsec2: entered allmulticast mode [ 1746.361261][T16047] bond0: entered allmulticast mode [ 1746.367528][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1746.423885][T16047] veth0_to_hsr: entered allmulticast mode [ 1746.436173][T16047] netdevsim netdevsim4 2: entered allmulticast mode [ 1746.486146][T16047] bond0: left allmulticast mode [ 1746.491411][T16047] veth0_to_hsr: left allmulticast mode [ 1746.498893][T16047] netdevsim netdevsim4 2: left allmulticast mode [ 1746.518247][T16047] veth0_to_hsr: left promiscuous mode [ 1746.523851][T16047] netdevsim netdevsim4 2: left promiscuous mode [ 1747.404278][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1747.415201][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1748.443608][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1748.452335][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1748.633779][T16168] netlink: 27 bytes leftover after parsing attributes in process `syz.1.29918'. [ 1749.483522][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1749.492029][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1749.803937][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1750.033033][T16232] input: syz0 as /devices/virtual/input/input231 [ 1750.213663][T16242] netlink: 8 bytes leftover after parsing attributes in process `syz.4.29941'. [ 1751.563830][ C0] net_ratelimit: 1 callbacks suppressed [ 1751.563853][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1751.726933][T16291] netlink: 36 bytes leftover after parsing attributes in process `syz.1.29959'. [ 1752.603673][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1752.709917][ T30] audit: type=1804 audit(1769940593.875:7038): pid=16335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.29974" name="/newroot/5807/file1" dev="tmpfs" ino=29193 res=1 errno=0 [ 1753.644128][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1753.653870][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1754.195282][ T129] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 1754.385895][ T129] usb 5-1: config 27 interface 0 altsetting 0 has an endpoint descriptor with address 0x78, changing to 0x8 [ 1754.420127][ T129] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 10 [ 1754.458947][ T129] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8 has invalid maxpacket 127, setting to 64 [ 1754.478378][ T129] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 5853, setting to 64 [ 1754.499712][ T129] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1754.519382][ T129] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1754.561383][T16392] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1754.576536][T16392] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1754.606299][ T129] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1754.625869][ T129] usb 5-1: invalid MIDI in EP 0 [ 1754.683632][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1754.692245][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1754.770838][ T129] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 1754.837264][ T129] usb 5-1: USB disconnect, device number 16 [ 1754.938998][T16448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.30003'. [ 1754.953471][T16448] netlink: 12 bytes leftover after parsing attributes in process `syz.3.30003'. [ 1755.723590][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1755.732270][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1756.764695][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1757.803544][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1758.603533][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1758.843790][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1759.606612][T18002] loop4: detected capacity change from 0 to 1 [ 1759.621307][T18002] Dev loop4: unable to read RDB block 1 [ 1759.627305][T18002] loop4: unable to read partition table [ 1759.634580][T18002] loop4: partition table beyond EOD, truncated [ 1759.640916][T18002] loop_reread_partitions: partition scan of loop4 (被x^> ) failed (rc=-5) [ 1759.884159][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1759.893680][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1760.033579][T25256] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 1760.193573][T25256] usb 5-1: Using ep0 maxpacket: 32 [ 1760.201103][T25256] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1760.221135][T25256] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1760.240525][T25256] usb 5-1: config 0 descriptor?? [ 1760.464540][T25256] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1760.483879][T25268] usb 4-1: new high-speed USB device number 117 using dummy_hcd [ 1760.494360][T25256] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1760.521250][T25256] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1760.532074][T25256] usb 5-1: media controller created [ 1760.551493][T25256] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1760.664182][T25268] usb 4-1: Using ep0 maxpacket: 8 [ 1760.670213][T25256] az6027: usb out operation failed. (-71) [ 1760.680684][T25268] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1760.692860][T25256] az6027: usb out operation failed. (-71) [ 1760.706665][T25256] stb0899_attach: Driver disabled by Kconfig [ 1760.713707][T25268] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1760.721758][T25268] usb 4-1: Product: syz [ 1760.725906][T25256] az6027: no front-end attached [ 1760.725906][T25256] [ 1760.739420][T25256] az6027: usb out operation failed. (-71) [ 1760.745927][T25268] usb 4-1: Manufacturer: syz [ 1760.745953][T25268] usb 4-1: SerialNumber: syz [ 1760.761536][T25268] usb 4-1: config 0 descriptor?? [ 1760.779792][T25256] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1760.793145][T25268] gspca_main: se401-2.14.0 probing 047d:5003 [ 1760.793227][T25256] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input232 [ 1760.810856][T25256] dvb-usb: schedule remote query interval to 400 msecs. [ 1760.810882][T25256] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1760.821667][T25256] usb 5-1: USB disconnect, device number 17 [ 1760.923818][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1760.932504][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1760.963617][T25256] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1761.461315][T25268] input: se401 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input233 [ 1761.529696][T25268] usb 4-1: USB disconnect, device number 117 [ 1761.963553][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1761.972192][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1762.302420][T18140] tmpfs: Unknown parameter 'r' [ 1763.004950][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1764.043782][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1764.359678][T18288] netlink: 'syz.2.30128': attribute type 9 has an invalid length. [ 1764.373640][T18288] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.30128'. [ 1765.083659][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1765.353965][ T129] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 1765.503666][ T129] usb 5-1: Using ep0 maxpacket: 16 [ 1765.510779][ T129] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1765.520339][ T129] usb 5-1: config 0 has no interface number 0 [ 1765.526636][ T129] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1765.537619][ T129] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1765.547667][ T129] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 1765.556996][ T129] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1765.568591][ T129] usb 5-1: config 0 descriptor?? [ 1766.134115][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1766.143459][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1766.181531][ T129] uclogic 0003:28BD:0071.0099: pen parameters not found [ 1766.189069][ T129] uclogic 0003:28BD:0071.0099: interface is invalid, ignoring [ 1766.385391][ T129] usb 5-1: USB disconnect, device number 18 [ 1767.163599][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1767.172447][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1767.679452][T18417] netlink: 4 bytes leftover after parsing attributes in process `syz.4.30169'. [ 1767.963749][T25252] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 1768.214214][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1768.222868][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1768.236511][T25252] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1768.253528][T25252] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1768.267910][T25252] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 1768.281526][T25252] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1768.292197][T25252] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1768.300813][T25252] usb 