last executing test programs: 4m21.831320942s ago: executing program 2 (id=3153): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r1, 0x0, 0x58) 4m21.708717911s ago: executing program 2 (id=3154): symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00') setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000300)='./file0\x00', 0x500083c) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000180), 0x0, 0x0, 0x0) 4m21.555959088s ago: executing program 2 (id=3156): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001"], 0x122}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="48000000020601000600000600000000000000000e0003006269746d61703a6970000000050004"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff1, 0x3}, {0x6}, {0x4, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x20040080}, 0x40004) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) 4m21.53287826s ago: executing program 2 (id=3158): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) 4m20.603492815s ago: executing program 2 (id=3167): ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) 4m19.97236463s ago: executing program 2 (id=3176): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}}) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x4) 4m19.500716114s ago: executing program 32 (id=3176): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}}) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x4) 51.589295666s ago: executing program 5 (id=5529): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000006b00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000c00)=""/126, 0x7e}, 0x8}], 0x1, 0x4000002b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 51.403597803s ago: executing program 5 (id=5532): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000240)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000400)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000002c0)) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000001c0)={r1}) 50.449486568s ago: executing program 5 (id=5537): syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0}) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000001c0)={0xc}) 49.79194852s ago: executing program 5 (id=5542): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0) 49.622519455s ago: executing program 5 (id=5544): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) timerfd_create(0x7, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fdinfo/3\x00') socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r1, @ANYRES16=r0, @ANYBLOB="1d9e3317fa"], 0x0) 49.207968964s ago: executing program 5 (id=5546): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) read$alg(r1, &(0x7f0000001400)=""/18, 0x12) 48.72701257s ago: executing program 33 (id=5546): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) read$alg(r1, &(0x7f0000001400)=""/18, 0x12) 14.083329061s ago: executing program 6 (id=5863): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000005ac0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44}}], 0x1, 0x4000) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000000), 0x4) recvmmsg(r1, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}}], 0x700, 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c000}, 0x20000000) 13.88690616s ago: executing program 6 (id=5865): r0 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="2400000018000109f2ff0000ffdbdf2502180000ff0000080000000108000100ac141400"], 0x24}}, 0x404) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400030000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x0) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r0, 0x80184132, 0x0) 13.619366833s ago: executing program 6 (id=5866): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000480)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000080)=0x9) ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000000)) 13.271067558s ago: executing program 6 (id=5868): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x81) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) move_mount(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000100)='./file0\x00', 0x1) 13.14503814s ago: executing program 6 (id=5869): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r1, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x800}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x3, r2, r1, 0x3, 0xfffffffffefffff8, 0x3fff}) 12.835320202s ago: executing program 6 (id=5871): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r1, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001e00)=""/229, 0xe5}, {&(0x7f00000004c0)=""/7, 0x7}], 0x2}}], 0x2, 0x11, 0x0) 12.375181886s ago: executing program 34 (id=5871): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r1, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001e00)=""/229, 0xe5}, {&(0x7f00000004c0)=""/7, 0x7}], 0x2}}], 0x2, 0x11, 0x0) 4.94369895s ago: executing program 3 (id=5907): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x3, @loopback, 0x3}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000440)='htcp\x00', 0x5) shutdown(r0, 0x1) 4.766774616s ago: executing program 3 (id=5909): syz_usb_connect$uac1(0x0, 0xaa, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x10}}, 0x0) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r0, 0x7b0, &(0x7f0000000100)={@hyper, 0x3}) 4.008595297s ago: executing program 3 (id=5919): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3}) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1) 3.087593047s ago: executing program 3 (id=5925): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b92000004066b80000000066ba010000000f3066b9b909000066b80000008066ba000000000f3066b91702000066b80000000066ba000000800f300fc78b8213660f5f73670ff9600e0f01c566b8080000000f23d80f21f86635000000c00f23f8f30fc7350f01c3", 0x69}], 0x1, 0x20, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.707530612s ago: executing program 4 (id=5927): sendmsg$NL80211_CMD_LEAVE_IBSS(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES16], 0x14}, 0x1, 0x0, 0x0, 0x2000c051}, 0x4004000) r0 = semget$private(0x0, 0x4000000009, 0x42a) semop(r0, &(0x7f0000000200), 0x53) r1 = semget$private(0x0, 0x3, 0x401) semop(r1, &(0x7f00000011c0)=[{0x0, 0x7fff, 0x1800}], 0x1) semtimedop(0x0, &(0x7f0000000380)=[{0x3, 0x4, 0x1000}, {0x4, 0x3}], 0x2, &(0x7f0000000700)) 2.647682101s ago: executing program 3 (id=5929): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6161, 0x4d15, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, &(0x7f0000000440)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, 0x0, &(0x7f0000000680)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xc01}}, 0x0, 0x0, 0x0}, 0x0) 2.574670777s ago: executing program 7 (id=5930): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001400030500008000ffdbdf25021f51ff", @ANYRES32=r3, @ANYBLOB="080002007f000001"], 0x20}, 0x1, 0x0, 0x0, 0xc090}, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}}) 2.550669713s ago: executing program 4 (id=5931): pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c) sendto$inet6(r1, 0x0, 0x91, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0x406f413, 0x0) 2.391791222s ago: executing program 7 (id=5932): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f0000000000)=[{0x28, 0x4, 0x53, 0xe1f}, {0x6, 0x1, 0x8, 0x1}]}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000005}, 0x40) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4020aeb2, &(0x7f0000000000)={0x2}) 2.141480819s ago: executing program 7 (id=5933): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) unshare(0x26020480) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x88000, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0x0) 1.609814977s ago: executing program 1 (id=5938): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="11da3cf44b1a8c3d8a39ccbd630e8ef9170ccf07ef1800322de53ae3b183ee66", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x80000) recvmsg$can_j1939(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000600)=""/4095, 0xfff}], 0x1}, 0x10000) sendmmsg$alg(r1, &(0x7f00000001c0)=[{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001880)="2cbddd39dad9edc182feabcec21043acf4", 0x11}], 0x1, 0x0, 0x0, 0x15}], 0x1, 0x4000000) 1.4668601s ago: executing program 1 (id=5940): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) dup3(r3, r0, 0x80000) 1.447015531s ago: executing program 4 (id=5941): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x4e24, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7177}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x5d6aff9e) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000080)={r2, @in6={{0xa, 0x4e24, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}}, 0x5, 0x0, 0x80000003, 0x104, 0xe2d8f2eb1d010935, 0x7, 0x6}, 0x9c) 1.363181698s ago: executing program 1 (id=5942): r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00') preadv(r2, &(0x7f0000000340)=[{&(0x7f00000008c0)=""/201, 0xc9}], 0x1, 0x0, 0x0) 1.258920704s ago: executing program 1 (id=5943): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_io_uring_setup(0x890, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0x2, 0xbffffffc}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x0) 1.188965875s ago: executing program 7 (id=5945): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) writev(r1, &(0x7f0000000740)=[{&(0x7f0000000900)="5a7511133e3fcbca838b97832d3fdfdc0953cc0cf8b42eb401679ea24b72d5ff630d9c4a6a811c37fd42bf8589fe8588d4c56a8b68dc2dfb92dfaf997a9d5dbc3ca931223cadd006fa5b0a2153130143af0e", 0x52}, {&(0x7f0000000080)="3b6773add2485f53272c", 0xa}, {&(0x7f0000002f00)="5a5eb6e7eb8d577473884d640f99a59bc796b2d870beb6baf1e7d45b0b2576eed62283d56aa129c91175026bdd2fdf9f8df34f537bec399390e0d522c7551232ca650c46415c048649de9164a7c7905289da29f697933307a775d0a7bef4ba6da771a0f838a9bb1fed9948195834563c9ac8b783f5da119ae98087362b109e303610f42f0feae1fd1fb6acc7210abcb0d91098ae0d9c6540b425bc1ab043772c46a6f8a4232c6916afd4c56adbb5bc2fd0b0614853fd8613c0acf596065ca46763ca97229b36c1079245de285ad80e1a74773848a6c5676c278f747a1a81f9987b1ba3d5c1baaab25619da3bbf35971d7c0b410c7deb95186366adc864653358bd76c35c516389519ca12ffdfa256960883aedaead88b1511ad2e55149204342ffe3a80368d3ecae43b2d54da2bbbc2798db069c60321759933a6901fe9acd417bea8467e310aeb64c50c740aff90fd3703b27ecc4fe32e0bf2d45359b6b94923ad9f4c83b2b9cf76db148ed685211f0c6b3cd9f3861dc1e65a010af08bd8a470c47f015d31fa36a6fbc6591e0bbb77a65a7e2dc830fac13cea6040c9a8cdbd8542c62b641c17db3721189e2e93550fa87bbb70be262f734993a6b48971b959838237d6e41072b3a15274a98e17832a3ca7066e28c1c53f805d50464b2585d96ee3ae1c4b083f362fe073e0ef4b7deb5d4244dc6116e8bb0acb224fc8fd337dbcc8ab48da8919b25bdca641d7dedb4145ddfbb82036a27df8924a6e5689cafde9b6fc51bcc72455ac3505b46a97b315c1f604f452aa43b605b15fb35a1cae8233f59fb99e6ffa2f72da01d5eab79c8c800d8a87fe0764b10456e5f8ba72b7369322622137a1c73a6680c9254cf41075b28edb16486f2e68dde410c5312df40e71349893740612bed94680ceddee85d173b5c9b6c020cb3344a44de2de6f2ed82df72ee24398896f5f25f0aacd32bdf64b37d22fa4a74c9242942b948d6a4a3f86b27b4efb59d81e5cde254c37ded582f61f0a7724953a114bb9c5e76a880a969b4bea076cc6e1972aeb19c266e6f0936a787e8ef6016c4a788bb21ef516ce4255bccc870f37b853a84711cffb14b03078b2ed3078b2ea55cd1b2606a7a215417dff40256b8c571ba24674c01bd77b62455d4b86ce033de6dea37ca75c8a213ac77c3361000d456917a3651ba6a39e7642f816578857c18055ddb6981c3ded1853fc435fae269c7e7b2756b59b1108bfba41fd5cf9b2b6e8e784e5ddc741283073fd0f01a3873a02a40b48faf0fcf07d9c219e6e96957bbbf28fd690b88ab29d802c0c37f7cb0c3008411858e26f6c65ebe075eb3236c6955233795a51867be193da7455e26e76b36d6712f219be79469ab38c6ed5191bce686dd915c810734647752067a92ecbd10d1202e3e3160fa0f10979b24857881e819b3bd37b349485d62093d2ab0deca36b9129d0b25a2666be112d8abd2ebaf1e75f0bab31b46e43c2b089d150fb669ba841c4b42e3adc51f8846d68f730cbd778f29cbff5a1b0da55e379868efd396dd742945bf2da758e7d0c48a477f8b8503439e32e08da114b4efe40e0d0920a1d5cfc2f8e66f78f32f64fb4638640949500b595bd3f561ee276b693aa242e18631ded4950757a56ea3688f161bbe73d3fc3f3be93179f7f24633bdb3cde90c4fe95f465b158450742ab1ab3fa4f5c7c1086ee39d2cb99a60f885e01bd9cf9712d262b58b64e61fc3e607ef0ccc500d754a78e3c54101dccea7b23470064e7d7f514f92cb6f45de1f70c013be088745200755af4e15311fe3da81ffbcd5ad1b6e74472360916392aefcda8504879e7a03f378725b74afc89ad19395028d4954d17d00c9b337a07476462cd27be668b0cb2457e292f3c28d167ade28bca3fd8c7f6c282c4f3a6e6352b42d4726f97fb47b1f989518972b11ccb4b399347dc304c509745f9ee32c91a89fe3c3ec993cae7d7288302d7308c48fd2246752fffdd6c46db8585a184aac8544fb23d51bd6204e7169a94a5daa6a52e5669e9f16ef15054d3290f6546a605c22c79835384a0112adc4c9c81ff356d5b4eee6a5210ebdae737ed93d4f3c449604185bb0b7043d258b20bf9100766a2703b7f70a443ff137b5fe0792d41108b691c1991eda5e0a3ca74eb99d531a6eb7223084923ab94a45a419da3e740cf87ea1e2dfb2df41167191abddc978f821aceba320e32a6e09b0da64a794f65c4431460a5a83541e063b575b9126343ed5d8ed98324d0dd226c19c458521c454bd9c27117a4c411b7f759820e6640384b6c0b4be6a71d6d849ea343136a13e3a917daec68b44076973233af92e13b92a11cdd3a880d8fb50a569018fd3721021cee41818faf6c50bbb4d53978457b4345852e47b948cc5ef6cfec39aaf687805025223aaf0e61ea2751848eb647184f57e154c06d6a63f59ebd7e26fbdaf3797e6853aaf351f0a2b570dbaccd9ad32b02b6c016e53fdf2988b6f0460b5c7e8a6e40d8f92ce13c8b813ed76f1e8380bcc044fe94e746707e6adf39cedaace21a48f9969cd702987027a53b388b707f70f6cf00382fdb9827653e8d3463641af98bc08b3dbb0ed3437e45328bd2ae995d22aece47a7a61d2d29d578aea26016b135e459900563ad552f22d164b939b53e338981d26cd4ffa5d8af3bcbb8177c79532b39b3ac2f21050dc3d62a78cab5006d5631144c9198d5b3af02404ad66b32da057f9a6236641ac1bcac0e321c7359e3748c240d59ef4528b287680e6bec617860d7f2ca18d0b796a8c9759b347938ad1b606bcdf6ea923687f8da889489e159e1ef80ff270e2eed75e5f129c31b8fc27b9a9a101341ce1efc5c61226f2f8df366f6724436ed313e7fcd9adab137153f8ca742d32e503debd611f07e83ca36c2926178184adb109f95ab865b5c9c1777943884f72923844b1edd28dc506433ca571085e32b4bdc09cde0993d737b81abfbfc0abe5f52c256e99523050fefa9e89bcad7e9954bfdc0f45a543877a1cdaca80761e9391f41f989747f18908a74b61d97afdd9ad9010ce1b9e9a85fa70e8421e56bc1eec611a01b6a20a3b830795371b6d6bc71e379396924cb62ae2a589068eef2cf33139676db7104605e51cf23a5f5a3d8d17b973c723495de4ea437dd83bcbea9e786555639fbdcefaf1822408807d9201e6d71d46a378bcbc4373afe272c778e8eec08857d8ed3385ad5286e03fd2a497c740d82f435c4a6adb2650311aeafbb1095d4012aa968815231873a51b756514518778f6064c84786c322281752cee28c4079de0dbca7615ed61a8fdb4f3bd6e7dbd8f526bb9ac3af8b76fa8a7df5c5c254c", 0x944}], 0x3) recvmsg$unix(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1}, 0x12060) 1.123572557s ago: executing program 0 (id=5946): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000002c0)={0xc, r1}) ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r0, 0x3b71, &(0x7f0000000240)={0x20, 0x2, &(0x7f00000000c0), 0x8000, 0x10000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x6}) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) 1.031893043s ago: executing program 7 (id=5947): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x91912511999697f8, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000740)) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000001980)=0x1) 928.52849ms ago: executing program 0 (id=5948): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="401608eff8", 0x5}], 0x1, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x5}], 0x30}], 0x1, 0x0) recvmsg$can_j1939(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000002c0)=""/40, 0x28}], 0x1}, 0x2140) 864.507329ms ago: executing program 7 (id=5949): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet6(0xa, 0x2, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, 0x0, 0x0) listen(r0, 0x8) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0) shutdown(r0, 0x0) 791.77632ms ago: executing program 0 (id=5950): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000003480)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001400)="c09bd65a75b56b924573f105bd55ef2b455326e4af9f174c2609f3fb9f52493449d9348dc907fab1cb219c4338d1ef214d72554a7db767b6c4b74fc005f33cac1bad692af0fba16f6c77e25b6540fae461dd1e83d815a1c1cd6d9988b2bfb5c01369e75d3ac54670aaf21a2254894e4a313788cd939932e3390182ee9131fcd371b140d5cb11f0e60fc440b0a2eedfe1d9f6f34d3f0990f07a070147f65d6a0ab4d4f581e421cc38f05febcc49d294b7f2975b7a7db908324d64cfcd9307956f05f2dd7b236ac8f1a58ee891", 0xcc}, {0x0}], 0x2}}, {{&(0x7f0000001740)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000001940)=[{&(0x7f0000001780)="31daf6", 0x3}], 0x1, &(0x7f00000036c0)=ANY=[@ANYBLOB="b4000000000000000000000007000000"], 0xb8}}, {{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000001a80)="a7fb084440490c908c50390ddfe0bc1690eeb757781f9166f37635ac0601e1bd99e93e31", 0x24}, {0x0}], 0x2, &(0x7f0000001d00)=ANY=[@ANYBLOB="4c000000000000000000000007000000071bb7640101007f000001e0000002ac1414bbffffffffffffffff8317067f00000164010102e0000002ac14142b0a0101000007077d64010100000000000000140000000000000000000000070000000100000000000000140000000000000000000000020000000a00000000000000440000000000000000000000070000008631ffffffff0109ef1f8f7ac3ba9b0011948d2f6a85bfc3f88ad41c27b1529c001165e7abfd9f5f40d9a7f10d8636fa84000000000000001c000000000000000000000008000000", @ANYRES32, @ANYBLOB="ac14143864010101000000001c00000000000000", @ANYRES32, @ANYBLOB="ac2e14bb0a01ef85"], 0x108}}, {{0x0, 0x0, &(0x7f0000003240)=[{&(0x7f0000001e80)="9c7c84c67eaabd019f922287c8daf18a952060f29f33ee0f51908eab1427a02c73610c3572b9cf0b78d20dcdef8a04636f2a464e0c7524f68236162a6b65738ea6b1c07f4abeed2910aa542ac7ab17b34bd98a5f0878f19603fc9835c258ce872da0", 0x62}, {0x0}], 0x2}}, {{&(0x7f00000032c0)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f0000003400)=[{0x0}], 0x1}}], 0x5, 0x1) shutdown(r0, 0x1) 707.806108ms ago: executing program 1 (id=5951): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}, 0x1, 0x0, 0x0, 0x1}, 0x20040880) r2 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 617.381701ms ago: executing program 0 (id=5952): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"]) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x49, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 562.874395ms ago: executing program 1 (id=5953): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)=""/19, 0x13}, 0xe0000003}], 0x1, 0x102, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) 424.647621ms ago: executing program 4 (id=5954): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) getsockopt(r2, 0x111, 0x5, 0x0, &(0x7f0000000080)=0x5a) 283.851303ms ago: executing program 0 (id=5955): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1}) ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r0, 0x7ac, &(0x7f0000000140)={0x0, 0x0, 0x4be}) 263.554352ms ago: executing program 4 (id=5956): r0 = socket$inet(0x2, 0x5, 0x0) close(0x3) syz_open_dev$video(&(0x7f0000000040), 0x1, 0x0) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xa83b, 0x10000}, &(0x7f0000000340)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x4, r0, 0x0, 0x0, 0x0, 0x80000, 0x1}) io_uring_enter(r1, 0x78cb, 0x0, 0x9, 0x0, 0x0) 125.671961ms ago: executing program 3 (id=5957): syz_usb_connect(0x4, 0x0, 0x0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xf0ff}}]}) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) 89.249879ms ago: executing program 4 (id=5958): syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) socket(0x400000000010, 0x3, 0x0) futex(&(0x7f0000000080), 0x88, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=5959): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) kernel console output (not intermixed with test programs): 209448][ T5946] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.225605][ T5946] usb 4-1: config 0 descriptor?? [ 473.226895][ T30] audit: type=1326 audit(1754823652.435:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17848 comm="syz.1.4558" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ad038ebe9 code=0x0 [ 473.252622][ C1] vkms_vblank_simulate: vblank timer overrun [ 473.316885][ T1211] cdc_ncm 5-1:1.0: failed to get mac address [ 473.326025][ T1211] cdc_ncm 5-1:1.0: bind() failure [ 473.338468][ T1211] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 473.350113][ T1211] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 473.359893][ T1211] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 473.374761][ T6013] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 473.376412][ T1211] usb 5-1: USB disconnect, device number 63 [ 473.534656][ T6013] usb 6-1: Using ep0 maxpacket: 8 [ 473.542014][ T6013] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 473.552336][ T6013] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.563370][ T6013] usb 6-1: config 0 descriptor?? [ 473.649475][ T5946] plantronics 0003:047F:FFFF.0041: unknown main item tag 0x0 [ 473.664250][ T5946] plantronics 0003:047F:FFFF.0041: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 473.917902][ T1211] usb 4-1: USB disconnect, device number 55 [ 473.943510][T17855] loop6: detected capacity change from 0 to 63 [ 473.960303][T17855] buffer_io_error: 7 callbacks suppressed [ 473.960317][T17855] Buffer I/O error on dev loop6, logical block 0, async page read [ 473.979584][T17855] Buffer I/O error on dev loop6, logical block 0, async page read [ 473.988666][T17855] Buffer I/O error on dev loop6, logical block 0, async page read [ 473.999021][T17855] Buffer I/O error on dev loop6, logical block 0, async page read [ 474.007762][T17855] Buffer I/O error on dev loop6, logical block 0, async page read [ 474.016225][T17855] Buffer I/O error on dev loop6, logical block 0, async page read [ 474.025215][T17855] Buffer I/O error on dev loop6, logical block 1, async page read [ 474.036916][T17856] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 474.038703][T17855] loop6: unable to read partition table [ 474.046069][T17856] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 474.052780][T17855] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 474.074969][T17856] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 474.310550][T17862] input: syz1 as /devices/virtual/input/input79 [ 474.490043][T17868] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4567'. [ 474.552067][T17868] team_slave_0: entered promiscuous mode [ 474.557833][T17868] team_slave_1: entered promiscuous mode [ 474.570128][T17868] team0: Device macsec1 is already an upper device of the team interface [ 474.592090][ T6013] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 474.606062][T17868] team_slave_0: left promiscuous mode [ 474.611557][T17868] team_slave_1: left promiscuous mode [ 474.623491][ T6013] asix 6-1:0.0: probe with driver asix failed with error -71 [ 474.661732][ T6013] usb 6-1: USB disconnect, device number 17 [ 475.984551][ T5949] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 476.178293][ T5949] usb 6-1: Using ep0 maxpacket: 16 [ 476.188647][ T5949] usb 6-1: config 0 has no interfaces? [ 476.196767][ T5949] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 476.231507][ T5949] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 476.288373][ T5949] usb 6-1: Manufacturer: syz [ 476.309378][ T5949] usb 6-1: config 0 descriptor?? [ 476.529202][T17942] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 476.596167][T17906] lo: entered promiscuous mode [ 476.622561][T17906] tunl0: entered promiscuous mode [ 476.639619][T17906] gre0: entered promiscuous mode [ 476.660345][T17906] gretap0: entered promiscuous mode [ 476.687410][T17906] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 476.813368][ T5949] usb 6-1: USB disconnect, device number 18 [ 477.684752][ T5925] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 477.806428][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 477.867449][ T5925] usb 2-1: Using ep0 maxpacket: 8 [ 477.880820][ T5925] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 477.892025][ T5925] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 477.904630][ T5925] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 477.914822][ T5925] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 477.925388][ T5925] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 477.938680][ T5925] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 477.952394][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.196540][ T5925] usb 2-1: GET_CAPABILITIES returned 0 [ 478.202139][ T5925] usbtmc 2-1:16.0: can't read capabilities [ 478.334806][ T6013] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 478.411539][ T5946] usb 2-1: USB disconnect, device number 58 [ 478.495008][ T6013] usb 6-1: Using ep0 maxpacket: 8 [ 478.502118][ T6013] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 478.515126][ T6013] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 478.524190][ T6013] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.535069][ T6013] usb 6-1: config 0 descriptor?? [ 478.748771][ T6013] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 479.167679][ T5925] usb 6-1: USB disconnect, device number 19 [ 479.188518][ T30] audit: type=1326 audit(1754823658.395:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18015 comm="syz.3.4633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f173cd8ebe9 code=0x7fc00000 [ 479.379919][T18028] syzkaller1: entered promiscuous mode [ 479.386518][T18028] syzkaller1: entered allmulticast mode [ 480.039710][ T30] audit: type=1326 audit(1754823659.235:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18050 comm="syz.1.4648" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2ad038ebe9 code=0x0 [ 480.404523][ T5949] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 480.564758][ T5949] usb 5-1: Using ep0 maxpacket: 8 [ 480.572080][ T5949] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 480.583935][ T5949] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 480.594416][ T5949] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 480.604812][ T5949] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 480.618249][ T5949] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 480.627530][ T5949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.863523][ T5949] usb 5-1: GET_CAPABILITIES returned 0 [ 480.872391][ T5949] usbtmc 5-1:16.0: can't read capabilities [ 481.101005][ T5949] usb 5-1: USB disconnect, device number 64 [ 481.305346][ T30] audit: type=1326 audit(1754823660.485:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18090 comm="syz.0.4655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe3bd32add9 code=0x7ffc0000 [ 481.442775][ T30] audit: type=1326 audit(1754823660.485:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18090 comm="syz.0.4655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 481.497297][ T30] audit: type=1326 audit(1754823660.485:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18090 comm="syz.0.4655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 481.521781][ T30] audit: type=1326 audit(1754823660.485:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18090 comm="syz.0.4655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 481.546096][ T30] audit: type=1326 audit(1754823660.485:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18090 comm="syz.0.4655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe3bd32add9 code=0x7ffc0000 [ 481.574805][ T30] audit: type=1326 audit(1754823660.485:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18090 comm="syz.0.4655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe3bd32add9 code=0x7ffc0000 [ 481.597800][ T30] audit: type=1326 audit(1754823660.485:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18090 comm="syz.0.4655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe3bd32add9 code=0x7ffc0000 [ 481.620589][ T30] audit: type=1326 audit(1754823660.485:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18090 comm="syz.0.4655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 481.725045][ T5945] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 481.908624][ T5945] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 481.921222][ T5945] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.930000][ T5945] usb 6-1: Product: syz [ 481.934265][ T5945] usb 6-1: Manufacturer: syz [ 481.940253][ T5945] usb 6-1: SerialNumber: syz [ 481.975859][ T5945] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 482.009183][ T5949] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 482.329631][ T5945] usb 6-1: USB disconnect, device number 20 [ 482.587658][ C0] hrtimer: interrupt took 63398 ns [ 483.084834][ T5949] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 483.097239][ T5949] ath9k_htc: Failed to initialize the device [ 483.108566][ T5945] usb 6-1: ath9k_htc: USB layer deinitialized [ 483.313250][T18166] tun0: tun_chr_ioctl cmd 1074025675 [ 483.319682][T18166] tun0: persist enabled [ 483.324316][T18166] tun0: tun_chr_ioctl cmd 1074025675 [ 483.334237][T18166] tun0: persist enabled [ 484.144058][T18194] cifs: Unknown parameter 'f,' [ 484.275177][T18200] input: syz1 as /devices/virtual/input/input80 [ 484.426160][T18206] input: syz1 as /devices/virtual/input/input81 [ 484.536493][T18208] syz_tun: left allmulticast mode [ 484.619213][T18210] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4702'. [ 484.857547][ T30] kauditd_printk_skb: 46 callbacks suppressed [ 484.857565][ T30] audit: type=1326 audit(1754823664.065:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18223 comm="syz.3.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f173cd8ebe9 code=0x7ffc0000 [ 484.912228][ T30] audit: type=1326 audit(1754823664.065:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18223 comm="syz.3.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 484.935897][ T30] audit: type=1326 audit(1754823664.065:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18223 comm="syz.3.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 484.981514][ T30] audit: type=1326 audit(1754823664.065:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18223 comm="syz.3.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 485.022147][ T30] audit: type=1326 audit(1754823664.065:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18223 comm="syz.3.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 485.049690][ T30] audit: type=1326 audit(1754823664.065:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18223 comm="syz.3.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 485.080130][ T30] audit: type=1326 audit(1754823664.065:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18223 comm="syz.3.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 485.103020][ T30] audit: type=1326 audit(1754823664.065:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18223 comm="syz.3.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 485.150795][ T30] audit: type=1326 audit(1754823664.065:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18223 comm="syz.3.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 485.211794][ T30] audit: type=1326 audit(1754823664.065:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18223 comm="syz.3.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 485.744698][ T6013] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 485.896246][ T6013] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 485.906758][ T6013] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 485.923597][T18255] netlink: 'syz.0.4723': attribute type 12 has an invalid length. [ 485.934647][T18255] netlink: 9472 bytes leftover after parsing attributes in process `syz.0.4723'. [ 485.936288][ T6013] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 485.964063][ T6013] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 485.985373][ T6013] usb 2-1: SerialNumber: syz [ 486.228264][ T6013] usb 2-1: 0:2 : does not exist [ 486.290400][ T6013] usb 2-1: USB disconnect, device number 59 [ 486.912003][T18282] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4734'. [ 488.730307][T18320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4751'. [ 488.739753][T18322] input: syz0 as /devices/virtual/input/input82 [ 489.235232][ T6013] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 489.394706][ T6013] usb 6-1: Using ep0 maxpacket: 32 [ 489.403133][ T6013] usb 6-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 489.412399][ T6013] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.423431][ T6013] usb 6-1: Product: syz [ 489.427707][ T6013] usb 6-1: Manufacturer: syz [ 489.432306][ T6013] usb 6-1: SerialNumber: syz [ 489.440069][ T6013] usb 6-1: config 0 descriptor?? [ 489.448733][ T6013] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 490.255983][ T6013] gspca_stk1135: reg_w 0x5 err -71 [ 490.262365][ T6013] gspca_stk1135: serial bus timeout: status=0x00 [ 490.269020][ T6013] gspca_stk1135: Sensor write failed [ 490.274504][ T6013] gspca_stk1135: serial bus timeout: status=0x00 [ 490.280841][ T6013] gspca_stk1135: Sensor write failed [ 490.286461][ T6013] gspca_stk1135: serial bus timeout: status=0x00 [ 490.292798][ T6013] gspca_stk1135: Sensor read failed [ 490.298212][ T6013] gspca_stk1135: serial bus timeout: status=0x00 [ 490.304937][ T6013] gspca_stk1135: Sensor read failed [ 490.310220][ T6013] gspca_stk1135: Detected sensor type unknown (0x0) [ 490.316918][ T6013] gspca_stk1135: serial bus timeout: status=0x00 [ 490.323268][ T6013] gspca_stk1135: Sensor read failed [ 490.328543][ T6013] gspca_stk1135: serial bus timeout: status=0x00 [ 490.334984][ T6013] gspca_stk1135: Sensor read failed [ 490.341240][ T6013] gspca_stk1135: serial bus timeout: status=0x00 [ 490.347637][ T6013] gspca_stk1135: Sensor write failed [ 490.352948][ T6013] gspca_stk1135: serial bus timeout: status=0x00 [ 490.359479][ T6013] gspca_stk1135: Sensor write failed [ 490.365021][ T6013] stk1135 6-1:0.0: probe with driver stk1135 failed with error -71 [ 490.378272][ T6013] usb 6-1: USB disconnect, device number 21 [ 491.245577][ T5867] Bluetooth: hci1: command 0x0406 tx timeout [ 491.251395][T18341] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 492.093595][T18341] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 492.107507][T18341] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 492.113895][T18341] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 492.122819][T18341] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 492.130255][T18341] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 492.137828][T18341] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 492.143873][T18341] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 492.151309][T18341] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 492.157366][T18341] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 492.359324][T18363] input: syz0 as /devices/virtual/input/input83 [ 492.368560][T18363] input: failed to attach handler leds to device input83, error: -6 [ 492.404598][ T5945] usb 5-1: new full-speed USB device number 65 using dummy_hcd [ 492.455062][ T5949] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 492.580047][ T5945] usb 5-1: config index 0 descriptor too short (expected 31, got 27) [ 492.589448][ T5945] usb 5-1: config 1 interface 0 has no altsetting 0 [ 492.598923][ T5945] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 492.624586][ T5945] usb 5-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 492.632960][ T5945] usb 5-1: Product: syz [ 492.641731][ T5949] usb 6-1: Using ep0 maxpacket: 8 [ 492.654470][ T5945] usb 5-1: Manufacturer: syz [ 492.661116][ T5949] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 492.675016][ T5945] usb 5-1: SerialNumber: syz [ 492.681602][ T5949] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 492.707710][ T5949] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 492.729731][ T5949] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 492.763957][ T5949] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 492.811898][ T5949] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 492.853733][ T5945] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 65 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 492.874812][ T5949] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.893954][ T5945] usb 5-1: USB disconnect, device number 65 [ 492.960946][ T5945] usblp0: removed [ 493.110837][ T5949] usb 6-1: usb_control_msg returned -32 [ 493.124075][ T5949] usbtmc 6-1:16.0: can't read capabilities [ 493.335669][ T5867] Bluetooth: hci1: command 0x0406 tx timeout [ 493.672029][ T5945] usb 6-1: USB disconnect, device number 22 [ 494.125453][ T5867] Bluetooth: hci2: command 0x0406 tx timeout [ 494.125462][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 494.204798][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 494.204847][ T5867] Bluetooth: hci4: command 0x0406 tx timeout [ 495.773051][T18476] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4819'. [ 495.798597][T18476] gretap0: entered promiscuous mode [ 495.811661][T18476] gretap0: left promiscuous mode [ 495.874683][ T5945] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 496.010324][T18481] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 496.017625][T18481] IPv6: NLM_F_CREATE should be set when creating new route [ 496.024911][T18481] IPv6: NLM_F_CREATE should be set when creating new route [ 496.055402][ T5945] usb 5-1: Using ep0 maxpacket: 16 [ 496.064146][ T5945] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 496.089251][ T5945] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 496.111981][ T5945] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 496.140685][ T5945] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 496.172762][ T5945] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.202007][ T5945] usb 5-1: config 0 descriptor?? [ 496.205676][ T5867] Bluetooth: hci2: command 0x0406 tx timeout [ 496.208200][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 496.284661][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 496.285029][ T5867] Bluetooth: hci4: command 0x0406 tx timeout [ 496.607982][T18503] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 496.609278][ T5949] IPVS: starting estimator thread 0... [ 496.647290][ T5945] HID 045e:07da: Invalid code 65791 type 1 [ 496.674189][ T5945] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0042/input/input84 [ 496.710369][ T5945] microsoft 0003:045E:07DA.0042: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 496.714621][T18505] IPVS: using max 31 ests per chain, 74400 per kthread [ 496.862067][ T5949] usb 5-1: USB disconnect, device number 66 [ 496.905011][T18512] input: syz1 as /devices/virtual/input/input85 [ 498.954671][ T1211] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 499.106301][ T1211] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 499.117371][ T5949] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 499.125048][ T1211] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 499.134117][ T1211] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 499.151907][ T1211] usb 4-1: config 0 descriptor?? [ 499.326614][ T5949] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 499.343592][ T5949] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 499.374600][ T5949] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 499.405676][ T1211] usbhid 