last executing test programs: 13m14.663610392s ago: executing program 32 (id=10906): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) fadvise64(0xffffffffffffffff, 0x100000001, 0x2, 0x4) 11m40.601503643s ago: executing program 0 (id=12533): r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000005700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f40)=[@rthdrdstopts={{0x18, 0x29, 0x37, {0x1}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x7e}}, @rthdrdstopts={{0x18, 0x29, 0x37, {0x3a}}}], 0x48}}], 0x1, 0x4001c00) 11m40.32845048s ago: executing program 0 (id=12537): r0 = io_uring_setup(0x160f, &(0x7f00000012c0)={0x0, 0x9e40, 0x800, 0x7}) io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000001580)={0x3, 0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000040)=""/168, 0xa8}, {0x0}, {&(0x7f0000000280)=""/4086, 0xff6}], &(0x7f0000001540)=[0x2, 0x0, 0x4]}, 0x20) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a80)=[{0x0}, {0x0}, {0x0}], 0x0, 0x3}, 0x20) 11m40.119405373s ago: executing program 0 (id=12541): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000001, 0x13, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 11m39.983319825s ago: executing program 0 (id=12544): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20) 11m39.836583362s ago: executing program 0 (id=12546): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x42}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) unshare(0x20000400) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2000000000000022, 0x2, &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) 11m39.629304906s ago: executing program 0 (id=12551): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0) io_setup(0x20, &(0x7f0000000000)=0x0) io_submit(r1, 0x1, &(0x7f00000001c0)=[&(0x7f0000000d80)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r0, &(0x7f0000000c40)="0d32818e2fa06dfb", 0x8}]) 11m39.347877913s ago: executing program 33 (id=12551): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0) io_setup(0x20, &(0x7f0000000000)=0x0) io_submit(r1, 0x1, &(0x7f00000001c0)=[&(0x7f0000000d80)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r0, &(0x7f0000000c40)="0d32818e2fa06dfb", 0x8}]) 5m55.05569447s ago: executing program 5 (id=18475): madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x80000001) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) 5m54.709968861s ago: executing program 5 (id=18478): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c4600020906ffffffffffffffff03003e0000000000000100000000000040000000000000009a010000000000000000000000003800030000000100000051e574640900000087000000000000000e0000000000000000000000000000800500000000000000bf04000000000000ffffffffffffffff0700000003000000ff03000000000000030000000000000005000000000000000500000000000000000000000000001004000000000000000300000004000000e500000000000000000000000000000006000000000000006d"], 0xe8) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) 5m54.665418842s ago: executing program 5 (id=18479): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000400), 0x2000011a) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/181, 0xd1}], 0x1, 0x0, 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40000000, 0x0) 5m54.52170943s ago: executing program 5 (id=18481): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 5m54.406188895s ago: executing program 5 (id=18483): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000380)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000280)={0x28, 0x7, r1, r1, 0x1c, 0x14d, 0xa}) 5m54.0011582s ago: executing program 5 (id=18490): rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) r0 = msgget(0x2, 0x301) msgrcv(r0, 0x0, 0x0, 0x0, 0x1000) msgctl$IPC_RMID(r0, 0x0) 5m53.629760428s ago: executing program 34 (id=18490): rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) r0 = msgget(0x2, 0x301) msgrcv(r0, 0x0, 0x0, 0x0, 0x1000) msgctl$IPC_RMID(r0, 0x0) 5m7.16039616s ago: executing program 6 (id=19049): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x4, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) ioctl$PPPIOCGL2TPSTATS(r0, 0x40047459, 0x0) 5m7.028311992s ago: executing program 6 (id=19052): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xf, 0x8, &(0x7f0000000040)=@framed={{0x18, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xbb}}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000140), &(0x7f0000000180)=r1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r0}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) 5m6.739213566s ago: executing program 6 (id=19057): sendmsg(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="8fed4f33ebca615146bd1ef6a8", 0xd}], 0x1}, 0x404c844) r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$MON_IOCG_STATS(r0, 0xc0109207, &(0x7f0000000380)) 5m5.760141513s ago: executing program 6 (id=19068): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dyn']) 5m5.616980646s ago: executing program 6 (id=19072): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x0, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x1, 0x3, "c282fe"}, 0x0}) 5m5.067045796s ago: executing program 6 (id=19082): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x3c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x13) syz_io_uring_setup(0x13c, &(0x7f0000000540)={0x0, 0x114dd, 0x10, 0x1, 0x2b}, &(0x7f00000006c0), &(0x7f0000000200)) 5m4.722095714s ago: executing program 35 (id=19082): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x3c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x13) syz_io_uring_setup(0x13c, &(0x7f0000000540)={0x0, 0x114dd, 0x10, 0x1, 0x2b}, &(0x7f00000006c0), &(0x7f0000000200)) 2m21.732806529s ago: executing program 7 (id=21454): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f00000000c0)={0x5, 0x8, 0x2}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000140)={0x5, 0x85, 0x2}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x2, 0x6}) 2m21.673234327s ago: executing program 7 (id=21456): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xb3) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='nr_inodes=1']) chdir(&(0x7f0000000340)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) 2m21.589382554s ago: executing program 7 (id=21458): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) r0 = syz_io_uring_setup(0x3aec, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 2m21.391366252s ago: executing program 7 (id=21463): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x2002, 0x0) 2m21.176889032s ago: executing program 7 (id=21467): r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b88885041ff4e66e618d6c37c787f014eadb6c9f65", 0x139, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}}) 2m20.794826747s ago: executing program 7 (id=21476): r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_connect$uac1(0x0, 0xac, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c2402000000000000000000052405000008240800000000e40c240700000000a3e82f07070d240701010000fd8000000000092403000000000100090401000001020000090401010101020000090501090000000000072501000000000904020000ff"], 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000080)=ANY=[]) 2m20.393599827s ago: executing program 36 (id=21476): r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_connect$uac1(0x0, 0xac, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c2402000000000000000000052405000008240800000000e40c240700000000a3e82f07070d240701010000fd8000000000092403000000000100090401000001020000090401010101020000090501090000000000072501000000000904020000ff"], 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000080)=ANY=[]) 1m18.642852205s ago: executing program 2 (id=22488): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo\x00') fchdir(r0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0xe) 1m17.633480067s ago: executing program 2 (id=22501): openat$rtc(0xffffffffffffff9c, &(0x7f0000002600), 0x101840, 0x0) r0 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x2}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 1m17.409795415s ago: executing program 2 (id=22505): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) write$bt_hci(r1, &(0x7f0000000900)=ANY=[], 0xa) 1m16.810834819s ago: executing program 2 (id=22513): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x10000, &(0x7f0000000040)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') mount$cgroup2(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0xa00001, &(0x7f0000000300)={[], [{@smackfsdef={'smackfsdef', 0x3d, '@\xe8%*@\xfb\x8a-'}}]}) 1m16.638967357s ago: executing program 2 (id=22518): setreuid(0x0, 0xee00) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x301, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, 0xf0ffffff}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r0) 1m16.179119565s ago: executing program 2 (id=22525): syz_open_dev$video4linux(&(0x7f0000000180), 0x401, 0x2400) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='pagemap\x00') r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 1m15.803693705s ago: executing program 37 (id=22525): syz_open_dev$video4linux(&(0x7f0000000180), 0x401, 0x2400) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='pagemap\x00') r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 11.935068723s ago: executing program 3 (id=23413): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x2, 0x8080000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x6000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x5000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) 11.608025273s ago: executing program 3 (id=23417): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x98, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x63, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {}, @broadcast, @broadcast, @initial, {0x7, 0x4}}, 0xfffffffffffffff7, @default, 0x414, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1}, @void, @val={0x6, 0x2, 0x6}, @val={0x5, 0x3, {0x4, 0x3f, 0x1}}, @val={0x25, 0x3, {0x1, 0xb8, 0xff}}, @void, @val={0x3c, 0x4, {0x1, 0xd, 0x84}}, @val={0x2d, 0x1a, {0x1088, 0x3, 0x5, 0x0, {0x2, 0x6, 0x0, 0xa, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x600, 0x6}}, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @default=0x9b4}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x98}}, 0x0) 11.294358408s ago: executing program 3 (id=23423): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) 10.957267113s ago: executing program 3 (id=23430): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) 10.71914554s ago: executing program 3 (id=23434): r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f0000000280), 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000080)=0x8, 0x4) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000002c0)=[{{0x3, 0x1, 0x0, 0x1}, {0x2, 0x1}}, {{0x1, 0x1}, {0x3, 0x1, 0x1, 0x1}}], 0x10) close(r0) 9.397042569s ago: executing program 3 (id=23453): sched_setscheduler(0x0, 0x2, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000d00)={0x14, 0x14, 0x1, 0x70bd2d, 0x0, "", [@generic='\t']}, 0x14}], 0x1}, 0x0) 8.882511934s ago: executing program 38 (id=23453): sched_setscheduler(0x0, 0x2, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000d00)={0x14, 0x14, 0x1, 0x70bd2d, 0x0, "", [@generic='\t']}, 0x14}], 0x1}, 0x0) 4.200417129s ago: executing program 8 (id=23484): mkdir(&(0x7f0000000580)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) setregid(0xee00, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) 4.101866099s ago: executing program 8 (id=23486): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000003c0)={0x1, 'veth0_virt_wifi\x00', 0x2000000}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x80000000000000}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f00000002c0)={0x1, 'ipvlan1\x00', 0x100}, 0x18) 2.172630499s ago: executing program 4 (id=23493): r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) recvmmsg(r0, &(0x7f0000002200)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)=""/194, 0xc2}], 0x1}, 0x2}], 0x1, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000300)='_H', 0x2}], 0x1}}], 0x2, 0xc8000) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 2.171991873s ago: executing program 8 (id=23494): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x7f0, 0x0, 0xfffffffffffffd25) 1.97134061s ago: executing program 9 (id=23497): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=@ipv6_getaddr={0x64, 0x16, 0x1, 0x70bd25, 0x25dfdbff, {0xa, 0x0, 0x1, 0xfd}, [@IFA_LOCAL={0x14, 0x2, @private1}, @IFA_FLAGS={0x8, 0x8, 0x12}, @IFA_ADDRESS={0x3b, 0x1, @dev={0xfe, 0x80, '\x00', 0x2b}}, @IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_RT_PRIORITY={0x8, 0x9, 0x3}]}, 0x64}, 0x1, 0xba01}, 0x810) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="0c000280"], 0x24}}, 0x0) 1.808193882s ago: executing program 9 (id=23499): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000010c0), 0x403, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{0x0, 0x3, 0x0, 0x3}, 'syz0\x00', 0x2}) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x2c0) ioctl$UI_DEV_CREATE(r0, 0x5501) 1.634766596s ago: executing program 9 (id=23501): r0 = creat(&(0x7f0000000080)='./file0\x00', 0x8d) close(r0) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x43}, 0x10) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 1.109281915s ago: executing program 1 (id=23505): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="a6"]) 1.109111825s ago: executing program 4 (id=23506): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x8000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d00, 0x0, 0x9}]}) 1.094281109s ago: executing program 8 (id=23507): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @loopback, 0x5}, 0x1c) r1 = dup2(r0, r0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmmsg$unix(r1, &(0x7f0000008380), 0x400000000000174, 0x4008890) 967.177737ms ago: executing program 1 (id=23508): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000240)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000339000/0x1000)=nil, 0x3000}) 868.938258ms ago: executing program 8 (id=23509): r0 = landlock_create_ruleset(&(0x7f0000000140)={0x8b28, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x4) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r1, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa441, 0x0) 860.557287ms ago: executing program 4 (id=23510): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) mkdir(0x0, 0x0) 828.705167ms ago: executing program 1 (id=23511): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000000040)={0x2, 0x1, @rand_addr=0x64010101}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x7d, &(0x7f0000000480)=@assoc_value={0x0, 0xc}, 0x8) 725.709775ms ago: executing program 8 (id=23512): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 722.306514ms ago: executing program 1 (id=23513): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000200)) 706.142389ms ago: executing program 4 (id=23514): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota') chdir(&(0x7f0000000100)='./file1\x00') r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x766c618eb221465a) quotactl_fd$Q_SETINFO(r0, 0xffffffff80000602, 0x0, 0x0) 600.785094ms ago: executing program 9 (id=23515): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x3) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000009, 0x8012, r0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)=0x8000) 530.147266ms ago: executing program 1 (id=23516): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='attr/current\x00') writev(r0, &(0x7f00000015c0)=[{&(0x7f00000000c0)='w', 0x1}], 0x1) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000, 0x0, 0x0, 0x40000}) r1 = userfaultfd(0x801) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0) 504.671274ms ago: executing program 4 (id=23517): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r1 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@local, @in6=@local, 0x8, 0x0, 0x0, 0x0, 0x2}, {0x1, 0x0, 0x8, 0x0, 0x9, 0x7ca, 0x10000000000000}, {0x0, 0xfffffffffffffffc, 0x0, 0x9}, 0x0, 0x0, 0x1, 0x0, 0x4, 0x2}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x3c}, 0x0, @in=@empty, 0x0, 0x0, 0x3, 0x42}}, 0xe8) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) 389.660851ms ago: executing program 4 (id=23518): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) 358.993779ms ago: executing program 9 (id=23519): r0 = socket(0x2, 0x80805, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, 0x0, 0x0) 343.021615ms ago: executing program 1 (id=23520): r0 = timerfd_create(0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)) timerfd_settime(r0, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) 0s ago: executing program 9 (id=23521): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f00000007c0)={0x1, 0x2, 0xd5dd4000, 0x2000, &(0x7f0000d73000/0x2000)=nil, 0x3}) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000) kernel console output (not intermixed with test programs): etdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1429.602767][ T12] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1429.640383][ T12] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1429.923692][ T12] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1429.959238][ T12] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1430.159373][ T12] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1430.189215][ T12] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1430.288248][T19267] netlink: 4 bytes leftover after parsing attributes in process `syz.1.21487'. [ 1430.461762][ T5077] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1430.482694][ T5077] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1430.491929][ T5077] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1430.517402][ T5077] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1430.525552][ T5077] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1430.796638][T19269] wg1 speed is unknown, defaulting to 1000 [ 1430.806514][T12643] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 1430.850234][T19279] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21494'. [ 1430.872641][T19279] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21494'. [ 1430.937600][T19269] hsr0 speed is unknown, defaulting to 1000 [ 1431.004354][T12643] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1431.046307][T12643] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1431.081959][T12643] usb 4-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 1431.105683][T12643] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1431.128759][T12643] usb 4-1: config 0 descriptor?? [ 1431.137831][ T12] bridge_slave_1: left allmulticast mode [ 1431.143590][ T12] bridge_slave_1: left promiscuous mode [ 1431.156085][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1431.185373][ T12] bridge_slave_0: left allmulticast mode [ 1431.191871][ T12] bridge_slave_0: left promiscuous mode [ 1431.200871][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1431.590586][T12643] sony 0003:054C:024B.0095: unexpected long global item [ 1431.602824][T12643] sony 0003:054C:024B.0095: parse failed [ 1431.629606][T12643] sony 0003:054C:024B.0095: probe with driver sony failed with error -22 [ 1431.859356][ T5912] usb 4-1: USB disconnect, device number 93 [ 1432.369671][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1432.381557][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1432.393131][ T12] bond0 (unregistering): (slave bond1): Releasing backup interface [ 1432.405398][ T12] bond0 (unregistering): Released all slaves [ 1432.542012][T12643] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 1432.637292][ T12] bond1 (unregistering): Released all slaves [ 1432.754055][T12643] usb 2-1: Using ep0 maxpacket: 16 [ 1432.764077][ T51] Bluetooth: hci0: command tx timeout [ 1432.783500][T12643] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1432.844435][T12643] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1432.870003][T12643] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 1432.879146][T12643] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1432.890467][T12643] usb 2-1: config 0 descriptor?? [ 1433.340176][T12643] usbhid 2-1:0.0: can't add hid device: -71 [ 1433.346270][T12643] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1433.377004][T12643] usb 2-1: USB disconnect, device number 95 [ 1433.425681][T19269] chnl_net:caif_netlink_parms(): no params data found [ 1433.462918][ T12] hsr_slave_0: left promiscuous mode [ 1433.472735][ T12] hsr_slave_1: left promiscuous mode [ 1433.478978][ T12] batman_adv: batadv0: Interface deactivated: dummy0 [ 1433.486281][ T12] batman_adv: batadv0: Removing interface: dummy0 [ 1433.494225][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1433.501980][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1433.511265][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1433.518991][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1433.567003][ T12] veth1_macvtap: left promiscuous mode [ 1433.572721][ T12] veth0_macvtap: left promiscuous mode [ 1433.579066][ T12] veth1_vlan: left promiscuous mode [ 1433.584463][ T12] veth0_vlan: left promiscuous mode [ 1433.746646][ T12] team0 (unregistering): Port device batadv1 removed [ 1433.873790][ T30] audit: type=1326 audit(2000006545.868:5755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19348 comm="syz.2.21525" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff27798e969 code=0x0 [ 1434.452536][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1434.517446][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1435.007776][ T51] Bluetooth: hci0: command tx timeout [ 1435.340115][ T12] dummy0 (unregistering): left allmulticast mode [ 1435.971304][T19269] bridge0: port 1(bridge_slave_0) entered blocking state [ 1435.979488][T19269] bridge0: port 1(bridge_slave_0) entered disabled state [ 1435.992899][T19269] bridge_slave_0: entered allmulticast mode [ 1436.001710][T19269] bridge_slave_0: entered promiscuous mode [ 1436.011010][T19269] bridge0: port 2(bridge_slave_1) entered blocking state [ 1436.020231][T19269] bridge0: port 2(bridge_slave_1) entered disabled state [ 1436.050386][T19269] bridge_slave_1: entered allmulticast mode [ 1436.080809][T19269] bridge_slave_1: entered promiscuous mode [ 1436.283618][T19269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1436.331585][T19269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1436.509582][T19396] input: syz0 as /devices/virtual/input/input160 [ 1436.559639][T19269] team0: Port device team_slave_0 added [ 1436.576259][T19269] team0: Port device team_slave_1 added [ 1436.848790][T19269] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1436.877961][T19269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1436.904053][ C0] vkms_vblank_simulate: vblank timer overrun [ 1436.949146][T19269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1436.987744][T19269] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1437.005648][T19269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1437.031613][ C0] vkms_vblank_simulate: vblank timer overrun [ 1437.081101][T19269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1437.210062][ T51] Bluetooth: hci0: command tx timeout [ 1437.281468][T19269] hsr_slave_0: entered promiscuous mode [ 1437.301602][T19269] hsr_slave_1: entered promiscuous mode [ 1437.308133][T19269] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1437.316151][T19269] Cannot create hsr debugfs directory [ 1437.594952][ T978] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 1437.627533][ T5912] usb 9-1: new high-speed USB device number 26 using dummy_hcd [ 1437.682319][T19269] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1437.698824][T19269] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1437.709944][T19269] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1437.723652][T19269] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1437.766045][ T978] usb 3-1: Using ep0 maxpacket: 32 [ 1437.783941][ T978] usb 3-1: config 0 has no interfaces? [ 1437.790513][ T5912] usb 9-1: Using ep0 maxpacket: 8 [ 1437.797515][ T978] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1437.824707][ T5912] usb 9-1: config 0 has no interfaces? [ 1437.833557][ T5912] usb 9-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.40 [ 1437.843461][ T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1437.851412][T12643] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 1437.853604][ T5912] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1437.869478][ T5912] usb 9-1: Product: syz [ 1437.874737][ T978] usb 3-1: config 0 descriptor?? [ 1437.879874][ T5912] usb 9-1: Manufacturer: syz [ 1437.886991][ T5912] usb 9-1: SerialNumber: syz [ 1437.905136][ T5912] usb 9-1: config 0 descriptor?? [ 1437.932144][T19269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1437.965739][T19269] 8021q: adding VLAN 0 to HW filter on device team0 [ 1437.981071][T10799] bridge0: port 1(bridge_slave_0) entered blocking state [ 1437.988295][T10799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1438.027970][T12643] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1438.043759][T12643] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1438.046918][T10799] bridge0: port 2(bridge_slave_1) entered blocking state [ 1438.051990][T12643] usb 4-1: Product: syz [ 1438.059060][T10799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1438.085854][T12643] usb 4-1: Manufacturer: syz [ 1438.090639][T12643] usb 4-1: SerialNumber: syz [ 1438.110671][T12643] usb 4-1: config 0 descriptor?? [ 1438.157346][ T5912] usb 3-1: USB disconnect, device number 121 [ 1438.177186][ T978] usb 9-1: USB disconnect, device number 26 [ 1438.178351][T19269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1438.337624][T12643] usb-storage 4-1:0.0: USB Mass Storage device detected [ 1438.471302][T19269] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1438.568743][ T978] usb 4-1: USB disconnect, device number 94 [ 1438.818690][T19269] veth0_vlan: entered promiscuous mode [ 1438.866942][T19269] veth1_vlan: entered promiscuous mode [ 1438.955057][T19269] veth0_macvtap: entered promiscuous mode [ 1438.996923][T19269] veth1_macvtap: entered promiscuous mode [ 1439.052100][T19269] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1439.068653][T19269] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1439.104354][T19269] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1439.113414][T19269] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1439.122231][T19269] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1439.143378][T19269] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1439.372458][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1439.403849][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1439.433887][ T51] Bluetooth: hci0: command tx timeout [ 1439.481680][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1439.500680][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1439.600068][T19464] netlink: 48 bytes leftover after parsing attributes in process `syz.2.21571'. [ 1439.765109][T13428] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 1439.948123][T13428] usb 4-1: Using ep0 maxpacket: 8 [ 1439.966164][T13428] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 177, changing to 11 [ 1439.992248][T13428] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1440.008140][T13428] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1440.025694][T13428] usb 4-1: Product: syz [ 1440.030236][T13428] usb 4-1: Manufacturer: syz [ 1440.051300][T13428] usb 4-1: SerialNumber: syz [ 1440.948778][T13428] cdc_ncm 4-1:1.0: SET_CRC_MODE failed [ 1440.982073][T13428] cdc_ncm 4-1:1.0: bind() failure [ 1441.033045][T13428] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 1441.070718][T13428] cdc_ncm 4-1:1.1: bind() failure [ 1441.117352][T13428] usb 4-1: USB disconnect, device number 95 [ 1442.459079][ T5879] usb 9-1: new high-speed USB device number 27 using dummy_hcd [ 1442.512822][T12643] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 1442.641246][ T5879] usb 9-1: Using ep0 maxpacket: 16 [ 1442.648804][T19553] netlink: 'syz.3.21609': attribute type 1 has an invalid length. [ 1442.658277][T19553] netlink: 'syz.3.21609': attribute type 4 has an invalid length. [ 1442.669281][T19553] netlink: 192 bytes leftover after parsing attributes in process `syz.3.21609'. [ 1442.669447][ T5879] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1442.691156][T12643] usb 10-1: Using ep0 maxpacket: 32 [ 1442.698711][T12643] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1442.715564][T12643] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1442.736247][ T5879] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1442.745715][T12643] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1442.754971][ T5879] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1442.767027][T12643] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1442.778381][ T5879] usb 9-1: config 0 descriptor?? [ 1442.792519][T12643] usb 10-1: config 0 descriptor?? [ 1442.801270][T12643] hub 10-1:0.0: USB hub found [ 1443.028854][T12643] hub 10-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 1443.104975][T19566] netlink: 4 bytes leftover after parsing attributes in process `syz.3.21616'. [ 1443.249387][ T5879] mcp2221 0003:04D8:00DD.0096: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.8-1/input0 [ 1443.270904][T12643] usbhid 10-1:0.0: can't add hid device: -71 [ 1443.278185][T12643] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 1443.325604][T12643] usb 10-1: USB disconnect, device number 2 [ 1443.715480][ T5874] usb 9-1: USB disconnect, device number 27 [ 1444.183107][T19613] syz.2.21638 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1444.500965][T13428] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 1444.578884][T19634] netlink: 'syz.9.21648': attribute type 10 has an invalid length. [ 1444.591480][T19634] netlink: 40 bytes leftover after parsing attributes in process `syz.9.21648'. [ 1444.626004][T19634] team0: Port device geneve0 added [ 1444.671990][T13428] usb 4-1: Using ep0 maxpacket: 8 [ 1444.673003][T12643] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 1444.684598][T13428] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 1444.709712][T13428] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1444.756130][T13428] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1444.774631][T13428] pvrusb2: ********** [ 1444.778713][T13428] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1444.803920][T13428] pvrusb2: Important functionality might not be entirely working. [ 1444.822122][T13428] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1444.843124][T13428] pvrusb2: ********** [ 1444.876652][T12643] usb 3-1: Using ep0 maxpacket: 32 [ 1444.909095][T12643] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1444.935426][T12643] usb 3-1: config 0 has no interface number 0 [ 1444.944379][T12643] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1444.952534][T19647] netlink: 28 bytes leftover after parsing attributes in process `syz.1.21653'. [ 1444.962180][T12643] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1444.979311][T12643] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1444.985436][ T2341] pvrusb2: Invalid write control endpoint [ 1444.987924][T12643] usb 3-1: Product: syz [ 1444.995392][T19647] netlink: 28 bytes leftover after parsing attributes in process `syz.1.21653'. [ 1444.997350][T12643] usb 3-1: Manufacturer: syz [ 1445.024746][T12643] usb 3-1: SerialNumber: syz [ 1445.048919][T12643] usb 3-1: config 0 descriptor?? [ 1445.074904][T12643] smsc75xx v1.0.0 [ 1445.125535][ T2341] pvrusb2: Invalid write control endpoint [ 1445.130385][T19647] erspan0: entered promiscuous mode [ 1445.131363][ T2341] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 1445.149072][T19647] gretap0: entered promiscuous mode [ 1445.158862][ T2341] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 1445.165983][T19647] hsr1: Slave A (erspan0) is not up; please bring it up to get a fully working HSR network [ 1445.180349][ T2341] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 1445.197322][ T2341] pvrusb2: Device being rendered inoperable [ 1445.203596][ T2341] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 1445.211281][ T2341] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 1445.222676][ T2341] pvrusb2: Attached sub-driver cx25840 [ 1445.231357][ T2341] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1445.244516][T13428] usb 4-1: USB disconnect, device number 96 [ 1445.246073][ T2341] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1445.261560][T19647] hsr1: Slave B (gretap0) is not up; please bring it up to get a fully working HSR network [ 1445.315888][T19655] vivid-001: ================= START STATUS ================= [ 1445.345762][T19655] vivid-001: Radio HW Seek Mode: Bounded [ 1445.351593][T19655] vivid-001: Radio Programmable HW Seek: false [ 1445.373143][T19655] vivid-001: RDS Rx I/O Mode: Block I/O [ 1445.388202][T19655] vivid-001: Generate RBDS Instead of RDS: false [ 1445.394918][T19655] vivid-001: RDS Reception: true [ 1445.410350][T19655] vivid-001: RDS Program Type: 0 inactive [ 1445.434781][T19655] vivid-001: RDS PS Name: inactive [ 1445.451040][T19655] vivid-001: RDS Radio Text: inactive [ 1445.461841][T19655] vivid-001: RDS Traffic Announcement: false inactive [ 1445.477928][T19655] vivid-001: RDS Traffic Program: false inactive [ 1445.487075][T19655] vivid-001: RDS Music: false inactive [ 1445.492941][T19655] vivid-001: ================== END STATUS ================== [ 1445.877056][T19680] netlink: 'syz.1.21668': attribute type 1 has an invalid length. [ 1445.889631][ T5879] usb 9-1: new high-speed USB device number 28 using dummy_hcd [ 1445.897971][T19680] netlink: 172 bytes leftover after parsing attributes in process `syz.1.21668'. [ 1445.968856][T12643] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 1445.995012][T12643] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1446.012321][T12643] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1446.035147][T12643] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1446.045329][T12643] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 1446.066927][T12643] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1446.080069][T12643] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 1446.093318][ T5879] usb 9-1: Using ep0 maxpacket: 8 [ 1446.102282][ T5879] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1446.143436][T12643] usb 3-1: USB disconnect, device number 122 [ 1446.153726][ T5879] usb 9-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 1446.172322][ T5879] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1446.188010][ T5879] usb 9-1: config 0 descriptor?? [ 1446.664138][ T5879] kye 0003:0458:4018.0097: unbalanced delimiter at end of report description [ 1446.715033][ T5879] kye 0003:0458:4018.0097: parse failed [ 1446.742444][ T5879] kye 0003:0458:4018.0097: probe with driver kye failed with error -22 [ 1446.793399][T19705] netlink: 16 bytes leftover after parsing attributes in process `syz.9.21680'. [ 1446.890024][T13428] usb 9-1: USB disconnect, device number 28 [ 1447.127877][T19717] program syz.3.21686 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1448.140757][T12643] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 