4-1: Product: syz [ 1768.305394][T25252] usb 4-1: Manufacturer: syz [ 1768.310036][T25252] usb 4-1: SerialNumber: syz [ 1768.319389][T25252] usb 4-1: config 0 descriptor?? [ 1768.325859][T18421] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1768.357497][T18421] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1768.371207][T25252] usb 4-1: ucan: probing device on interface #0 [ 1768.548780][T18459] bridge0: port 1(vlan3) entered blocking state [ 1768.555438][T18459] bridge0: port 1(vlan3) entered disabled state [ 1768.562063][T18459] vlan3: entered allmulticast mode [ 1768.593704][T18459] bridge0: entered allmulticast mode [ 1768.616113][T18459] vlan3: left allmulticast mode [ 1768.621046][T18459] bridge0: left allmulticast mode [ 1769.027904][T25252] ucan 4-1:0.0 can0: registered device [ 1769.217231][T25252] ucan 4-1:0.0 can0: firmware string: unknown [ 1769.229133][T25252] usb 4-1: USB disconnect, device number 118 [ 1769.244675][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1769.408577][T18498] kvm_intel: kvm [18495]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x2000000000003 [ 1769.858815][T18521] vivid-004: disconnect [ 1769.864408][T18521] vivid-004: reconnect [ 1770.019323][T18530] netlink: 16 bytes leftover after parsing attributes in process `syz.0.30198'. [ 1770.293684][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1770.750920][T18567] misc userio: Can't change port type on an already running userio instance [ 1771.323794][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1772.345521][T18625] netlink: 'syz.3.30235': attribute type 1 has an invalid length. [ 1772.364371][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1772.374064][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1773.179708][T18651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30246'. [ 1773.403714][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1773.412378][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1773.445481][T25252] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 1773.620979][T25252] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 1773.630784][T25252] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1773.654181][T25252] usb 5-1: Product: syz [ 1773.658425][T25252] usb 5-1: Manufacturer: syz [ 1773.684575][T25252] usb 5-1: SerialNumber: syz [ 1773.705046][T25252] usb 5-1: config 0 descriptor?? [ 1773.745680][T25256] usb 4-1: new high-speed USB device number 119 using dummy_hcd [ 1773.913540][T25256] usb 4-1: Using ep0 maxpacket: 16 [ 1773.938616][T25256] usb 4-1: too many endpoints for config 0 interface 0 altsetting 238: 237, using maximum allowed: 30 [ 1773.984316][ T129] usb 5-1: USB disconnect, device number 19 [ 1774.005661][T25256] usb 4-1: config 0 interface 0 altsetting 238 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1774.058305][T25256] usb 4-1: config 0 interface 0 altsetting 238 has 1 endpoint descriptor, different from the interface descriptor's value: 237 [ 1774.082066][T25256] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1774.091244][T25256] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1774.100987][T25256] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1774.134709][T25256] usb 4-1: config 0 descriptor?? [ 1774.453724][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1774.462467][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1774.583275][T25256] mcp2221 0003:04D8:00DD.009A: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 1774.977472][T25256] usb 4-1: USB disconnect, device number 119 [ 1775.115155][T18781] autofs4:pid:18781:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1803188595.1701604449), cmd(0xc0189371) [ 1775.163546][T18781] autofs4:pid:18781:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189371) [ 1775.243587][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1775.484782][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1775.844064][T18804] netlink: 44 bytes leftover after parsing attributes in process `syz.3.30287'. [ 1776.121558][T18820] tmpfs: Unknown parameter 'fuse' [ 1776.524323][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1777.563849][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1778.318498][T18941] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30337'. [ 1778.387066][T18941] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30337'. [ 1778.465671][T18948] netlink: 8 bytes leftover after parsing attributes in process `syz.0.30340'. [ 1778.493507][T18948] netlink: 12 bytes leftover after parsing attributes in process `syz.0.30340'. [ 1778.603933][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1778.613569][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1779.129318][T18971] netlink: 20 bytes leftover after parsing attributes in process `syz.0.30350'. [ 1779.203741][T18973] netlink: 20 bytes leftover after parsing attributes in process `syz.0.30350'. [ 1779.643743][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1779.652445][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1780.669171][T19049] bridge: RTM_NEWNEIGH with invalid state 0x8 [ 1780.683778][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1780.692361][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1781.724919][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1781.885406][T19089] netlink: 8 bytes leftover after parsing attributes in process `syz.3.30395'. [ 1781.931373][T19089] netlink: 'syz.3.30395': attribute type 30 has an invalid length. [ 1781.946273][T19089] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30395'. [ 1782.217241][T19101] netlink: 8 bytes leftover after parsing attributes in process `syz.3.30401'. [ 1782.763877][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1783.306961][T19182] netlink: 224 bytes leftover after parsing attributes in process `syz.2.30425'. [ 1783.358553][T19182] netlink: 220 bytes leftover after parsing attributes in process `syz.2.30425'. [ 1783.803762][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1784.844115][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1784.853854][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1785.274775][T19307] usb usb8: usbfs: process 19307 (syz.1.30462) did not claim interface 0 before use [ 1785.293870][T19307] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1785.384577][T19310] sch_fq: defrate 0 ignored. [ 1785.893816][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1785.902494][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1785.989658][T19342] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.30475'. [ 1786.693887][T25256] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 1786.866017][T25256] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1786.886669][T25256] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1786.907979][T25256] usb 5-1: config 0 descriptor?? [ 1786.933572][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1786.942321][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1786.959041][T25256] cp210x 5-1:0.0: cp210x converter detected [ 1787.365964][T25256] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1787.425144][T25256] usb 5-1: cp210x converter now attached to ttyUSB0 [ 1787.612556][ T6166] usb 5-1: USB disconnect, device number 20 [ 1787.624223][ T6166] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1787.677708][ T6166] cp210x 5-1:0.0: device disconnected [ 1787.756370][T19446] netlink: 32 bytes leftover after parsing attributes in process `syz.1.30504'. [ 1787.775515][T19446] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1787.964802][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1788.080131][T19457] netlink: 24 bytes leftover after parsing attributes in process `syz.2.30508'. [ 1788.097595][T19457] netlink: 24 bytes leftover after parsing attributes in process `syz.2.30508'. [ 1789.003650][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1789.137366][T19517] dummy0: entered allmulticast mode [ 1789.348419][T19534] netlink: 8 bytes leftover after parsing attributes in process `syz.0.30536'. [ 1789.359996][T19534] netlink: 16 bytes leftover after parsing attributes in process `syz.0.30536'. [ 1789.591521][T19545] netlink: 'syz.1.30540': attribute type 9 has an invalid length. [ 1789.604635][T19545] netlink: 8 bytes leftover after parsing attributes in process `syz.1.30540'. [ 1789.627297][T19545] hsr0: entered promiscuous mode [ 1789.633191][T19545] macvlan2: entered promiscuous mode [ 1789.639935][T19545] macvlan2: entered allmulticast mode [ 1789.645819][T19545] hsr0: entered allmulticast mode [ 1789.661476][T19545] hsr_slave_0: entered allmulticast mode [ 1789.673962][T19545] hsr_slave_1: entered allmulticast