4-1:0.0: can't add hid device: -71 [ 499.412504][ T5949] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 499.424333][ T1211] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 499.449642][ T5949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 499.465842][ T1211] usb 4-1: USB disconnect, device number 57 [ 499.486843][ T5949] usb 2-1: config 0 descriptor?? [ 499.906132][ T5949] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 499.913701][ T5949] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 499.921207][ T5949] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 499.929230][ T5949] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 499.937109][ T1211] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 499.944833][ T5949] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 499.952235][ T5949] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 499.959892][ T5949] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 499.969600][ T5949] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 499.981313][ T5949] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 500.005262][ T5949] plantronics 0003:047F:FFFF.0043: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 500.148234][ T1211] usb 4-1: Using ep0 maxpacket: 32 [ 500.160393][ T1211] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 500.181737][ T5946] usb 2-1: USB disconnect, device number 60 [ 500.184161][ T1211] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 500.202411][ T1211] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.253087][ T1211] usb 4-1: config 0 descriptor?? [ 500.273402][ T1211] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 500.299591][ T1211] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 500.353701][T18599] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 500.443883][T18601] loop2: detected capacity change from 0 to 7 [ 500.455804][T18601] Dev loop2: unable to read RDB block 7 [ 500.461424][T18601] loop2: AHDI p2 p3 [ 500.466529][T18601] loop2: partition table partially beyond EOD, truncated [ 500.484576][T18601] loop2: p2 size 150995456 extends beyond EOD, truncated [ 500.563290][ T5879] udevd[5879]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 500.696788][ T1211] usb 4-1: USB disconnect, device number 58 [ 500.708668][ T1211] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 500.945317][T18625] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4879'. [ 501.331433][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.338208][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.376610][T18635] netlink: 27 bytes leftover after parsing attributes in process `syz.0.4883'. [ 501.553776][T18645] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.4889'. [ 502.230875][T18682] binder: 18681:18682 ioctl 40046205 0 returned -22 [ 502.237812][ T5932] usb 5-1: new full-speed USB device number 67 using dummy_hcd [ 502.254359][T18685] loop3: detected capacity change from 0 to 1 [ 502.263248][T18685] Dev loop3: unable to read RDB block 1 [ 502.269385][T18685] loop3: AHDI p1 [ 502.273276][T18685] loop3: partition table partially beyond EOD, truncated [ 502.396815][ T5932] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 502.418814][ T5932] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 502.453077][ T5932] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 502.471207][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.674572][ T9] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 502.713550][ T5932] usb 5-1: usb_control_msg returned -32 [ 502.724752][ T5932] usbtmc 5-1:16.0: can't read capabilities [ 502.832142][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 502.854845][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 502.873103][ T9] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 502.884661][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.895812][ T9] usb 4-1: config 0 descriptor?? [ 503.317956][ T1211] usb 5-1: USB disconnect, device number 67 [ 503.338076][ T9] cm6533_jd 0003:0D8C:0022.0044: unknown main item tag 0x0 [ 503.418442][ T9] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0044/input/input86 [ 503.506751][ T9] cm6533_jd 0003:0D8C:0022.0044: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 503.604126][ T9] usb 4-1: USB disconnect, device number 59 [ 503.733222][T18714] fido_id[18714]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 504.555855][T18735] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4922'. [ 505.062301][T18741] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 505.942431][T18789] syzkaller1: entered promiscuous mode [ 505.950664][T18789] syzkaller1: entered allmulticast mode [ 505.989153][ T1211] hid_parser_main: 1 callbacks suppressed [ 505.989169][ T1211] hid-generic 0000:0000:0000.0045: unknown main item tag 0x0 [ 506.027927][ T1211] hid-generic 0000:0000:0000.0045: hidraw0: HID v0.00 Device [syz1] on syz0 [ 506.183458][T18797] netlink: 'syz.3.4947': attribute type 11 has an invalid length. [ 506.451282][T18805] netlink: 'syz.1.4950': attribute type 11 has an invalid length. [ 506.466489][T18805] netlink: 'syz.1.4950': attribute type 4 has an invalid length. [ 506.474329][T18805] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4950'. [ 506.703987][ T30] kauditd_printk_skb: 55 callbacks suppressed [ 506.704005][ T30] audit: type=1804 audit(1754823685.905:1170): pid=18814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.4954" name="file1" dev="ramfs" ino=74028 res=1 errno=0 [ 507.485094][T18835] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 507.787744][T18847] netlink: 'syz.1.4967': attribute type 1 has an invalid length. [ 508.002733][T18849] 8021q: adding VLAN 0 to HW filter on device bond5 [ 508.043190][T18849] bond4: (slave bond5): making interface the new active one [ 508.091156][T18849] bond4: (slave bond5): Enslaving as an active interface with an up link [ 508.981216][T18877] trusted_key: syz.4.4979 sent an empty control message without MSG_MORE. [ 509.905237][ T5949] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 510.072012][ T5949] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 510.083512][ T5949] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 510.098453][ T5949] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 510.112208][ T5949] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 510.126239][ T5949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.147042][ T5949] usb 2-1: config 0 descriptor?? [ 510.475159][ T1211] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 510.576419][ T5949] plantronics 0003:047F:FFFF.0046: reserved main item tag 0xd [ 510.603409][ T5949] plantronics 0003:047F:FFFF.0046: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 510.669851][ T1211] usb 5-1: config 0 interface 0 has no altsetting 0 [ 510.676787][ T1211] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 510.709701][ T1211] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.740365][ T1211] usb 5-1: config 0 descriptor?? [ 511.116315][ T9] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 511.274505][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 511.281737][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 511.297479][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 511.307326][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 511.316576][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.328544][ T9] usb 4-1: config 0 descriptor?? [ 511.336264][ T9] hub 4-1:0.0: USB hub found [ 511.539497][ T9] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 511.787280][ T1211] radio-keene 5-1:0.0: V4L2 device registered as radio48 [ 511.961838][ T9] hid-generic 0003:046D:C31C.0047: hidraw1: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.3-1/input0 [ 511.998266][ T5946] usb 5-1: USB disconnect, device number 68 [ 512.265215][ T5945] usb 4-1: USB disconnect, device number 60 [ 512.582783][T18965] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5014'. [ 512.598200][ T5949] usb 2-1: USB disconnect, device number 61 [ 512.604312][T18965] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5014'. [ 512.766307][T18973] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5018'. [ 513.256356][ T5949] usb 6-1: new full-speed USB device number 23 using dummy_hcd [ 513.428385][ T5949] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 513.476023][ T5949] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 513.490986][ T5949] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 513.511125][ T5949] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.534473][ T5949] usb 6-1: Product: syz [ 513.538707][ T5949] usb 6-1: Manufacturer: syz [ 513.555368][ T5949] usb 6-1: SerialNumber: syz [ 513.906739][ T5949] usb 6-1: 0:2 : does not exist [ 513.923149][ T5949] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 513.962327][ T5949] usb 6-1: USB disconnect, device number 23 [ 514.061728][ T5879] udevd[5879]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 515.393099][T19043] loop6: detected capacity change from 0 to 1 [ 515.404013][T19043] Dev loop6: unable to read RDB block 1 [ 515.411467][T19043] loop6: unable to read partition table [ 515.418341][T19043] loop6: partition table beyond EOD, truncated [ 515.424944][T19043] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 515.505441][ T5932] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 515.561193][T19048] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.5047'. [ 515.578222][T19049] netlink: 'syz.4.5048': attribute type 22 has an invalid length. [ 515.586346][T19049] netlink: 168 bytes leftover after parsing attributes in process `syz.4.5048'. [ 515.596886][T19048] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 515.672401][T19053] netlink: 51 bytes leftover after parsing attributes in process `syz.4.5050'. [ 515.696759][ T5932] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 515.717445][ T5932] usb 2-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 515.734239][ T5932] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 515.759892][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.507755][ T5946] usb 2-1: USB disconnect, device number 62 [ 517.024934][ T5946] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 517.198165][ T5946] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 517.209158][ T5946] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.227080][ T5946] usb 4-1: Product: syz [ 517.239093][ T5946] usb 4-1: Manufacturer: syz [ 517.259745][ T5946] usb 4-1: SerialNumber: syz [ 517.292852][ T5946] usb 4-1: config 0 descriptor?? [ 518.332187][ T5946] usb 4-1: non-Atmel transceiver xxxx0008 [ 518.533693][ T5946] usb 4-1: Firmware version (0.0) predates our first public release. [ 518.551699][ T5946] usb 4-1: Please update to version 0.2 or newer [ 518.563375][ T5932] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 518.581833][ T5946] usb 4-1: atusb_probe: initialization failed, error = -19 [ 518.616714][ T5946] usb 4-1: USB disconnect, device number 61 [ 518.744513][ T5932] usb 5-1: Using ep0 maxpacket: 32 [ 518.757617][ T5932] usb 5-1: config 9 has an invalid interface number: 160 but max is 0 [ 518.772914][ T5932] usb 5-1: config 9 has no interface number 0 [ 518.785150][ T5932] usb 5-1: config 9 interface 160 has no altsetting 0 [ 518.802148][ T5932] usb 5-1: New USB device found, idVendor=20b7, idProduct=0713, bcdDevice=4e.3f [ 518.817459][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.834700][ T5932] usb 5-1: Product: syz [ 518.849104][ T5932] usb 5-1: Manufacturer: syz [ 518.853724][ T5932] usb 5-1: SerialNumber: syz [ 519.409916][T19138] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5083'. [ 519.488120][ T5932] ftdi_sio 5-1:9.160: FTDI USB Serial Device converter detected [ 519.505740][ T5932] ftdi_sio ttyUSB0: unknown device type: 0x4e3f [ 519.536045][ T5932] usb 5-1: USB disconnect, device number 69 [ 519.554207][ T5932] ftdi_sio 5-1:9.160: device disconnected [ 519.875731][ T5949] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 520.055488][ T5949] usb 2-1: Using ep0 maxpacket: 8 [ 520.067579][ T5949] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 520.081140][ T5949] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 520.093631][ T5949] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 24929, setting to 1024 [ 520.108078][ T5949] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 520.118553][ T5949] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 520.131925][ T5949] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 520.141247][ T5949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.356631][ T5949] usb 2-1: GET_CAPABILITIES returned 0 [ 520.362249][ T5949] usbtmc 2-1:16.0: can't read capabilities [ 520.582930][T19169] usb usb8: usbfs: process 19169 (syz.3.5096) did not claim interface 0 before use [ 520.593311][ T5949] usb 2-1: USB disconnect, device number 63 [ 520.727097][ T30] audit: type=1326 audit(1754823699.935:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19151 comm="syz.5.5089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91a8f8ebe9 code=0x7fc00000 [ 521.321604][T19193] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.5106'. [ 521.490037][T19199] loop2: detected capacity change from 0 to 7 [ 521.508548][ T5879] Dev loop2: unable to read RDB block 7 [ 521.519774][ T5879] loop2: unable to read partition table [ 521.529797][ T5879] loop2: partition table beyond EOD, truncated [ 521.540854][T19199] Dev loop2: unable to read RDB block 7 [ 521.551981][T19199] loop2: unable to read partition table [ 521.561390][T19199] loop2: partition table beyond EOD, truncated [ 521.581791][T19199] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 523.306590][ T5945] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 523.476148][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 523.511683][ T5945] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 523.536890][ T5945] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.567214][ T5945] usb 2-1: config 0 descriptor?? [ 523.769832][T19270] loop2: detected capacity change from 0 to 7 [ 523.814638][ T5945] usbhid 2-1:0.0: can't add hid device: -71 [ 523.821766][T19270] Dev loop2: unable to read RDB block 7 [ 523.835499][ T5945] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 523.843382][T19270] loop2: unable to read partition table [ 523.863834][ T5945] usb 2-1: USB disconnect, device number 64 [ 523.870301][T19270] loop2: partition table beyond EOD, truncated [ 523.894527][T19270] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 524.111397][ T30] audit: type=1326 audit(1754823703.305:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19274 comm="syz.5.5139" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f91a8f8ebe9 code=0x0 [ 524.344493][ T1211] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 524.366009][ T5945] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 524.390023][T19282] netlink: 80 bytes leftover after parsing attributes in process `syz.3.5142'. [ 524.400406][T19282] netlink: 80 bytes leftover after parsing attributes in process `syz.3.5142'. [ 524.505494][ T1211] usb 5-1: Using ep0 maxpacket: 32 [ 524.512973][ T1211] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 524.522108][ T1211] usb 5-1: config 0 has no interface number 0 [ 524.528692][ T5945] usb 2-1: Using ep0 maxpacket: 32 [ 524.537796][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 524.549595][ T1211] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 524.560157][ T1211] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.562025][T19285] binder: 19283:19285 ioctl c0306201 200000000480 returned -14 [ 524.568936][ T5945] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 524.585534][ T1211] usb 5-1: Product: syz [ 524.589842][ T1211] usb 5-1: Manufacturer: syz [ 524.599790][ T5945] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.619411][ T1211] usb 5-1: SerialNumber: syz [ 524.640632][ T1211] usb 5-1: config 0 descriptor?? [ 524.653088][ T1211] smsc95xx v2.0.0 [ 524.660102][ T5945] usb 2-1: config 0 descriptor?? [ 524.678092][ T5945] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 524.679416][T19287] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5144'. [ 524.698113][ T5945] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 525.106671][ T5945] usb 2-1: USB disconnect, device number 65 [ 525.130103][ T5945] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 525.200244][ T30] audit: type=1326 audit(1754823704.405:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19294 comm="syz.5.5147" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f91a8f8ebe9 code=0x0 [ 525.888411][ T1211] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 525.934667][ T1211] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 525.954639][ T1211] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 525.988849][ T1211] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 526.018630][ T1211] usb 5-1: USB disconnect, device number 70 [ 527.016773][T19339] netlink: 'syz.1.5162': attribute type 29 has an invalid length. [ 527.068267][T19339] netlink: 'syz.1.5162': attribute type 29 has an invalid length. [ 527.098052][T19339] netlink: 500 bytes leftover after parsing attributes in process `syz.1.5162'. [ 527.107684][T19339] unsupported nla_type 58 [ 527.278093][T19352] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 527.294583][ T5925] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 527.416801][ T1211] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 527.457700][T19356] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5171'. [ 527.467398][ T5932] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 527.469860][ T5925] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 527.495079][ T5925] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 527.504314][ T5925] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.521287][ T5925] usb 5-1: config 0 descriptor?? [ 527.596407][ T1211] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 527.624467][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 527.637012][ T5932] usb 2-1: Using ep0 maxpacket: 8 [ 527.655967][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 527.659534][ T5932] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 527.682776][ T1211] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 527.729839][ T1211] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 527.743941][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.764608][ T1211] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.786210][ T5932] usb 2-1: Product: syz [ 527.795307][ T5932] usb 2-1: Manufacturer: syz [ 527.799941][ T5932] usb 2-1: SerialNumber: syz [ 527.806835][ T1211] usb 6-1: config 0 descriptor?? [ 527.829420][ T5932] usb 2-1: config 0 descriptor?? [ 527.982092][ T5925] keytouch 0003:0926:3333.0048: fixing up Keytouch IEC report descriptor [ 528.001914][ T5925] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0048/input/input88 [ 528.067227][ T5932] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 528.206068][ T5925] keytouch 0003:0926:3333.0048: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 528.281714][ T1211] plantronics 0003:047F:FFFF.0049: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 528.554166][ T5946] usb 6-1: USB disconnect, device number 24 [ 529.286252][ T5932] usb write operation failed. (-71) [ 529.295477][ T5932] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 529.313339][ T5932] dvbdev: DVB: registering