1448.314306][T12643] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1448.339645][T12643] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1448.354017][T12643] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 1448.363324][T12643] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1448.378277][T12643] usb 2-1: config 0 descriptor?? [ 1448.497991][T19778] netlink: 8 bytes leftover after parsing attributes in process `syz.8.21713'. [ 1448.560007][T19778] netlink: 12 bytes leftover after parsing attributes in process `syz.8.21713'. [ 1448.828214][T12643] sony 0003:054C:024B.0098: unexpected long global item [ 1448.856989][T12643] sony 0003:054C:024B.0098: parse failed [ 1448.873865][T12643] sony 0003:054C:024B.0098: probe with driver sony failed with error -22 [ 1449.043728][T13428] usb 2-1: USB disconnect, device number 96 [ 1449.435933][T19817] netlink: 24 bytes leftover after parsing attributes in process `syz.8.21728'. [ 1450.403279][T19863] netlink: 27 bytes leftover after parsing attributes in process `syz.9.21750'. [ 1450.802307][T19882] binder: 19880:19882 ioctl c0306201 2000000003c0 returned -14 [ 1450.981384][T19886] wg1 speed is unknown, defaulting to 1000 [ 1451.007438][T19886] hsr0 speed is unknown, defaulting to 1000 [ 1451.151173][T19896] tap0: tun_chr_ioctl cmd 1074025677 [ 1451.182705][T19896] tap0: linktype set to 825 [ 1451.346797][T19902] vimc link validate: Scaler:src:16x16 (0x33424752, 0, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x42474752, 6, 0, 5, 0) [ 1451.481595][T19905] Bluetooth: MGMT ver 1.23 [ 1451.638206][T19914] netlink: 16162 bytes leftover after parsing attributes in process `syz.9.21775'. [ 1452.021399][T19922] hsr0: entered promiscuous mode [ 1452.033039][T19922] macvtap1: entered promiscuous mode [ 1452.058780][T19922] macvtap1: entered allmulticast mode [ 1452.078896][T19922] hsr0: entered allmulticast mode [ 1452.110281][T19922] hsr_slave_0: entered allmulticast mode [ 1452.138506][T19922] hsr_slave_1: entered allmulticast mode [ 1452.175682][T19922] hsr0: left allmulticast mode [ 1452.190954][T19922] hsr_slave_0: left allmulticast mode [ 1452.209307][T19922] hsr_slave_1: left allmulticast mode [ 1452.580749][T19934] can0: slcan on ttyS3. [ 1452.680022][T19934] can0 (unregistered): slcan off ttyS3. [ 1452.694092][T19934] Falling back ldisc for ttyS3. [ 1453.310050][T12644] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 1453.505036][T12644] usb 2-1: Using ep0 maxpacket: 32 [ 1453.517466][T12644] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 1453.556290][T12644] usb 2-1: config 0 has no interface number 0 [ 1453.562482][T12644] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1453.590996][T12644] usb 2-1: config 0 interface 85 has no altsetting 0 [ 1453.601889][T12644] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1453.612208][T12644] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1453.622969][T12644] usb 2-1: Product: syz [ 1453.628344][T12644] usb 2-1: Manufacturer: syz [ 1453.635721][T12644] usb 2-1: SerialNumber: syz [ 1453.646896][T12644] usb 2-1: config 0 descriptor?? [ 1453.776696][T19999] netlink: 'syz.2.21815': attribute type 46 has an invalid length. [ 1453.793104][T19999] netlink: 212868 bytes leftover after parsing attributes in process `syz.2.21815'. [ 1454.064264][ T78] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1454.486682][T12644] appletouch 2-1:0.85: Geyser mode initialized. [ 1454.525064][T12644] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input161 [ 1454.568947][T20027] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1455.141531][T20051] netlink: 20 bytes leftover after parsing attributes in process `syz.9.21838'. [ 1455.684745][T20074] syzkaller1: tun_chr_ioctl cmd 35111 [ 1456.287689][T13428] usb 2-1: USB disconnect, device number 97 [ 1456.375452][T13428] appletouch 2-1:0.85: input: appletouch disconnected [ 1456.452040][T20100] netlink: 136 bytes leftover after parsing attributes in process `syz.8.21864'. [ 1456.805893][T12644] usb 3-1: new full-speed USB device number 123 using dummy_hcd [ 1456.859488][T20127] netlink: 4 bytes leftover after parsing attributes in process `syz.1.21875'. [ 1456.959044][T20131] sp0: Synchronizing with TNC [ 1456.979601][T12644] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1456.991286][T12644] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1457.004684][T12644] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 1457.018671][T12644] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1457.030578][T12644] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1457.038650][T12644] usb 3-1: Product: syz [ 1457.043006][T12643] usb 9-1: new high-speed USB device number 29 using dummy_hcd [ 1457.051853][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1457.062846][T13428] usb 10-1: new low-speed USB device number 3 using dummy_hcd [ 1457.073060][T12644] usb 3-1: Manufacturer: syz [ 1457.077723][T12644] usb 3-1: SerialNumber: syz [ 1457.092633][T12644] usb 3-1: config 0 descriptor?? [ 1457.098896][T20109] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1457.106508][T20109] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1457.115437][T12644] usb 3-1: ucan: probing device on interface #0 [ 1457.224776][T12643] usb 9-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 1457.234172][T12643] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1457.249416][T13428] usb 10-1: config index 0 descriptor too short (expected 1307, got 27) [ 1457.249625][T12643] usb 9-1: config 0 descriptor?? [ 1457.262961][T13428] usb 10-1: config 0 has an invalid interface number: 0 but max is -1 [ 1457.282646][T13428] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 1457.285845][T12643] gspca_main: spca508-2.14.0 probing 8086:0110 [ 1457.301598][T13428] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 1457.333824][T13428] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 1457.359043][T13428] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1457.377499][T13428] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 1457.400000][T13428] usb 10-1: string descriptor 0 read error: -22 [ 1457.407730][T13428] usb 10-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 1457.421300][T13428] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1457.435529][T13428] usb 10-1: config 0 descriptor?? [ 1457.447259][T13428] hub 10-1:0.0: bad descriptor, ignoring hub [ 1457.453417][T13428] hub 10-1:0.0: probe with driver hub failed with error -5 [ 1457.470967][T13428] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/input/input162 [ 1457.511572][T12643] gspca_spca508: reg_read err -32 [ 1457.522300][T12643] gspca_spca508: reg_read err -32 [ 1457.713557][ T5879] usb 10-1: USB disconnect, device number 3 [ 1457.742811][T12643] gspca_spca508: reg_read err -71 [ 1457.752635][T12643] gspca_spca508: reg_read err -71 [ 1457.763481][T12643] gspca_spca508: reg write: error -71 [ 1457.773624][T12644] ucan 3-1:0.0: probe with driver ucan failed with error -71 [ 1457.782373][T12643] spca508 9-1:0.0: probe with driver spca508 failed with error -71 [ 1457.813352][T12644] usb 3-1: USB disconnect, device number 123 [ 1457.819813][T12643] usb 9-1: USB disconnect, device number 29 [ 1458.310176][T20167] netlink: 'syz.9.21895': attribute type 9 has an invalid length. [ 1458.318805][T20167] netlink: 211988 bytes leftover after parsing attributes in process `syz.9.21895'. [ 1458.331368][T20167] netlink: 'syz.9.21895': attribute type 1 has an invalid length. [ 1458.356103][T13428] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 1458.377945][ T5874] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 1458.486880][T20173] netlink: 28 bytes leftover after parsing attributes in process `syz.9.21898'. [ 1458.556448][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1458.587434][T13428] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 1458.607982][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1458.618842][T13428] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1458.640534][ T5874] usb 4-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 1458.655499][T13428] usb 2-1: Product: syz [ 1458.659733][T13428] usb 2-1: Manufacturer: syz [ 1458.664743][T13428] usb 2-1: SerialNumber: syz [ 1458.682847][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1458.694374][T13428] usb 2-1: config 0 descriptor?? [ 1458.704132][ T5874] usb 4-1: config 0 descriptor?? [ 1458.947656][T13428] usb 2-1: ignoring: probably an ADSL modem [ 1459.042983][T20193] netlink: 'syz.9.21907': attribute type 19 has an invalid length. [ 1459.187598][ T5874] elo 0003:04E7:0030.0099: item fetching failed at offset 5/7 [ 1459.207523][ T5874] elo 0003:04E7:0030.0099: parse failed [ 1459.224523][ T5874] elo 0003:04E7:0030.0099: probe with driver elo failed with error -22 [ 1459.384875][T13428] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1459.429339][T12644] usb 4-1: USB disconnect, device number 97 [ 1459.613275][T20219] tap0: tun_chr_ioctl cmd 1074812118 [ 1459.624146][T12643] usb 2-1: USB disconnect, device number 98 [ 1460.609767][T20255] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1460.826008][T13428] usb 4-1: new high-speed USB device number 98 using dummy_hcd [ 1460.939692][T20271] CIFS: VFS: Malformed UNC in devname [ 1461.009937][T13428] usb 4-1: Using ep0 maxpacket: 16 [ 1461.022529][T13428] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1461.053084][T13428] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1461.080160][T13428] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1461.088856][T13428] usb 4-1: Product: syz [ 1461.106226][T13428] usb 4-1: Manufacturer: syz [ 1461.110930][T13428] usb 4-1: SerialNumber: syz [ 1461.141533][T13428] usb 4-1: config 0 descriptor?? [ 1461.185940][T13428] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1461.200909][T13428] usb 4-1: Detected FT232R [ 1461.419266][T13428] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1461.433952][T20290] nbd: nbd8 already in use [ 1461.447331][T20291] netlink: 'syz.9.21949': attribute type 4 has an invalid length. [ 1461.661896][T13428] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1461.706239][T20303] netlink: 'syz.8.21955': attribute type 6 has an invalid length. [ 1461.845408][T20305] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21957'. [ 1461.861128][T20305] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21957'. [ 1461.902237][T13428] usb 4-1: USB disconnect, device number 98 [ 1461.931198][T13428] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1461.967308][T13428] ftdi_sio 4-1:0.0: device disconnected [ 1462.039699][ T5912] hid-generic 0000:0004:0000.009A: unknown main item tag 0x0 [ 1462.048247][ T5912] hid-generic 0000:0004:0000.009A: unknown main item tag 0x0 [ 1462.056308][ T5912] hid-generic 0000:0004:0000.009A: unknown main item tag 0x0 [ 1462.066234][ T5912] hid-generic 0000:0004:0000.009A: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1463.128739][T20354] openvswitch: netlink: IPv4 tunnel dst address is zero [ 1463.167307][ T5879] usb 9-1: new high-speed USB device number 30 using dummy_hcd [ 1463.359226][ T5879] usb 9-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64 [ 1463.401525][ T5879] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1463.434116][ T5879] usb 9-1: Product: syz [ 1463.445181][ T5879] usb 9-1: Manufacturer: syz [ 1463.454671][ T5879] usb 9-1: SerialNumber: syz [ 1463.486636][ T5879] usb 9-1: config 0 descriptor?? [ 1463.501262][ T5879] hub 9-1:0.0: bad descriptor, ignoring hub [ 1463.509869][ T5879] hub 9-1:0.0: probe with driver hub failed with error -5 [ 1463.517997][ T5879] f81232 9-1:0.0: f81534a converter detected [ 1463.720221][ T5879] f81534a ttyUSB0: f81232_set_register failed status: -71 [ 1463.749341][ T5879] f81534a ttyUSB0: probe with driver f81534a failed with error -5 [ 1464.014189][ T5879] usb 9-1: reset high-speed USB device number 30 using dummy_hcd [ 1464.142404][T20390] openvswitch: netlink: VXLAN extension 0 has unexpected len 3 expected 0 [ 1464.215537][ T5879] usb 9-1: device firmware changed [ 1464.233684][ T5879] usb 9-1: USB disconnect, device number 30 [ 1464.246712][ T5879] f81232 9-1:0.0: device disconnected [ 1464.264890][T20394] veth0_to_bridge: entered promiscuous mode [ 1464.277191][T20393] veth0_to_bridge: left promiscuous mode [ 1464.471521][T12644] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 1464.589450][ T5879] usb 9-1: new high-speed USB device number 31 using dummy_hcd [ 1464.642257][T12644] usb 2-1: Using ep0 maxpacket: 32 [ 1464.660059][T12644] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 1464.680327][T12644] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1464.701000][T12644] usb 2-1: config 0 descriptor?? [ 1464.715320][T12644] gspca_main: sq930x-2.14.0 probing 041e:403c [ 1464.772648][ T5879] usb 9-1: config 0 has no interfaces? [ 1464.787222][ T5879] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1464.803320][ T5879] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1464.813550][ T5879] usb 9-1: Product: syz [ 1464.817813][ T5879] usb 9-1: Manufacturer: syz [ 1464.822448][ T5879] usb 9-1: SerialNumber: syz [ 1464.833486][ T5879] usb 9-1: config 0 descriptor?? [ 1465.637417][T12644] gspca_sq930x: reg_w 0105 bf00 failed -71 [ 1465.668219][T13428] usb 9-1: USB disconnect, device number 31 [ 1465.711420][T12644] sq930x 2-1:0.0: probe with driver sq930x failed with error -71 [ 1465.733486][T12644] usb 2-1: USB disconnect, device number 99 [ 1466.244574][T20472] netlink: 12 bytes leftover after parsing attributes in process `syz.2.22031'. [ 1466.924530][T12644] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 1466.994739][ T5879] usb 9-1: new high-speed USB device number 32 using dummy_hcd [ 1467.100340][T20512] netlink: 16 bytes leftover after parsing attributes in process `syz.3.22050'. [ 1467.122360][T12644] usb 2-1: Using ep0 maxpacket: 32 [ 1467.135338][T12644] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 1467.154490][T12644] usb 2-1: config 0 has no interface number 0 [ 1467.167822][T12644] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1467.183716][ T5879] usb 9-1: config 241 has an invalid interface number: 0 but max is -1 [ 1467.192935][ T5879] usb 9-1: config 241 has 1 interface, different from the descriptor's value: 0 [ 1467.203132][T12644] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1467.212354][T12644] usb 2-1: Product: syz [ 1467.216685][ T5879] usb 9-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=db.e9 [ 1467.226105][T12644] usb 2-1: Manufacturer: syz [ 1467.232790][T12644] usb 2-1: SerialNumber: syz [ 1467.237499][ T5879] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1467.249040][T12644] usb 2-1: config 0 descriptor?? [ 1467.267291][T12644] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1467.277241][ T5879] usbhid 9-1:241.0: couldn't find an input interrupt endpoint [ 1467.483535][T12644] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1467.485342][ T5874] usb 9-1: USB disconnect, device number 32 [ 1467.498776][T12644] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1467.576699][T20524] netlink: 28 bytes leftover after parsing attributes in process `syz.9.22056'. [ 1467.592151][T20524] netlink: 28 bytes leftover after parsing attributes in process `syz.9.22056'. [ 1467.732255][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 101 [ 1467.827042][T20528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.22058'. [ 1467.967979][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1467.969166][ T5874] usb 2-1: USB disconnect, device number 100 [ 1468.014839][ T5874] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1468.046599][ T5874] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1468.110509][ T5874] quatech2 2-1:0.51: device disconnected [ 1468.964307][T20579] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1469.771633][T20619] veth0: entered promiscuous mode [ 1469.796797][T20618] veth0: left promiscuous mode [ 1469.869894][T13428] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1470.040838][T13428] usb 2-1: Using ep0 maxpacket: 32 [ 1470.054742][T13428] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 1470.075732][T13428] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 1470.105107][T13428] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1470.149312][T13428] usb 2-1: Product: syz [ 1470.155434][T13428] usb 2-1: Manufacturer: syz [ 1470.164858][T13428] usb 2-1: SerialNumber: syz [ 1470.184539][T13428] usb 2-1: config 0 descriptor?? [ 1470.201396][T20611] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1470.216117][T13428] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1470.510685][T13428] usb 2-1: USB disconnect, device number 101 [ 1471.005341][T20674] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 1471.046864][ T30] audit: type=1326 audit(2000006580.627:5756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20635 comm="syz.3.22108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7fc00000 [ 1471.095926][ T30] audit: type=1326 audit(2000006580.627:5757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20635 comm="syz.3.22108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f359e58e969 code=0x7fc00000 [ 1471.177339][T20679] netlink: 16 bytes leftover after parsing attributes in process `syz.2.22127'. [ 1471.180043][ T30] audit: type=1326 audit(2000006580.627:5758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20635 comm="syz.3.22108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7fc00000 [ 1471.291198][ T30] audit: type=1326 audit(2000006580.627:5759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20635 comm="syz.3.22108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7fc00000 [ 1471.361171][ T30] audit: type=1326 audit(2000006580.627:5760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20635 comm="syz.3.22108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7fc00000 [ 1471.389984][T20685] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1471.443950][ T30] audit: type=1326 audit(2000006580.627:5761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20635 comm="syz.3.22108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7fc00000 [ 1471.529295][ T30] audit: type=1326 audit(2000006580.627:5762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20635 comm="syz.3.22108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7fc00000 [ 1471.597267][ T30] audit: type=1326 audit(2000006580.627:5763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20635 comm="syz.3.22108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7fc00000 [ 1471.675040][ T30] audit: type=1326 audit(2000006580.627:5764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20635 comm="syz.3.22108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7fc00000 [ 1471.724115][T20699] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1471.740641][ T30] audit: type=1326 audit(2000006580.627:5765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20635 comm="syz.3.22108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7fc00000 [ 1472.148982][T20719] netlink: 76 bytes leftover after parsing attributes in process `syz.9.22145'. [ 1472.763396][T20751] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22159'. [ 1472.778653][T13428] usb 9-1: new high-speed USB device number 33 using dummy_hcd [ 1472.815595][T20751] vlan2: entered allmulticast mode [ 1472.825323][T20751] dummy0: entered allmulticast mode [ 1472.828971][T20755] kernel read not supported for file /eth0 (pid: 20755 comm: syz.3.22161) [ 1472.972954][T13428] usb 9-1: Using ep0 maxpacket: 8 [ 1472.986282][T13428] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1473.006506][T13428] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1473.018537][T13428] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1473.047887][T13428] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1473.118487][T13428] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1473.142545][T13428] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1473.394989][T13428] usb 9-1: GET_CAPABILITIES returned 0 [ 1473.407239][T13428] usbtmc 9-1:16.0: can't read capabilities [ 1473.643074][ T5912] usb 9-1: USB disconnect, device number 33 [ 1473.856622][T20799] xt_hashlimit: max too large, truncated to 1048576 [ 1473.873161][T20799] xt_hashlimit: overflow, try lower: 0/0 [ 1474.133295][T20807] netlink: 252 bytes leftover after parsing attributes in process `syz.1.22187'. [ 1475.178398][T20842] netlink: 4 bytes leftover after parsing attributes in process `syz.9.22203'. [ 1475.711373][T12644] kernel write not supported for file /amidi2 (pid: 12644 comm: kworker/1:6) [ 1475.886332][T20879] netlink: 'syz.9.22222': attribute type 3 has an invalid length. [ 1475.897298][T20879] netlink: 8 bytes leftover after parsing attributes in process `syz.9.22222'. [ 1475.898218][T20880] netlink: 12 bytes leftover after parsing attributes in process `syz.8.22221'. [ 1475.963458][T20880] nbd: couldn't find device at index 131080 [ 1475.985301][ T5879] usb 4-1: new high-speed USB device number 99 using dummy_hcd [ 1476.003130][T20882] openvswitch: netlink: VXLAN extension 2 out of range max 1 [ 1476.166535][ T5879] usb 4-1: Using ep0 maxpacket: 16 [ 1476.188974][ T5879] usb 4-1: config 0 has no interfaces? [ 1476.211558][ T5879] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 1476.244562][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1476.262894][ T5879] usb 4-1: Product: syz [ 1476.267202][ T5879] usb 4-1: Manufacturer: syz [ 1476.276295][ T5879] usb 4-1: SerialNumber: syz [ 1476.291253][ T5879] usb 4-1: config 0 descriptor?? [ 1476.333460][T20895] input: syz1 as /devices/virtual/input/input163 [ 1476.525309][T12643] usb 4-1: USB disconnect, device number 99 [ 1476.892497][T20919] netlink: 'syz.2.22239': attribute type 1 has an invalid length. [ 1476.914957][T20919] netlink: 'syz.2.22239': attribute type 2 has an invalid length. [ 1476.924307][T20919] netlink: 'syz.2.22239': attribute type 1 has an invalid length. [ 1476.932987][T20919] netlink: 1156 bytes leftover after parsing attributes in process `syz.2.22239'. [ 1477.481994][T20943] ucma_write: process 9208 (syz.3.22250) changed security contexts after opening file descriptor, this is not allowed. [ 1478.464992][ T5879] usb 9-1: new high-speed USB device number 34 using dummy_hcd [ 1478.565163][T12644] kernel read not supported for file /dsp (pid: 12644 comm: kworker/1:6) [ 1478.673710][ T5879] usb 9-1: Using ep0 maxpacket: 32 [ 1478.691086][ T5879] usb 9-1: unable to get BOS descriptor or descriptor too short [ 1478.710334][ T5879] usb 9-1: config index 0 descriptor too short (expected 34347, got 43) [ 1478.728102][ T5879] usb 9-1: config 31 has too many interfaces: 196, using maximum allowed: 32 [ 1478.737723][ T5879] usb 9-1: config 31 has an invalid descriptor of length 0, skipping remainder of the config [ 1478.764743][ T5879] usb 9-1: config 31 has 1 interface, different from the descriptor's value: 196 [ 1478.774036][ T5879] usb 9-1: config 31 has no interface number 0 [ 1478.810123][ T5879] usb 9-1: config 31 interface 81 altsetting 3 has an endpoint descriptor with address 0x93, changing to 0x83 [ 1478.843948][ T5879] usb 9-1: config 31 interface 81 altsetting 3 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1478.857556][ T5879] usb 9-1: config 31 interface 81 altsetting 3 bulk endpoint 0x83 has invalid maxpacket 0 [ 1478.876410][ T5879] usb 9-1: config 31 interface 81 has no altsetting 0 [ 1478.893553][ T5879] usb 9-1: string descriptor 0 read error: -22 [ 1478.908419][ T5879] usb 9-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice=24.ac [ 1478.935340][ T5879] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1479.005878][ T5879] input: USB Touchscreen 0dfc:0001 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:31.81/input/input164 [ 1479.176787][T21019] netlink: 8 bytes leftover after parsing attributes in process `syz.9.22283'. [ 1479.202920][T21019] netlink: 4 bytes leftover after parsing attributes in process `syz.9.22283'. [ 1479.308013][ T5879] usb 9-1: USB disconnect, device number 34 [ 1479.703386][T21046] netlink: 'syz.9.22295': attribute type 9 has an invalid length. [ 1479.728870][T21046] netlink: 212260 bytes leftover after parsing attributes in process `syz.9.22295'. [ 1479.845749][T21052] program syz.3.22298 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1480.598901][T21079] program syz.9.22310 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1481.941816][T12643] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 1482.026895][T21136] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1482.122392][T12643] usb 4-1: Using ep0 maxpacket: 16 [ 1482.133723][T12643] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1482.162135][T12643] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1482.194773][T21144] mac80211_hwsim hwsim38 wlan0: entered promiscuous mode [ 1482.206034][T12643] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1482.235461][T12643] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1482.281699][T12643] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1482.325293][T12643] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1482.334441][T12643] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1482.349594][T12643] usb 4-1: Manufacturer: syz [ 1482.368323][T12643] usb 4-1: config 0 descriptor?? [ 1482.418191][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 1482.418211][ T30] audit: type=1326 audit(2000006591.272:5794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21151 comm="syz.8.22346" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa5fc98e969 code=0x0 [ 1482.731418][T12643] rc_core: IR keymap rc-hauppauge not found [ 1482.737543][T12643] Registered IR keymap rc-empty [ 1482.748284][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1482.784260][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1482.829595][T12643] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 1482.865672][T12643] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input165 [ 1482.903603][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1482.938994][T21176] netlink: 165 bytes leftover after parsing attributes in process `syz.1.22356'. [ 1482.943198][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1482.998224][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1483.052761][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1483.076103][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1483.105397][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1483.127006][T21182] block nbd1: not configured, cannot reconfigure [ 1483.158892][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1483.187245][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1483.206236][T21184] netlink: 16 bytes leftover after parsing attributes in process `syz.2.22360'. [ 1483.219226][T21184] netlink: 16 bytes leftover after parsing attributes in process `syz.2.22360'. [ 1483.226426][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1483.266912][T12643] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1483.329703][T12643] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1483.338843][T12643] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1483.388864][T12643] usb 4-1: USB disconnect, device number 100 [ 1484.576552][T21241] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1484.713794][T21241] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1484.748645][T21251] sp0: Synchronizing with TNC [ 1484.846970][T21241] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1484.995343][T21241] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1485.249289][T21241] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1485.366821][T21241] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1485.444611][T21241] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1485.506525][T21241] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1485.892686][T21296] block device autoloading is deprecated and will be removed. [ 1485.928187][ T5912] usb 9-1: new high-speed USB device number 35 using dummy_hcd [ 1486.112995][ T5912] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1486.145513][ T5912] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1486.159386][ T5912] usb 9-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 1486.198805][ T5912] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1486.228567][ T5912] usb 9-1: config 0 descriptor?? [ 1486.358152][T21311] netlink: 72 bytes leftover after parsing attributes in process `syz.1.22418'. [ 1486.679596][T21322] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22424'. [ 1486.713274][ T5912] playstation 0003:054C:0DF2.009B: unknown main item tag 0x0 [ 1486.730860][ T5912] playstation 0003:054C:0DF2.009B: unknown main item tag 0x0 [ 1486.738582][ T5912] playstation 0003:054C:0DF2.009B: unknown main item tag 0x0 [ 1486.750775][ T5912] playstation 0003:054C:0DF2.009B: unknown main item tag 0x0 [ 1486.766322][ T5912] playstation 0003:054C:0DF2.009B: unknown main item tag 0x0 [ 1486.797644][ T5912] playstation 0003:054C:0DF2.009B: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.8-1/input0 [ 1486.916374][ T5912] playstation 0003:054C:0DF2.009B: Invalid byte count transferred, expected 20 got 0 [ 1486.942789][T13428] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1486.950839][ T5912] playstation 0003:054C:0DF2.009B: Failed to retrieve DualSense pairing info: -22 [ 1486.974919][ T5912] playstation 0003:054C:0DF2.009B: Failed to get MAC address from DualSense [ 1486.986273][ T5912] playstation 0003:054C:0DF2.009B: Failed to create dualsense. [ 1487.008244][ T5912] playstation 0003:054C:0DF2.009B: probe with driver playstation failed with error -22 [ 1487.124438][T13428] usb 2-1: Using ep0 maxpacket: 32 [ 1487.147811][T13428] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1487.160263][T13428] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1487.178415][T13428] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1487.187555][T13428] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1487.202078][T12644] usb 9-1: USB disconnect, device number 35 [ 1487.224204][T13428] usb 2-1: config 0 descriptor?? [ 1487.677779][T13428] savu 0003:1E7D:2D5A.009C: unknown main item tag 0x0 [ 1487.696192][T13428] savu 0003:1E7D:2D5A.009C: unknown main item tag 0x0 [ 1487.712550][T13428] savu 0003:1E7D:2D5A.009C: unknown main item tag 0x0 [ 1487.726093][T13428] savu 0003:1E7D:2D5A.009C: unknown main item tag 0x0 [ 1487.734903][T13428] savu 0003:1E7D:2D5A.009C: unknown main item tag 0x0 [ 1487.742331][T13428] savu 0003:1E7D:2D5A.009C: unbalanced collection at end of report description [ 1487.754921][T13428] savu 0003:1E7D:2D5A.009C: parse failed [ 1487.765149][T13428] savu 0003:1E7D:2D5A.009C: probe with driver savu failed with error -22 [ 1487.888962][ T5879] usb 2-1: USB disconnect, device number 102 [ 1488.111311][T21347] netlink: 28 bytes leftover after parsing attributes in process `syz.9.22435'. [ 1488.129511][T21347] netlink: 28 bytes leftover after parsing attributes in process `syz.9.22435'. [ 1488.860362][ T5912] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 1489.039006][ T5912] usb 4-1: Using ep0 maxpacket: 16 [ 1489.061836][ T5912] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1489.092612][ T5912] usb 4-1: config 0 has no interface number 0 [ 1489.103393][ T5912] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1489.139611][ T5912] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1489.149645][ T5912] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 1489.165759][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1489.183997][ T5912] usb 4-1: config 0 descriptor?? [ 1489.198975][T12644] usb 9-1: new high-speed USB device number 36 using dummy_hcd [ 1489.394614][T12644] usb 9-1: Using ep0 maxpacket: 8 [ 1489.415621][T12644] usb 9-1: unable to get BOS descriptor or descriptor too short [ 1489.429124][T12644] usb 9-1: config 11 has an invalid interface number: 244 but max is 0 [ 1489.448774][T12644] usb 9-1: config 11 has an invalid descriptor of length 0, skipping remainder of the config [ 1489.477602][T12644] usb 9-1: config 11 has no interface number 0 [ 1489.496355][T12644] usb 9-1: config 11 interface 244 altsetting 5 has an endpoint descriptor with address 0x38, changing to 0x8 [ 1489.513614][T12644] usb 9-1: config 11 interface 244 altsetting 5 endpoint 0x8 has an invalid bInterval 0, changing to 7 [ 1489.537602][T12644] usb 9-1: config 11 interface 244 altsetting 5 endpoint 0x8 has invalid wMaxPacketSize 0 [ 1489.542057][T21398] overlayfs: workdir and upperdir must be separate subtrees [ 1489.573478][T12644] usb 9-1: config 11 interface 244 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1489.591514][T12644] usb 9-1: config 11 interface 244 has no altsetting 0 [ 1489.623045][T12644] usb 9-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=57.8a [ 1489.633966][T12644] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1489.658401][T12644] usb 9-1: Product: syz [ 1489.665502][T12644] usb 9-1: Manufacturer: syz [ 1489.672625][T12644] usb 9-1: SerialNumber: syz [ 1489.842522][ T5912] uclogic 0003:28BD:0071.009D: failed retrieving string descriptor #100: -71 [ 1489.864091][ T5912] uclogic 0003:28BD:0071.009D: failed retrieving pen parameters: -71 [ 1489.893786][ T5912] uclogic 0003:28BD:0071.009D: pen probing failed: -71 [ 1489.916274][ T5912] uclogic 0003:28BD:0071.009D: failed probing parameters: -71 [ 1489.945880][ T5912] uclogic 0003:28BD:0071.009D: probe with driver uclogic failed with error -71 [ 1489.950635][T12644] usb 9-1: USB disconnect, device number 36 [ 1489.990272][ T5912] usb 4-1: USB disconnect, device number 101 [ 1490.840761][T21443] netlink: 'syz.2.22480': attribute type 1 has an invalid length. [ 1490.855719][ T5912] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1490.863596][T21443] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1491.067860][ T5912] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1491.104532][ T5912] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1491.149517][ T5912] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1491.176403][ T5912] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1491.190487][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1491.203521][T21433] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1491.357958][ T30] audit: type=1326 audit(2000006599.625:5795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21460 comm="syz.2.22488" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff27798e969 code=0x0 [ 1492.107739][ T5912] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 1492.126912][ T5912] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input166 [ 1492.172690][ T5912] usb 2-1: USB disconnect, device number 103 [ 1492.178800][ C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 1492.567583][T21506] misc userio: Begin command sent, but we're already running [ 1493.688863][T13428] usb 9-1: new high-speed USB device number 37 using dummy_hcd [ 1493.862538][T13428] usb 9-1: Using ep0 maxpacket: 32 [ 1493.900875][T13428] usb 9-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1493.927478][T13428] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1493.960004][T13428] usb 9-1: config 0 descriptor?? [ 1493.989980][ T78] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1494.196250][T13428] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1494.215210][T13428] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1494.235293][T13428] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1494.253783][T13428] usb 9-1: media controller created [ 1494.269727][ T78] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1494.344361][T13428] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1494.420962][T13428] az6027: usb out operation failed. (-71) [ 1494.423979][T21567] netlink: 'syz.3.22533': attribute type 2 has an invalid length. [ 1494.437261][T13428] az6027: usb out operation failed. (-71) [ 1494.454032][T21567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.22533'. [ 1494.464882][T13428] stb0899_attach: Driver disabled by Kconfig [ 1494.486543][T13428] az6027: no front-end attached [ 1494.486543][T13428] [ 1494.512042][T13428] az6027: usb out operation failed. (-71) [ 1494.517451][ T78] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1494.517812][T13428] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1494.575455][T13428] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input168 [ 1494.610514][T13428] dvb-usb: schedule remote query interval to 400 msecs. [ 1494.617541][T13428] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1494.673563][T13428] usb 9-1: USB disconnect, device number 37 [ 1494.727917][ T78] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1494.840358][T13428] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1494.854777][T21510] Bluetooth: hci2: command 0x0405 tx timeout [ 1495.012949][T21579] sctp: [Deprecated]: syz.3.22539 (pid 21579) Use of int in max_burst socket option. [ 1495.012949][T21579] Use struct sctp_assoc_value instead [ 1495.084046][T21510] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1495.102293][T21510] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1495.114909][T21510] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1495.128792][T21510] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1495.136764][T21510] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1495.755966][ T78] team0: Port device geneve0 removed [ 1495.801251][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1495.820971][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1495.850499][ T78] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 1495.873924][ T78] bond0 (unregistering): Released all slaves [ 1495.912230][T21606] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.22550'. [ 1496.014754][T21583] wg1 speed is unknown, defaulting to 1000 [ 1496.022740][T21583] hsr0 speed is unknown, defaulting to 1000 [ 1496.531475][T21583] chnl_net:caif_netlink_parms(): no params data found [ 1496.906470][T12643] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1496.969283][T21583] bridge0: port 1(bridge_slave_0) entered blocking state [ 1497.003010][T21583] bridge0: port 1(bridge_slave_0) entered disabled state [ 1497.010362][T21583] bridge_slave_0: entered allmulticast mode [ 1497.045569][T21583] bridge_slave_0: entered promiscuous mode [ 1497.072245][T21583] bridge0: port 2(bridge_slave_1) entered blocking state [ 1497.088481][T21583] bridge0: port 2(bridge_slave_1) entered disabled state [ 1497.095814][T21583] bridge_slave_1: entered allmulticast mode [ 1497.102024][T12643] usb 2-1: Using ep0 maxpacket: 16 [ 1497.110978][T12643] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1497.128911][T12643] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1497.159770][T21583] bridge_slave_1: entered promiscuous mode [ 1497.165916][T12643] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1497.206957][T12643] usb 2-1: config 0 descriptor?? [ 1497.300703][T21583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1497.335821][ T978] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 1497.342687][T21510] Bluetooth: hci3: command tx timeout [ 1497.403805][T21659] netlink: 56 bytes leftover after parsing attributes in process `syz.8.22572'. [ 1497.418708][T21655] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1497.471258][T21583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1497.553132][ T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1497.569120][ T978] usb 4-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 1497.581794][ T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1497.609551][ T978] usb 4-1: config 0 descriptor?? [ 1497.644813][ T78] IPVS: stopping backup sync thread 20674 ... [ 1497.685310][T12643] mcp2221 0003:04D8:00DD.009E: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 1497.699511][T21655] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1497.726985][T21583] team0: Port device team_slave_0 added [ 1497.775354][T21583] team0: Port device team_slave_1 added [ 1497.927195][T21655] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.085922][T21655] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.127747][T13428] usb 2-1: USB disconnect, device number 104 [ 1498.295840][ T978] razer 0003:1532:010E.009F: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.3-1/input0 [ 1498.312864][T21583] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1498.323105][T21583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1498.357420][T21583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1498.420564][T21583] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1498.441217][T21583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1498.476270][T21583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1498.530385][ T978] usb 4-1: USB disconnect, device number 102 [ 1498.580168][ T78] hsr_slave_0: left promiscuous mode [ 1498.590735][ T78] hsr_slave_1: left promiscuous mode [ 1498.597474][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1498.605059][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1498.631056][ T78] veth1_macvtap: left promiscuous mode [ 1498.636748][ T78] veth0_macvtap: left promiscuous mode [ 1498.642682][ T78] veth1_vlan: left promiscuous mode [ 1498.648114][ T78] veth0_vlan: left promiscuous mode [ 1498.910021][ T78] pim6reg (unregistering): left allmulticast mode [ 1499.558294][T21510] Bluetooth: hci3: command tx timeout [ 1499.695407][ T78] team0 (unregistering): Port device team_slave_1 removed [ 1499.855190][ T78] team0 (unregistering): Port device C removed [ 1499.900321][T21694] ptrace attach of "./syz-executor exec"[5839] was attempted by ""[21694] [ 1500.581911][T21655] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1500.652637][T21655] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1500.770877][T21655] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1500.795981][T21583] hsr_slave_0: entered promiscuous mode [ 1500.803357][T21583] hsr_slave_1: entered promiscuous mode [ 1500.816976][T21583] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1500.825595][T21583] Cannot create hsr debugfs directory [ 1500.916152][T21655] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1501.171085][T21718] ipvlan2: entered promiscuous mode [ 1501.182227][T21718] ipvlan2: entered allmulticast mode [ 1501.191002][T21718] macvlan1: entered allmulticast mode [ 1501.197054][T21718] veth1_vlan: entered allmulticast mode [ 1501.350246][ T78] IPVS: stop unused estimator thread 0... [ 1501.783768][T21510] Bluetooth: hci3: command tx timeout [ 1501.950452][T21746] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1501.984328][T12644] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1502.155567][T12644] usb 2-1: Using ep0 maxpacket: 32 [ 1502.168596][T12644] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1502.200303][T12644] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1502.235016][T12644] usb 2-1: config 0 descriptor?? [ 1502.452984][T21583] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1502.474987][T12644] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1502.488412][T21583] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1502.503547][T12644] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1502.524001][T12644] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1502.531599][T21583] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1502.538489][T12644] usb 2-1: media controller created [ 1502.541090][T13428] usb 9-1: new high-speed USB device number 38 using dummy_hcd [ 1502.593114][T12644] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1502.616203][T21583] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1502.698578][T12644] az6027: usb out operation failed. (-71) [ 1502.710867][T12644] az6027: usb out operation failed. (-71) [ 1502.723308][T13428] usb 9-1: Using ep0 maxpacket: 8 [ 1502.738280][T12644] stb0899_attach: Driver disabled by Kconfig [ 1502.745774][T13428] usb 9-1: config 179 has an invalid interface number: 65 but max is 0 [ 1502.756796][T12644] az6027: no front-end attached [ 1502.756796][T12644] [ 1502.772445][T12644] az6027: usb out operation failed. (-71) [ 1502.773195][T13428] usb 9-1: config 179 has no interface number 0 [ 1502.788775][T12644] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1502.805114][T13428] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1502.814774][T12644] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input169 [ 1502.832358][T13428] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1502.857362][T12644] dvb-usb: schedule remote query interval to 400 msecs. [ 1502.876899][T12644] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1502.887358][T21583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1502.890327][T13428] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1502.913905][T13428] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 1502.928986][T13428] usb 9-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1502.943907][T13428] usb 9-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1502.954753][T13428] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1502.963764][T12644] usb 2-1: USB disconnect, device number 105 [ 1502.979950][T21753] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 1502.994056][T21583] 8021q: adding VLAN 0 to HW filter on device team0 [ 1503.063364][T13254] bridge0: port 1(bridge_slave_0) entered blocking state [ 1503.070720][T13254] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1503.094117][T12644] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1503.097642][T13254] bridge0: port 2(bridge_slave_1) entered blocking state [ 1503.109908][T13254] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1503.181820][ T24] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 1503.352810][ T24] usb 10-1: Using ep0 maxpacket: 16 [ 1503.372774][ T24] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1503.429949][ T24] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1503.472826][ T24] usb 10-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 1503.502540][ T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1503.521676][ T24] usb 10-1: Product: syz [ 1503.529412][ T24] usb 10-1: Manufacturer: syz [ 1503.539688][ T24] usb 10-1: SerialNumber: syz [ 1503.569908][ T24] usb 10-1: config 0 descriptor?? [ 1503.590744][T13428] usb 9-1: USB disconnect, device number 38 [ 1503.590823][ C0] xpad 9-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1503.590883][ C0] xpad 9-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1503.742454][T21583] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1503.813979][T21768] netlink: 16 bytes leftover after parsing attributes in process `syz.9.22624'. [ 1503.839764][ T24] usb 10-1: USB disconnect, device number 4 [ 1504.005526][T21510] Bluetooth: hci3: command tx timeout [ 1504.491581][T21583] veth0_vlan: entered promiscuous mode [ 1504.543229][T21583] veth1_vlan: entered promiscuous mode [ 1504.575461][ T30] audit: type=1326 audit(2000006612.001:5796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21816 comm="syz.8.22642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5fc98e969 code=0x7ffc0000 [ 1504.642009][T21583] veth0_macvtap: entered promiscuous mode [ 1504.661896][ T30] audit: type=1326 audit(2000006612.029:5797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21816 comm="syz.8.22642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5fc98e969 code=0x7ffc0000 [ 1504.702818][T21583] veth1_macvtap: entered promiscuous mode [ 1504.761582][ T30] audit: type=1326 audit(2000006612.029:5798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21816 comm="syz.8.22642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7fa5fc98e969 code=0x7ffc0000 [ 1504.783542][ C0] vkms_vblank_simulate: vblank timer overrun [ 1504.840828][ T30] audit: type=1326 audit(2000006612.029:5799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21816 comm="syz.8.22642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5fc98e969 code=0x7ffc0000 [ 1504.868065][ T30] audit: type=1326 audit(2000006612.029:5800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21816 comm="syz.8.22642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5fc98e969 code=0x7ffc0000 [ 1504.889854][ C0] vkms_vblank_simulate: vblank timer overrun [ 1504.925857][T21583] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1504.962618][T21583] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1505.007466][ T30] audit: type=1326 audit(2000006612.029:5801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21816 comm="syz.8.22642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa5fc98e969 code=0x7ffc0000 [ 1505.048427][T21583] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1505.058401][T21583] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1505.068988][T21583] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1505.077900][ T30] audit: type=1326 audit(2000006612.029:5802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21816 comm="syz.8.22642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5fc98e969 code=0x7ffc0000 [ 1505.104385][T21583] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1505.131258][T21837] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check. [ 1505.158348][ T30] audit: type=1326 audit(2000006612.029:5803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21816 comm="syz.8.22642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5fc98e969 code=0x7ffc0000 [ 1505.296913][ T30] audit: type=1326 audit(2000006612.038:5804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21816 comm="syz.8.22642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fa5fc98e969 code=0x7ffc0000 [ 1505.318614][ C0] vkms_vblank_simulate: vblank timer overrun [ 1505.338383][ T30] audit: type=1326 audit(2000006612.038:5805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21816 comm="syz.8.22642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5fc98e969 code=0x7ffc0000 [ 1505.467397][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1505.500238][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1505.615382][T13254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1505.631900][T13254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1505.667657][T21850] overlayfs: missing 'workdir' [ 1505.972736][T13428] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 1506.171454][T13428] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1506.192171][T13428] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1506.221875][T13428] usb 4-1: Product: syz [ 1506.226137][T13428] usb 4-1: Manufacturer: syz [ 1506.271567][T13428] usb 4-1: SerialNumber: syz [ 1506.288880][T13428] usb 4-1: config 0 descriptor?? [ 1506.298186][T13428] ch341 4-1:0.0: ch341-uart converter detected [ 1507.178478][T13428] usb 4-1: failed to send control message: -71 [ 1507.185042][T13428] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 1507.219207][T13428] usb 4-1: USB disconnect, device number 103 [ 1507.239688][T13428] ch341 4-1:0.0: device disconnected [ 1507.565491][T21888] netlink: 32 bytes leftover after parsing attributes in process `syz.4.22671'. [ 1507.959309][T21901] loop6: detected capacity change from 0 to 524287999 [ 1507.986834][T21901] buffer_io_error: 7 callbacks suppressed [ 1507.986855][T21901] Buffer I/O error on dev loop6, logical block 0, async page read [ 1508.060898][T21905] Invalid logical block size (3) [ 1508.084428][T21901] Buffer I/O error on dev loop6, logical block 0, async page read [ 1508.105989][T21901] Buffer I/O error on dev loop6, logical block 0, async page read [ 1508.123702][T21901] Buffer I/O error on dev loop6, logical block 0, async page read [ 1508.146217][T21901] Buffer I/O error on dev loop6, logical block 0, async page read [ 1508.171029][T21901] Buffer I/O error on dev loop6, logical block 0, async page read [ 1508.184129][T21901] Buffer I/O error on dev loop6, logical block 0, async page read [ 1508.192978][T21901] Buffer I/O error on dev loop6, logical block 0, async page read [ 1508.207168][T21901] ldm_validate_partition_table(): Disk read failed. [ 1508.213954][T21901] Buffer I/O error on dev loop6, logical block 0, async page read [ 1508.226099][T21901] Buffer I/O error on dev loop6, logical block 0, async page read [ 1508.235383][T21901] Dev loop6: unable to read RDB block 0 [ 1508.258742][T21901] loop6: unable to read partition table [ 1508.269976][T21901] loop_reread_partitions: partition scan of loop6 (3 xC) failed (rc=-5) [ 1508.409582][ T24] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 1508.572176][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1508.597317][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1508.628129][ T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1508.651670][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1508.683714][ T24] usb 5-1: Product: syz [ 1508.697289][ T24] usb 5-1: Manufacturer: syz [ 1508.703870][ T24] usb 5-1: SerialNumber: syz [ 1508.950860][ T24] usb 5-1: USB disconnect, device number 28 [ 1509.661908][ T24] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 1509.864162][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 1509.871524][ T24] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1509.886270][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1509.930248][ T24] usb 2-1: config 0 descriptor?? [ 1510.640968][T21970] netlink: 8 bytes leftover after parsing attributes in process `syz.9.22711'. [ 1510.842256][ T24] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1510.868341][ T24] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9 [ 1510.922106][ T24] asix 2-1:0.0: probe with driver asix failed with error -71 [ 1510.981631][ T24] usb 2-1: USB disconnect, device number 106 [ 1512.576238][T22037] netlink: 27 bytes leftover after parsing attributes in process `syz.4.22741'. [ 1512.955672][T22053] netlink: 12 bytes leftover after parsing attributes in process `syz.4.22748'. [ 1513.680585][T22088] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input170 [ 1513.723478][ T24] usb 9-1: new high-speed USB device number 39 using dummy_hcd [ 1513.893962][ T24] usb 9-1: Using ep0 maxpacket: 16 [ 1513.906064][ T24] usb 9-1: config 0 has an invalid interface number: 8 but max is 0 [ 1513.921067][ T24] usb 9-1: config 0 has no interface number 0 [ 1513.935717][ T24] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1513.965738][ T24] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1513.981502][ T24] usb 9-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1513.991701][T22101] loop8: detected capacity change from 0 to 1 [ 1514.010505][T22101] Dev loop8: unable to read RDB block 1 [ 1514.016249][ T24] usb 9-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1514.031623][T22101] loop8: unable to read partition table [ 1514.038873][T22104] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1514.048149][ T24] usb 9-1: Product: syz [ 1514.052384][ T24] usb 9-1: SerialNumber: syz [ 1514.062613][T22101] loop8: partition table beyond EOD, truncated [ 1514.071227][T22107] netlink: 16 bytes leftover after parsing attributes in process `syz.1.22772'. [ 1514.077846][T22101] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1514.086502][T22107] netlink: 'syz.1.22772': attribute type 1 has an invalid length. [ 1514.090712][ T24] usb 9-1: config 0 descriptor?? [ 1514.122470][ T24] cm109 9-1:0.8: invalid payload size 0, expected 4 [ 1514.140895][ T24] input: CM109 USB driver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.8/input/input171 [ 1514.415683][T22077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1514.428940][T22077] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1514.447262][ C1] cm109_urb_ctl_callback: 10 callbacks suppressed [ 1514.447292][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1514.461425][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1514.468647][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1514.475859][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1514.483125][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1514.490324][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1514.498189][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1514.505852][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1514.513128][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1514.522299][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1514.540147][T12643] usb 9-1: USB disconnect, device number 39 [ 1514.540238][ C1] cm109 9-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1514.562886][T12643] cm109 9-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1514.685357][T13428] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 1514.706401][ T5879] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 1514.858183][T13428] usb 5-1: Using ep0 maxpacket: 16 [ 1514.865774][T13428] usb 5-1: New USB device found, idVendor=6253, idProduct=0100, bcdDevice= 0.00 [ 1514.877481][ T5879] usb 4-1: Using ep0 maxpacket: 16 [ 1514.884535][T13428] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1514.895587][ T5879] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1514.908336][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1514.915587][T13428] usb 5-1: config 0 descriptor?? [ 1514.927004][ T5879] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1514.937709][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1514.946662][ T5879] usb 4-1: Product: syz [ 1514.951115][ T5879] usb 4-1: Manufacturer: syz [ 1514.956016][ T5879] usb 4-1: SerialNumber: syz [ 1514.964956][ T5879] usb 4-1: config 0 descriptor?? [ 1514.981861][ T5879] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1515.005736][ T5879] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 1515.206930][T13428] usbhid 5-1:0.0: can't add hid device: -71 [ 1515.230491][T13428] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1515.255637][T13428] usb 5-1: USB disconnect, device number 29 [ 1515.632548][ T5879] em28xx 4-1:0.0: unknown em28xx chip ID (61) [ 1515.873383][ T5879] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 1515.905624][ T5879] em28xx 4-1:0.0: AC97 chip type couldn't be determined [ 1515.926604][ T5879] em28xx 4-1:0.0: No AC97 audio processor [ 1515.951903][ T5879] usb 4-1: USB disconnect, device number 104 [ 1515.970496][ T5879] em28xx 4-1:0.0: Disconnecting em28xx [ 1515.999605][ T5879] em28xx 4-1:0.0: Freeing device [ 1517.286071][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1517.286092][ T30] audit: type=1326 audit(2000006623.890:5807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22207 comm="syz.3.22818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7ffc0000 [ 1517.400654][ T30] audit: type=1326 audit(2000006623.918:5808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22207 comm="syz.3.22818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f359e58e969 code=0x7ffc0000 [ 1517.472426][ T30] audit: type=1326 audit(2000006623.918:5809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22207 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7ffc0000 [ 1517.501316][ T30] audit: type=1326 audit(2000006623.918:5810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22207 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7ffc0000 [ 1517.522217][ C0] vkms_vblank_simulate: vblank timer overrun [ 1517.576794][ T30] audit: type=1326 audit(2000006623.918:5811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22207 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f359e58e969 code=0x7ffc0000 [ 1517.622670][T22217] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 1517.660664][ T30] audit: type=1326 audit(2000006623.918:5812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22207 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7ffc0000 [ 1517.681480][ C0] vkms_vblank_simulate: vblank timer overrun [ 1517.713197][ T30] audit: type=1326 audit(2000006623.918:5813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22207 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7ffc0000 [ 1517.755680][ T30] audit: type=1326 audit(2000006623.918:5814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22207 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f359e58e969 code=0x7ffc0000 [ 1517.784077][ T30] audit: type=1326 audit(2000006623.936:5815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22207 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f359e58e969 code=0x7ffc0000 [ 1517.829859][T22224] sp0: Synchronizing with TNC [ 1517.969395][T22224] sp0: Synchronizing with TNC [ 1518.638042][T22258] netlink: 12 bytes leftover after parsing attributes in process `syz.9.22842'. [ 1518.668369][T22258] netlink: 12 bytes leftover after parsing attributes in process `syz.9.22842'. [ 1518.700568][T22258] netlink: 12 bytes leftover after parsing attributes in process `syz.9.22842'. [ 1518.928404][T22257] cgroup: fork rejected by pids controller in /syz3 [ 1518.984417][T13428] IPVS: starting estimator thread 0... [ 1518.990684][T22295] IPVS: sh: FWM 4 0x00000004 - no destination available [ 1519.079092][T22296] IPVS: using max 27 ests per chain, 64800 per kthread [ 1519.724421][ T978] usb 9-1: new high-speed USB device number 40 using dummy_hcd [ 1519.902901][ T978] usb 9-1: Using ep0 maxpacket: 8 [ 1519.934374][ T978] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 1519.976346][ T978] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1520.010432][ T978] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1520.035005][ T978] pvrusb2: ********** [ 1520.054423][ T978] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1520.070325][ T978] pvrusb2: Important functionality might not be entirely working. [ 1520.080826][ T978] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1520.097676][ T978] pvrusb2: ********** [ 1520.254563][ T2341] pvrusb2: Invalid write control endpoint [ 1520.287454][ T978] usb 9-1: USB disconnect, device number 40 [ 1520.453587][ T2341] pvrusb2: Invalid write control endpoint [ 1520.479128][ T2341] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 1520.510192][ T2341] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 1520.530055][ T2341] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 1520.551404][ T2341] pvrusb2: Device being rendered inoperable [ 1520.564953][ T2341] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 1520.583020][ T2341] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 1520.608180][ T2341] pvrusb2: Attached sub-driver cx25840 [ 1520.613718][ T2341] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1520.659346][ T2341] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1521.113006][T22623] netlink: 'syz.4.22879': attribute type 10 has an invalid length. [ 1521.141248][T22624] program syz.1.22878 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1521.168119][T22623] team0: Device ipvlan1 failed to register rx_handler [ 1521.399614][T22636] netlink: 164 bytes leftover after parsing attributes in process `syz.3.22884'. [ 1521.635144][ T5879] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 1521.776309][T22655] binder: 22654:22655 ioctl c018620c 200000000640 returned -22 [ 1521.804928][ T5879] usb 5-1: Using ep0 maxpacket: 16 [ 1521.817693][ T5879] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1521.842187][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1521.871528][ T5879] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1521.905038][ T5879] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d [ 1521.919013][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1521.940018][ T5879] usb 5-1: Product: syz [ 1521.953201][ T5879] usb 5-1: Manufacturer: syz [ 1521.969069][ T5879] usb 5-1: SerialNumber: syz [ 1521.995136][ T5879] usb 5-1: config 0 descriptor?? [ 1522.009340][ T978] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1522.015528][ T5879] gspca_main: STV06xx-2.14.0 probing 046d:08f0 [ 1522.024793][ T5879] gspca_stv06xx: st6422 sensor detected [ 1522.164262][T22668] netlink: 40 bytes leftover after parsing attributes in process `syz.8.22900'. [ 1522.178704][T22668] sch_fq: defrate 0 ignored. [ 1522.182282][ T978] usb 2-1: Using ep0 maxpacket: 32 [ 1522.223679][ T978] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 1522.238506][ T978] usb 2-1: config 0 has no interface number 0 [ 1522.256337][ T978] usb 2-1: config 0 interface 184 has no altsetting 0 [ 1522.282118][ T978] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1522.302359][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1522.311334][ T5879] STV06xx 5-1:0.0: probe with driver STV06xx failed with error -71 [ 1522.314492][ T5879] usb 5-1: USB disconnect, device number 30 [ 1522.334130][ T978] usb 2-1: Product: syz [ 1522.338418][ T978] usb 2-1: Manufacturer: syz [ 1522.345881][ T978] usb 2-1: SerialNumber: syz [ 1522.375305][ T978] usb 2-1: config 0 descriptor?? [ 1522.397753][ T978] smsc75xx v1.0.0 [ 1523.178392][T22703] netlink: 'syz.3.22914': attribute type 1 has an invalid length. [ 1523.274246][ T978] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000040: -71 [ 1523.292529][ T978] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 1523.302443][ T978] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1523.314530][ T978] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1523.324481][ T978] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 1523.335235][ T978] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1523.345343][ T978] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 1523.386626][ T978] usb 2-1: USB disconnect, device number 107 [ 1523.904442][T22729] netlink: 4 bytes leftover after parsing attributes in process `syz.3.22928'. [ 1524.796202][T22754] netlink: 4 bytes leftover after parsing attributes in process `syz.8.22940'. [ 1525.198796][T22768] cifs: Unknown parameter 'mode' [ 1525.477825][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1525.910227][ T30] audit: type=1326 audit(2000006631.943:5816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22790 comm="syz.9.22957" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f48f438e969 code=0x0 [ 1525.931384][ C0] vkms_vblank_simulate: vblank timer overrun [ 1526.193137][T22798] cgroup: fork rejected by pids controller in /syz1 [ 1526.809084][ T978] usb 9-1: new high-speed USB device number 41 using dummy_hcd [ 1526.916066][ T5874] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 1527.001745][ T978] usb 9-1: Using ep0 maxpacket: 16 [ 1527.017116][ T978] usb 9-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1527.045789][ T978] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1527.071197][ T978] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1527.116743][ T978] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1527.139419][ T5874] usb 4-1: Using ep0 maxpacket: 32 [ 1527.163829][ T978] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1527.182843][ T5874] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1527.198607][ T978] usb 9-1: Product: syz [ 1527.202829][ T978] usb 9-1: Manufacturer: syz [ 1527.207568][ T5874] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1527.223644][ T978] usb 9-1: SerialNumber: syz [ 1527.229037][ T5874] usb 4-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00 [ 1527.251043][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1527.263396][ T5874] usb 4-1: config 0 descriptor?? [ 1527.277967][T24032] ipvlan2: entered promiscuous mode [ 1527.293548][T24032] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 1527.310184][T24032] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1527.468131][ T978] usb 9-1: 0:2 : does not exist [ 1527.502324][ T978] usb 9-1: USB disconnect, device number 41 [ 1527.755322][ T5874] microsoft 0003:045E:009D.00A0: hidraw0: USB HID v0.80 Device [HID 045e:009d] on usb-dummy_hcd.3-1/input0 [ 1527.789567][ T5874] microsoft 0003:045E:009D.00A0: no inputs found [ 1527.821646][ T5874] microsoft 0003:045E:009D.00A0: could not initialize ff, continuing anyway [ 1528.047871][ T5874] usb 4-1: USB disconnect, device number 105 [ 1528.140531][T24054] tipc: New replicast peer: 255.255.255.255 [ 1528.166264][T24054] tipc: Enabled bearer , priority 1 [ 1528.185399][T24054] netlink: 12 bytes leftover after parsing attributes in process `syz.1.22975'. [ 1528.195424][T24054] tipc: Disabling bearer [ 1528.390610][ T978] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 1528.449517][ T30] audit: type=1804 audit(2000006634.329:5817): pid=24069 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.8.22983" name="/newroot/745/bus" dev="tmpfs" ino=3818 res=1 errno=0 [ 1528.578648][ T978] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1528.610514][ T978] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1528.683890][ T978] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1528.702673][ T978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1528.717100][ T978] usb 5-1: Product: syz [ 1528.725028][ T978] usb 5-1: Manufacturer: syz [ 1528.729954][ T978] usb 5-1: SerialNumber: syz [ 1529.020432][ T978] usb 5-1: 0:2 : does not exist [ 1529.046907][ T978] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 1529.098028][ T978] usb 5-1: USB disconnect, device number 31 [ 1530.128807][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.159182][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.189794][T24128] mkiss: ax0: crc mode is auto. [ 1530.194822][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.208191][ T5874] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 1530.216472][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.228654][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.248752][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.278263][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.300005][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.336802][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.365912][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.379304][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.387252][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.400237][ T5874] usb 4-1: Using ep0 maxpacket: 16 [ 1530.408450][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.433003][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1530.443608][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.451432][ T5879] hid-generic 009C:0008:0003.00A1: unknown main item tag 0x0 [ 1530.482769][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 17768, setting to 1024 [ 1530.487499][ T5879] hid-generic 009C:0008:0003.00A1: hidraw0: HID v0.05 Device [syz1] on syz0 [ 1530.518419][ T5874] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1530.569082][ T5874] usb 4-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 1530.606051][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1530.623128][ T5874] usb 4-1: config 