mode [ 1789.746297][T19551] .: (slave wlan1): Releasing backup interface [ 1789.906510][T19559] netlink: 52 bytes leftover after parsing attributes in process `syz.1.30543'. [ 1790.043754][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1790.655006][T19587] batadv_slave_0: entered promiscuous mode [ 1790.674973][T19587] batman_adv: batadv0: Adding interface: macsec1 [ 1790.686746][T19587] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1790.735480][T19587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1790.763492][T19587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1790.774181][T19587] batman_adv: batadv0: Interface activated: macsec1 [ 1791.083983][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1791.093581][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1791.177060][T19608] netlink: 12 bytes leftover after parsing attributes in process `syz.3.30562'. [ 1792.123561][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1792.132262][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1792.473447][T25947] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1792.633502][T25947] usb 5-1: Using ep0 maxpacket: 16 [ 1792.641337][T25947] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1792.656056][T25947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1792.672203][T25947] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1792.692357][T25947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1792.710250][T25947] usb 5-1: Product: syz [ 1792.720310][T25947] usb 5-1: Manufacturer: syz [ 1792.730783][T25947] usb 5-1: SerialNumber: syz [ 1792.759797][T25947] usb 5-1: config 0 descriptor?? [ 1792.781629][T25947] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1792.792165][T25947] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 1793.163530][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1793.172208][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1793.393556][T25947] em28xx 5-1:0.0: chip ID is em2800 [ 1793.584668][T19723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.30600'. [ 1793.596295][T25947] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 1793.623773][T25947] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 1793.641094][T25947] em28xx 5-1:0.0: No AC97 audio processor [ 1793.668025][T25947] usb 5-1: USB disconnect, device number 21 [ 1793.690068][T25947] em28xx 5-1:0.0: Disconnecting em28xx [ 1793.712027][T25947] em28xx 5-1:0.0: Freeing device [ 1794.048541][T19748] pimreg: tun_chr_ioctl cmd 2148553947 [ 1794.204965][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1794.329218][T19767] erspan0: entered promiscuous mode [ 1794.438782][ T30] audit: type=1326 audit(1769940635.605:7039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19775 comm="syz.4.30615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1794.503522][ T30] audit: type=1326 audit(1769940635.635:7040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19775 comm="syz.4.30615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1794.561311][ T30] audit: type=1326 audit(1769940635.635:7041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19775 comm="syz.4.30615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1794.618838][ T30] audit: type=1326 audit(1769940635.635:7042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19775 comm="syz.4.30615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1794.684551][ T30] audit: type=1326 audit(1769940635.635:7043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19775 comm="syz.4.30615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1794.748251][ T30] audit: type=1326 audit(1769940635.645:7044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19775 comm="syz.4.30615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1794.754002][T19785] netlink: 8 bytes leftover after parsing attributes in process `syz.2.30620'. [ 1794.821249][ T30] audit: type=1326 audit(1769940635.645:7045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19775 comm="syz.4.30615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16539 code=0x7ffc0000 [ 1795.253531][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1796.283609][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1796.310969][T19861] vivid-004: disconnect [ 1796.878994][T19882] erspan0: entered promiscuous mode [ 1797.007534][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1797.022056][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1797.058776][T19856] vivid-004: reconnect [ 1797.276327][T19910] netlink: 'syz.4.30662': attribute type 1 has an invalid length. [ 1797.324144][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1797.333801][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1798.363580][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1798.372251][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1798.392920][T19968] tmpfs: Unknown parameter 'rootmode' [ 1798.432163][T19970] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30678'. [ 1799.111025][T20009] netlink: 'syz.0.30691': attribute type 3 has an invalid length. [ 1799.119475][T20009] netlink: 776 bytes leftover after parsing attributes in process `syz.0.30691'. [ 1799.403696][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1799.412224][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1799.438890][T20019] kvm: user requested TSC rate below hardware speed [ 1799.751748][T20038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.30702'. [ 1799.933803][T20049] netlink: 27 bytes leftover after parsing attributes in process `syz.0.30707'. [ 1800.444785][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1800.669998][T20092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30720'. [ 1801.266508][T20113] netlink: 'syz.3.30729': attribute type 3 has an invalid length. [ 1801.282719][T20113] netlink: 8 bytes leftover after parsing attributes in process `syz.3.30729'. [ 1801.348189][T20093] program syz.4.30719 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1801.484028][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1801.643178][T20128] netem: change failed [ 1802.361281][T20170] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1802.474900][T20170] dummy0: left allmulticast mode [ 1802.485502][T20170] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1802.523614][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1802.657801][T20182] loop6: detected capacity change from 0 to 7 [ 1802.671182][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1802.680992][ C0] buffer_io_error: 9 callbacks suppressed [ 1802.681008][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1802.705004][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1802.714768][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1802.726039][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 1802.735519][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1802.745136][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1802.775369][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1802.785117][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1802.793905][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1802.803771][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1802.817807][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1802.827487][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1802.838026][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1802.847639][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1802.856457][T11023] ldm_validate_partition_table(): Disk read failed. [ 1802.873667][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1802.883398][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1802.900700][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1802.910383][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1802.922571][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1802.933434][T11023] Dev loop6: unable to read RDB block 0 [ 1802.940915][T11023] loop6: unable to read partition table [ 1802.954297][T11023] loop6: partition table beyond EOD, truncated [ 1802.966228][T20182] ldm_validate_partition_table(): Disk read failed. [ 1802.982442][T20182] Dev loop6: unable to read RDB block 0 [ 1802.989364][T20182] loop6: unable to read partition table [ 1802.999205][T20182] loop6: partition table beyond EOD, truncated [ 1803.006575][T20182] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 1803.447643][ T30] audit: type=1326 audit(1769940644.615:7046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20216 comm="syz.2.30760" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf749d539 code=0x0 [ 1803.564026][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1803.573718][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1803.952374][T20234] netlink: 