new adapter (Terratec H7) [ 529.322914][ T5932] usb 2-1: media controller created [ 529.334154][ T5932] usb read operation failed. (-71) [ 529.341137][ T5932] usb write operation failed. (-71) [ 529.358668][ T5932] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 529.374737][ T5932] usb 2-1: USB disconnect, device number 66 [ 530.060838][ T5946] usb 5-1: USB disconnect, device number 71 [ 530.302130][T19432] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 530.334418][T19437] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 531.388960][T19463] IPv6: syztnl0: Disabled Multicast RS [ 531.547950][T19469] vcan0: tx drop: invalid da for name 0x00000000000006f9 [ 531.834547][ T5925] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 531.934699][ T1211] usb 5-1: new full-speed USB device number 72 using dummy_hcd [ 532.035200][ T5925] usb 2-1: Using ep0 maxpacket: 32 [ 532.063342][T19492] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5227'. [ 532.084220][ T5925] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 532.093501][ T5925] usb 2-1: config 0 has no interface number 0 [ 532.099880][ T5925] usb 2-1: config 0 interface 184 has no altsetting 0 [ 532.109080][ T5925] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 532.121433][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.134576][ T1211] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 532.164452][ T1211] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 532.189180][ T5925] usb 2-1: Product: syz [ 532.211313][ T5925] usb 2-1: Manufacturer: syz [ 532.239202][ T5925] usb 2-1: SerialNumber: syz [ 532.256542][ T1211] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 532.281369][ T5925] usb 2-1: config 0 descriptor?? [ 532.292224][ T1211] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.314189][ T30] audit: type=1326 audit(1754823711.515:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19483 comm="syz.3.5223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f173cd8ebe9 code=0x7ffc0000 [ 532.339550][ T5925] smsc75xx v1.0.0 [ 532.354381][ T1211] usb 5-1: Product: syz [ 532.359106][ T1211] usb 5-1: Manufacturer: syz [ 532.388718][ T1211] usb 5-1: SerialNumber: syz [ 532.413017][ T30] audit: type=1326 audit(1754823711.515:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19483 comm="syz.3.5223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f173cd8ebe9 code=0x7ffc0000 [ 532.428481][T19478] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 532.630374][ T30] audit: type=1326 audit(1754823711.515:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19483 comm="syz.3.5223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 532.653294][ T30] audit: type=1326 audit(1754823711.515:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19483 comm="syz.3.5223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 532.677487][ T30] audit: type=1326 audit(1754823711.515:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19483 comm="syz.3.5223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f173cd8ebe9 code=0x7ffc0000 [ 532.776626][ T30] audit: type=1326 audit(1754823711.515:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19483 comm="syz.3.5223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 532.800801][ T30] audit: type=1326 audit(1754823711.515:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19483 comm="syz.3.5223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 532.826651][ T30] audit: type=1326 audit(1754823711.515:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19483 comm="syz.3.5223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f173cd8ebe9 code=0x7ffc0000 [ 532.857068][ T30] audit: type=1326 audit(1754823711.515:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19483 comm="syz.3.5223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f173cd8ebe9 code=0x7ffc0000 [ 532.880959][ T30] audit: type=1326 audit(1754823711.515:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19483 comm="syz.3.5223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f173cd2add9 code=0x7ffc0000 [ 532.947498][ T5925] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 532.965502][ T5925] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 533.394991][ T5925] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71 [ 533.428949][ T5925] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71 [ 533.464895][ T5925] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 533.482748][ T1211] cdc_ncm 5-1:1.0: bind() failure [ 533.534805][ T5925] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 533.543373][ T1211] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 533.577018][ T1211] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 533.605041][ T5925] usb 2-1: USB disconnect, device number 67 [ 533.618413][ T1211] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 533.693418][ T1211] usb 5-1: USB disconnect, device number 72 [ 534.406688][T19546] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 534.675565][ T5946] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 534.828880][ T5946] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 534.846746][ T5946] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 534.858999][ T5946] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.869556][ T5946] usb 6-1: config 0 descriptor?? [ 534.878096][ T5946] pwc: Askey VC010 type 2 USB webcam detected. [ 534.904948][ T1211] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 535.057546][ T1211] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 535.065780][ T1211] usb 4-1: config 0 has no interface number 0 [ 535.071924][ T1211] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 535.081268][ T1211] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.092223][ T1211] usb 4-1: config 0 descriptor?? [ 535.097441][ T5925] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 535.108369][ T1211] cp210x 4-1:0.1: cp210x converter detected [ 535.264741][ T5925] usb 5-1: Using ep0 maxpacket: 16 [ 535.271724][ T5925] usb 5-1: too many configurations: 123, using maximum allowed: 8 [ 535.283647][ T5946] pwc: recv_control_msg error -32 req 02 val 2b00 [ 535.285409][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.297917][ T5946] pwc: recv_control_msg error -32 req 02 val 2700 [ 535.302509][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.315123][ T5946] pwc: recv_control_msg error -32 req 02 val 2c00 [ 535.323647][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.341456][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.353477][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.372208][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.385094][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.396967][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.410607][ T5925] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 535.420228][ T5925] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 535.428663][ T5925] usb 5-1: SerialNumber: syz [ 535.444235][ T5925] usb 5-1: config 0 descriptor?? [ 535.463020][ T5925] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input90 [ 535.522138][ T1211] cp210x 4-1:0.1: failed to get vendor val 0x000e size 3: -32 [ 535.541999][ T5946] pwc: recv_control_msg error -71 req 04 val 1300 [ 535.558497][ T5946] pwc: recv_control_msg error -71 req 04 val 1400 [ 535.566692][ T5946] pwc: recv_control_msg error -71 req 02 val 2000 [ 535.573583][ T5946] pwc: recv_control_msg error -71 req 02 val 2100 [ 535.588073][ T5946] pwc: recv_control_msg error -71 req 04 val 1500 [ 535.599786][ T5946] pwc: recv_control_msg error -71 req 02 val 2500 [ 535.608808][ T5946] pwc: recv_control_msg error -71 req 02 val 2400 [ 535.619123][ T5946] pwc: recv_control_msg error -71 req 02 val 2600 [ 535.629271][ T5946] pwc: recv_control_msg error -71 req 02 val 2900 [ 535.638948][ T5946] pwc: recv_control_msg error -71 req 02 val 2800 [ 535.651277][ T5946] pwc: recv_control_msg error -71 req 04 val 1100 [ 535.660829][ T5946] pwc: recv_control_msg error -71 req 04 val 1200 [ 535.667431][ T5217] bcm5974 5-1:0.0: could not read from device [ 535.678356][ T5946] pwc: Registered as video103. [ 535.685514][ T5217] bcm5974 5-1:0.0: could not read from device [ 535.698376][ T5217] bcm5974 5-1:0.0: could not read from device [ 535.705875][ T5946] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input91 [ 535.718389][ T5925] usb 5-1: USB disconnect, device number 73 [ 535.742034][ T5217] bcm5974 5-1:0.0: could not read from device [ 535.761398][ T5946] usb 6-1: USB disconnect, device number 25 [ 535.780345][ T1211] usb 4-1: cp210x converter now attached to ttyUSB0 [ 535.938205][ T5912] usb 4-1: USB disconnect, device number 62 [ 535.949345][ T5912] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 535.961219][ T5912] cp210x 4-1:0.1: device disconnected [ 536.273157][T19583] bridge0: port 1(bridge_slave_0) entered disabled state [ 536.470206][T19583] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 536.524314][T19583] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 536.858803][ T13] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.877578][ T13] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 536.903651][ T13] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.922806][ T13] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 536.948265][ T1321] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.998261][ T1321] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 537.026840][ T1321] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.070322][ T1321] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 537.575222][T19647] syzkaller1: entered promiscuous mode [ 537.590803][T19647] syzkaller1: entered allmulticast mode [ 537.832350][T19663] bond0: entered promiscuous mode [ 537.843558][T19663] bond_slave_0: entered promiscuous mode [ 537.882260][T19663] bond_slave_1: entered promiscuous mode [ 538.164521][ T24] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 538.326500][ T24] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 538.344773][T19677] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5296'. [ 538.353916][ T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 538.368372][T19677] veth1_macvtap: left promiscuous mode [ 538.379230][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 538.414517][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 538.437934][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 538.461271][ T24] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 538.478045][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.493920][ T24] usb 2-1: config 0 descriptor?? [ 538.517015][T19669] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 538.933302][ T24] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 538.953232][ T24] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 538.973299][ T24] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 538.997550][ T24] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 539.022135][ T24] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 539.040134][ T24] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 539.108019][ T24] plantronics 0003:047F:FFFF.004A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 539.193676][ T24] usb 2-1: USB disconnect, device number 68 [ 539.264500][ T30] kauditd_printk_skb: 104 callbacks suppressed [ 539.264519][ T30] audit: type=1326 audit(1754823718.465:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19705 comm="syz.4.5309" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe395b8ebe9 code=0x0 [ 539.322152][T19703] fido_id[19703]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 539.906291][T19728] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 540.289327][T19742] input: syz1 as /devices/virtual/input/input92 [ 540.504496][T19598] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 540.694536][T19598] usb 6-1: Using ep0 maxpacket: 16 [ 540.706330][T19598] usb 6-1: config 0 has an invalid interface number: 41 but max is 0 [ 540.717242][T19598] usb 6-1: config 0 has no interface number 0 [ 540.723352][T19598] usb 6-1: too many endpoints for config 0 interface 41 altsetting 2: 171, using maximum allowed: 30 [ 540.758521][T19598] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 540.778944][T19598] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 540.799448][T19598] usb 6-1: config 0 interface 41 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 171 [ 540.812715][T19589] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 540.834669][T19598] usb 6-1: config 0 interface 41 has no altsetting 0 [ 540.855248][T19598] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 540.864585][T19598] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.872590][T19598] usb 6-1: Product: syz [ 540.888977][T19598] usb 6-1: Manufacturer: syz [ 540.904922][T19598] usb 6-1: SerialNumber: syz [ 540.929080][T19598] usb 6-1: config 0 descriptor?? [ 540.961050][T19740] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 540.981471][T19589] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 540.997563][T19740] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 541.002818][T19589] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 541.021084][T19589] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.040645][T19589] usb 2-1: config 0 descriptor?? [ 541.142080][T19754] loop6: detected capacity change from 0 to 1 [ 541.150746][T19754] Dev loop6: unable to read RDB block 1 [ 541.156907][T19754] loop6: unable to read partition table [ 541.162923][T19754] loop6: partition table beyond EOD, truncated [ 541.170004][T19754] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 541.235756][T19740] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 541.263450][T19740] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 541.274120][T19589] usbhid 2-1:0.0: can't add hid device: -71 [ 541.285047][T19589] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 541.307996][T19589] usb 2-1: USB disconnect, device number 69 [ 541.775023][ T24] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 541.904666][T19598] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 541.944787][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 541.969692][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 541.981394][ T24] usb 2-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 541.993923][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.010457][ T24] usb 2-1: config 0 descriptor?? [ 542.128842][T19598] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 542.144102][T19598] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): Failed to power down PHY : -71 [ 542.157646][T19598] CoreChips 6-1:0.41: probe with driver CoreChips failed with error -71 [ 542.184927][T19598] usb 6-1: USB disconnect, device number 26 [ 542.207357][T19774] loop6: detected capacity change from 0 to 7 [ 542.252859][T19774] Dev loop6: unable to read RDB block 7 [ 542.271754][T19774] loop6: AHDI p3 p4 [ 542.278127][T19774] loop6: partition table partially beyond EOD, truncated [ 542.302618][T19774] loop6: p3 start 1886353253 is beyond EOD, truncated [ 542.402966][T19781] syzkaller1: entered promiscuous mode [ 542.409299][T19781] syzkaller1: entered allmulticast mode [ 542.440900][ T24] mcp2200 0003:04D8:00DF.004B: USB HID v0.05 Device [HID 04d8:00df] on usb-dummy_hcd.1-1/input0 [ 542.622871][T19785] netlink: 'syz.4.5345': attribute type 1 has an invalid length. [ 542.657303][T19785] 8021q: adding VLAN 0 to HW filter on device bond1 [ 542.690037][T19785] bond1: (slave geneve2): making interface the new active one [ 542.715347][T19785] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 542.729192][ T1319] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.754726][ T1319] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.774323][ T1319] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.786421][ T1319] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.861890][ T24] usb 2-1: USB disconnect, device number 70 [ 543.073153][T19799] vlan2: entered allmulticast mode [ 543.084058][T19799] macvlan0: entered allmulticast mode [ 543.517000][T19821] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 543.833617][T19831] netlink: 'syz.1.5366': attribute type 22 has an invalid length. [ 543.852442][T19831] netlink: 168 bytes leftover after parsing attributes in process `syz.1.5366'. [ 544.814588][ T24] usb 5-1: new full-speed USB device number 74 using dummy_hcd [ 544.976647][ T24] usb 5-1: config 0 has an invalid interface number: 230 but max is 0 [ 544.988905][ T24] usb 5-1: config 0 has no interface number 0 [ 544.995650][ T24] usb 5-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 545.354529][ T24] usb 5-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 545.409939][ T24] usb 5-1: config 0 interface 230 has no altsetting 0 [ 545.430578][ T24] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 545.454221][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.477951][ T24] usb 5-1: Product: syz [ 545.490109][ T24] usb 5-1: Manufacturer: syz [ 545.512804][ T24] usb 5-1: SerialNumber: syz [ 545.523344][T19863] syzkaller1: entered promiscuous mode [ 545.558214][T19863] syzkaller1: entered allmulticast mode [ 545.571674][ T24] usb 5-1: config 0 descriptor?? [ 545.599257][T19858] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 545.608501][T19858] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 545.624649][T19863] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 545.658306][ T24] ums-usbat 5-1:0.230: USB Mass Storage device detected [ 545.664504][T19863] syzkaller1: Linktype set failed because interface is up [ 545.731757][ T24] ums-usbat 5-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 547.343976][T19900] netlink: 'syz.1.5394': attribute type 29 has an invalid length. [ 547.365657][T19900] netlink: 'syz.1.5394': attribute type 29 has an invalid length. [ 547.384935][T19900] netlink: 500 bytes leftover after parsing attributes in process `syz.1.5394'. [ 547.925893][ T24] ums-usbat 5-1:0.230: probe with driver ums-usbat failed with error -5 [ 548.108628][ T24] usb 5-1: USB disconnect, device number 74 [ 548.477434][T19940] kvm: kvm [19939]: vcpu0, guest rIP: 0xeeee8000 Unhandled WRMSR(0x40000006) = 0x0 [ 548.690564][ T30] audit: type=1326 audit(1754823727.895:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19949 comm="syz.4.5416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe395b8ebe9 code=0x7ffc0000 [ 548.754947][T19951] batadv_slave_1: entered promiscuous mode [ 548.780527][ T30] audit: type=1326 audit(1754823727.925:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19949 comm="syz.4.5416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fe395b8ebe9 code=0x7ffc0000 [ 548.808465][T19951] batadv0: entered promiscuous mode [ 548.818939][T19948] batadv0: left promiscuous mode [ 548.826912][ T30] audit: type=1326 audit(1754823727.925:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19949 comm="syz.4.5416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe395b8ebe9 code=0x7ffc0000 [ 548.855349][ T30] audit: type=1326 audit(1754823727.925:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19949 comm="syz.4.5416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe395b8ebe9 code=0x7ffc0000 [ 548.877772][ C0] vkms_vblank_simulate: vblank timer overrun [ 548.884296][T19948] batadv_slave_1: left promiscuous mode [ 548.931155][ T30] audit: type=1326 audit(1754823727.925:1293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19949 