0 descriptor?? [ 1530.638107][T24118] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1530.651788][ T5874] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input173 [ 1530.775122][ T24] usb 10-1: new full-speed USB device number 5 using dummy_hcd [ 1530.938878][ T24] usb 10-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 1530.957098][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1530.994286][ T978] usb 4-1: USB disconnect, device number 106 [ 1530.996432][ T24] usb 10-1: config 0 descriptor?? [ 1531.044915][ T24] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 1531.262580][ T24] gp8psk: usb in 128 operation failed. [ 1531.303454][T24158] netlink: 28 bytes leftover after parsing attributes in process `syz.4.23024'. [ 1531.319346][T24158] netlink: 16 bytes leftover after parsing attributes in process `syz.4.23024'. [ 1531.476086][T24162] netlink: 48 bytes leftover after parsing attributes in process `syz.4.23027'. [ 1531.487335][ T24] gp8psk: FW Version = 48.28.159 (0x301c9f) Build 2206/163/118 [ 1531.711931][ T24] gp8psk: usb in 149 operation failed. [ 1531.730534][ T24] gp8psk: failed to get FPGA version [ 1531.731077][T24168] kernel read not supported for file /eth0 (pid: 24168 comm: syz.4.23030) [ 1531.741748][ T24] gp8psk: usb in 138 operation failed. [ 1531.766441][ T30] audit: type=1800 audit(2000006637.434:5818): pid=24168 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.23030" name="eth0" dev="mqueue" ino=198111 res=0 errno=0 [ 1531.772386][ T24] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1531.805789][ T24] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 1531.821182][ T24] usb 10-1: USB disconnect, device number 5 [ 1531.969318][T24176] loop6: detected capacity change from 0 to 524287999 [ 1532.184365][T24182] nvme_fabrics: missing parameter 'transport=%s' [ 1532.194746][T24182] nvme_fabrics: missing parameter 'nqn=%s' [ 1533.486915][T24235] usb usb8: usbfs: process 24235 (syz.4.23061) did not claim interface 0 before use [ 1533.696566][T24244] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1534.933797][T24294] binder: 24293:24294 ioctl 40046205 0 returned -22 [ 1535.019726][T24298] sctp: [Deprecated]: syz.4.23091 (pid 24298) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1535.019726][T24298] Use struct sctp_sack_info instead [ 1535.091277][T24302] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23092'. [ 1536.142077][T24353] loop2: detected capacity change from 0 to 7 [ 1536.182770][T24353] Dev loop2: unable to read RDB block 7 [ 1536.192779][T24353] loop2: unable to read partition table [ 1536.204603][T24353] loop2: partition table beyond EOD, truncated [ 1536.212600][T24353] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1536.405244][T24371] netlink: 36 bytes leftover after parsing attributes in process `syz.3.23125'. [ 1536.592773][ T5879] usb 9-1: new high-speed USB device number 42 using dummy_hcd [ 1536.793711][ T5879] usb 9-1: Using ep0 maxpacket: 8 [ 1536.800743][ T5879] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 1536.816107][ T5879] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1536.851505][ T5879] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1536.875038][ T5879] pvrusb2: ********** [ 1536.891452][ T5879] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1536.902588][T24388] netlink: 'syz.9.23133': attribute type 2 has an invalid length. [ 1536.925157][T24389] netlink: 92 bytes leftover after parsing attributes in process `syz.1.23134'. [ 1536.932738][ T5879] pvrusb2: Important functionality might not be entirely working. [ 1536.947605][T24389] netem: unknown loss type 0 [ 1536.964759][ T5879] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1537.007491][ T5879] pvrusb2: ********** [ 1537.091304][ T2341] pvrusb2: Invalid write control endpoint [ 1537.284171][ T2341] pvrusb2: Invalid write control endpoint [ 1537.326443][ T2341] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 1537.358661][ T2341] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 1537.383658][T12644] usb 9-1: USB disconnect, device number 42 [ 1537.409529][ T2341] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 1537.453066][ T2341] pvrusb2: Device being rendered inoperable [ 1537.473217][ T2341] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 1537.506090][ T2341] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 1537.533023][ T2341] pvrusb2: Attached sub-driver cx25840 [ 1537.564675][ T2341] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1537.596820][ T2341] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1537.687204][ T30] audit: type=1326 audit(2000006642.972:5819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24412 comm="syz.4.23144" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe2c278e969 code=0x0 [ 1537.708388][ C0] vkms_vblank_simulate: vblank timer overrun [ 1538.311738][ T5874] usb 9-1: new high-speed USB device number 43 using dummy_hcd [ 1538.484155][ T5874] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1538.502612][T24441] netlink: 48 bytes leftover after parsing attributes in process `syz.1.23158'. [ 1538.518845][ T5874] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1538.551940][ T5874] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1538.573329][ T5874] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1538.586481][T24424] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 1538.626879][ T5874] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 1538.901099][T12644] usb 9-1: USB disconnect, device number 43 [ 1538.966227][T24460] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1539.101442][T24464] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1539.280718][T24471] netlink: 16215 bytes leftover after parsing attributes in process `syz.1.23171'. [ 1539.742073][T24487] netlink: 'syz.1.23178': attribute type 13 has an invalid length. [ 1540.143357][T24503] loop6: detected capacity change from 0 to 524287999 [ 1540.419318][T24487] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1540.437625][T24487] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1540.455035][T24487] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1540.470496][T24487] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1540.551438][T24487] hsr0: left allmulticast mode [ 1540.557410][T24487] hsr_slave_0: left allmulticast mode [ 1540.563037][T24487] hsr_slave_1: left allmulticast mode [ 1540.569833][ T24] usb 9-1: new full-speed USB device number 44 using dummy_hcd [ 1540.591596][T24487] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1540.600886][T24487] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1540.609308][T24487] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1540.618814][T24487] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1540.639624][T13990] wg1 speed is unknown, defaulting to 1000 [ 1540.668760][T13990] syz0: Port: 1 Link DOWN [ 1540.744331][ T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1540.764360][ T24] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 1540.777804][ T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1540.803249][ T24] usb 9-1: config 0 descriptor?? [ 1541.112201][T24527] netlink: 16 bytes leftover after parsing attributes in process `syz.1.23195'. [ 1541.255553][ T24] pyra 0003:1E7D:2C24.00A2: unknown main item tag 0x0 [ 1541.279309][ T24] pyra 0003:1E7D:2C24.00A2: hidraw0: USB HID v0.00 Device [HID 1e7d:2c24] on usb-dummy_hcd.8-1/input0 [ 1541.347224][T24533] kvm: apic: phys broadcast and lowest prio [ 1541.482053][ T24] usb 9-1: USB disconnect, device number 44 [ 1541.704625][T24542] input: syz1 as /devices/virtual/input/input175 [ 1541.820018][T24546] netlink: 212376 bytes leftover after parsing attributes in process `syz.9.23205'. [ 1541.918759][T24551] can0: slcan on ttyS3. [ 1541.923310][T24549] sctp: [Deprecated]: syz.3.23206 (pid 24549) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1541.923310][T24549] Use struct sctp_sack_info instead [ 1542.000369][T24551] can0 (unregistered): slcan off ttyS3. [ 1542.425658][T24572] C: renamed from team_slave_0 (while UP) [ 1542.443686][T24572] netlink: 'syz.4.23216': attribute type 4 has an invalid length. [ 1542.452387][ T24] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 1542.476579][T24572] netlink: 144 bytes leftover after parsing attributes in process `syz.4.23216'. [ 1542.498370][T24572] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1542.565228][T24576] netlink: 'syz.3.23217': attribute type 39 has an invalid length. [ 1542.641543][ T24] usb 10-1: Using ep0 maxpacket: 16 [ 1542.655640][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 1542.697458][ T24] usb 10-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 1542.719702][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1542.760484][ T24] usb 10-1: config 0 descriptor?? [ 1542.920465][T24585] can0: slcan on ptm0. [ 1543.026844][T24584] can0 (unregistered): slcan off ptm0. [ 1543.140222][T24590] tipc: Enabling of bearer rejected, failed to enable media [ 1543.210962][ T24] samsung 0003:0419:0600.00A3: item fetching failed at offset 0/5 [ 1543.225054][ T24] samsung 0003:0419:0600.00A3: parse failed [ 1543.231898][ T24] samsung 0003:0419:0600.00A3: probe with driver samsung failed with error -22 [ 1543.424817][ T5879] usb 10-1: USB disconnect, device number 6 [ 1543.692874][T24599] loop8: detected capacity change from 0 to 7 [ 1543.702203][T24599] Dev loop8: unable to read RDB block 7 [ 1543.707991][T24599] loop8: unable to read partition table [ 1543.714922][T24599] loop8: partition table beyond EOD, truncated [ 1543.722461][T24599] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1544.269076][T24621] netlink: 48 bytes leftover after parsing attributes in process `syz.3.23236'. [ 1545.100408][T13428] usb 4-1: new high-speed USB device number 107 using dummy_hcd [ 1545.207509][T24638] netlink: 'syz.9.23244': attribute type 1 has an invalid length. [ 1545.250276][T24638] netlink: 224 bytes leftover after parsing attributes in process `syz.9.23244'. [ 1545.301197][T13428] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1545.363690][T13428] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1545.396339][T13428] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1545.409958][T13428] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 1545.429076][T13428] usb 4-1: SerialNumber: syz [ 1545.702041][T13428] usb 4-1: 0:2 : does not exist [ 1545.783607][T13428] usb 4-1: USB disconnect, device number 107 [ 1548.093093][ T5874] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1548.277751][ T5874] usb 2-1: Using ep0 maxpacket: 32 [ 1548.301088][ T5874] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 1548.333781][ T5874] usb 2-1: config 0 has no interface number 0 [ 1548.363864][ T5874] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1548.395837][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1548.414073][ T5874] usb 2-1: Product: syz [ 1548.426880][ T5874] usb 2-1: Manufacturer: syz [ 1548.442876][ T5874] usb 2-1: SerialNumber: syz [ 1548.461963][ T5874] usb 2-1: config 0 descriptor?? [ 1548.501066][ T5874] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1548.730880][ T5874] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1548.756182][T24722] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 32 [ 1548.782941][ T5874] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1549.209527][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1549.223523][ T5874] usb 2-1: USB disconnect, device number 108 [ 1549.249627][ T5874] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1549.297659][ T5874] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1549.310550][ T5874] quatech2 2-1:0.51: device disconnected [ 1549.511839][T10799] Bluetooth: hci5: Frame reassembly failed (-84) [ 1550.551627][T24799] netlink: 28 bytes leftover after parsing attributes in process `syz.1.23315'. [ 1550.566664][T24799] netlink: 28 bytes leftover after parsing attributes in process `syz.1.23315'. [ 1550.582712][T24799] netlink: 28 bytes leftover after parsing attributes in process `syz.1.23315'. [ 1550.601777][T24799] netlink: 28 bytes leftover after parsing attributes in process `syz.1.23315'. [ 1550.870415][ T5874] hid-generic 0000:0000:0000.00A4: unknown main item tag 0x0 [ 1550.913203][ T5874] hid-generic 0000:0000:0000.00A4: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1551.728015][T21510] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1551.728707][ T51] Bluetooth: hci5: command 0x1003 tx timeout [ 1553.064263][ T5874] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 1553.252241][ T5874] usb 10-1: config index 0 descriptor too short (expected 45, got 36) [ 1553.272691][ T5874] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1553.297683][ T5874] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1553.340647][ T5874] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1553.390903][ T5874] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1553.444182][ T5874] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1553.465848][ T5874] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1553.511986][ T5874] usb 10-1: config 0 descriptor?? [ 1553.521278][T24863] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 1554.001007][ T5874] plantronics 0003:047F:FFFF.00A5: reserved main item tag 0xd [ 1554.061517][ T5874] plantronics 0003:047F:FFFF.00A5: No inputs registered, leaving [ 1554.096482][ T5874] plantronics 0003:047F:FFFF.00A5: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 1554.351158][ T5874] usb 10-1: USB disconnect, device number 7 [ 1554.641290][T24911] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1555.450128][T24938] syzkaller1: entered promiscuous mode [ 1555.479093][T24938] syzkaller1: entered allmulticast mode [ 1556.349732][ T5879] kernel write not supported for file /snd/pcmC0D0p (pid: 5879 comm: kworker/1:5) [ 1556.357187][T24964] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 1556.394084][T24964] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 1556.714002][T24976] loop8: detected capacity change from 0 to 8 [ 1556.737778][T24976] Dev loop8: unable to read RDB block 8 [ 1556.747696][T24976] loop8: unable to read partition table [ 1556.769868][T24976] loop8: partition table beyond EOD, truncated [ 1556.785016][T24976] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1557.478597][ T30] audit: type=1326 audit(2000006661.483:5820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24999 comm="syz.4.23407" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe2c278e969 code=0x0 [ 1557.637497][T25005] netlink: 36 bytes leftover after parsing attributes in process `syz.3.23408'. [ 1557.855976][T25009] netlink: 28 bytes leftover after parsing attributes in process `syz.1.23410'. [ 1558.597168][ T24] kernel write not supported for file /334/projid_map (pid: 24 comm: kworker/1:0) [ 1558.787706][T25042] binder: 25041:25042 ioctl c0306201 2000000003c0 returned -22 [ 1559.053695][T25050] 9pnet: p9_errstr2errno: server reported unknown error 18446 [ 1559.184017][T25058] overlay: filesystem on ./bus is read-only [ 1559.520839][T25068] netlink: 'syz.4.23437': attribute type 1 has an invalid length. [ 1559.542319][T25068] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1559.549636][T25068] IPv6: NLM_F_CREATE should be set when creating new route [ 1559.577358][T25069] netlink: 'syz.4.23437': attribute type 1 has an invalid length. [ 1559.591066][T25071] netlink: 12 bytes leftover after parsing attributes in process `syz.1.23438'. [ 1559.612539][T25069] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1560.377154][ T5874] usb 2-1: new full-speed USB device number 109 using dummy_hcd [ 1560.550433][ T5874] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1560.578226][ T5874] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1560.648541][ T5874] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1560.680034][T10799] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1560.691937][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1560.691969][ T5874] usb 2-1: Product: syz [ 1560.691986][ T5874] usb 2-1: Manufacturer: syz [ 1560.692005][ T5874] usb 2-1: SerialNumber: syz [ 1560.786486][T13990] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 1560.833589][T10799] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1560.944393][ T5874] usb 2-1: 0:2 : does not exist [ 1560.969408][ T5874] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 1560.974722][T10799] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1560.977738][T13990] usb 10-1: Using ep0 maxpacket: 8 [ 1561.020394][T13990] usb 10-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1561.045590][T13990] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1561.061414][ T5874] usb 2-1: USB disconnect, device number 109 [ 1561.071533][T13990] usb 10-1: Product: syz [ 1561.075842][T13990] usb 10-1: Manufacturer: syz [ 1561.080587][T13990] usb 10-1: SerialNumber: syz [ 1561.119755][T13990] usb 10-1: config 0 descriptor?? [ 1561.153019][T13990] gspca_main: se401-2.14.0 probing 047d:5003 [ 1561.191638][T10799] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1561.585017][T13990] gspca_se401: Frame size: 0x0 1/16th janggu [ 1561.762283][T10799] batadv0: left allmulticast mode [ 1561.769341][T10799] batadv0: left promiscuous mode [ 1561.774809][T10799] bridge0: port 2(batadv0) entered disabled state [ 1561.815150][T10799] bridge0: port 1(team0) entered disabled state [ 1561.816307][T13990] input: se401 as /devices/platform/dummy_hcd.9/usb10/10-1/input/input177 [ 1561.874433][T13990] usb 10-1: USB disconnect, device number 8 [ 