28 bytes leftover after parsing attributes in process `syz.1.30765'. [ 1803.961854][T20233] C: renamed from team_slave_0 (while UP) [ 1803.970195][T20233] netlink: 'syz.3.30764': attribute type 2 has an invalid length. [ 1803.979133][T20233] netlink: 128 bytes leftover after parsing attributes in process `syz.3.30764'. [ 1804.003660][T20233] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1804.392322][T20254] sctp: [Deprecated]: syz.2.30773 (pid 20254) Use of int in maxseg socket option. [ 1804.392322][T20254] Use struct sctp_assoc_value instead [ 1804.603607][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1804.612250][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1804.621208][T25256] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 1804.793495][T25256] usb 5-1: Using ep0 maxpacket: 16 [ 1804.800677][T25256] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1804.825352][T25256] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1804.853644][T25256] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1804.875523][T25256] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1804.894217][T25256] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1804.907407][T25256] usb 5-1: config 0 descriptor?? [ 1804.927436][T20276] netlink: 'syz.2.30780': attribute type 2 has an invalid length. [ 1804.935867][T20276] netlink: 12 bytes leftover after parsing attributes in process `syz.2.30780'. [ 1805.031498][T20276] bond7 (unregistering): Released all slaves [ 1805.090249][T20343] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30782'. [ 1805.336989][T25256] microsoft 0003:045E:07DA.009B: unknown main item tag 0x0 [ 1805.345657][T20356] binder: 20354:20356 ioctl 400c620e 80000140 returned -22 [ 1805.353541][T25256] microsoft 0003:045E:07DA.009B: ignoring exceeding usage max [ 1805.376954][T25256] microsoft 0003:045E:07DA.009B: unknown main item tag 0x0 [ 1805.398374][T25256] microsoft 0003:045E:07DA.009B: unknown main item tag 0x0 [ 1805.412843][T25256] microsoft 0003:045E:07DA.009B: unknown main item tag 0x0 [ 1805.421107][T25256] microsoft 0003:045E:07DA.009B: unknown main item tag 0x0 [ 1805.442780][T25256] microsoft 0003:045E:07DA.009B: unknown main item tag 0x0 [ 1805.450848][T25256] microsoft 0003:045E:07DA.009B: unknown main item tag 0x0 [ 1805.463518][T25256] microsoft 0003:045E:07DA.009B: unknown main item tag 0x0 [ 1805.470807][T25256] microsoft 0003:045E:07DA.009B: unknown main item tag 0x0 [ 1805.493224][T25256] microsoft 0003:045E:07DA.009B: unknown main item tag 0x0 [ 1805.537203][T25256] microsoft 0003:045E:07DA.009B: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 1805.564134][T25256] microsoft 0003:045E:07DA.009B: no inputs found [ 1805.570580][T25256] microsoft 0003:045E:07DA.009B: could not initialize ff, continuing anyway [ 1805.643567][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1805.652128][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1805.829773][T25256] usb 5-1: USB disconnect, device number 22 [ 1806.398542][T20424] netlink: 8 bytes leftover after parsing attributes in process `syz.3.30805'. [ 1806.684880][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1806.771557][T20446] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30813'. [ 1807.082156][T20466] erspan0: entered promiscuous mode [ 1807.487457][T20483] netlink: 'syz.2.30823': attribute type 2 has an invalid length. [ 1807.504309][T20483] netlink: 16158 bytes leftover after parsing attributes in process `syz.2.30823'. [ 1807.677628][T20487] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1807.723571][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1808.190193][T20506] netlink: 12 bytes leftover after parsing attributes in process `syz.2.30832'. [ 1808.533816][T20521] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1808.763646][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1808.821938][T20522] syz_tun: left promiscuous mode [ 1808.898503][T20522] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1809.493176][T20550] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1809.549363][T20550] bond0: (slave bond1): Enslaving as an active interface with an up link [ 1809.803971][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1809.813616][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1810.001819][T20602] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1810.173169][T20604] syz_tun: left promiscuous mode [ 1810.191605][T20604] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1810.443940][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1810.752290][T20638] netlink: 4 bytes leftover after parsing attributes in process `syz.2.30871'. [ 1810.843599][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1810.852431][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1810.936782][T20642] netlink: 212340 bytes leftover after parsing attributes in process `syz.3.30873'. [ 1810.965423][T20642] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 1811.144921][T20653] 8021q: adding VLAN 0 to HW filter on device team0 [ 1811.186354][T20657] sit0: left promiscuous mode [ 1811.607594][T20673] netlink: 8 bytes leftover after parsing attributes in process `syz.3.30881'. [ 1812.469409][T20703] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30892'. [ 1812.481708][T20703] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30892'. [ 1813.451092][T20753] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1813.458505][T20753] IPv6: NLM_F_CREATE should be set when creating new route [ 1813.465854][T20753] IPv6: NLM_F_CREATE should be set when creating new route [ 1813.473117][T20753] IPv6: NLM_F_CREATE should be set when creating new route [ 1813.557945][T20758] loop7: detected capacity change from 0 to 7 [ 1813.591488][ C0] blk_print_req_error: 26 callbacks suppressed [ 1813.591513][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1813.607408][ C0] buffer_io_error: 25 callbacks suppressed [ 1813.607430][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1813.626416][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1813.636104][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1813.653755][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1813.663436][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1813.672699][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1813.682406][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1813.963718][ C0] net_ratelimit: 5 callbacks suppressed [ 1813.963739][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1814.113984][T20758] Dev loop7: unable to read RDB block 7 [ 1814.119787][T20758] loop7: unable to read partition table [ 1814.125799][T20758] loop7: partition table beyond EOD, truncated [ 1814.132145][T20758] loop_reread_partitions: partition scan of loop7 (09%|ʱZO־(;-9w') failed (rc=-5) [ 1814.837905][T20810] netlink: 'syz.1.30929': attribute type 1 has an invalid length. [ 1814.846369][T20810] netlink: 'syz.1.30929': attribute type 2 has an invalid length. [ 1814.855011][T20810] netlink: 'syz.1.30929': attribute type 1 has an invalid length. [ 1814.863133][T20810] netlink: 'syz.1.30929': attribute type 3 has an invalid length. [ 1814.872182][T20810] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30929'. [ 1815.003619][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1815.057322][T20818] netlink: 48 bytes leftover after parsing attributes in process `syz.1.30933'. [ 1815.341243][T20832] netlink: 24 bytes leftover after parsing attributes in process `syz.3.30938'. [ 1816.044052][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1816.053731][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1816.335511][T20900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30960'. [ 1816.347027][T20900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30960'. [ 1817.083604][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1817.092252][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1817.725906][T25268] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1817.759360][T20961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1817.780010][T20961] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1817.798040][T20964] lo: left promiscuous mode [ 1817.890375][T20964] dummy0: left promiscuous mode [ 1817.902768][T20964] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1817.919128][T25252] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1817.929207][T20968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.30985'. [ 1819.025787][ T129] net_ratelimit: 3 callbacks suppressed [ 1819.025808][ T129] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1819.091979][T21043] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1819.164824][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1819.237047][ T129] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1819.265895][T21047] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1819.746366][ T129] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1820.203527][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1820.506993][T21106] macvlan0: entered promiscuous mode [ 1820.572321][ C1] vcan0: j1939_tp_rxtimer: 0xffff888041e11800: rx timeout, send abort [ 1820.767957][T21115] netlink: 12 bytes leftover after parsing attributes in process `syz.4.31036'. [ 1820.793672][T21115] netlink: 12 bytes leftover after parsing attributes in process `syz.4.31036'. [ 1821.083053][ C1] vcan0: j1939_tp_rxtimer: 0xffff888041e11800: abort rx timeout. Force session deactivation [ 1821.243662][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1821.554057][T21143] kvm: kvm [21142]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x7 [ 1821.997198][T21165] binder: 21163:21165 ioctl c0306201 80000640 returned -22 [ 1822.283889][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1822.293543][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1822.622873][T21195] netlink: 12 bytes leftover after parsing attributes in process `syz.3.31062'. [ 1822.622904][T21195] netlink: 12 bytes leftover after parsing attributes in process `syz.3.31062'. [ 1823.593506][ T6166] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1823.755809][ T6166] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1823.772709][ T6166] usb 5-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 1823.782778][ T6166] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1823.795552][ T6166] usb 5-1: config 0 descriptor?? [ 1824.225598][ T6166] hid_parser_main: 1 callbacks suppressed [ 1824.225625][ T6166] elecom 0003:056E:00FE.009C: unknown main item tag 0x0 [ 1824.244794][ T6166] elecom 0003:056E:00FE.009C: unknown main item tag 0x0 [ 1824.252158][ T6166] elecom 0003:056E:00FE.009C: unknown main item tag 0x0 [ 1824.277431][ T6166] elecom 0003:056E:00FE.009C: unknown main item tag 0x0 [ 1824.285807][ T6166] elecom 0003:056E:00FE.009C: unknown main item tag 0x0 [ 1824.309130][ T6166] elecom 0003:056E:00FE.009C: unknown main item tag 0x0 [ 1824.316817][ T6166] elecom 0003:056E:00FE.009C: unknown main item tag 0x0 [ 1824.325795][ T6166] elecom 0003:056E:00FE.009C: unknown main item tag 0x0 [ 1824.332833][ T6166] elecom 0003:056E:00FE.009C: unknown main item tag 0x0 [ 1824.341065][ T6166] elecom 0003:056E:00FE.009C: unknown main item tag 0x0 [ 1824.373614][ C0] net_ratelimit: 2 callbacks suppressed [ 1824.373639][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1824.387942][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1824.468736][ T6166] elecom 0003:056E:00FE.009C: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.4-1/input0 [ 1824.487230][ T6166] usb 5-1: USB disconnect, device number 23 [ 1824.682779][T21318] fido_id[21318]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 1824.703763][T13715] Bluetooth: hci3: command 0x0406 tx timeout [ 1825.404976][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1826.027436][T21362] netlink: 'syz.3.31110': attribute type 6 has an invalid length. [ 1826.042514][T21362] netlink: 'syz.3.31110': attribute type 6 has an invalid length. [ 1826.188109][T21370] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 1826.294458][ C0] vcan0: j1939_tp_rxtimer: 0xffff888044503000: rx timeout, send abort [ 1826.364238][T21376] vlan2: entered promiscuous mode [ 1826.373418][T21376] bond0: entered promiscuous mode [ 1826.378519][T21376] bond_slave_0: entered promiscuous mode [ 1826.395301][T21376] bond_slave_1: entered promiscuous mode [ 1826.402161][T21376] bond1: entered promiscuous mode [ 1826.443585][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1826.802774][ C0] vcan0: j1939_tp_rxtimer: 0xffff888044503000: abort rx timeout. Force session deactivation [ 1827.014180][ T30] audit: type=1326 audit(1769940668.175:7047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21403 comm="syz.0.31121" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1827.045250][ T30] audit: type=1326 audit(1769940668.175:7048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21403 comm="syz.0.31121" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1827.072108][ T30] audit: type=1326 audit(1769940668.175:7049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21403 comm="syz.0.31121" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1827.097335][ T30] audit: type=1326 audit(1769940668.175:7050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21403 comm="syz.0.31121" exe="/root/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1827.120066][ T30] audit: type=1326 audit(1769940668.175:7051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21403 comm="syz.0.31121" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1827.143051][ T30] audit: type=1326 audit(1769940668.175:7052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21403 comm="syz.0.31121" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1827.166188][ T30] audit: type=1326 audit(1769940668.185:7053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21403 comm="syz.0.31121" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1827.189071][ T30] audit: type=1326 audit(1769940668.185:7054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21403 comm="syz.0.31121" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1827.212137][ T30] audit: type=1326 audit(1769940668.195:7056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21403 comm="syz.0.31121" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1827.251543][ T30] audit: type=1326 audit(1769940668.185:7055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21403 comm="syz.0.31121" exe="/root/syz-executor" sig=0 arch=40000003 syscall=341 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1827.470043][T21418] netlink: 'syz.1.31126': attribute type 6 has an invalid length. [ 1827.483762][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1827.501784][T21418] netlink: 14623 bytes leftover after parsing attributes in process `syz.1.31126'. [ 1827.704358][T21435] loop6: detected capacity change from 0 to 1 [ 1827.722011][T21435] Dev loop6: unable to read RDB block 1 [ 1827.735022][T21435] loop6: unable to read partition table [ 1827.741043][T21435] loop6: partition table beyond EOD, truncated [ 1827.763961][T21435] loop_reread_partitions: partition scan of loop6 (u0v ) failed (rc=-5) [ 1827.785500][ T5196] Dev loop6: unable to read RDB block 1 [ 1827.791190][ T5196] loop6: unable to read partition table [ 1827.800543][ T5196] loop6: partition table beyond EOD, truncated [ 1827.906582][T21444] dvmrp1: tun_chr_ioctl cmd 35108 [ 1827.942758][T21451] tun0: tun_chr_ioctl cmd 1074025680 [ 1828.315256][T21474] netlink: 'syz.3.31144': attribute type 2 has an invalid length. [ 1828.533946][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1828.543827][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1828.802194][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801fede400: rx timeout, send abort [ 1829.310552][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801fede400: abort rx timeout. Force session deactivation [ 1829.563551][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1829.572078][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1829.629459][T21565] netlink: 56 bytes leftover after parsing attributes in process `syz.2.31168'. [ 1829.639013][T21565] netlink: 16 bytes leftover after parsing attributes in process `syz.2.31168'. [ 1830.603527][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1830.612251][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1831.489471][T21666] sctp: [Deprecated]: syz.2.31196 (pid 21666) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1831.489471][T21666] Use struct sctp_sack_info instead [ 1831.644847][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1831.788328][T21678] netlink: 4 bytes leftover after parsing attributes in process `syz.3.31202'. [ 1832.007197][T21691] netlink: 4 bytes leftover after parsing attributes in process `syz.2.31207'. [ 1832.034675][T21691] netlink: 104 bytes leftover after parsing attributes in process `syz.2.31207'. [ 1832.045482][T21691] netlink: 104 bytes leftover after parsing attributes in process `syz.2.31207'. [ 1832.304703][T21709] netlink: 20 bytes leftover after parsing attributes in process `syz.4.31215'. [ 1832.421803][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 1832.421826][ T30] audit: type=1326 audit(1769940673.585:7066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21712 comm="syz.0.31216" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1832.514116][ T30] audit: type=1326 