comm="syz.4.5416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fe395b8ebe9 code=0x7ffc0000 [ 549.024209][ T30] audit: type=1326 audit(1754823727.925:1294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19949 comm="syz.4.5416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe395b8ebe9 code=0x7ffc0000 [ 549.081331][ T30] audit: type=1326 audit(1754823727.925:1295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19949 comm="syz.4.5416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe395b8ebe9 code=0x7ffc0000 [ 549.112502][ T30] audit: type=1326 audit(1754823727.925:1296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19949 comm="syz.4.5416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fe395b8ebe9 code=0x7ffc0000 [ 549.167113][ T30] audit: type=1326 audit(1754823727.925:1297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19949 comm="syz.4.5416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe395b8ebe9 code=0x7ffc0000 [ 549.237113][ T30] audit: type=1326 audit(1754823727.925:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19949 comm="syz.4.5416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe395b8ebe9 code=0x7ffc0000 [ 551.184737][ T24] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 551.349089][ T24] usb 6-1: Using ep0 maxpacket: 16 [ 551.361967][ T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 551.383334][T19585] hid-generic 0000:0003:0001.004C: unknown main item tag 0x0 [ 551.386050][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 551.404701][T19585] hid-generic 0000:0003:0001.004C: unknown main item tag 0x0 [ 551.429762][T19585] hid-generic 0000:0003:0001.004C: hidraw0: HID v0.03 Device [syz0] on syz1 [ 551.437119][ T24] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 551.451582][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 551.476429][ T24] usb 6-1: Product: syz [ 551.485443][ T24] usb 6-1: Manufacturer: syz [ 551.496129][ T24] usb 6-1: SerialNumber: syz [ 551.618147][T20021] fido_id[20021]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 551.725030][ T24] usb 6-1: 0:2 : does not exist [ 551.748272][ T24] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 551.796991][ T24] usb 6-1: USB disconnect, device number 27 [ 551.854139][ T5879] udevd[5879]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 551.906260][T19585] usb 4-1: new full-speed USB device number 63 using dummy_hcd [ 552.080628][T19585] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 552.102458][T19585] usb 4-1: config 0 has no interfaces? [ 552.109522][T19585] usb 4-1: New USB device found, idVendor=5543, idProduct=3031, bcdDevice= 0.00 [ 552.119215][T19585] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.132824][T19585] usb 4-1: config 0 descriptor?? [ 552.436816][T19598] usb 4-1: USB disconnect, device number 63 [ 553.287425][T19598] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 553.456538][T19598] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 553.465684][T19598] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 553.481012][T19598] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 553.502902][T19598] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 553.518864][T19598] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 553.532225][T19598] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 553.546142][T19598] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.561200][T19598] usb 4-1: config 0 descriptor?? [ 553.589327][T20073] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 553.744030][T20096] binder: 20092:20096 ioctl c0306201 200000000480 returned -14 [ 553.964661][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 553.964680][ T30] audit: type=1804 audit(1754823733.165:1305): pid=20101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.5478" name="/newroot/1118/file0" dev="tmpfs" ino=5696 res=1 errno=0 [ 554.027726][T19598] plantronics 0003:047F:FFFF.004D: reserved main item tag 0xd [ 554.088101][T19598] plantronics 0003:047F:FFFF.004D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 554.328171][T19614] usb 4-1: USB disconnect, device number 64 [ 554.631490][T20121] loop2: detected capacity change from 0 to 6 [ 554.639799][T20121] loop2: [POWERTEC] p1 p2 [ 554.645166][T20121] loop2: p1 start 12 is beyond EOD, truncated [ 554.651464][T20121] loop2: p2 size 1986356271 extends beyond EOD, truncated [ 554.753775][ T5879] udevd[5879]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 555.231259][T20145] KVM: debugfs: duplicate directory 20145-4 [ 555.344891][T19600] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 555.517008][T19600] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 555.545566][T19600] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 555.587696][T19600] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 555.618375][T19600] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.641046][T19600] usb 4-1: config 0 descriptor?? [ 556.073824][T19600] pyra 0003:1E7D:2CF6.004E: unknown main item tag 0x0 [ 556.105033][T19600] pyra 0003:1E7D:2CF6.004E: unknown main item tag 0x0 [ 556.132482][T19600] pyra 0003:1E7D:2CF6.004E: unknown main item tag 0x0 [ 556.160252][T19600] pyra 0003:1E7D:2CF6.004E: unknown main item tag 0x0 [ 556.187755][T19600] pyra 0003:1E7D:2CF6.004E: unknown main item tag 0x0 [ 556.199809][T19600] pyra 0003:1E7D:2CF6.004E: unknown main item tag 0x0 [ 556.209687][T20170] netlink: 64 bytes leftover after parsing attributes in process `syz.1.5509'. [ 556.211208][T19600] pyra 0003:1E7D:2CF6.004E: unknown main item tag 0x0 [ 556.240120][T19600] pyra 0003:1E7D:2CF6.004E: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0 [ 556.900412][T19600] pyra 0003:1E7D:2CF6.004E: couldn't init struct pyra_device [ 556.917711][T19600] pyra 0003:1E7D:2CF6.004E: couldn't install mouse [ 556.964937][T19600] pyra 0003:1E7D:2CF6.004E: probe with driver pyra failed with error -71 [ 556.992406][T19600] usb 4-1: USB disconnect, device number 65 [ 557.057998][T20188] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5514'. [ 557.434964][T19614] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 557.634639][T19614] usb 2-1: Using ep0 maxpacket: 32 [ 557.659732][T19614] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 557.678944][T19614] usb 2-1: config 0 has no interface number 0 [ 557.701348][T19614] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 557.768455][T19614] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 557.814898][T19614] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.847495][T19614] usb 2-1: Product: syz [ 557.851692][T19614] usb 2-1: Manufacturer: syz [ 557.880623][T19614] usb 2-1: SerialNumber: syz [ 557.894970][T19600] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 557.915394][T19614] usb 2-1: config 0 descriptor?? [ 557.967202][T19614] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 558.014529][T19614] em28xx 2-1:0.132: Video interface 132 found: [ 558.094483][T19600] usb 4-1: Using ep0 maxpacket: 32 [ 558.115400][T20209] loop4: detected capacity change from 0 to 7 [ 558.127215][T19600] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 558.138120][T20209] Dev loop4: unable to read RDB block 7 [ 558.143741][T20209] loop4: AHDI p3 p4 [ 558.153640][T20209] loop4: partition table partially beyond EOD, truncated [ 558.161098][T19600] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.173162][T20209] loop4: p3 size 4227858431 extends beyond EOD, truncated [ 558.183977][T19600] usb 4-1: config 0 descriptor?? [ 558.213834][T19600] gspca_main: sunplus-2.14.0 probing 041e:400b [ 558.342816][T19614] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 558.368416][ T6716] udevd[6716]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 558.788740][T19614] em28xx 2-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=0) [ 558.808977][T19614] em28xx 2-1:0.132: board has no eeprom [ 558.959766][ T30] audit: type=1326 audit(1754823738.165:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20222 comm="syz.5.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91a8f8ebe9 code=0x7fc00000 [ 559.064608][T19614] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 559.072671][T19614] em28xx 2-1:0.132: analog set to bulk mode. [ 559.078812][ T24] em28xx 2-1:0.132: Registering V4L2 extension [ 559.095042][T19614] usb 2-1: USB disconnect, device number 71 [ 559.130996][T19614] em28xx 2-1:0.132: Disconnecting em28xx [ 559.194719][ T5949] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 559.238705][ T24] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 559.246015][ T24] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 559.253247][ T24] em28xx 2-1:0.132: No AC97 audio processor [ 559.268017][ T24] usb 2-1: Decoder not found [ 559.272630][ T24] em28xx 2-1:0.132: failed to create media graph [ 559.284060][ T24] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 559.296951][ T24] em28xx 2-1:0.132: Remote control support is not available for this card. [ 559.305631][T19614] em28xx 2-1:0.132: Closing input extension [ 559.321574][T19614] em28xx 2-1:0.132: Freeing device [ 559.364469][ T5949] usb 5-1: Using ep0 maxpacket: 16 [ 559.380889][ T5949] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 559.394601][ T5949] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 559.406879][ T5949] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 559.420058][ T5949] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 559.429823][T19600] gspca_sunplus: reg_w_riv err -71 [ 559.434014][ T5949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.446138][T19600] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 559.461290][ T5949] usb 5-1: config 0 descriptor?? [ 559.468498][T19600] usb 4-1: USB disconnect, device number 66 [ 559.566729][ T30] audit: type=1326 audit(1754823738.775:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20222 comm="syz.5.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f91a8f8ebe9 code=0x7fc00000 [ 559.904337][ T5949] HID 045e:07da: Invalid code 65791 type 1 [ 559.942227][ T5949] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.004F/input/input94 [ 560.025287][ T5949] microsoft 0003:045E:07DA.004F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 560.184618][ T5949] usb 5-1: USB disconnect, device number 75 [ 560.309652][T20244] fido_id[20244]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 561.559878][ T1328] bridge_slave_1: left allmulticast mode [ 561.581087][ T1328] bridge_slave_1: left promiscuous mode [ 561.593922][ T1328] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.643249][ T1328] bridge_slave_0: left allmulticast mode [ 561.664242][ T1328] bridge_slave_0: left promiscuous mode [ 561.686668][ T1328] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.951207][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 561.964079][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 561.976894][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 561.986765][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 561.994578][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 562.342520][ T1328] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 562.367346][ T1328] bond_slave_0: left promiscuous mode [ 562.380627][ T1328] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 562.391395][ T1328] bond_slave_1: left promiscuous mode [ 562.402130][ T1328] bond0 (unregistering): Released all slaves [ 562.421405][ T1328] bond1 (unregistering): Released all slaves [ 562.583940][T20290] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 562.770041][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.776787][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.879287][T20313] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5559'. [ 563.016314][T20313] vxlan1: entered promiscuous mode [ 563.049504][ T12] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 563.114209][ T12] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 563.126219][ T12] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 563.156527][ T24] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 563.173073][ T12] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 563.191691][ T1328] hsr_slave_0: left promiscuous mode [ 563.207134][ T1328] hsr_slave_1: left promiscuous mode [ 563.213261][ T1328] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 563.224906][ T1328] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 563.314484][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 563.334836][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 563.348173][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 563.357166][ T24] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 563.375630][ T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 563.386555][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.405867][ T24] usb 2-1: Product: syz [ 563.419950][ T24] usb 2-1: Manufacturer: syz [ 563.424663][ T24] usb 2-1: SerialNumber: syz [ 563.438772][ T24] cdc_ncm 2-1:1.0: skipping garbage [ 563.451536][ T24] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 563.470715][ T24] cdc_ncm 2-1:1.0: bind() failure [ 563.690573][T19600] usb 2-1: USB disconnect, device number 72 [ 563.825818][ T1328] team0 (unregistering): Port device team_slave_1 removed [ 563.925253][ T1328] team0 (unregistering): Port device team_slave_0 removed [ 564.043218][T20345] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 564.123783][T20349] loop4: detected capacity change from 0 to 7 [ 564.130115][ T51] Bluetooth: hci3: command tx timeout [ 564.147225][T20349] Dev loop4: unable to read RDB block 7 [ 564.153006][T20349] loop4: AHDI p3 [ 564.158940][T20349] loop4: partition table partially beyond EOD, truncated [ 564.530375][T20358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5573'. [ 564.973813][T20288] chnl_net:caif_netlink_parms(): no params data found [ 565.201521][T20288] bridge0: port 1(bridge_slave_0) entered blocking state [ 565.214694][T20288] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.221868][T20288] bridge_slave_0: entered allmulticast mode [ 565.230079][T20288] bridge_slave_0: entered promiscuous mode [ 565.259815][T20288] bridge0: port 2(bridge_slave_1) entered blocking state [ 565.267161][T20288] bridge0: port 2(bridge_slave_1) entered disabled state [ 565.281707][T20288] bridge_slave_1: entered allmulticast mode [ 565.307724][T20288] bridge_slave_1: entered promiscuous mode [ 565.402889][T20288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 565.427706][ T1328] IPVS: stop unused estimator thread 0... [ 565.440675][T20288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 565.548007][T20288] team0: Port device team_slave_0 added [ 565.560717][T20288] team0: Port device team_slave_1 added [ 565.707895][ T30] audit: type=1326 audit(1754823744.915:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20388 comm="syz.4.5582" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe395b8ebe9 code=0x0 [ 565.747646][T20288] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 565.771917][T20288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 565.815988][T20288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 565.852780][T20288] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 565.867163][T20288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 565.925664][T20288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 565.937109][T19600] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0 [ 565.959651][T19600] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0 [ 565.980914][T19600] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0 [ 565.999687][T19600] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0 [ 566.037314][T19600] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0 [ 566.057750][T19600] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0 [ 566.081433][T19600] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0 [ 566.105121][T19600] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0 [ 566.140675][T19600] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0 [ 566.164503][T19600] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0 [ 566.199325][T19600] hid-generic 0000:0000:0000.0050: hidraw0: HID v0.00 Device [] on [ 566.218053][ T51] Bluetooth: hci3: command tx timeout [ 566.280836][T20288] hsr_slave_0: entered promiscuous mode [ 566.287827][T20288] hsr_slave_1: entered promiscuous mode [ 566.295619][T20288] debugfs: 'hsr0' already exists in 'hsr' [ 566.301407][T20288] Cannot create hsr debugfs directory [ 567.093548][T20288] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 567.130240][T20288] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 567.166947][T20288] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 567.192440][T20288] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 567.324663][ T5949] usb 4-1: new full-speed USB device number 67 using dummy_hcd [ 567.463241][T20288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 567.497931][ T5949] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 567.514661][ T5949] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 567.520490][T20288] 8021q: adding VLAN 0 to HW filter on device team0 [ 567.572198][ T5949] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 567.650960][ T1319] bridge0: port 1(bridge_slave_0) entered blocking state [ 567.658165][ T1319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 567.667523][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.731154][ T1319] bridge0: port 2(bridge_slave_1) entered blocking state [ 567.738372][ T1319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 567.893093][T20288] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 567.928961][ T5949] usb 4-1: usb_control_msg returned -32 [ 567.952546][ T5949] usbtmc 4-1:16.0: can't read capabilities [ 568.059109][T20288] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 568.200060][T20288] veth0_vlan: entered promiscuous mode [ 568.240672][T20288] veth1_vlan: entered promiscuous mode [ 568.290556][ T51] Bluetooth: hci3: command tx timeout [ 568.339983][T20467] usbtmc 4-1:16.0: usbtmc_ioctl_request failed -32 [ 568.346847][T20288] veth0_macvtap: entered promiscuous mode [ 568.357074][T20288] veth1_macvtap: entered promiscuous mode [ 568.386538][T20288] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 568.388013][T19611] usb 4-1: USB disconnect, device number 67 [ 568.398392][T20288] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 568.477713][ T1319] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.505105][ T1319] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.535659][ T1319] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.555355][ T1319] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.835816][ T1319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 568.860373][ T1319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 568.971252][ T1319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 569.023830][ T1319] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.367126][ T51] Bluetooth: hci3: command tx timeout [ 571.292581][T20551] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5624'. [ 575.113941][T20704] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 575.715502][T20732] netlink: 71 bytes leftover after parsing attributes in process `syz.3.5680'. [ 576.874832][T19611] usb 2-1: new full-speed USB device number 73 using dummy_hcd [ 577.084572][T19611] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 577.128599][T19611] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 577.174615][T19611] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.221287][T19611] usb 2-1: config 0 descriptor?? [ 577.237730][T20766] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 577.481650][T20790] loop6: detected capacity change from 0 to 2560 [ 577.498906][T20790] buffer_io_error: 5 callbacks suppressed [ 577.498921][T20790] Buffer I/O error on dev loop6, logical block 0, async page read [ 577.536096][T20790] Buffer I/O error on dev loop6, logical block 0, async page read [ 577.577369][T20793] loop6: detected capacity change from 2560 to 524287999 [ 577.585764][T20790] Buffer I/O error on dev loop6, logical block 0, async page read [ 577.596033][T20790] Buffer I/O error on dev loop6, logical block 0, async page read [ 577.604031][T20790] Buffer I/O error on dev loop6, logical block 0, async page read [ 577.618143][T20790] Buffer I/O error on dev loop6, logical block 0, async page read [ 577.654720][T20790] Buffer I/O error on dev loop6, logical block 0, async page read [ 577.683925][T20790] Buffer I/O error on dev loop6, logical block 0, async page read [ 577.705492][T19611] elan 0003:04F3:0755.0051: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 577.725045][T20790] ldm_validate_partition_table(): Disk read failed. [ 577.744513][T20790] Buffer I/O error on dev loop6, logical block 0, async page read [ 577.752459][T20790] Buffer I/O error on dev loop6, logical block 0, async page read [ 577.793522][T20790] Dev loop6: unable to read RDB block 0 [ 577.815665][T20790] loop6: unable to read partition table [ 577.853645][T20790] loop_reread_partitions: partition scan of loop6 (IY~J`a)) failed (rc=-5) [ 577.909121][ T5949] usb 2-1: USB disconnect, device number 73 [ 577.923722][T20797] fido_id[20797]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 578.754462][ T5949] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 578.916571][ T5949] usb 5-1: Using ep0 maxpacket: 16 [ 578.937653][ T5949] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 578.968131][ T5949] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 578.991465][ T5949] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 579.010833][ T5949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.033752][ T5949] usb 5-1: config 0 descriptor?? [ 579.347407][T20845] syzkaller1: entered promiscuous mode [ 579.352982][T20845] syzkaller1: entered allmulticast mode [ 579.837118][ T5949] usbhid 5-1:0.0: can't add hid device: -71 [ 579.878720][ T5949] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 579.937634][ T5949] usb 5-1: USB disconnect, device number 76 [ 580.528931][T20886] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5738'. [ 581.034517][ T5946] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 581.104545][T19611] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 581.218623][ T5946] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 581.231620][ T5946] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 581.254038][ T5946] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 581.272506][ T5946] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 581.296190][ T5946] usb 7-1: SerialNumber: syz [ 581.414912][T19611] usb 2-1: Using ep0 maxpacket: 8 [ 581.423030][T19611] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 581.501148][T19611] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 581.529671][T19611] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 581.551248][T19611] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 581.573568][ T5946] usb 7-1: 0:2 : does not exist [ 581.577294][T19611] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 581.607536][T19611] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 581.627156][T19611] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.669127][ T5946] usb 7-1: USB disconnect, device number 2 [ 581.742821][ T5879] udevd[5879]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 581.888509][T19611] usb 2-1: GET_CAPABILITIES returned 0 [ 581.915058][T19611] usbtmc 2-1:16.0: can't read capabilities [ 582.134569][T19600] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 582.206456][T20899] usbtmc 2-1:16.0: usb_control_msg returned -71 [ 582.213059][ T24] usb 2-1: USB disconnect, device number 74 [ 582.315670][T19600] usb 5-1: Using ep0 maxpacket: 32 [ 582.325890][T19600] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 582.347007][T19600] usb 5-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58 [ 582.365228][T19600] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.381778][T19600] usb 5-1: Product: syz [ 582.394564][T19600] usb 5-1: Manufacturer: syz [ 582.400889][T19600] usb 5-1: SerialNumber: syz [ 582.417107][T19600] usb 5-1: config 0 descriptor?? [ 582.438750][T19600] gspca_main: sunplus-2.14.0 probing 08ca:2060 [ 582.669044][T19600] gspca_sunplus: reg_r err -32 [ 582.864605][ T5946] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 583.035067][ T5946] usb 7-1: Using ep0 maxpacket: 16 [ 583.055999][ T5946] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 583.074497][ T5946] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 583.104934][ T5946] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 583.131934][ T5946] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.148329][ T5946] usb 7-1: Product: syz [ 583.162716][ T5946] usb 7-1: Manufacturer: syz [ 583.169449][ T5946] usb 7-1: SerialNumber: syz [ 583.189591][ T5946] usb 7-1: config 0 descriptor?? [ 583.418510][T19598] usb 7-1: USB disconnect, device number 3 [ 583.458551][T20979] netlink: 140 bytes leftover after parsing attributes in process `syz.3.5767'. [ 583.663405][T20986] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 583.684634][T19600] sunplus 5-1:0.0: probe with driver sunplus failed with error -32 [ 584.245546][T21001] kvm: user requested TSC rate below hardware speed [ 584.259903][T21001] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 584.704480][T19611] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 584.712173][ T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 584.874602][T19611] usb 2-1: Using ep0 maxpacket: 16 [ 584.882155][ T24] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 584.891378][ T24] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 584.901924][T19611] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 584.912869][ T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 584.921953][T19611] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 584.931813][ T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 584.942948][T19611] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 584.956190][ T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 584.967675][T19611] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 584.976881][T19611] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.986432][ T24] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 584.996252][ T24] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 585.004492][ T24] usb 7-1: Product: syz [ 585.008016][T19598] usb 5-1: USB disconnect, device number 77 [ 585.008678][ T24] usb 7-1: Manufacturer: syz [ 585.011230][T19611] usb 2-1: config 0 descriptor?? [ 585.027537][ T24] cdc_wdm 7-1:1.0: skipping garbage [ 585.032765][ T24] cdc_wdm 7-1:1.0: skipping garbage [ 585.053348][ T24] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 585.067927][ T24] cdc_wdm 7-1:1.0: Unknown control protocol [ 585.371045][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 585.377695][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 585.384138][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 585.390752][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 585.397318][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 585.398332][ T24] usb 7-1: USB disconnect, device number 4 [ 585.403926][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 585.403944][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 585.483034][T19611] HID 045e:07da: Invalid code 65791 type 1 [ 585.533331][T19611] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0052/input/input95 [ 585.599676][T19611] microsoft 0003:045E:07DA.0052: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 585.684933][T19598] usb 2-1: USB disconnect, device number 75 [ 586.262605][T21044] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 586.266901][T21042] KVM: debugfs: duplicate directory 21042-4 [ 586.367080][T19598] usb 4-1: new full-speed USB device number 68 using dummy_hcd [ 586.540337][T19598] usb 4-1: config 0 has no interfaces? [ 586.560678][T19598] usb 4-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e [ 586.600426][T19598] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.634878][T19598] usb 4-1: Product: syz [ 586.639083][T19598] usb 4-1: Manufacturer: syz [ 586.659240][T19598] usb 4-1: SerialNumber: syz [ 586.676407][T19598] usb 4-1: config 0 descriptor?? [ 586.953607][T19598] usb 4-1: USB disconnect, device number 68 [ 587.922083][T21102] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5807'. [ 588.794541][T19611] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 588.974701][T19611] usb 4-1: Using ep0 maxpacket: 8 [ 589.001896][T19611] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 589.018605][T19611] usb 4-1: config 179 has no interface number 0 [ 589.039833][T19611] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 589.053081][ T30] audit: type=1326 audit(1754823768.255:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21136 comm="syz.0.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 589.074434][T19611] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 589.126925][T19611] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 589.152897][ T30] audit: type=1326 audit(1754823768.295:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21136 comm="syz.0.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 589.192331][T19611] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 589.228809][T19611] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 589.264544][ T30] audit: type=1326 audit(1754823768.305:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21136 comm="syz.0.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 589.285375][T19611] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 589.312105][T19611] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.361101][T21125] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 589.368576][ T30] audit: type=1326 audit(1754823768.305:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21136 comm="syz.0.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 589.524520][ T30] audit: type=1326 audit(1754823768.305:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21136 comm="syz.0.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 589.567489][ T1319] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 589.621595][ T30] audit: type=1326 audit(1754823768.355:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21136 comm="syz.0.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 589.644351][ T1319] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.673448][T19611] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input96 [ 589.714493][ T1319] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 589.744875][ T30] audit: type=1326 audit(1754823768.355:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21136 comm="syz.0.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 589.871435][ T30] audit: type=1326 audit(1754823768.355:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21136 comm="syz.0.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 589.878389][T21125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 589.916153][T21125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 589.984501][ T30] audit: type=1326 audit(1754823768.355:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21136 comm="syz.0.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe3bd32add9 code=0x7ffc0000 [ 590.065888][ T30] audit: type=1326 audit(1754823768.355:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21136 comm="syz.0.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3bd38ebe9 code=0x7ffc0000 [ 590.162160][ T1319] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 590.187431][ T1319] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.228557][T19611] usb 4-1: USB disconnect, device number 69 [ 590.228628][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 590.228712][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 590.261793][ T1319] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 590.391301][ T1319] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 590.429578][ T1319] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.474584][ T1319] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 590.644806][ T1319] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 590.670177][ T1319] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.701907][ T1319] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 590.733705][T21165] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.5828'. [ 591.087419][ T1319] bridge_slave_1: left allmulticast mode [ 591.108273][ T1319] bridge_slave_1: left promiscuous mode [ 591.134774][ T1319] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.201002][ T5867] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 591.211486][ T5867] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 591.225463][ T5867] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 591.236014][ T1319] bridge_slave_0: left allmulticast mode [ 591.241933][ T5867] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 591.252600][ T1319] bridge_slave_0: left promiscuous mode [ 591.258579][ T5867] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 591.276155][ T1319] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.014753][T19614] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 592.219570][T19614] usb 4-1: Using ep0 maxpacket: 8 [ 592.236833][T19614] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 592.245328][T19614] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 592.264430][T19614] usb 4-1: config 0 has no interface number 0 [ 592.280763][T19614] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 592.302021][T19614] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 592.328179][T19614] usb 4-1: config 0 interface 52 has no altsetting 0 [ 592.347894][T19614] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 592.377921][T19614] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 592.397451][T19614] usb 4-1: Manufacturer: syz [ 592.421510][T19614] usb 4-1: config 0 descriptor?? [ 592.455803][ T1319] bond1 (unregistering): (slave geneve2): Releasing active interface [ 592.659454][T19614] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input97 [ 592.871014][T19611] usb 4-1: USB disconnect, device number 70 [ 592.877170][ C1] synaptics_usb 4-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 593.186102][ T1319] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 593.206174][ T1319] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 593.217341][ T1319] bond0 (unregistering): Released all slaves [ 593.330381][ T51] Bluetooth: hci2: command tx timeout [ 593.472658][ T1319] bond1 (unregistering): Released all slaves [ 593.781307][T21228] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 594.419819][ T1319] hsr_slave_0: left promiscuous mode [ 594.435430][T21250] netlink: 156 bytes leftover after parsing attributes in process `syz.6.5852'. [ 594.459847][ T1319] hsr_slave_1: left promiscuous mode [ 594.471982][ T1319] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 594.495088][ T1319] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 594.617609][T19589] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 594.789488][T19589] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 594.807931][T19589] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 594.831575][T19589] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 594.848357][T19589] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 594.866580][T19589] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.925404][T19589] usb 2-1: config 0 descriptor?? [ 595.267920][ T1319] team0 (unregistering): Port device team_slave_1 removed [ 595.320420][ T1319] team0 (unregistering): Port device team_slave_0 removed [ 595.381008][T19589] plantronics 0003:047F:FFFF.0053: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 595.408309][ T51] Bluetooth: hci2: command tx timeout [ 595.912670][T21257] netlink: 'syz.3.5854': attribute type 13 has an invalid length. [ 595.930491][T21257] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5854'. [ 596.002048][T21257] netlink: 'syz.3.5854': attribute type 13 has an invalid length. [ 596.011269][T10906] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 596.033555][T10906] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 596.057557][T21257] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5854'. [ 596.081451][T21186] chnl_net:caif_netlink_parms(): no params data found [ 596.103620][T10906] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 596.174210][T10906] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 596.327391][ T1319] IPVS: stop unused estimator thread 0... [ 596.338608][T21291] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 596.523687][T21186] bridge0: port 1(bridge_slave_0) entered blocking state [ 596.565323][T21186] bridge0: port 1(bridge_slave_0) entered disabled state [ 596.593309][T21186] bridge_slave_0: entered allmulticast mode [ 596.624389][T21186] bridge_slave_0: entered promiscuous mode [ 596.650561][T21186] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.660565][T21186] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.671699][T21186] bridge_slave_1: entered allmulticast mode [ 596.680713][T21186] bridge_slave_1: entered promiscuous mode [ 596.776393][T21186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 596.792293][T21186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 596.895156][T21186] team0: Port device team_slave_0 added [ 596.904328][T21186] team0: Port device team_slave_1 added [ 596.972190][T21186] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 596.981688][T21186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.008017][T21186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 597.021872][T21186] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 597.028900][T21186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.055969][T21186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 597.186042][T19600] usb 4-1: new full-speed USB device number 71 using dummy_hcd [ 597.210548][T21186] hsr_slave_0: entered promiscuous mode [ 597.217243][T21315] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 597.231820][T21186] hsr_slave_1: entered promiscuous mode [ 597.251987][T21186] debugfs: 'hsr0' already exists in 'hsr' [ 597.266544][T21186] Cannot create hsr debugfs directory [ 597.346161][T19614] usb 2-1: USB disconnect, device number 76 [ 597.357651][T10906] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.393426][T19600] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 597.411505][T19600] usb 4-1: can't read configurations, error -71 [ 597.484830][ T51] Bluetooth: hci2: command tx timeout [ 597.552684][T10906] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.664095][T10906] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.831651][T10906] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.999261][T21331] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5874'. [ 598.017557][T21331] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5874'. [ 598.379294][ T5867] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 598.388717][ T5867] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 598.400951][ T5867] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 598.410906][ T5867] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 598.422694][ T5867] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 598.482511][T10906] bridge_slave_1: left allmulticast mode [ 598.498950][T10906] bridge_slave_1: left promiscuous mode [ 598.513188][T10906] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.541615][T10906] bridge_slave_0: left allmulticast mode [ 598.557695][T10906] bridge_slave_0: left promiscuous mode [ 598.574036][T10906] bridge0: port 1(bridge_slave_0) entered disabled state [ 599.105109][T10906] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 599.118313][T10906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 599.130200][T10906] bond0 (unregistering): Released all slaves [ 599.569058][ T51] Bluetooth: hci2: command tx timeout [ 599.609016][T10906] hsr_slave_0: left promiscuous mode [ 599.631146][T10906] hsr_slave_1: left promiscuous mode [ 599.641553][T10906] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 599.714582][T10906] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 599.749373][T10906] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 599.769659][T10906] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 599.858150][T10906] veth1_macvtap: left promiscuous mode [ 599.878811][T10906] veth0_macvtap: left promiscuous mode [ 599.886649][T10906] veth1_vlan: left promiscuous mode [ 599.895498][T10906] veth0_vlan: left promiscuous mode [ 600.523769][T10906] team0 (unregistering): Port device team_slave_1 removed [ 600.530045][ T51] Bluetooth: hci3: command tx timeout [ 600.566173][T10906] team0 (unregistering): Port device team_slave_0 removed [ 600.958995][T21186] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 600.992502][T21390] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5884'. [ 601.003246][T21186] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 601.016430][T21390] netlink: 'syz.3.5884': attribute type 30 has an invalid length. [ 601.020761][T21186] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 601.094876][T21186] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 601.337079][T21342] chnl_net:caif_netlink_parms(): no params data found [ 601.504123][T21186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 601.713677][T21186] 8021q: adding VLAN 0 to HW filter on device team0 [ 601.744069][T21342] bridge0: port 1(bridge_slave_0) entered blocking state [ 601.762430][T21342] bridge0: port 1(bridge_slave_0) entered disabled state [ 601.770437][T21342] bridge_slave_0: entered allmulticast mode [ 601.778528][T21342] bridge_slave_0: entered promiscuous mode [ 601.798553][T21342] bridge0: port 2(bridge_slave_1) entered blocking state [ 601.806993][T21342] bridge0: port 2(bridge_slave_1) entered disabled state [ 601.814765][T21342] bridge_slave_1: entered allmulticast mode [ 601.823874][T21342] bridge_slave_1: entered promiscuous mode [ 601.907801][T21342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 601.933606][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 601.940843][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 601.989389][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 601.996597][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 602.037658][T21342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 602.192791][T21342] team0: Port device team_slave_0 added [ 602.210808][T21342] team0: Port device team_slave_1 added [ 602.305817][T21342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 602.323032][T21342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 602.358171][T21342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 602.389802][T21342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 602.406481][T21342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 602.440871][T21342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 602.607272][T21342] hsr_slave_0: entered promiscuous mode [ 602.612413][ T51] Bluetooth: hci3: command tx timeout [ 602.619361][T21342] hsr_slave_1: entered promiscuous mode [ 602.635101][T21342] debugfs: 'hsr0' already exists in 'hsr' [ 602.649408][T21342] Cannot create hsr debugfs directory [ 602.786046][T21445] loop2: detected capacity change from 0 to 7 [ 602.812660][T21445] Dev loop2: unable to read RDB block 7 [ 602.832779][T21445] loop2: unable to read partition table [ 602.867078][T21445] loop2: partition table beyond EOD, truncated [ 602.891805][T21445] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 602.958735][T19589] hid_parser_main: 6 callbacks suppressed [ 602.958755][T19589] hid-generic 0000:0000:0000.0054: unknown main item tag 0x0 [ 602.968366][T21186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 603.001103][T19589] hid-generic 0000:0000:0000.0054: hidraw0: HID v0.00 Device [syz1] on syz0 [ 603.319578][T21186] veth0_vlan: entered promiscuous mode [ 603.381747][T21186] veth1_vlan: entered promiscuous mode [ 603.436703][T21342] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 603.480072][T21342] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 603.498610][T21342] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 603.529474][T21342] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 603.578886][T21186] veth0_macvtap: entered promiscuous mode [ 603.663980][T21186] veth1_macvtap: entered promiscuous mode [ 603.784366][T21186] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 603.807894][T21186] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 603.875516][T18103] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 603.898102][T18103] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 603.931083][T18103] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 603.981248][T18103] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 604.063005][T21481] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5900'. [ 604.099488][T21342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 604.191420][T21342] 8021q: adding VLAN 0 to HW filter on device team0 [ 604.260034][ T1328] bridge0: port 1(bridge_slave_0) entered blocking state [ 604.267232][ T1328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 604.312035][T18103] bridge0: port 2(bridge_slave_1) entered blocking state [ 604.319232][T18103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 604.358519][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 604.374821][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 604.471731][ T1328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 604.494688][ T1328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 604.659105][T21342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 604.689941][ T51] Bluetooth: hci3: command tx timeout [ 604.818311][T21342] veth0_vlan: entered promiscuous mode [ 604.848790][T21342] veth1_vlan: entered promiscuous mode [ 604.909917][T21496] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5904'. [ 604.920415][T21342] veth0_macvtap: entered promiscuous mode [ 604.937184][T21342] veth1_macvtap: entered promiscuous mode [ 604.972251][T21342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 605.003201][T21342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 605.091297][ T1153] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.121165][ T1153] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.202906][ T1153] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.218943][T21510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5906'. [ 605.315819][ T1153] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.474987][T10906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 605.482845][T10906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 605.583738][T18103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 605.601455][T18103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 605.838681][T21530] usb usb8: usbfs: process 21530 (syz.7.5872) did not claim interface 0 before use [ 606.079065][T21541] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 606.096192][T19614] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 606.265047][T19614] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 606.302584][T19614] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 606.335792][T19614] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 606.348257][T19614] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 606.357868][T19614] usb 2-1: SerialNumber: syz [ 606.381583][T21554] loop8: detected capacity change from 0 to 7 [ 606.407380][T21554] Dev loop8: unable to read RDB block 7 [ 606.417047][T21554] loop8: unable to read partition table [ 606.422987][T21554] loop8: partition table beyond EOD, truncated [ 606.430808][T21554] loop_reread_partitions: partition scan of loop8 (被xڬdƤݡ [ 606.430808][T21554] ) failed (rc=-5) [ 606.619957][T19614] usb 2-1: 0:2 : does not exist [ 606.637609][T19614] usb 2-1: unit 48 not found! [ 606.663151][T19614] usb 2-1: USB disconnect, device number 77 [ 606.771173][ T51] Bluetooth: hci3: command tx timeout [ 606.777776][ T5879] udevd[5879]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 607.165425][T21570] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 607.844557][T19585] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 608.009669][T19585] usb 4-1: Using ep0 maxpacket: 16 [ 608.023044][T19585] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 608.060234][T19585] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 608.072533][T19585] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 608.083887][T19585] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.108291][T19585] usb 4-1: config 0 descriptor?? [ 608.260889][T21613] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5936'. [ 608.342923][T21616] netlink: 'syz.1.5937': attribute type 30 has an invalid length. [ 608.740175][T19585] usb 4-1: language id specifier not provided by device, defaulting to English [ 609.153307][T19585] letsketch 0003:6161:4D15.0055: Device info: ఁ [ 609.386749][T19585] usb 4-1: Max retries (5) exceeded reading string descriptor 201 [ 609.412937][T19585] letsketch 0003:6161:4D15.0055: probe with driver letsketch failed with error -71 [ 609.468770][T19585] usb 4-1: USB disconnect, device number 73 [ 610.061290][T21679] [ 610.063664][T21679] ===================================================== [ 610.070593][T21679] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 610.078051][T21679] 6.16.0-syzkaller-12288-g2b38afce25c4 #0 Not tainted [ 610.084809][T21679] ----------------------------------------------------- [ 610.091739][T21679] syz.3.5957/21679 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 610.099467][T21679] ffff88807b9f88a0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 610.108180][T21679] [ 610.108180][T21679] and this task is already holding: [ 610.115537][T21679] ffff888027ab6028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 610.125295][T21679] which would create a new lock dependency: [ 610.131173][T21679] (&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 610.139267][T21679] [ 610.139267][T21679] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 610.148710][T21679] (&client->buffer_lock){..-.}-{3:3} [ 610.148738][T21679] [ 610.148738][T21679] ... which became SOFTIRQ-irq-safe at: [ 610.161782][T21679] lock_acquire+0x120/0x360 [ 610.166382][T21679] _raw_spin_lock+0x2e/0x40 [ 610.170977][T21679] evdev_pass_values+0xb9/0xbd0 [ 610.175925][T21679] evdev_events+0x1e6/0x340 [ 610.180516][T21679] input_pass_values+0x285/0x890 [ 610.185565][T21679] input_event_dispose+0x3e5/0x6b0 [ 610.190760][T21679] input_event+0x89/0xe0 [ 610.195082][T21679] hidinput_hid_event+0x132c/0x1c90 [ 610.200360][T21679] hid_process_event+0x4be/0x620 [ 610.205379][T21679] hid_report_raw_event+0xe91/0x16d0 [ 610.210760][T21679] hid_input_report+0x43e/0x520 [ 610.215706][T21679] hid_irq_in+0x47e/0x6d0 [ 610.220116][T21679] __usb_hcd_giveback_urb+0x41a/0x690 [ 610.225592][T21679] dummy_timer+0x862/0x4550 [ 610.230206][T21679] __hrtimer_run_queues+0x52c/0xc60 [ 610.235501][T21679] hrtimer_run_softirq+0x187/0x2b0 [ 610.240697][T21679] handle_softirqs+0x283/0x870 [ 610.245548][T21679] __irq_exit_rcu+0xca/0x1f0 [ 610.250221][T21679] irq_exit_rcu+0x9/0x30 [ 610.254551][T21679] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 610.260277][T21679] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 610.266351][T21679] stack_trace_consume_entry+0x4/0x280 [ 610.271909][T21679] arch_stack_walk+0x10d/0x150 [ 610.276766][T21679] stack_trace_save+0x9c/0xe0 [ 610.281551][T21679] save_stack+0xf5/0x1f0 [ 610.285894][T21679] __reset_page_owner+0x71/0x1f0 [ 610.290931][T21679] free_unref_folios+0xdbd/0x1520 [ 610.296053][T21679] folios_put_refs+0x559/0x640 [ 610.300913][T21679] truncate_inode_pages_range+0x346/0xda0 [ 610.306717][T21679] blkdev_flush_mapping+0x108/0x270 [ 610.312008][T21679] bdev_release+0x417/0x650 [ 610.316605][T21679] blkdev_release+0x15/0x20 [ 610.321198][T21679] __fput+0x449/0xa70 [ 610.325261][T21679] task_work_run+0x1d4/0x260 [ 610.329942][T21679] do_exit+0x6b5/0x2300 [ 610.334183][T21679] do_group_exit+0x21c/0x2d0 [ 610.338860][T21679] __x64_sys_exit_group+0x3f/0x40 [ 610.343970][T21679] x64_sys_call+0x21f7/0x2200 [ 610.348737][T21679] do_syscall_64+0xfa/0x3b0 [ 610.353338][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.359318][T21679] [ 610.359318][T21679] to a SOFTIRQ-irq-unsafe lock: [ 610.366332][T21679] (tasklist_lock){.+.+}-{3:3} [ 610.366361][T21679] [ 610.366361][T21679] ... which became SOFTIRQ-irq-unsafe at: [ 610.378977][T21679] ... [ 610.378985][T21679] lock_acquire+0x120/0x360 [ 610.386153][T21679] _raw_read_lock+0x36/0x50 [ 610.390742][T21679] __do_wait+0xde/0x740 [ 610.394984][T21679] do_wait+0x1f8/0x520 [ 610.399143][T21679] kernel_wait+0xab/0x170 [ 610.403564][T21679] call_usermodehelper_exec_work+0xbe/0x230 [ 610.409580][T21679] process_scheduled_works+0xade/0x17b0 [ 610.415211][T21679] worker_thread+0x8a0/0xda0 [ 610.419886][T21679] kthread+0x70e/0x8a0 [ 610.424042][T21679] ret_from_fork+0x3f9/0x770 [ 610.428713][T21679] ret_from_fork_asm+0x1a/0x30 [ 610.433563][T21679] [ 610.433563][T21679] other info that might help us debug this: [ 610.433563][T21679] [ 610.443784][T21679] Chain exists of: [ 610.443784][T21679] &client->buffer_lock --> &new->fa_lock --> tasklist_lock [ 610.443784][T21679] [ 610.456926][T21679] Possible interrupt unsafe locking scenario: [ 610.456926][T21679] [ 610.465249][T21679] CPU0 CPU1 [ 610.470617][T21679] ---- ---- [ 610.475970][T21679] lock(tasklist_lock); [ 610.480214][T21679] local_irq_disable(); [ 610.486960][T21679] lock(&client->buffer_lock); [ 610.494326][T21679] lock(&new->fa_lock); [ 610.501089][T21679] [ 610.504558][T21679] lock(&client->buffer_lock); [ 610.509574][T21679] [ 610.509574][T21679] *** DEADLOCK *** [ 610.509574][T21679] [ 610.517706][T21679] 7 locks held by syz.3.5957/21679: [ 610.522890][T21679] #0: ffff888028e7e118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 610.532031][T21679] #1: ffff88801e792230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340 [ 610.542137][T21679] #2: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340 [ 610.551798][T21679] #3: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 610.561388][T21679] #4: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 610.570535][T21679] #5: ffff888027ab6028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 610.580723][T21679] #6: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 610.589778][T21679] [ 610.589778][T21679] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 610.600175][T21679] -> (&client->buffer_lock){..-.}-{3:3} { [ 610.605905][T21679] IN-SOFTIRQ-W at: [ 610.609880][T21679] lock_acquire+0x120/0x360 [ 610.616038][T21679] _raw_spin_lock+0x2e/0x40 [ 610.622200][T21679] evdev_pass_values+0xb9/0xbd0 [ 610.628719][T21679] evdev_events+0x1e6/0x340 [ 610.634886][T21679] input_pass_values+0x285/0x890 [ 610.641478][T21679] input_event_dispose+0x3e5/0x6b0 [ 610.648244][T21679] input_event+0x89/0xe0 [ 610.654135][T21679] hidinput_hid_event+0x132c/0x1c90 [ 610.660984][T21679] hid_process_event+0x4be/0x620 [ 610.667591][T21679] hid_report_raw_event+0xe91/0x16d0 [ 610.674551][T21679] hid_input_report+0x43e/0x520 [ 610.681081][T21679] hid_irq_in+0x47e/0x6d0 [ 610.687159][T21679] __usb_hcd_giveback_urb+0x41a/0x690 [ 610.694190][T21679] dummy_timer+0x862/0x4550 [ 610.700356][T21679] __hrtimer_run_queues+0x52c/0xc60 [ 610.707204][T21679] hrtimer_run_softirq+0x187/0x2b0 [ 610.713964][T21679] handle_softirqs+0x283/0x870 [ 610.720375][T21679] __irq_exit_rcu+0xca/0x1f0 [ 610.726612][T21679] irq_exit_rcu+0x9/0x30 [ 610.732496][T21679] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 610.739779][T21679] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 610.747432][T21679] stack_trace_consume_entry+0x4/0x280 [ 610.754561][T21679] arch_stack_walk+0x10d/0x150 [ 610.760981][T21679] stack_trace_save+0x9c/0xe0 [ 610.767342][T21679] save_stack+0xf5/0x1f0 [ 610.773240][T21679] __reset_page_owner+0x71/0x1f0 [ 610.779826][T21679] free_unref_folios+0xdbd/0x1520 [ 610.786558][T21679] folios_put_refs+0x559/0x640 [ 610.792980][T21679] truncate_inode_pages_range+0x346/0xda0 [ 610.800348][T21679] blkdev_flush_mapping+0x108/0x270 [ 610.807209][T21679] bdev_release+0x417/0x650 [ 610.813381][T21679] blkdev_release+0x15/0x20 [ 610.819542][T21679] __fput+0x449/0xa70 [ 610.825187][T21679] task_work_run+0x1d4/0x260 [ 610.831430][T21679] do_exit+0x6b5/0x2300 [ 610.837240][T21679] do_group_exit+0x21c/0x2d0 [ 610.843489][T21679] __x64_sys_exit_group+0x3f/0x40 [ 610.850174][T21679] x64_sys_call+0x21f7/0x2200 [ 610.856513][T21679] do_syscall_64+0xfa/0x3b0 [ 610.862673][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.870213][T21679] INITIAL USE at: [ 610.874114][T21679] lock_acquire+0x120/0x360 [ 610.880181][T21679] _raw_spin_lock+0x2e/0x40 [ 610.886250][T21679] evdev_pass_values+0xb9/0xbd0 [ 610.892665][T21679] evdev_events+0x1e6/0x340 [ 610.898743][T21679] input_pass_values+0x285/0x890 [ 610.905248][T21679] input_event_dispose+0x330/0x6b0 [ 610.911925][T21679] input_inject_event+0x1dd/0x340 [ 610.918506][T21679] evdev_write+0x2fc/0x480 [ 610.924492][T21679] vfs_write+0x27b/0xb30 [ 610.930302][T21679] ksys_write+0x145/0x250 [ 610.936196][T21679] do_syscall_64+0xfa/0x3b0 [ 610.942280][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.949727][T21679] } [ 610.952239][T21679] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 610.960396][T21679] [ 610.960396][T21679] the dependencies between the lock to be acquired [ 610.960405][T21679] and SOFTIRQ-irq-unsafe lock: [ 610.973904][T21679] -> (tasklist_lock){.+.+}-{3:3} { [ 610.979231][T21679] HARDIRQ-ON-R at: [ 610.983400][T21679] lock_acquire+0x120/0x360 [ 610.989909][T21679] _raw_read_lock+0x36/0x50 [ 610.996431][T21679] __do_wait+0xde/0x740 [ 611.002587][T21679] do_wait+0x1f8/0x520 [ 611.008659][T21679] kernel_wait+0xab/0x170 [ 611.014991][T21679] call_usermodehelper_exec_work+0xbe/0x230 [ 611.022883][T21679] process_scheduled_works+0xade/0x17b0 [ 611.030418][T21679] worker_thread+0x8a0/0xda0 [ 611.037004][T21679] kthread+0x70e/0x8a0 [ 611.043067][T21679] ret_from_fork+0x3f9/0x770 [ 611.049645][T21679] ret_from_fork_asm+0x1a/0x30 [ 611.056404][T21679] SOFTIRQ-ON-R at: [ 611.060555][T21679] lock_acquire+0x120/0x360 [ 611.067059][T21679] _raw_read_lock+0x36/0x50 [ 611.073588][T21679] __do_wait+0xde/0x740 [ 611.079742][T21679] do_wait+0x1f8/0x520 [ 611.085821][T21679] kernel_wait+0xab/0x170 [ 611.092185][T21679] call_usermodehelper_exec_work+0xbe/0x230 [ 611.100090][T21679] process_scheduled_works+0xade/0x17b0 [ 611.107626][T21679] worker_thread+0x8a0/0xda0 [ 611.114236][T21679] kthread+0x70e/0x8a0 [ 611.120304][T21679] ret_from_fork+0x3f9/0x770 [ 611.126890][T21679] ret_from_fork_asm+0x1a/0x30 [ 611.133694][T21679] INITIAL USE at: [ 611.137767][T21679] lock_acquire+0x120/0x360 [ 611.144180][T21679] _raw_write_lock_irq+0xa2/0xf0 [ 611.151033][T21679] copy_process+0x224f/0x3c00 [ 611.157612][T21679] kernel_clone+0x21e/0x840 [ 611.164021][T21679] user_mode_thread+0xdd/0x140 [ 611.170704][T21679] rest_init+0x23/0x300 [ 611.176770][T21679] start_kernel+0x3a9/0x410 [ 611.183182][T21679] x86_64_start_reservations+0x24/0x30 [ 611.190554][T21679] x86_64_start_kernel+0x143/0x1c0 [ 611.197578][T21679] common_startup_64+0x13e/0x147 [ 611.204425][T21679] INITIAL READ USE at: [ 611.208918][T21679] lock_acquire+0x120/0x360 [ 611.215768][T21679] _raw_read_lock+0x36/0x50 [ 611.222611][T21679] __do_wait+0xde/0x740 [ 611.229119][T21679] do_wait+0x1f8/0x520 [ 611.235540][T21679] kernel_wait+0xab/0x170 [ 611.242213][T21679] call_usermodehelper_exec_work+0xbe/0x230 [ 611.250455][T21679] process_scheduled_works+0xade/0x17b0 [ 611.258341][T21679] worker_thread+0x8a0/0xda0 [ 611.265271][T21679] kthread+0x70e/0x8a0 [ 611.271695][T21679] ret_from_fork+0x3f9/0x770 [ 611.278631][T21679] ret_from_fork_asm+0x1a/0x30 [ 611.285746][T21679] } [ 611.288432][T21679] ... key at: [] tasklist_lock+0x18/0x40 [ 611.296333][T21679] ... acquired at: [ 611.300309][T21679] lock_acquire+0x120/0x360 [ 611.304997][T21679] _raw_read_lock+0x36/0x50 [ 611.309673][T21679] send_sigio+0x101/0x370 [ 611.314172][T21679] dnotify_handle_event+0x169/0x440 [ 611.319542][T21679] fsnotify+0x1814/0x1a80 [ 611.324047][T21679] vfs_mkdir+0x477/0x510 [ 611.328470][T21679] do_mkdirat+0x247/0x590 [ 611.332970][T21679] __x64_sys_mkdirat+0x87/0xa0 [ 611.337904][T21679] do_syscall_64+0xfa/0x3b0 [ 611.342600][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.348666][T21679] [ 611.350982][T21679] -> (&f_owner->lock){....}-{3:3} { [ 611.356280][T21679] INITIAL USE at: [ 611.360258][T21679] lock_acquire+0x120/0x360 [ 611.366499][T21679] _raw_write_lock_irq+0xa2/0xf0 [ 611.373175][T21679] __f_setown+0x67/0x370 [ 611.379176][T21679] fcntl_dirnotify+0x3fa/0x6a0 [ 611.385688][T21679] do_fcntl+0x6d0/0x1910 [ 611.391670][T21679] __se_sys_fcntl+0xc8/0x150 [ 611.397998][T21679] do_syscall_64+0xfa/0x3b0 [ 611.404253][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.411879][T21679] INITIAL READ USE at: [ 611.416293][T21679] lock_acquire+0x120/0x360 [ 611.422968][T21679] _raw_read_lock_irq+0xaa/0xf0 [ 611.429985][T21679] f_getown+0x54/0x2a0 [ 611.436219][T21679] do_fcntl+0x7ae/0x1910 [ 611.442636][T21679] __se_sys_fcntl+0xc8/0x150 [ 611.449410][T21679] do_syscall_64+0xfa/0x3b0 [ 611.456092][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.464150][T21679] } [ 611.466728][T21679] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 611.475672][T21679] ... acquired at: [ 611.479588][T21679] lock_acquire+0x120/0x360 [ 611.484270][T21679] _raw_read_lock_irqsave+0xaf/0x100 [ 611.489731][T21679] send_sigio+0x38/0x370 [ 611.494145][T21679] kill_fasync+0x24d/0x4d0 [ 611.498732][T21679] lease_break_callback+0x26/0x30 [ 611.503928][T21679] __break_lease+0x6a2/0x1620 [ 611.508777][T21679] do_dentry_open+0x8b7/0x13f0 [ 611.513710][T21679] vfs_open+0x3b/0x340 [ 611.517953][T21679] path_openat+0x2ee5/0x3830 [ 611.522722][T21679] do_filp_open+0x1fa/0x410 [ 611.527400][T21679] do_sys_openat2+0x121/0x1c0 [ 611.532271][T21679] __x64_sys_openat+0x138/0x170 [ 611.537292][T21679] do_syscall_64+0xfa/0x3b0 [ 611.541975][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.548039][T21679] [ 611.550357][T21679] -> (&new->fa_lock){....}-{3:3} { [ 611.555481][T21679] INITIAL USE at: [ 611.559369][T21679] lock_acquire+0x120/0x360 [ 611.565446][T21679] _raw_write_lock_irq+0xa2/0xf0 [ 611.571949][T21679] fasync_remove_entry+0xf1/0x1c0 [ 611.578726][T21679] __fput+0x8a2/0xa70 [ 611.584277][T21679] task_work_run+0x1d4/0x260 [ 611.590440][T21679] exit_to_user_mode_loop+0xec/0x110 [ 611.597297][T21679] do_syscall_64+0x2bd/0x3b0 [ 611.603455][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.610939][T21679] INITIAL READ USE at: [ 611.615264][T21679] lock_acquire+0x120/0x360 [ 611.621770][T21679] _raw_read_lock_irqsave+0xaf/0x100 [ 611.629058][T21679] kill_fasync+0x199/0x4d0 [ 611.635468][T21679] lease_break_callback+0x26/0x30 [ 611.642514][T21679] __break_lease+0x6a2/0x1620 [ 611.649192][T21679] do_dentry_open+0x8b7/0x13f0 [ 611.655954][T21679] vfs_open+0x3b/0x340 [ 611.662033][T21679] path_openat+0x2ee5/0x3830 [ 611.668623][T21679] do_filp_open+0x1fa/0x410 [ 611.675128][T21679] do_sys_openat2+0x121/0x1c0 [ 611.681801][T21679] __x64_sys_openat+0x138/0x170 [ 611.688650][T21679] do_syscall_64+0xfa/0x3b0 [ 611.695153][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.703051][T21679] } [ 611.705550][T21679] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 611.714230][T21679] ... acquired at: [ 611.718027][T21679] lock_acquire+0x120/0x360 [ 611.722711][T21679] _raw_read_lock_irqsave+0xaf/0x100 [ 611.728170][T21679] kill_fasync+0x199/0x4d0 [ 611.732763][T21679] evdev_pass_values+0x627/0xbd0 [ 611.737876][T21679] evdev_events+0x1e6/0x340 [ 611.742559][T21679] input_pass_values+0x285/0x890 [ 611.747685][T21679] input_event_dispose+0x330/0x6b0 [ 611.752965][T21679] input_inject_event+0x1dd/0x340 [ 611.758157][T21679] evdev_write+0x2fc/0x480 [ 611.762752][T21679] vfs_write+0x27b/0xb30 [ 611.767171][T21679] ksys_write+0x145/0x250 [ 611.771680][T21679] do_syscall_64+0xfa/0x3b0 [ 611.776368][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.782435][T21679] [ 611.784763][T21679] [ 611.784763][T21679] stack backtrace: [ 611.790664][T21679] CPU: 1 UID: 0 PID: 21679 Comm: syz.3.5957 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) [ 611.790684][T21679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 611.790698][T21679] Call Trace: [ 611.790704][T21679] [ 611.790711][T21679] dump_stack_lvl+0x189/0x250 [ 611.790733][T21679] ? __pfx_dump_stack_lvl+0x10/0x10 [ 611.790751][T21679] ? __pfx__printk+0x10/0x10 [ 611.790776][T21679] validate_chain+0x1f05/0x2140 [ 611.790800][T21679] __lock_acquire+0xab9/0xd20 [ 611.790825][T21679] ? kill_fasync+0x199/0x4d0 [ 611.790841][T21679] lock_acquire+0x120/0x360 [ 611.790863][T21679] ? kill_fasync+0x199/0x4d0 [ 611.790884][T21679] _raw_read_lock_irqsave+0xaf/0x100 [ 611.790904][T21679] ? kill_fasync+0x199/0x4d0 [ 611.790920][T21679] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 611.790939][T21679] ? do_raw_spin_lock+0x121/0x290 [ 611.790960][T21679] kill_fasync+0x199/0x4d0 [ 611.790977][T21679] ? kill_fasync+0x53/0x4d0 [ 611.790994][T21679] evdev_pass_values+0x627/0xbd0 [ 611.791019][T21679] ? evdev_pass_values+0x5e1/0xbd0 [ 611.791044][T21679] evdev_events+0x1e6/0x340 [ 611.791065][T21679] ? evdev_events+0x79/0x340 [ 611.791087][T21679] ? input_pass_values+0x8d/0x890 [ 611.791107][T21679] input_pass_values+0x285/0x890 [ 611.791130][T21679] ? input_handle_event+0x70c/0xf30 [ 611.791148][T21679] input_event_dispose+0x330/0x6b0 [ 611.791168][T21679] input_inject_event+0x1dd/0x340 [ 611.791186][T21679] ? input_inject_event+0xb6/0x340 [ 611.791204][T21679] evdev_write+0x2fc/0x480 [ 611.791225][T21679] ? futex_private_hash_put+0x245/0x280 [ 611.791244][T21679] ? __pfx_evdev_write+0x10/0x10 [ 611.791267][T21679] ? bpf_lsm_file_permission+0x9/0x20 [ 611.791286][T21679] ? security_file_permission+0x75/0x290 [ 611.791306][T21679] ? rw_verify_area+0x255/0x4d0 [ 611.791325][T21679] ? __lock_acquire+0xab9/0xd20 [ 611.791347][T21679] ? __pfx_evdev_write+0x10/0x10 [ 611.791369][T21679] vfs_write+0x27b/0xb30 [ 611.791392][T21679] ? __pfx_vfs_write+0x10/0x10 [ 611.791424][T21679] ? __fget_files+0x2a/0x420 [ 611.791438][T21679] ? __fget_files+0x2a/0x420 [ 611.791450][T21679] ? __fget_files+0x3a0/0x420 [ 611.791462][T21679] ? __fget_files+0x2a/0x420 [ 611.791478][T21679] ksys_write+0x145/0x250 [ 611.791499][T21679] ? __pfx_ksys_write+0x10/0x10 [ 611.791518][T21679] ? rcu_is_watching+0x15/0xb0 [ 611.791535][T21679] ? do_syscall_64+0xbe/0x3b0 [ 611.791559][T21679] do_syscall_64+0xfa/0x3b0 [ 611.791580][T21679] ? lockdep_hardirqs_on+0x9c/0x150 [ 611.791600][T21679] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.791615][T21679] ? clear_bhb_loop+0x60/0xb0 [ 611.791632][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.791651][T21679] RIP: 0033:0x7f173cd8ebe9 [ 611.791669][T21679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 611.791684][T21679] RSP: 002b:00007f173afee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 611.791700][T21679] RAX: ffffffffffffffda RBX: 00007f173cfb5fa0 RCX: 00007f173cd8ebe9 [ 611.791730][T21679] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004 [ 611.791741][T21679] RBP: 00007f173ce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 611.791751][T21679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 611.791761][T21679] R13: 00007f173cfb6038 R14: 00007f173cfb5fa0 R15: 00007f173d0dfa28 [ 611.791779][T21679] [ 612.171708][T21683] iommufd_mock iommufd_mock0: Adding to iommu group 0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 613.070029][T10906] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.207601][T10906] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.313728][T10906] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.408626][T10906] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.520336][T10906] bridge_slave_1: left allmulticast mode [ 613.529591][T10906] bridge_slave_1: left promiscuous mode [ 613.537037][T10906] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.546897][T10906] bridge_slave_0: left allmulticast mode [ 613.552643][T10906] bridge_slave_0: left promiscuous mode [ 613.558606][T10906] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.568485][T10906] batman_adv: batadv0: Interface deactivated: gretap1 [ 613.684904][T10906] batman_adv: batadv0: Interface deactivated: macvlan5 [ 613.693268][T10906] batman_adv: batadv0: Removing interface: macvlan5 [ 613.703080][T10906] batman_adv: batadv0: Removing interface: gretap1 [ 613.857853][T10906] bond0 (unregistering): left allmulticast mode [ 613.864118][T10906] bond_slave_0: left allmulticast mode [ 613.869611][T10906] bond_slave_1: left allmulticast mode [ 613.878414][T10906] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 613.888455][T10906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 613.898432][T10906] bond0 (unregistering): (slave macvlan8): Releasing backup interface [ 613.906989][T10906] veth1_vlan: left allmulticast mode [ 613.912871][T10906] bond0 (unregistering): Released all slaves [ 614.007882][T10906] bond1 (unregistering): Released all slaves [ 614.101837][T10906] bond2 (unregistering): (slave bond3): Releasing backup interface [ 614.109827][T10906] bond3 (unregistering): left promiscuous mode [ 614.116548][T10906] bond2 (unregistering): Released all slaves [ 614.210618][T10906] bond3 (unregistering): Released all slaves [ 614.220926][T10906] bond4 (unregistering): (slave bond5): Releasing backup interface [ 614.229347][T10906] bond4 (unregistering): Released all slaves [ 614.328434][T10906] bond5 (unregistering): Released all slaves [ 614.412091][T10906] tipc: Disabling bearer [ 614.429152][T10906] tipc: Left network mode [ 614.545606][T10906] hsr_slave_0: left promiscuous mode [ 614.552227][T10906] hsr_slave_1: left promiscuous mode [ 614.563874][T10906] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 614.576396][T10906] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 614.584180][T10906] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 614.591843][T10906] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 614.601285][T10906] batman_adv: batadv0: Interface deactivated: ipvlan2 [ 614.609713][T10906] batman_adv: batadv0: Removing interface: ipvlan2 [ 614.622400][T10906] veth0_macvtap: left promiscuous mode [ 614.628349][T10906] veth1_vlan: left promiscuous mode [ 614.633674][T10906] veth0_vlan: left promiscuous mode [ 614.829168][T10906] team0 (unregistering): Port device team_slave_1 removed [ 614.849671][T10906] team0 (unregistering): Port device team_slave_0 removed [ 615.253767][T10906] IPVS: stop unused estimator thread 0... [ 615.267975][T10906] ------------[ cut here ]------------ [ 615.273497][T10906] WARNING: CPU: 1 PID: 10906 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x270/0x2f0 [ 615.283722][T10906] Modules linked in: [ 615.287805][T10906] CPU: 1 UID: 0 PID: 10906 Comm: kworker/u8:9 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) [ 615.299891][T10906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 615.310141][T10906] Workqueue: netns cleanup_net [ 615.315120][T10906] RIP: 0010:xfrm_state_fini+0x270/0x2f0 [ 615.320691][T10906] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 78 41 01 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 56 fe e1 f7 e8 31 d4 9d f7 90 <0f> 0b 90 e9 fd fd ff ff e8 23 d4 9d f7 90 0f 0b 90 e9 60 fe ff ff [ 615.340377][T10906] RSP: 0018:ffffc90003a3f898 EFLAGS: 00010293 [ 615.346492][T10906] RAX: ffffffff8a21d77f RBX: ffff88807841a440 RCX: ffff888059a85a00 [ 615.354504][T10906] RDX: 0000000000000000 RSI: ffffffff8be33360 RDI: ffff888059a85a00 [ 615.362512][T10906] RBP: ffffc90003a3f9b0 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6 [ 615.370923][T10906] R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: ffffffff8f630aa0 [ 615.379181][T10906] R13: 1ffff92000747f40 R14: ffff88807841b8c0 R15: dffffc0000000000 [ 615.387211][T10906] FS: 0000000000000000(0000) GS:ffff888125d1c000(0000) knlGS:0000000000000000 [ 615.396450][T10906] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 615.403060][T10906] CR2: 000055ba796b73d8 CR3: 0000000031e56000 CR4: 00000000003526f0 [ 615.411557][T10906] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 000000008d00c0ed [ 615.419805][T10906] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 615.428041][T10906] Call Trace: [ 615.431337][T10906] [ 615.434281][T10906] xfrm_net_exit+0x2d/0x70 [ 615.438970][T10906] ops_undo_list+0x497/0x990 [ 615.443613][T10906] ? __pfx_ops_undo_list+0x10/0x10 [ 615.448987][T10906] ? do_raw_spin_unlock+0x122/0x240 [ 615.454250][T10906] cleanup_net+0x4c5/0x800 [ 615.458779][T10906] ? __pfx_cleanup_net+0x10/0x10 [ 615.463744][T10906] ? rcu_is_watching+0x15/0xb0 [ 615.468937][T10906] ? process_scheduled_works+0x9ef/0x17b0 [ 615.474928][T10906] ? process_scheduled_works+0x9ef/0x17b0 [ 615.480665][T10906] process_scheduled_works+0xade/0x17b0 [ 615.486274][T10906] ? __pfx_process_scheduled_works+0x10/0x10 [ 615.492276][T10906] worker_thread+0x8a0/0xda0 [ 615.496920][T10906] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 615.503283][T10906] ? __kthread_parkme+0x7b/0x200 [ 615.508274][T10906] kthread+0x70e/0x8a0 [ 615.512360][T10906] ? __pfx_worker_thread+0x10/0x10 [ 615.517518][T10906] ? __pfx_kthread+0x10/0x10 [ 615.522130][T10906] ? _raw_spin_unlock_irq+0x23/0x50 [ 615.527371][T10906] ? lockdep_hardirqs_on+0x9c/0x150 [ 615.532585][T10906] ? __pfx_kthread+0x10/0x10 [ 615.537217][T10906] ret_from_fork+0x3f9/0x770 [ 615.541839][T10906] ? __pfx_ret_from_fork+0x10/0x10 [ 615.547020][T10906] ? __switch_to_asm+0x39/0x70 [ 615.551806][T10906] ? __switch_to_asm+0x33/0x70 [ 615.556631][T10906] ? __pfx_kthread+0x10/0x10 [ 615.561248][T10906] ret_from_fork_asm+0x1a/0x30 [ 615.566076][T10906] [ 615.569117][T10906] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 615.576410][T10906] CPU: 1 UID: 0 PID: 10906 Comm: kworker/u8:9 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) [ 615.588308][T10906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 615.598374][T10906] Workqueue: netns cleanup_net [ 615.603165][T10906] Call Trace: [ 615.606461][T10906] [ 615.609405][T10906] dump_stack_lvl+0x99/0x250 [ 615.614022][T10906] ? __asan_memcpy+0x40/0x70 [ 615.618640][T10906] ? __pfx_dump_stack_lvl+0x10/0x10 [ 615.623871][T10906] ? __pfx__printk+0x10/0x10 [ 615.628501][T10906] vpanic+0x281/0x750 [ 615.632516][T10906] ? __pfx__printk+0x10/0x10 [ 615.637137][T10906] ? __pfx_vpanic+0x10/0x10 [ 615.641666][T10906] ? is_bpf_text_address+0x292/0x2b0 [ 615.647009][T10906] panic+0xb9/0xc0 [ 615.650763][T10906] ? __pfx_panic+0x10/0x10 [ 615.655213][T10906] __warn+0x31b/0x4b0 [ 615.659205][T10906] ? xfrm_state_fini+0x270/0x2f0 [ 615.664152][T10906] ? xfrm_state_fini+0x270/0x2f0 [ 615.669103][T10906] report_bug+0x2be/0x4f0 [ 615.673447][T10906] ? xfrm_state_fini+0x270/0x2f0 [ 615.678412][T10906] ? xfrm_state_fini+0x270/0x2f0 [ 615.683349][T10906] ? xfrm_state_fini+0x272/0x2f0 [ 615.688291][T10906] handle_bug+0x84/0x160 [ 615.692539][T10906] exc_invalid_op+0x1a/0x50 [ 615.697063][T10906] asm_exc_invalid_op+0x1a/0x20 [ 615.701918][T10906] RIP: 0010:xfrm_state_fini+0x270/0x2f0 [ 615.707467][T10906] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 78 41 01 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 56 fe e1 f7 e8 31 d4 9d f7 90 <0f> 0b 90 e9 fd fd ff ff e8 23 d4 9d f7 90 0f 0b 90 e9 60 fe ff ff [ 615.727086][T10906] RSP: 0018:ffffc90003a3f898 EFLAGS: 00010293 [ 615.733158][T10906] RAX: ffffffff8a21d77f RBX: ffff88807841a440 RCX: ffff888059a85a00 [ 615.741150][T10906] RDX: 0000000000000000 RSI: ffffffff8be33360 RDI: ffff888059a85a00 [ 615.749126][T10906] RBP: ffffc90003a3f9b0 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6 [ 615.757098][T10906] R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: ffffffff8f630aa0 [ 615.765073][T10906] R13: 1ffff92000747f40 R14: ffff88807841b8c0 R15: dffffc0000000000 [ 615.773050][T10906] ? xfrm_state_fini+0x26f/0x2f0 [ 615.778004][T10906] ? xfrm_state_fini+0x26f/0x2f0 [ 615.782947][T10906] xfrm_net_exit+0x2d/0x70 [ 615.787370][T10906] ops_undo_list+0x497/0x990 [ 615.791979][T10906] ? __pfx_ops_undo_list+0x10/0x10 [ 615.797121][T10906] ? do_raw_spin_unlock+0x122/0x240 [ 615.802353][T10906] cleanup_net+0x4c5/0x800 [ 615.806785][T10906] ? __pfx_cleanup_net+0x10/0x10 [ 615.811736][T10906] ? rcu_is_watching+0x15/0xb0 [ 615.816498][T10906] ? process_scheduled_works+0x9ef/0x17b0 [ 615.822215][T10906] ? process_scheduled_works+0x9ef/0x17b0 [ 615.827930][T10906] process_scheduled_works+0xade/0x17b0 [ 615.833484][T10906] ? __pfx_process_scheduled_works+0x10/0x10 [ 615.839470][T10906] worker_thread+0x8a0/0xda0 [ 615.844063][T10906] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 615.850394][T10906] ? __kthread_parkme+0x7b/0x200 [ 615.855332][T10906] kthread+0x70e/0x8a0 [ 615.859400][T10906] ? __pfx_worker_thread+0x10/0x10 [ 615.864507][T10906] ? __pfx_kthread+0x10/0x10 [ 615.869099][T10906] ? _raw_spin_unlock_irq+0x23/0x50 [ 615.874320][T10906] ? lockdep_hardirqs_on+0x9c/0x150 [ 615.879519][T10906] ? __pfx_kthread+0x10/0x10 [ 615.884111][T10906] ret_from_fork+0x3f9/0x770 [ 615.888702][T10906] ? __pfx_ret_from_fork+0x10/0x10 [ 615.893819][T10906] ? __switch_to_asm+0x39/0x70 [ 615.898591][T10906] ? __switch_to_asm+0x33/0x70 [ 615.903356][T10906] ? __pfx_kthread+0x10/0x10 [ 615.907949][T10906] ret_from_fork_asm+0x1a/0x30 [ 615.912725][T10906] [ 615.916072][T10906] Kernel Offset: disabled [ 615.920392][T10906] Rebooting in 86400 seconds..