1562.122441][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1562.153095][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1562.167120][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1562.207156][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1562.222475][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1562.770447][T10799] bond0 (unregistering): left promiscuous mode [ 1562.811700][T10799] bond0 (unregistering): Released all slaves [ 1563.013483][T10799] bond1 (unregistering): Released all slaves [ 1563.109341][T25127] wg1 speed is unknown, defaulting to 1000 [ 1563.136911][T25127] hsr0 speed is unknown, defaulting to 1000 [ 1563.267671][T10799] tipc: Disabling bearer [ 1563.280291][T10799] tipc: Left network mode [ 1563.466736][ T24] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 1563.627629][ T24] usb 10-1: Using ep0 maxpacket: 32 [ 1563.639977][ T24] usb 10-1: config 0 has an invalid interface number: 85 but max is 0 [ 1563.663301][ T24] usb 10-1: config 0 has no interface number 0 [ 1563.680902][ T24] usb 10-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1563.696227][ T24] usb 10-1: config 0 interface 85 has no altsetting 0 [ 1563.706320][ T24] usb 10-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1563.715947][ T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1563.726105][ T24] usb 10-1: Product: syz [ 1563.730617][ T24] usb 10-1: Manufacturer: syz [ 1563.736020][ T24] usb 10-1: SerialNumber: syz [ 1563.744987][ T24] usb 10-1: config 0 descriptor?? [ 1563.825265][T25127] chnl_net:caif_netlink_parms(): no params data found [ 1563.915606][ T5874] usb 9-1: new high-speed USB device number 45 using dummy_hcd [ 1564.012184][T13990] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1564.085501][T10799] hsr_slave_0: left promiscuous mode [ 1564.095103][T10799] hsr_slave_1: left promiscuous mode [ 1564.107795][ T5874] usb 9-1: Using ep0 maxpacket: 16 [ 1564.127341][ T5874] usb 9-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1564.139661][T10799] veth1_macvtap: left promiscuous mode [ 1564.145290][T10799] veth0_macvtap: left promiscuous mode [ 1564.150916][ T5874] usb 9-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1564.159041][ T5874] usb 9-1: Product: syz [ 1564.164845][T10799] veth1_vlan: left promiscuous mode [ 1564.170235][T10799] veth0_vlan: left promiscuous mode [ 1564.182522][ T5874] usb 9-1: Manufacturer: syz [ 1564.187190][ T5874] usb 9-1: SerialNumber: syz [ 1564.204497][T13990] usb 2-1: Using ep0 maxpacket: 16 [ 1564.212447][ T5874] usb 9-1: config 0 descriptor?? [ 1564.219730][T13990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1564.264284][T13990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1564.294008][T13990] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1564.318321][T13990] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1564.336465][T13990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1564.368083][T13990] usb 2-1: config 0 descriptor?? [ 1564.389010][ T51] Bluetooth: hci1: command tx timeout [ 1564.423811][ T24] appletouch 10-1:0.85: Geyser mode initialized. [ 1564.447348][ T24] input: appletouch as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.85/input/input178 [ 1564.515701][ T978] usb 9-1: USB disconnect, device number 45 [ 1564.684072][ T24] usb 10-1: USB disconnect, device number 9 [ 1564.720809][ T24] appletouch 10-1:0.85: input: appletouch disconnected [ 1564.815019][T13990] kovaplus 0003:1E7D:2D50.00A6: unknown main item tag 0x0 [ 1564.822459][T13990] kovaplus 0003:1E7D:2D50.00A6: unknown main item tag 0x0 [ 1564.837963][T13990] kovaplus 0003:1E7D:2D50.00A6: unknown main item tag 0x0 [ 1564.854789][T13990] kovaplus 0003:1E7D:2D50.00A6: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0 [ 1565.468276][T13990] kovaplus 0003:1E7D:2D50.00A6: couldn't init struct kovaplus_device [ 1565.478611][T13990] kovaplus 0003:1E7D:2D50.00A6: couldn't install mouse [ 1565.492412][T13990] kovaplus 0003:1E7D:2D50.00A6: probe with driver kovaplus failed with error -71 [ 1565.506050][T13990] usb 2-1: USB disconnect, device number 110 [ 1565.876176][T25187] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23485'. [ 1565.886113][T25187] netlink: 32 bytes leftover after parsing attributes in process `syz.4.23485'. [ 1566.011350][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 1566.609335][T21510] Bluetooth: hci1: command tx timeout [ 1567.559438][T25127] bridge0: port 1(bridge_slave_0) entered blocking state [ 1567.573364][T25127] bridge0: port 1(bridge_slave_0) entered disabled state [ 1567.581098][T25127] bridge_slave_0: entered allmulticast mode [ 1567.596350][T25127] bridge_slave_0: entered promiscuous mode [ 1567.660308][T25127] bridge0: port 2(bridge_slave_1) entered blocking state [ 1567.692648][T25127] bridge0: port 2(bridge_slave_1) entered disabled state [ 1567.718167][T25127] bridge_slave_1: entered allmulticast mode [ 1567.765066][T25127] bridge_slave_1: entered promiscuous mode [ 1567.909589][T25127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1567.946552][T25127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1568.141309][T25127] team0: Port device team_slave_0 added [ 1568.158053][T25127] team0: Port device team_slave_1 added [ 1568.175095][T25218] input: syz0 as /devices/virtual/input/input179 [ 1568.236382][T10799] IPVS: stop unused estimator thread 0... [ 1568.284475][T25127] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1568.300681][T25127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1568.343230][T25127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1568.377666][T25127] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1568.385049][T25127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1568.410979][ C0] vkms_vblank_simulate: vblank timer overrun [ 1568.425590][T25127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1568.521965][T25229] netlink: 36 bytes leftover after parsing attributes in process `syz.1.23503'. [ 1568.548726][T25127] hsr_slave_0: entered promiscuous mode [ 1568.562007][T25127] hsr_slave_1: entered promiscuous mode [ 1568.833380][T21510] Bluetooth: hci1: command tx timeout [ 1569.545461][T25127] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1569.596378][T25127] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1681.896536][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1681.903733][ C0] rcu: 1-...!: (0 ticks this GP) idle=1d84/1/0x4000000000000000 softirq=264313/264313 fqs=0 [ 1681.915712][ C0] rcu: (detected by 0, t=10502 jiffies, g=273381, q=226 ncpus=2) [ 1681.923664][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1681.923711][ C1] NMI backtrace for cpu 1 [ 1681.923730][ C1] CPU: 1 UID: 0 PID: 25261 Comm: syz.1.23520 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 1681.923753][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1681.923766][ C1] RIP: 0010:advance_sched+0x94a/0xc90 [ 1681.923800][ C1] Code: 89 df 49 8d 5c 24 80 48 83 c5 10 48 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 48 89 ef e8 26 f3 a4 f8 <4c> 8b 74 24 20 4c 89 75 00 48 89 df 4c 89 fe 48 8b 54 24 08 e8 3d [ 1681.923818][ C1] RSP: 0018:ffffc90000a08c70 EFLAGS: 00000046 [ 1681.923835][ C1] RAX: 1ffff110043e7c2a RBX: ffff88804ad602c0 RCX: dffffc0000000000 [ 1681.923850][ C1] RDX: 0000000000010000 RSI: 0000000004000000 RDI: 0000000000000000 [ 1681.923863][ C1] RBP: ffff888021f3e150 R08: 0000000000000003 R09: 0000000000000004 [ 1681.923875][ C1] R10: dffffc0000000000 R11: fffff5200014117c R12: ffff88804ad60340 [ 1681.923890][ C1] R13: ffff88804ad60000 R14: ffff888021f3e008 R15: ffff888021f3c800 [ 1681.923906][ C1] FS: 0000000000000000(0000) GS:ffff888125d99000(0000) knlGS:0000000000000000 [ 1681.923921][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1681.923935][ C1] CR2: 000000110c3e8105 CR3: 000000000df36000 CR4: 00000000003526f0 [ 1681.923952][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1681.923963][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1681.923975][ C1] Call Trace: [ 1681.923985][ C1] [ 1681.924007][ C1] ? __pfx_advance_sched+0x10/0x10 [ 1681.924034][ C1] __hrtimer_run_queues+0x52c/0xc60 [ 1681.924069][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1681.924090][ C1] ? read_tsc+0x9/0x20 [ 1681.924112][ C1] hrtimer_interrupt+0x45b/0xaa0 [ 1681.924151][ C1] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 1681.924178][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1681.924209][ C1] [ 1681.924215][ C1] [ 1681.924223][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1681.924244][ C1] RIP: 0010:lock_acquire+0x175/0x360 [ 1681.924263][ C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 db 48 fa 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 1681.924280][ C1] RSP: 0018:ffffc90003b8f4d8 EFLAGS: 00000206 [ 1681.924296][ C1] RAX: 9e1bfb61fd350800 RBX: 0000000000000000 RCX: 9e1bfb61fd350800 [ 1681.924310][ C1] RDX: 0000000000000000 RSI: ffffffff8db46f77 RDI: ffffffff8be19200 [ 1681.924324][ C1] RBP: ffffffff822c66ea R08: 0000000000000000 R09: ffffffff822c66ea [ 1681.924337][ C1] R10: dffffc0000000000 R11: fffff94000310739 R12: 0000000000000002 [ 1681.924350][ C1] R13: ffffffff8e13cd40 R14: 0000000000000000 R15: 0000000000000246 [ 1681.924365][ C1] ? pfn_valid+0xba/0x490 [ 1681.924400][ C1] ? pfn_valid+0xba/0x490 [ 1681.924439][ C1] ? __folio_rmap_sanity_checks+0x30d/0x700 [ 1681.924464][ C1] ? pfn_valid+0xba/0x490 [ 1681.924493][ C1] pfn_valid+0xd6/0x490 [ 1681.924519][ C1] ? pfn_valid+0xba/0x490 [ 1681.924547][ C1] page_table_check_clear+0x21/0x700 [ 1681.924577][ C1] ? vm_normal_page+0xb7/0x230 [ 1681.924599][ C1] unmap_page_range+0x32fd/0x4580 [ 1681.924651][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 1681.924676][ C1] ? unmap_single_vma+0x1b2/0x2a0 [ 1681.924701][ C1] unmap_vmas+0x25d/0x3c0 [ 1681.924725][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 1681.924761][ C1] exit_mmap+0x245/0xba0 [ 1681.924781][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 1681.924796][ C1] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1681.924824][ C1] ? __pfx_exit_aio+0x10/0x10 [ 1681.924858][ C1] ? uprobe_clear_state+0x274/0x290 [ 1681.924877][ C1] ? mm_update_next_owner+0xa7/0x870 [ 1681.924908][ C1] __mmput+0x118/0x420 [ 1681.924932][ C1] exit_mm+0x1da/0x2c0 [ 1681.924961][ C1] ? __pfx_exit_mm+0x10/0x10 [ 1681.924989][ C1] ? rcu_is_watching+0x15/0xb0 [ 1681.925014][ C1] do_exit+0x864/0x2550 [ 1681.925041][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1681.925074][ C1] ? preempt_schedule_common+0x83/0xd0 [ 1681.925104][ C1] ? __pfx_do_exit+0x10/0x10 [ 1681.925129][ C1] ? preempt_schedule+0xae/0xc0 [ 1681.925159][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 1681.925191][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 1681.925219][ C1] do_group_exit+0x21c/0x2d0 [ 1681.925251][ C1] __x64_sys_exit_group+0x3f/0x40 [ 1681.925280][ C1] x64_sys_call+0x21ba/0x21c0 [ 1681.925298][ C1] do_syscall_64+0xfa/0x3b0 [ 1681.925317][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 1681.925334][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1681.925353][ C1] ? clear_bhb_loop+0x60/0xb0 [ 1681.925375][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1681.925401][ C1] RIP: 0033:0x7fb9d8b8e969 [ 1681.925417][ C1] Code: Unable to access opcode bytes at 0x7fb9d8b8e93f. [ 1681.925428][ C1] RSP: 002b:00007fffac480328 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1681.925446][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb9d8b8e969 [ 1681.925460][ C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 1681.925471][ C1] RBP: 00007fffac48038c R08: 00000005ac48041f R09: 00000000000927c0 [ 1681.925485][ C1] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000000012b8 [ 1681.925496][ C1] R13: 00000000000927c0 R14: 0000000000175cb9 R15: 00007fffac4803e0 [ 1681.925520][ C1] [ 1681.925703][ C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g273381 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 1682.454296][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1682.464286][ C0] rcu: RCU grace-period kthread stack dump: [ 1682.470276][ C0] task:rcu_preempt state:R running task stack:26856 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 1682.483899][ C0] Call Trace: [ 1682.487199][ C0] [ 1682.490202][ C0] __schedule+0x16a2/0x4cb0 [ 1682.494763][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 1682.500180][ C0] ? schedule+0x165/0x360 [ 1682.504546][ C0] ? __lock_acquire+0xab9/0xd20 [ 1682.509428][ C0] ? __pfx___schedule+0x10/0x10 [ 1682.514337][ C0] ? schedule+0x91/0x360 [ 1682.518631][ C0] schedule+0x165/0x360 [ 1682.522826][ C0] schedule_timeout+0x12b/0x270 [ 1682.527708][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 1682.533119][ C0] ? __pfx_process_timeout+0x10/0x10 [ 1682.538442][ C0] ? prepare_to_swait_event+0x341/0x380 [ 1682.544033][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 1682.548920][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 1682.554156][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 1682.559124][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 1682.564444][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1682.569698][ C0] ? finish_swait+0xcd/0x1f0 [ 1682.574324][ C0] rcu_gp_kthread+0x99/0x390 [ 1682.578943][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1682.584165][ C0] ? __kthread_parkme+0x7b/0x200 [ 1682.589136][ C0] ? __kthread_parkme+0x1a1/0x200 [ 1682.594232][ C0] kthread+0x70e/0x8a0 [ 1682.598447][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1682.603682][ C0] ? __pfx_kthread+0x10/0x10 [ 1682.608337][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1682.613590][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 1682.618820][ C0] ? __pfx_kthread+0x10/0x10 [ 1682.623454][ C0] ret_from_fork+0x3fc/0x770 [ 1682.628085][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1682.633263][ C0] ? __switch_to_asm+0x39/0x70 [ 1682.638078][ C0] ? __switch_to_asm+0x33/0x70 [ 1682.642867][ C0] ? __pfx_kthread+0x10/0x10 [ 1682.647495][ C0] ret_from_fork_asm+0x1a/0x30 [ 1682.652309][ C0] [ 1682.655345][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1682.661691][ C0] CPU: 0 UID: 0 PID: 25268 Comm: syz.9.23521 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 1682.673605][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1682.683782][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x46/0x70 [ 1682.689976][ C0] Code: ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 00 74 2c 8b 91 18 16 00 00 83 fa 02 75 21 48 8b 91 20 16 00 00 48 8b 32 <48> 8d 7e 01 8b 89 1c 16 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2 [ 1682.709695][ C0] RSP: 0018:ffffc90004b57ab8 EFLAGS: 00000246 [ 1682.715793][ C0] RAX: ffffffff81b4c990 RBX: ffff8880b863ca80 RCX: ffff888027000000 [ 1682.723788][ C0] RDX: ffffc9000f7d3000 RSI: 000000000007ffff RDI: 0000000000080000 [ 1682.731780][ C0] RBP: ffffc90004b57c20 R08: ffffffff8f9f7ef7 R09: 1ffffffff1f3efde [ 1682.739777][ C0] R10: dffffc0000000000 R11: fffffbfff1f3efdf R12: 1ffff110170e823d [ 1682.747772][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b87411e8 [ 1682.755767][ C0] FS: 00007f48f517a6c0(0000) GS:ffff888125c99000(0000) knlGS:0000000000000000 [ 1682.764720][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1682.771327][ C0] CR2: 0000001b2ea1fffc CR3: 0000000045d80000 CR4: 00000000003526f0 [ 1682.779323][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1682.787939][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1682.796503][ C0] Call Trace: [ 1682.799808][ C0] [ 1682.802758][ C0] smp_call_function_many_cond+0xe80/0x11c0 [ 1682.808705][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 1682.813778][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 1682.820143][ C0] ? __pfx___text_poke+0x10/0x10 [ 1682.825110][ C0] ? rcu_is_watching+0x15/0xb0 [ 1682.829906][ C0] ? trace_contention_end+0x39/0x120 [ 1682.835236][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 1682.840327][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 1682.845501][ C0] smp_text_poke_batch_finish+0x5e0/0x1100 [ 1682.851442][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 1682.856507][ C0] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 1682.862802][ C0] ? arch_jump_label_transform_queue+0x97/0x110 [ 1682.869106][ C0] ? __jump_label_update+0x37e/0x3a0 [ 1682.874437][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 1682.880613][ C0] static_key_slow_inc_cpuslocked+0x80/0xf0 [ 1682.886547][ C0] static_key_slow_inc+0x1a/0x30 [ 1682.891554][ C0] kvm_dev_ioctl+0x16a8/0x18e0 [ 1682.896403][ C0] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 1682.901575][ C0] ? __fget_files+0x2a/0x420 [ 1682.906212][ C0] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1682.911195][ C0] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 1682.916351][ C0] __se_sys_ioctl+0xfc/0x170 [ 1682.920985][ C0] do_syscall_64+0xfa/0x3b0 [ 1682.925516][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 1682.930738][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1682.936832][ C0] ? clear_bhb_loop+0x60/0xb0 [ 1682.941550][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1682.947729][ C0] RIP: 0033:0x7f48f438e969 [ 1682.952169][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1682.971811][ C0] RSP: 002b:00007f48f517a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1682.980349][ C0] RAX: ffffffffffffffda RBX: 00007f48f45b5fa0 RCX: 00007f48f438e969 [ 1682.988442][ C0] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 1682.996527][ C0] RBP: 00007f48f4410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1683.004524][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1683.012513][ C0] R13: 0000000000000000 R14: 00007f48f45b5fa0 R15: 00007ffdbcf54bb8 [ 1683.020527][ C0] [ 1683.024011][ C0] vkms_vblank_simulate: vblank timer overrun