audit(1769940673.585:7067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21712 comm="syz.0.31216" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1832.543159][ T30] audit: type=1326 audit(1769940673.625:7068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21712 comm="syz.0.31216" exe="/root/syz-executor" sig=0 arch=40000003 syscall=144 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1832.566439][ T30] audit: type=1326 audit(1769940673.625:7069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21712 comm="syz.0.31216" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1832.589170][ T30] audit: type=1326 audit(1769940673.625:7070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21712 comm="syz.0.31216" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1832.628925][ T30] audit: type=1326 audit(1769940673.625:7071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21712 comm="syz.0.31216" exe="/root/syz-executor" sig=0 arch=40000003 syscall=400 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1832.693543][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1832.704798][ T30] audit: type=1326 audit(1769940673.625:7072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21712 comm="syz.0.31216" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1832.748752][ T30] audit: type=1326 audit(1769940673.625:7073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21712 comm="syz.0.31216" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1832.803149][ T30] audit: type=1326 audit(1769940673.635:7074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21712 comm="syz.0.31216" exe="/root/syz-executor" sig=0 arch=40000003 syscall=401 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1833.709196][T21800] netlink: 'syz.3.31241': attribute type 5 has an invalid length. [ 1833.717713][T21800] netlink: 12 bytes leftover after parsing attributes in process `syz.3.31241'. [ 1833.733607][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1833.783449][ T6166] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1833.946316][ T6166] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1833.968935][ T6166] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1833.989328][ T6166] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1834.005488][ T6166] usb 5-1: config 0 descriptor?? [ 1834.018471][ T6166] pwc: Askey VC010 type 2 USB webcam detected. [ 1834.113532][T25256] usb 4-1: new full-speed USB device number 120 using dummy_hcd [ 1834.276260][T25256] usb 4-1: config 145 has an invalid descriptor of length 0, skipping remainder of the config [ 1834.292417][T25256] usb 4-1: config 145 has 0 interfaces, different from the descriptor's value: 1 [ 1834.316123][T25256] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1834.332893][T25256] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1834.341748][T25256] usb 4-1: Product: syz [ 1834.346536][T25256] usb 4-1: Manufacturer: syz [ 1834.351189][T25256] usb 4-1: SerialNumber: syz [ 1834.420866][ T6166] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1834.526147][T21835] Dev loop6: unable to read RDB block 1 [ 1834.531847][T21835] loop6: unable to read partition table [ 1834.552238][T21835] loop6: partition table beyond EOD, truncated [ 1834.573468][T21835] loop_reread_partitions: partition scan of loop6 (u0v ) failed (rc=-5) [ 1834.646692][ T6166] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1834.664730][ T6166] pwc: recv_control_msg error -71 req 04 val 1000 [ 1834.671815][ T6166] pwc: recv_control_msg error -71 req 04 val 1300 [ 1834.692445][ T6166] pwc: recv_control_msg error -71 req 04 val 1400 [ 1834.713487][ T6166] pwc: recv_control_msg error -71 req 02 val 2000 [ 1834.720549][ T6166] pwc: recv_control_msg error -71 req 02 val 2100 [ 1834.736020][ T6166] pwc: recv_control_msg error -71 req 04 val 1500 [ 1834.755007][ T6166] pwc: recv_control_msg error -71 req 02 val 2500 [ 1834.762013][ T6166] pwc: recv_control_msg error -71 req 02 val 2400 [ 1834.774016][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1834.783652][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1834.784203][ T6166] pwc: recv_control_msg error -71 req 02 val 2600 [ 1834.806727][T25256] usb 4-1: USB disconnect, device number 120 [ 1834.817362][ T6166] pwc: recv_control_msg error -71 req 02 val 2900 [ 1834.853045][ T6166] pwc: recv_control_msg error -71 req 02 val 2800 [ 1834.869819][ T6166] pwc: recv_control_msg error -71 req 04 val 1100 [ 1834.888408][ T6166] pwc: recv_control_msg error -71 req 04 val 1200 [ 1834.917213][ T6166] pwc: Registered as video103. [ 1834.945623][ T6166] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input240 [ 1834.997508][ T6166] usb 5-1: USB disconnect, device number 24 [ 1835.638886][T21895] batman_adv: batadv0: Adding interface: ipvlan3 [ 1835.645720][T21895] batman_adv: batadv0: The MTU of interface ipvlan3 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1835.672150][T21895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1835.683714][T21895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.695075][T21895] batman_adv: batadv0: Interface activated: ipvlan3 [ 1835.803544][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1835.812133][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1836.347135][T21924] netlink: 92 bytes leftover after parsing attributes in process `syz.1.31279'. [ 1836.843488][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1836.852114][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1837.581794][T21980] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in; [ 1837.581794][T21980] program syz.3.31299 not setting count and/or reply_len properly [ 1837.842832][T21993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.31303'. [ 1837.885217][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1838.923528][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1839.963605][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1840.625836][ T30] audit: type=1326 audit(1769940681.795:7075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22079 comm="syz.0.31338" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1840.654391][T22082] netlink: 4 bytes leftover after parsing attributes in process `syz.1.31335'. [ 1840.704113][ T30] audit: type=1326 audit(1769940681.845:7076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22079 comm="syz.0.31338" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1840.732829][T22082] netlink: 72 bytes leftover after parsing attributes in process `syz.1.31335'. [ 1840.758678][ T30] audit: type=1326 audit(1769940681.845:7077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22079 comm="syz.0.31338" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1840.801886][ T30] audit: type=1326 audit(1769940681.845:7078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22079 comm="syz.0.31338" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1840.855624][ T30] audit: type=1326 audit(1769940681.855:7079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22079 comm="syz.0.31338" exe="/root/syz-executor" sig=0 arch=40000003 syscall=444 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1840.957987][ T30] audit: type=1326 audit(1769940681.855:7080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22079 comm="syz.0.31338" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1841.002261][T22092] [ 1841.004666][T22092] ===================================================== [ 1841.011807][T22092] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1841.019316][T22092] syzkaller #0 Tainted: G L [ 1841.025336][T22092] ----------------------------------------------------- [ 1841.032306][T22092] syz.2.31341/22092 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1841.040161][T22092] ffff88805809a0a0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 [ 1841.048851][T22092] [ 1841.048851][T22092] and this task is already holding: [ 1841.056251][T22092] ffff888032ea07f8 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1841.065004][T22092] which would create a new lock dependency: [ 1841.070911][T22092] (&new->fa_lock){....}-{3:3} -> (&f_owner->lock){....}-{3:3} [ 1841.078599][T22092] [ 1841.078599][T22092] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1841.088070][T22092] (&dev->event_lock#2){..-.}-{3:3} [ 1841.088107][T22092] [ 1841.088107][T22092] ... which became SOFTIRQ-irq-safe at: [ 1841.101048][T22092] lock_acquire+0x106/0x330 [ 1841.105674][T22092] _raw_spin_lock_irqsave+0x40/0x60 [ 1841.110995][T22092] input_inject_event+0xa5/0x340 [ 1841.116047][T22092] led_trigger_event+0x138/0x210 [ 1841.121103][T22092] kbd_bh+0x1f3/0x300 [ 1841.125198][T22092] tasklet_action_common+0x2da/0x4b0 [ 1841.130589][T22092] handle_softirqs+0x22a/0x7c0 [ 1841.135461][T22092] run_ksoftirqd+0x36/0x60 [ 1841.139982][T22092] smpboot_thread_fn+0x541/0xa50 [ 1841.145026][T22092] kthread+0x726/0x8b0 [ 1841.149337][T22092] ret_from_fork+0x51b/0xa40 [ 1841.154066][T22092] ret_from_fork_asm+0x1a/0x30 [ 1841.158949][T22092] [ 1841.158949][T22092] to a SOFTIRQ-irq-unsafe lock: [ 1841.165993][T22092] (tasklist_lock){.+.+}-{3:3} [ 1841.166027][T22092] [ 1841.166027][T22092] ... which became SOFTIRQ-irq-unsafe at: [ 1841.178695][T22092] ... [ 1841.178704][T22092] lock_acquire+0x106/0x330 [ 1841.185913][T22092] _raw_read_lock+0x36/0x50 [ 1841.190525][T22092] __do_wait+0xde/0x740 [ 1841.194791][T22092] do_wait+0x1e7/0x4f0 [ 1841.198973][T22092] kernel_wait+0xd6/0x1c0 [ 1841.203412][T22092] call_usermodehelper_exec_work+0xbe/0x230 [ 1841.209424][T22092] process_scheduled_works+0xaec/0x17a0 [ 1841.215093][T22092] worker_thread+0xda6/0x1360 [ 1841.219884][T22092] kthread+0x726/0x8b0 [ 1841.224060][T22092] ret_from_fork+0x51b/0xa40 [ 1841.228770][T22092] ret_from_fork_asm+0x1a/0x30 [ 1841.233655][T22092] [ 1841.233655][T22092] other info that might help us debug this: [ 1841.233655][T22092] [ 1841.243900][T22092] Chain exists of: [ 1841.243900][T22092] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 1841.243900][T22092] [ 1841.256889][T22092] Possible interrupt unsafe locking scenario: [ 1841.256889][T22092] [ 1841.265234][T22092] CPU0 CPU1 [ 1841.270616][T22092] ---- ---- [ 1841.275998][T22092] lock(tasklist_lock); [ 1841.280265][T22092] local_irq_disable(); [ 1841.287038][T22092] lock(&dev->event_lock#2); [ 1841.294264][T22092] lock(&new->fa_lock); [ 1841.301057][T22092] [ 1841.304531][T22092] lock(&dev->event_lock#2); [ 1841.309420][T22092] [ 1841.309420][T22092] *** DEADLOCK *** [ 1841.309420][T22092] [ 1841.317585][T22092] 4 locks held by syz.2.31341/22092: [ 1841.322883][T22092] #0: ffffffff8e6f6010 (file_rwsem){++++}-{0:0}, at: __break_lease+0x41c/0x1b80 [ 1841.332502][T22092] #1: ffff88802843bc78 (&ctx->flc_lock){+.+.}-{3:3}, at: __break_lease+0x429/0x1b80 [ 1841.342030][T22092] #2: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1841.351116][T22092] #3: ffff888032ea07f8 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1841.360297][T22092] [ 1841.360297][T22092] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1841.370721][T22092] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1841.376488][T22092] IN-SOFTIRQ-W at: [ 1841.380657][T22092] lock_acquire+0x106/0x330 [ 1841.387187][T22092] _raw_spin_lock_irqsave+0x40/0x60 [ 1841.394415][T22092] input_inject_event+0xa5/0x340 [ 1841.401379][T22092] led_trigger_event+0x138/0x210 [ 1841.408359][T22092] kbd_bh+0x1f3/0x300 [ 1841.414375][T22092] tasklet_action_common+0x2da/0x4b0 [ 1841.421678][T22092] handle_softirqs+0x22a/0x7c0 [ 1841.428465][T22092] run_ksoftirqd+0x36/0x60 [ 1841.434902][T22092] smpboot_thread_fn+0x541/0xa50 [ 1841.441856][T22092] kthread+0x726/0x8b0 [ 1841.447943][T22092] ret_from_fork+0x51b/0xa40 [ 1841.454562][T22092] ret_from_fork_asm+0x1a/0x30 [ 1841.461353][T22092] INITIAL USE at: [ 1841.465448][T22092] lock_acquire+0x106/0x330 [ 1841.471896][T22092] _raw_spin_lock_irqsave+0x40/0x60 [ 1841.479128][T22092] input_inject_event+0xa5/0x340 [ 1841.486001][T22092] kbd_led_trigger_activate+0xbc/0x100 [ 1841.493403][T22092] led_trigger_set+0x535/0x960 [ 1841.500129][T22092] led_trigger_set_default+0x260/0x2a0 [ 1841.507527][T22092] led_classdev_register_ext+0x787/0x9c0 [ 1841.515097][T22092] input_leds_connect+0x517/0x790 [ 1841.522054][T22092] input_register_device+0xd00/0x1160 [ 1841.529361][T22092] atkbd_connect+0x731/0xa50 [ 1841.535886][T22092] serio_driver_probe+0x82/0xd0 [ 1841.542678][T22092] really_probe+0x267/0xaf0 [ 1841.549112][T22092] __driver_probe_device+0x18c/0x320 [ 1841.556339][T22092] driver_probe_device+0x4f/0x240 [ 1841.563304][T22092] __driver_attach+0x349/0x640 [ 1841.570009][T22092] bus_for_each_dev+0x23b/0x2c0 [ 1841.576807][T22092] serio_handle_event+0x232/0x10d0 [ 1841.583882][T22092] process_scheduled_works+0xaec/0x17a0 [ 1841.591388][T22092] worker_thread+0xda6/0x1360 [ 1841.598022][T22092] kthread+0x726/0x8b0 [ 1841.604046][T22092] ret_from_fork+0x51b/0xa40 [ 1841.610595][T22092] ret_from_fork_asm+0x1a/0x30 [ 1841.617318][T22092] } [ 1841.620015][T22092] ... key at: [] input_allocate_device.__key.7+0x0/0x20 [ 1841.629238][T22092] -> (&client->buffer_lock){....}-{3:3} { [ 1841.635100][T22092] INITIAL USE at: [ 1841.639112][T22092] lock_acquire+0x106/0x330 [ 1841.645393][T22092] _raw_spin_lock+0x2e/0x40 [ 1841.651677][T22092] evdev_handle_get_val+0x70/0x9f0 [ 1841.658557][T22092] evdev_ioctl_handler+0x127b/0x1fe0 [ 1841.665613][T22092] __ia32_compat_sys_ioctl+0x5ea/0x950 [ 1841.673367][T22092] __do_fast_syscall_32+0x1d2/0x540 [ 1841.680356][T22092] do_fast_syscall_32+0x33/0x70 [ 1841.687230][T22092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1841.695361][T22092] } [ 1841.697976][T22092] ... key at: [] evdev_open.__key.27+0x0/0x20 [ 1841.706260][T22092] ... acquired at: [ 1841.710265][T22092] _raw_spin_lock+0x2e/0x40 [ 1841.714975][T22092] evdev_handle_get_val+0x70/0x9f0 [ 1841.720379][T22092] evdev_ioctl_handler+0x127b/0x1fe0 [ 1841.725976][T22092] __ia32_compat_sys_ioctl+0x5ea/0x950 [ 1841.731735][T22092] __do_fast_syscall_32+0x1d2/0x540 [ 1841.737139][T22092] do_fast_syscall_32+0x33/0x70 [ 1841.742208][T22092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1841.748842][T22092] [ 1841.751194][T22092] -> (&new->fa_lock){....}-{3:3} { [ 1841.756348][T22092] INITIAL USE at: [ 1841.760271][T22092] lock_acquire+0x106/0x330 [ 1841.766373][T22092] _raw_write_lock_irq+0x3d/0x50 [ 1841.772913][T22092] fasync_remove_entry+0xf1/0x1c0 [ 1841.779537][T22092] __fput+0x8a5/0xa70 [ 1841.785128][T22092] task_work_run+0x1d9/0x270 [ 1841.791340][T22092] exit_to_user_mode_loop+0xed/0x480 [ 1841.798237][T22092] __do_fast_syscall_32+0x38e/0x540 [ 1841.805124][T22092] do_fast_syscall_32+0x33/0x70 [ 1841.811571][T22092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1841.819500][T22092] INITIAL READ USE at: [ 1841.823854][T22092] lock_acquire+0x106/0x330 [ 1841.830383][T22092] _raw_read_lock_irqsave+0x48/0x60 [ 1841.837607][T22092] kill_fasync+0x199/0x4d0 [ 1841.844047][T22092] pipe_release+0x19c/0x330 [ 1841.850572][T22092] __fput+0x44f/0xa70 [ 1841.856596][T22092] task_work_run+0x1d9/0x270 [ 1841.863229][T22092] exit_to_user_mode_loop+0xed/0x480 [ 1841.870558][T22092] __do_fast_syscall_32+0x38e/0x540 [ 1841.877876][T22092] do_fast_syscall_32+0x33/0x70 [ 1841.884753][T22092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1841.893099][T22092] } [ 1841.895651][T22092] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1841.904434][T22092] ... acquired at: [ 1841.908256][T22092] _raw_read_lock_irqsave+0x48/0x60 [ 1841.913659][T22092] kill_fasync+0x199/0x4d0 [ 1841.918324][T22092] evdev_pass_values+0x627/0xbd0 [ 1841.923482][T22092] evdev_events+0x1e6/0x340 [ 1841.928221][T22092] input_pass_values+0x288/0x890 [ 1841.933449][T22092] input_event_dispose+0x330/0x6b0 [ 1841.938774][T22092] input_inject_event+0x1dd/0x340 [ 1841.944014][T22092] evdev_write+0x325/0x4c0 [ 1841.948650][T22092] vfs_write+0x29a/0xb90 [ 1841.953108][T22092] ksys_write+0x150/0x270 [ 1841.957651][T22092] __do_fast_syscall_32+0x1d2/0x540 [ 1841.963050][T22092] do_fast_syscall_32+0x33/0x70 [ 1841.968096][T22092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1841.974722][T22092] [ 1841.977065][T22092] [ 1841.977065][T22092] the dependencies between the lock to be acquired [ 1841.977076][T22092] and SOFTIRQ-irq-unsafe lock: [ 1841.990623][T22092] -> (tasklist_lock){.+.+}-{3:3} { [ 1841.995884][T22092] HARDIRQ-ON-R at: [ 1841.999982][T22092] lock_acquire+0x106/0x330 [ 1842.006354][T22092] _raw_read_lock+0x36/0x50 [ 1842.012728][T22092] __do_wait+0xde/0x740 [ 1842.018757][T22092] do_wait+0x1e7/0x4f0 [ 1842.024688][T22092] kernel_wait+0xd6/0x1c0 [ 1842.030891][T22092] call_usermodehelper_exec_work+0xbe/0x230 [ 1842.038644][T22092] process_scheduled_works+0xaec/0x17a0 [ 1842.046061][T22092] worker_thread+0xda6/0x1360 [ 1842.052620][T22092] kthread+0x726/0x8b0 [ 1842.058542][T22092] ret_from_fork+0x51b/0xa40 [ 1842.064993][T22092] ret_from_fork_asm+0x1a/0x30 [ 1842.071613][T22092] SOFTIRQ-ON-R at: [ 1842.075703][T22092] lock_acquire+0x106/0x330 [ 1842.082070][T22092] _raw_read_lock+0x36/0x50 [ 1842.088443][T22092] __do_wait+0xde/0x740 [ 1842.094463][T22092] do_wait+0x1e7/0x4f0 [ 1842.100387][T22092] kernel_wait+0xd6/0x1c0 [ 1842.106582][T22092] call_usermodehelper_exec_work+0xbe/0x230 [ 1842.114356][T22092] process_scheduled_works+0xaec/0x17a0 [ 1842.121770][T22092] worker_thread+0xda6/0x1360 [ 1842.128310][T22092] kthread+0x726/0x8b0 [ 1842.134238][T22092] ret_from_fork+0x51b/0xa40 [ 1842.140691][T22092] ret_from_fork_asm+0x1a/0x30 [ 1842.147305][T22092] INITIAL USE at: [ 1842.151319][T22092] lock_acquire+0x106/0x330 [ 1842.157598][T22092] _raw_write_lock_irq+0x3d/0x50 [ 1842.164299][T22092] copy_process+0x2199/0x3980 [ 1842.170742][T22092] kernel_clone+0x248/0x870 [ 1842.177015][T22092] user_mode_thread+0x110/0x180 [ 1842.183647][T22092] rest_init+0x23/0x300 [ 1842.189587][T22092] start_kernel+0x380/0x3d0 [ 1842.195868][T22092] x86_64_start_reservations+0x24/0x30 [ 1842.203091][T22092] x86_64_start_kernel+0x143/0x1c0 [ 1842.209963][T22092] common_startup_64+0x13e/0x147 [ 1842.216667][T22092] INITIAL READ USE at: [ 1842.221106][T22092] lock_acquire+0x106/0x330 [ 1842.227806][T22092] _raw_read_lock+0x36/0x50 [ 1842.234503][T22092] __do_wait+0xde/0x740 [ 1842.240854][T22092] do_wait+0x1e7/0x4f0 [ 1842.247122][T22092] kernel_wait+0xd6/0x1c0 [ 1842.253664][T22092] call_usermodehelper_exec_work+0xbe/0x230 [ 1842.261772][T22092] process_scheduled_works+0xaec/0x17a0 [ 1842.269526][T22092] worker_thread+0xda6/0x1360 [ 1842.276415][T22092] kthread+0x726/0x8b0 [ 1842.282685][T22092] ret_from_fork+0x51b/0xa40 [ 1842.289479][T22092] ret_from_fork_asm+0x1a/0x30 [ 1842.296443][T22092] } [ 1842.299047][T22092] ... key at: [] tasklist_lock+0x18/0x40 [ 1842.306958][T22092] ... acquired at: [ 1842.310868][T22092] _raw_read_lock+0x36/0x50 [ 1842.315577][T22092] send_sigurg+0x12b/0x420 [ 1842.320203][T22092] sk_send_sigurg+0x6c/0x2e0 [ 1842.324999][T22092] queue_oob+0x42c/0x4f0 [ 1842.329447][T22092] unix_stream_sendmsg+0xcb1/0xe80 [ 1842.334762][T22092] ____sys_sendmsg+0xa68/0xad0 [ 1842.339744][T22092] ___sys_sendmsg+0x2a5/0x360 [ 1842.344619][T22092] __sys_sendmsg+0x183/0x260 [ 1842.349409][T22092] __do_fast_syscall_32+0x1d2/0x540 [ 1842.354809][T22092] do_fast_syscall_32+0x33/0x70 [ 1842.359861][T22092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1842.366384][T22092] [ 1842.368725][T22092] -> (&f_owner->lock){....}-{3:3} { [ 1842.373970][T22092] INITIAL USE at: [ 1842.377887][T22092] lock_acquire+0x106/0x330 [ 1842.383985][T22092] _raw_write_lock_irq+0x3d/0x50 [ 1842.390511][T22092] __f_setown+0x67/0x370 [ 1842.396342][T22092] f_setown+0x23a/0x300 [ 1842.402088][T22092] sock_ioctl+0x615/0x7f0 [ 1842.408006][T22092] compat_sock_ioctl+0x288/0xcb0 [ 1842.414577][T22092] __ia32_compat_sys_ioctl+0x5ea/0x950 [ 1842.421644][T22092] __do_fast_syscall_32+0x1d2/0x540 [ 1842.428449][T22092] do_fast_syscall_32+0x33/0x70 [ 1842.434893][T22092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1842.442828][T22092] INITIAL READ USE at: [ 1842.447180][T22092] lock_acquire+0x106/0x330 [ 1842.453712][T22092] _raw_read_lock_irqsave+0x48/0x60 [ 1842.460956][T22092] send_sigio+0x38/0x370 [ 1842.467252][T22092] dnotify_handle_event+0x169/0x440 [ 1842.474478][T22092] fsnotify+0x1831/0x1ae0 [ 1842.480915][T22092] fsnotify_access+0x22b/0x2a0 [ 1842.487706][T22092] iterate_dir+0x3ea/0x570 [ 1842.494154][T22092] __se_sys_getdents64+0xf1/0x280 [ 1842.501215][T22092] __do_fast_syscall_32+0x1d2/0x540 [ 1842.508430][T22092] do_fast_syscall_32+0x33/0x70 [ 1842.515305][T22092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1842.523660][T22092] } [ 1842.526190][T22092] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1842.535068][T22092] ... acquired at: [ 1842.538897][T22092] _raw_read_lock_irqsave+0x48/0x60 [ 1842.544289][T22092] send_sigio+0x38/0x370 [ 1842.548728][T22092] kill_fasync+0x24d/0x4d0 [ 1842.553347][T22092] lease_break_callback+0x26/0x30 [ 1842.558571][T22092] __break_lease+0x741/0x1b80 [ 1842.563454][T22092] do_dentry_open+0x73a/0x1420 [ 1842.568417][T22092] vfs_open+0x3b/0x340 [ 1842.572682][T22092] path_openat+0x3486/0x3e20 [ 1842.577477][T22092] do_filp_open+0x22d/0x490 [ 1842.582183][T22092] do_sys_openat2+0x12f/0x220 [ 1842.587062][T22092] __ia32_compat_sys_openat+0x131/0x160 [ 1842.592808][T22092] __do_fast_syscall_32+0x1d2/0x540 [ 1842.598198][T22092] do_fast_syscall_32+0x33/0x70 [ 1842.603250][T22092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1842.609784][T22092] [ 1842.612126][T22092] [ 1842.612126][T22092] stack backtrace: [ 1842.618038][T22092] CPU: 0 UID: 0 PID: 22092 Comm: syz.2.31341 Tainted: G L syzkaller #0 PREEMPT(full) [ 1842.618064][T22092] Tainted: [L]=SOFTLOCKUP [ 1842.618071][T22092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1842.618083][T22092] Call Trace: [ 1842.618092][T22092] [ 1842.618102][T22092] dump_stack_lvl+0xe8/0x150 [ 1842.618127][T22092] __lock_acquire+0x2a94/0x2cf0 [ 1842.618162][T22092] ? send_sigio+0x38/0x370 [ 1842.618184][T22092] lock_acquire+0x106/0x330 [ 1842.618207][T22092] ? send_sigio+0x38/0x370 [ 1842.618230][T22092] ? kill_fasync+0x199/0x4d0 [ 1842.618253][T22092] ? lock_acquire+0x106/0x330 [ 1842.618279][T22092] ? kill_fasync+0x199/0x4d0 [ 1842.618304][T22092] _raw_read_lock_irqsave+0x48/0x60 [ 1842.618321][T22092] ? send_sigio+0x38/0x370 [ 1842.618341][T22092] send_sigio+0x38/0x370 [ 1842.618365][T22092] kill_fasync+0x24d/0x4d0 [ 1842.618388][T22092] ? kill_fasync+0x53/0x4d0 [ 1842.618411][T22092] lease_break_callback+0x26/0x30 [ 1842.618431][T22092] __break_lease+0x741/0x1b80 [ 1842.618463][T22092] ? __pfx___break_lease+0x10/0x10 [ 1842.618490][T22092] ? __pfx_apparmor_file_open+0x10/0x10 [ 1842.618507][T22092] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 1842.618532][T22092] do_dentry_open+0x73a/0x1420 [ 1842.618557][T22092] vfs_open+0x3b/0x340 [ 1842.618575][T22092] ? path_openat+0x346e/0x3e20 [ 1842.618599][T22092] path_openat+0x3486/0x3e20 [ 1842.618634][T22092] ? kmem_cache_alloc_noprof+0x370/0x6e0 [ 1842.618660][T22092] ? getname_flags+0xb7/0x540 [ 1842.618678][T22092] ? __pfx_path_openat+0x10/0x10 [ 1842.618703][T22092] ? __lock_acquire+0x6b5/0x2cf0 [ 1842.618731][T22092] do_filp_open+0x22d/0x490 [ 1842.618756][T22092] ? __pfx_do_filp_open+0x10/0x10 [ 1842.618787][T22092] ? _raw_spin_unlock+0x28/0x50 [ 1842.618813][T22092] ? alloc_fd+0x64b/0x6c0 [ 1842.618834][T22092] do_sys_openat2+0x12f/0x220 [ 1842.618854][T22092] ? __se_sys_futex_time32+0x3ab/0x440 [ 1842.618882][T22092] ? __pfx_do_sys_openat2+0x10/0x10 [ 1842.618905][T22092] ? rcu_is_watching+0x15/0xb0 [ 1842.618923][T22092] __ia32_compat_sys_openat+0x131/0x160 [ 1842.618947][T22092] __do_fast_syscall_32+0x1d2/0x540 [ 1842.618968][T22092] ? do_fast_syscall_32+0x33/0x70 [ 1842.618986][T22092] ? irqentry_exit+0x10e/0x620 [ 1842.619005][T22092] do_fast_syscall_32+0x33/0x70 [ 1842.619032][T22092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1842.619053][T22092] RIP: 0023:0xf749d539 [ 1842.619071][T22092] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1842.619087][T22092] RSP: 002b:00000000f54c650c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 1842.619106][T22092] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000 [ 1842.619119][T22092] RDX: 0000000000000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 1842.619131][T22092] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1842.619141][T22092] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1842.619152][T22092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1842.619170][T22092] [ 1842.921826][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1842.931020][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1843.084255][ T30] audit: type=1326 audit(1769940681.855:7081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22079 comm="syz.0.31338" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1843.118738][ T30] audit: type=1326 audit(1769940681.865:7082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22079 comm="syz.0.31338" exe="/root/syz-executor" sig=0 arch=40000003 syscall=445 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1843.146226][ T30] audit: type=1326 audit(1769940681.865:7083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22079 comm="syz.0.31338" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1843.175440][ T30] audit: type=1326 audit(1769940681.865:7084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22079 comm="syz.0.31338" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 1843.963748][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1843.972092][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1845.003916][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1845.012296][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1846.044544][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1847.083670][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1848.133907][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1849.163945][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1849.172950][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1850.203754][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1850.212169][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog