last executing test programs: 1m45.947871493s ago: executing program 1 (id=6562): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) r0 = syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=0x0, &(0x7f00000007c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x3, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="1a", 0x38}, {0x0}], 0x2}) io_uring_enter(r0, 0x4d10, 0x2, 0x2, 0x0, 0x0) 1m45.798627576s ago: executing program 1 (id=6564): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=@newlink={0x48, 0x10, 0x503, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x80c20001000001}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x48}, 0x1, 0x0, 0x0, 0x8090}, 0x0) 1m45.594646605s ago: executing program 1 (id=6568): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x0, @broadcast, 'veth1_to_hsr\x00'}}, 0x1e) 1m45.489561673s ago: executing program 1 (id=6571): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 1m45.370627925s ago: executing program 1 (id=6574): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000100)={0x4, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x22}}}}, 0x108) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x1, 0x5}, 0x8) close(0x3) 1m44.82692256s ago: executing program 1 (id=6584): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x11, &(0x7f0000000880)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x22}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc6a}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff03316844268cb89e14f00800", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m44.420257976s ago: executing program 32 (id=6584): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x11, &(0x7f0000000880)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x22}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc6a}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff03316844268cb89e14f00800", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m18.031324497s ago: executing program 4 (id=6953): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000002800)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x6, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x5}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000100)="93", 0x1}], 0x1}}, {{&(0x7f00000004c0)={0xa, 0x4e22, 0x6, @private2, 0x8}, 0x1c, &(0x7f0000000a40)=[{&(0x7f0000000500)='J', 0x1}], 0x1}}], 0x2, 0xc010) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x6c, &(0x7f0000001280)=""/4107, &(0x7f00000000c0)=0x100b) 1m17.815905489s ago: executing program 4 (id=6957): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={0x2c, r1, 0x1, 0x70bd2b, 0xfffffffb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48008}, 0x20008884) 1m17.76694406s ago: executing program 4 (id=6959): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000200)={0x4c, r1, 0x607, 0x70bd2a, 0x0, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x460769a9}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x7}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x1}]}, 0x4c}}, 0x0) 1m17.649203121s ago: executing program 4 (id=6962): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 1m17.530496005s ago: executing program 4 (id=6964): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}) write$sndseq(r0, &(0x7f0000000000)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x95ffffff]}}], 0xffc8) 1m17.071793969s ago: executing program 4 (id=6973): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x3}) 1m16.550967763s ago: executing program 33 (id=6973): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x3}) 4.140134807s ago: executing program 0 (id=8142): r0 = syz_io_uring_setup(0xd7c, &(0x7f0000000480)={0x0, 0x0, 0x10000, 0x20000, 0x10000000}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x5, r3, 0x0, 0x0, 0x0, 0x80000, 0x1}) io_uring_enter(r0, 0x291c, 0x0, 0x0, 0x0, 0x0) 4.034727052s ago: executing program 0 (id=8145): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000840)=@newqdisc={0xdc, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2, 0x9}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xac, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x48, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2c2a1f44}]}, {0x24, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xfd}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x1}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xfffffff3}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}]}, 0xdc}}, 0x0) 3.44778632s ago: executing program 0 (id=8157): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x58, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}, {0x1, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x8, 0xf8f, 0x4, 0x1, 0xa4, 0xb8}}, {0x4}}]}]}, 0x58}}, 0x44080) 3.412468844s ago: executing program 0 (id=8158): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x80000) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) signalfd4(r0, &(0x7f0000000140), 0x8, 0x0) 3.090752149s ago: executing program 0 (id=8165): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000300)={0xc, r1}) 2.940091645s ago: executing program 0 (id=8167): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000340)) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c0311040000000c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r1, @ANYRES8=r0], 0x0) 1.860789061s ago: executing program 6 (id=8195): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = dup(r0) listen(r1, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000180), 0x200008, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) 1.001755483s ago: executing program 3 (id=8204): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x20000000) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000100000051d833483cc75dd6900000000000000004000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319e2e66d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0) 944.975253ms ago: executing program 3 (id=8205): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={@rand_addr=' \x01\x00', 0x3c, r1}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x57, r1}) 936.832324ms ago: executing program 6 (id=8206): r0 = socket(0x1e, 0x4, 0x0) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r0, &(0x7f0000004400), 0x400000000000203, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) 821.825266ms ago: executing program 5 (id=8207): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR2(r0, 0xc02464bb, &(0x7f0000000bc0)={0x1, r2, 0x7fff, 0x4, 0x7, 0x2, 0x0, 0xfffffff4, 0x7f}) 821.002049ms ago: executing program 2 (id=8208): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = add_key$user(&(0x7f00000006c0), &(0x7f0000000000)={'syz', 0x1}, &(0x7f0000000440)='1', 0x1, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000280)={0x0, r1}, 0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={'sha3-256\x00'}}) 683.032271ms ago: executing program 3 (id=8209): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000002c0)={0x48, 0x1, r1, 0x0, 0x80000000000, 0x2}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000080)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) 666.232809ms ago: executing program 5 (id=8210): syz_open_dev$vcsu(&(0x7f0000000100), 0x400000000000, 0x80000) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='debugfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2204c3b, 0x0) 665.563009ms ago: executing program 6 (id=8211): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4) sendmmsg(r0, &(0x7f0000002140)=[{{0x0, 0x1015, &(0x7f0000003a00)=[{&(0x7f0000000280)="f4", 0x791c}], 0x1}}, {{0x0, 0x2b, &(0x7f0000000100)=[{&(0x7f00000000c0)="e1", 0x1}], 0x1}}], 0x2, 0x44080) 595.9299ms ago: executing program 2 (id=8212): mmap(&(0x7f000000c000/0x4000)=nil, 0x4000, 0xa, 0x31, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0x6, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) 550.88904ms ago: executing program 3 (id=8213): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}]}}}]}, 0x3c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000160a01010000000000000000010000000900010073797a30000000000900020073797a3000000000140003"], 0xc8}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f0001000000000000000000060100800c0001"], 0x114}], 0x1}, 0x0) 529.237571ms ago: executing program 6 (id=8214): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x9) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) 514.46139ms ago: executing program 5 (id=8215): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000680)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r2, @ANYBLOB="4400028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e670000000000000500030003"], 0x60}, 0x1, 0x0, 0x0, 0x24004000}, 0x24040840) 416.326823ms ago: executing program 2 (id=8216): sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040004}, 0x40001) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r0, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) 402.660881ms ago: executing program 3 (id=8217): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000900000/0x3000)=nil, 0x3000) 333.99375ms ago: executing program 5 (id=8218): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) ustat(0x1f, &(0x7f0000000000)) 298.661287ms ago: executing program 6 (id=8219): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000300), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000004000000000000000100000d0a0000000c0000f7000000000000000002000006040000000200000000000000040000000300010000612e"], &(0x7f0000000f40)=""/4089, 0x4c, 0xff9, 0x1}, 0x28) 297.944957ms ago: executing program 2 (id=8220): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000) 237.853764ms ago: executing program 5 (id=8221): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000300)={0xc, r1}) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000000000000000000000e6"]) 163.938453ms ago: executing program 6 (id=8222): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e4c5ad101d0620c0159c01020301090212e700000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000040)={0x44, &(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 162.378409ms ago: executing program 3 (id=8223): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setuid(0xee00) tkill(r0, 0x12) 146.392366ms ago: executing program 2 (id=8224): clock_settime(0x0, &(0x7f0000000240)={0x77359400}) clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x4, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x6, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0x8, 0xfffffffffffffffa, 0x0, 0x5, 0x7, 0x7, 0x3, 0x6}) 71.276457ms ago: executing program 2 (id=8225): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400)=0x11) 0s ago: executing program 5 (id=8226): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000080)=0x7fff) recvmmsg(r1, &(0x7f0000007900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x30102, 0x0) sendmsg$inet(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000002000)="f3", 0x1}], 0x1}, 0x8801) kernel console output (not intermixed with test programs): t=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 411.745026][ T30] audit: type=1326 audit(1751569665.007:3787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18448 comm="syz.3.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 411.766689][ C0] vkms_vblank_simulate: vblank timer overrun [ 411.773708][ T30] audit: type=1326 audit(1751569665.007:3788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18448 comm="syz.3.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 411.795525][ T30] audit: type=1326 audit(1751569665.007:3789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18448 comm="syz.3.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 411.817218][ C0] vkms_vblank_simulate: vblank timer overrun [ 411.823535][ T30] audit: type=1326 audit(1751569665.007:3790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18448 comm="syz.3.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 411.845359][ T30] audit: type=1326 audit(1751569665.007:3791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18448 comm="syz.3.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 411.867016][ C0] vkms_vblank_simulate: vblank timer overrun [ 411.873838][ T30] audit: type=1326 audit(1751569665.007:3792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18448 comm="syz.3.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 411.900234][ T30] audit: type=1326 audit(1751569665.007:3793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18448 comm="syz.3.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 411.903523][ T5932] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 411.932123][ T979] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 411.940745][ T979] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 411.962877][ T979] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 411.976707][ T979] usb 5-1: config 220 has no interface number 2 [ 411.996488][ T979] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 412.035368][ T979] usb 5-1: config 220 interface 0 has no altsetting 0 [ 412.043736][ T979] usb 5-1: config 220 interface 76 has no altsetting 0 [ 412.053455][ T979] usb 5-1: config 220 interface 1 has no altsetting 0 [ 412.067800][ T979] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 412.083265][ T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.093484][ T979] usb 5-1: Product: syz [ 412.097677][ T979] usb 5-1: Manufacturer: syz [ 412.105590][ T979] usb 5-1: SerialNumber: syz [ 412.110871][ T5932] usb 2-1: Using ep0 maxpacket: 16 [ 412.123722][ T5932] usb 2-1: New USB device found, idVendor=0c45, idProduct=800a, bcdDevice=db.47 [ 412.136818][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.145004][ T5932] usb 2-1: Product: syz [ 412.149744][ T5932] usb 2-1: Manufacturer: syz [ 412.154692][ T5932] usb 2-1: SerialNumber: syz [ 412.169311][ T5932] usb 2-1: config 0 descriptor?? [ 412.182352][ T5932] gspca_main: sn9c2028-2.14.0 probing 0c45:800a [ 412.354816][ T979] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 412.372481][ T979] usb 5-1: No valid video chain found. [ 412.382771][ T5932] gspca_sn9c2028: read1 error -32 [ 412.398542][ T979] usb 5-1: selecting invalid altsetting 0 [ 412.424122][ T979] usb 5-1: selecting invalid altsetting 0 [ 412.441261][ T979] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 412.462486][ T979] usb 5-1: USB disconnect, device number 55 [ 412.588911][ T5932] gspca_sn9c2028: read1 error -71 [ 412.598649][ T5932] sn9c2028 2-1:0.0: probe with driver sn9c2028 failed with error -71 [ 412.639894][ T5932] usb 2-1: USB disconnect, device number 49 [ 413.116035][T18509] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5839'. [ 413.148990][ T5904] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 413.326184][ T5904] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 413.359160][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.391627][ T5904] usb 3-1: Product: syz [ 413.406402][ T5904] usb 3-1: Manufacturer: syz [ 413.416403][ T5904] usb 3-1: SerialNumber: syz [ 413.439912][ T5904] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 413.463155][ T5881] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 413.524952][T18532] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 413.566863][T18532] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 413.588869][T18532] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 413.596629][T18532] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 413.641305][T18532] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 413.652211][T18532] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 413.662943][T18532] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 413.682142][T18532] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 413.695269][T18532] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 413.729125][T18532] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 414.148848][ T5904] usb 3-1: USB disconnect, device number 52 [ 414.758719][ T5881] usb 3-1: Service connection timeout for: 256 [ 414.758742][ T5881] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 414.759403][ T5881] ath9k_htc: Failed to initialize the device [ 414.759744][ T5904] usb 3-1: ath9k_htc: USB layer deinitialized [ 415.160737][T18622] team0: Device gtp0 is of different type [ 415.524781][T18643] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5901'. [ 415.643301][T18654] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5906'. [ 415.643458][T18654] openvswitch: netlink: nsh attribute has 2338 unknown bytes. [ 415.643488][T18654] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 415.715496][T18656] No buffer was provided with the request [ 415.859161][T18666] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5912'. [ 416.082992][ T30] audit: type=1326 audit(1751569669.367:3794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18669 comm="syz.4.5914" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f21fbd8e929 code=0x0 [ 416.434795][T18687] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5918'. [ 416.448936][T18686] cifs: Unknown parameter 'h}# [ 416.448936][T18686] [bIT&:"1:ӭ'4,Zz-#F<]%gC [ 416.448936][T18686] SȘȞZ6' [ 416.565600][T18694] veth0_to_batadv: entered promiscuous mode [ 416.574165][T18694] veth0_to_batadv: left promiscuous mode [ 416.898857][ T5932] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 417.025201][T18719] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5934'. [ 417.066696][T18716] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5934'. [ 417.076248][ T5932] usb 4-1: Using ep0 maxpacket: 8 [ 417.088831][ T5932] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 417.108736][ T5932] usb 4-1: config 179 has no interface number 0 [ 417.115163][ T5932] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 417.140039][ T5932] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 417.185916][ T5932] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 417.215962][ T5932] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 417.254475][T18730] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5941'. [ 417.264090][ T5932] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 417.287969][ T5932] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 417.303901][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.331415][T18699] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 417.498802][ T5928] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 417.583507][T18699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.612053][T18699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.678580][ T5928] usb 5-1: Using ep0 maxpacket: 8 [ 417.693837][ T5928] usb 5-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 417.703768][ T5928] usb 5-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 417.713425][ T5928] usb 5-1: Product: syz [ 417.718100][ T5928] usb 5-1: Manufacturer: syz [ 417.724160][ T5928] usb 5-1: SerialNumber: syz [ 417.753400][ T5928] usb 5-1: config 0 descriptor?? [ 417.764984][ T5928] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 417.837546][ T5932] usb 4-1: USB disconnect, device number 49 [ 417.837614][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 417.837662][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 418.365604][ T5928] gspca_zc3xx: reg_w_i err -71 [ 418.378262][ T5928] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 418.406085][ T5928] usb 5-1: USB disconnect, device number 56 [ 418.488325][ T5904] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 418.638581][ T5904] usb 2-1: Using ep0 maxpacket: 16 [ 418.653676][ T5904] usb 2-1: config 0 has no interfaces? [ 418.662189][ T5904] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 418.671667][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.679945][ T5904] usb 2-1: Product: syz [ 418.684275][ T5904] usb 2-1: Manufacturer: syz [ 418.689037][ T5904] usb 2-1: SerialNumber: syz [ 418.696683][ T5904] usb 2-1: config 0 descriptor?? [ 418.756921][ T30] audit: type=1326 audit(1751569672.037:3795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18750 comm="syz.2.5951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ee938e929 code=0x7fc00000 [ 418.921089][ T5836] Bluetooth: hci1: adv larger than maximum supported [ 418.921150][ T5836] Bluetooth: hci1: Malformed LE Event: 0x0d [ 418.942446][ T5904] usb 2-1: USB disconnect, device number 50 [ 419.012360][T18778] macsec2: entered promiscuous mode [ 419.017702][T18778] macsec2: entered allmulticast mode [ 419.254722][T18792] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 419.334146][T18796] sp0: Synchronizing with TNC [ 419.338295][ T5881] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 419.465788][T18802] validate_nla: 39 callbacks suppressed [ 419.465816][T18802] netlink: 'syz.2.5977': attribute type 9 has an invalid length. [ 419.508134][ T5881] usb 4-1: Using ep0 maxpacket: 8 [ 419.524604][ T5881] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 419.550544][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.565566][ T5881] usb 4-1: Product: syz [ 419.569942][ T5881] usb 4-1: Manufacturer: syz [ 419.574564][ T5881] usb 4-1: SerialNumber: syz [ 419.588815][ T5881] usb 4-1: config 0 descriptor?? [ 419.600685][ T5881] radio-usb-si4713 4-1:0.0: Si4713 development board discovered: (10C4:8244) [ 419.819937][ T5881] radio-usb-si4713 4-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 419.849119][ T5881] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 419.870268][ T5881] usb 4-1: USB disconnect, device number 50 [ 419.870656][ T5928] hid-generic 0000:0004:0000.0071: unknown main item tag 0x0 [ 419.902742][ T5928] hid-generic 0000:0004:0000.0071: unknown main item tag 0x0 [ 419.921573][ T5928] hid-generic 0000:0004:0000.0071: unknown main item tag 0x0 [ 419.966998][ T5928] hid-generic 0000:0004:0000.0071: hidraw0: HID v0.00 Device [syz0] on syz1 [ 420.069709][T18829] fido_id[18829]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 420.434266][T18850] devpts: Bad value for 'max' [ 420.496759][T18852] sp0: Synchronizing with TNC [ 420.509456][T18851] [U] ` [ 420.892366][T18876] tipc: Enabled bearer , priority 10 [ 420.971864][T18881] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6014'. [ 421.054644][ T5904] hid-generic 0000:0000:0000.0072: unknown main item tag 0x0 [ 421.081610][ T5904] hid-generic 0000:0000:0000.0072: hidraw0: HID v0.00 Device [syz0] on syz0 [ 421.240490][T18891] fido_id[18891]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 421.399457][ T5836] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 421.410575][ T5836] Bluetooth: hci3: Injecting HCI hardware error event [ 421.418950][ T5826] Bluetooth: hci3: hardware error 0x00 [ 421.814993][T18930] macsec3: entered promiscuous mode [ 421.821488][T18930] macsec3: entered allmulticast mode [ 421.888155][ T5932] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 422.047884][ T5932] usb 4-1: Using ep0 maxpacket: 32 [ 422.058030][ T5932] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 422.066157][ T5932] usb 4-1: config 0 has no interface number 0 [ 422.073282][T18946] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6045'. [ 422.077369][ T5904] kernel write not supported for file /input/event2 (pid: 5904 comm: kworker/0:7) [ 422.102657][ T5932] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 422.113138][ T5932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.121635][ T5932] usb 4-1: Product: syz [ 422.136032][ T5932] usb 4-1: Manufacturer: syz [ 422.141164][ T5932] usb 4-1: SerialNumber: syz [ 422.153956][ T5932] usb 4-1: config 0 descriptor?? [ 422.173249][ T5932] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 422.394031][ T5932] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 422.430304][ T5932] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 422.609156][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 422.803670][T18981] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6060'. [ 422.814031][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 422.821760][ T5904] usb 4-1: USB disconnect, device number 51 [ 422.858027][T18976] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6060'. [ 422.858047][ T5904] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 422.901726][ T5904] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 422.928926][ T5904] quatech2 4-1:0.51: device disconnected [ 423.320217][T19013] netlink: 'syz.2.6078': attribute type 1 has an invalid length. [ 423.340999][T19013] NCSI netlink: No device for ifindex 0 [ 423.487826][ T5826] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 424.207156][T19058] Invalid logical block size (-5) [ 424.307729][ T5932] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 424.367514][T19066] devtmpfs: Too few inodes for current use [ 424.471924][ T5932] usb 2-1: config 0 interface 0 altsetting 248 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 424.490617][ T5932] usb 2-1: config 0 interface 0 has no altsetting 0 [ 424.497344][ T5932] usb 2-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00 [ 424.512666][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.523042][T19074] netlink: 72 bytes leftover after parsing attributes in process `syz.2.6106'. [ 424.541276][ T5932] usb 2-1: config 0 descriptor?? [ 424.636947][T19080] netlink: 260 bytes leftover after parsing attributes in process `syz.0.6109'. [ 424.709831][T19082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6111'. [ 424.719901][T19082] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6111'. [ 424.729553][T19082] netlink: 'syz.2.6111': attribute type 6 has an invalid length. [ 424.996795][ T5932] semitek 0003:1EA7:0907.0073: unknown main item tag 0x0 [ 425.004505][ T5932] semitek 0003:1EA7:0907.0073: unknown main item tag 0x0 [ 425.014588][ T5932] semitek 0003:1EA7:0907.0073: unknown main item tag 0x0 [ 425.027157][ T5932] semitek 0003:1EA7:0907.0073: unknown main item tag 0x0 [ 425.041532][ T5932] semitek 0003:1EA7:0907.0073: unknown main item tag 0x0 [ 425.058022][ T5932] semitek 0003:1EA7:0907.0073: unknown main item tag 0x0 [ 425.069136][ T5932] semitek 0003:1EA7:0907.0073: unknown main item tag 0x0 [ 425.099610][ T5932] semitek 0003:1EA7:0907.0073: hidraw0: USB HID v0.00 Device [HID 1ea7:0907] on usb-dummy_hcd.1-1/input0 [ 425.144783][T19106] netlink: 'syz.2.6121': attribute type 11 has an invalid length. [ 425.183509][ T5932] usb 2-1: USB disconnect, device number 51 [ 425.349894][T19116] netlink: 'syz.2.6124': attribute type 2 has an invalid length. [ 425.386669][T19116] netlink: 244 bytes leftover after parsing attributes in process `syz.2.6124'. [ 425.560234][ T30] audit: type=1326 audit(1751569678.838:3796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19083 comm="syz.0.6112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facff18e929 code=0x7fc00000 [ 425.581897][ C0] vkms_vblank_simulate: vblank timer overrun [ 425.862983][ T30] audit: type=1326 audit(1751569679.148:3797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19136 comm="syz.1.6136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 425.884726][ C0] vkms_vblank_simulate: vblank timer overrun [ 425.943110][ T30] audit: type=1326 audit(1751569679.148:3798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19136 comm="syz.1.6136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 425.964755][ C0] vkms_vblank_simulate: vblank timer overrun [ 425.972276][ T30] audit: type=1326 audit(1751569679.188:3799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19136 comm="syz.1.6136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 425.994575][ T30] audit: type=1326 audit(1751569679.188:3800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19136 comm="syz.1.6136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 426.016202][ C0] vkms_vblank_simulate: vblank timer overrun [ 426.027614][ T30] audit: type=1326 audit(1751569679.188:3801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19136 comm="syz.1.6136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 426.049241][ C0] vkms_vblank_simulate: vblank timer overrun [ 426.086442][ T30] audit: type=1326 audit(1751569679.188:3802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19136 comm="syz.1.6136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 426.137322][ T30] audit: type=1326 audit(1751569679.188:3803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19136 comm="syz.1.6136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 426.171677][ T30] audit: type=1326 audit(1751569679.348:3804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19141 comm="syz.1.6138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 426.208535][ T30] audit: type=1326 audit(1751569679.348:3805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19141 comm="syz.1.6138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 427.189931][T19210] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6172'. [ 427.440636][T19220] netlink: 'syz.1.6177': attribute type 1 has an invalid length. [ 427.464481][T19220] netlink: 208 bytes leftover after parsing attributes in process `syz.1.6177'. [ 427.487434][T19220] netlink: 'syz.1.6177': attribute type 1 has an invalid length. [ 427.505390][T19220] netlink: 'syz.1.6177': attribute type 2 has an invalid length. [ 427.722876][T19239] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 427.807530][ T5881] usb 2-1: new full-speed USB device number 52 using dummy_hcd [ 427.969085][ T5881] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 427.982467][ T5881] usb 2-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 427.992224][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.995975][T19255] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 428.003132][ T5881] usb 2-1: Product: syz [ 428.012445][ T5881] usb 2-1: Manufacturer: syz [ 428.018246][ T5881] usb 2-1: SerialNumber: syz [ 428.025728][ T5881] usb 2-1: config 0 descriptor?? [ 428.042595][ T5881] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 428.064575][ T5881] dvb-usb: bulk message failed: -22 (3/0) [ 428.090862][ T5881] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 428.101053][ T5881] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 428.127046][ T5881] usb 2-1: media controller created [ 428.134928][ T5881] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 428.153344][ T5881] dvb-usb: bulk message failed: -22 (6/0) [ 428.160075][ T5881] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' [ 428.179818][ T5881] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input36 [ 428.196125][ T5881] dvb-usb: schedule remote query interval to 150 msecs. [ 428.205173][ T5881] dvb-usb: bulk message failed: -22 (3/0) [ 428.229941][ T5881] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected. [ 428.255205][T19226] dvb-usb: bulk message failed: -22 (2/0) [ 428.296755][ T5881] usb 2-1: USB disconnect, device number 52 [ 428.341560][ T5881] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected. [ 428.576956][ T5932] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 428.653593][ T979] kernel write not supported for file /input/mouse0 (pid: 979 comm: kworker/1:2) [ 428.738608][ T5932] usb 4-1: Using ep0 maxpacket: 32 [ 428.758890][ T5932] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 428.784012][ T5932] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 428.804458][ T5932] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 428.825220][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.856611][ T5932] usb 4-1: config 0 descriptor?? [ 429.031655][T19285] [U] [ [ 429.309082][ T5932] koneplus 0003:1E7D:2D51.0074: unknown main item tag 0x0 [ 429.346621][ T5932] koneplus 0003:1E7D:2D51.0074: unknown main item tag 0x0 [ 429.354161][ T5932] koneplus 0003:1E7D:2D51.0074: unknown main item tag 0x0 [ 429.374658][ T5932] koneplus 0003:1E7D:2D51.0074: unknown main item tag 0x0 [ 429.389009][ T5932] koneplus 0003:1E7D:2D51.0074: unknown main item tag 0x0 [ 429.422379][ T5932] koneplus 0003:1E7D:2D51.0074: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.3-1/input0 [ 429.505443][ T5932] koneplus 0003:1E7D:2D51.0074: couldn't init struct koneplus_device [ 429.529082][ T5932] koneplus 0003:1E7D:2D51.0074: couldn't install mouse [ 429.542049][ T5932] koneplus 0003:1E7D:2D51.0074: probe with driver koneplus failed with error -71 [ 429.580073][ T5932] usb 4-1: USB disconnect, device number 52 [ 429.584312][T19317] netlink: 'syz.1.6222': attribute type 1 has an invalid length. [ 429.821212][T19325] netlink: 'syz.0.6227': attribute type 6 has an invalid length. [ 429.838588][T19325] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.6227'. [ 430.357008][ T979] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 430.543767][ T979] usb 2-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 430.572476][ T979] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.621712][ T979] usb 2-1: config 0 descriptor?? [ 430.806733][T19378] netlink: 68 bytes leftover after parsing attributes in process `syz.2.6253'. [ 430.946797][ T5881] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 431.072277][ T979] betop 0003:11C2:2208.0075: hidraw0: USB HID v55.77 Device [HID 11c2:2208] on usb-dummy_hcd.1-1/input0 [ 431.116114][ T979] betop 0003:11C2:2208.0075: no inputs found [ 431.122273][ T5881] usb 4-1: Using ep0 maxpacket: 8 [ 431.128255][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 431.142242][ T5190] udevd[5190]: worker [5835] terminated by signal 33 (Unknown signal 33) [ 431.154146][ T5190] udevd[5190]: worker [5835] failed while handling '/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:11C2:2208.0075/hidraw/hidraw0' [ 431.165118][ T5881] usb 4-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 431.203397][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.234280][ T5881] usb 4-1: config 0 descriptor?? [ 431.275150][ T5904] usb 2-1: USB disconnect, device number 53 [ 431.400206][T19402] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6264'. [ 431.606742][ T9] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 431.651942][ T5881] lenovo 0003:17EF:6062.0076: item fetching failed at offset 4/5 [ 431.660781][ T5881] lenovo 0003:17EF:6062.0076: hid_parse failed [ 431.667813][ T5881] lenovo 0003:17EF:6062.0076: probe with driver lenovo failed with error -22 [ 431.768346][ T9] usb 3-1: config 0 has an invalid interface number: 50 but max is 0 [ 431.776912][ T9] usb 3-1: config 0 has no interface number 0 [ 431.783076][ T9] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 431.808823][ T9] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 431.818556][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.826796][ T9] usb 3-1: Product: syz [ 431.831152][ T9] usb 3-1: Manufacturer: syz [ 431.836813][ T9] usb 3-1: SerialNumber: syz [ 431.850693][ T9] usb 3-1: config 0 descriptor?? [ 431.852282][ T24] usb 4-1: USB disconnect, device number 53 [ 431.872039][ T9] yurex 3-1:0.50: USB YUREX device now attached to Yurex #0 [ 432.102280][ T24] usb 3-1: USB disconnect, device number 53 [ 432.123726][ T24] yurex 3-1:0.50: USB YUREX #0 now disconnected [ 432.389172][ T9] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 432.438391][ T5826] Bluetooth: hci1: command 0x0406 tx timeout [ 432.542485][T19435] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6279'. [ 432.550037][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 432.562305][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 432.574497][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 432.588281][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 432.599333][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 432.614688][ T9] usb 2-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.00 [ 432.624579][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.670045][ T9] usb 2-1: config 0 descriptor?? [ 432.992855][T19456] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6287'. [ 433.091933][ T9] hid (null): nested delimiters [ 433.111611][ T9] wacom 0003:056A:0317.0077: nested delimiters [ 433.130379][ T9] wacom 0003:056A:0317.0077: item 0 4 2 10 parsing failed [ 433.150841][T19464] sp0: Synchronizing with TNC [ 433.151485][ T9] wacom 0003:056A:0317.0077: parse failed [ 433.178776][ T9] wacom 0003:056A:0317.0077: probe with driver wacom failed with error -22 [ 433.341192][ T9] usb 2-1: USB disconnect, device number 54 [ 433.825310][T19499] netlink: 'syz.2.6302': attribute type 1 has an invalid length. [ 433.842229][T19499] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6302'. [ 434.422709][T19533] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus [ 434.516471][ T24] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 434.697002][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 434.725805][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 434.765861][ T24] usb 3-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00 [ 434.778809][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.800529][ T24] usb 3-1: config 0 descriptor?? [ 435.252261][ T24] aquacomputer_d5next 0003:0C70:F00E.0078: hidraw0: USB HID v0.83 Device [HID 0c70:f00e] on usb-dummy_hcd.2-1/input0 [ 435.443676][ T24] usb 3-1: USB disconnect, device number 54 [ 436.213684][T19627] usb usb8: usbfs: process 19627 (syz.3.6357) did not claim interface 0 before use [ 438.945282][T19792] netlink: 592 bytes leftover after parsing attributes in process `syz.3.6432'. [ 439.880846][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.965009][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 439.965026][ T30] audit: type=1326 audit(1751569693.250:3811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19844 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21fbd8e929 code=0x7ffc0000 [ 440.049860][ T30] audit: type=1326 audit(1751569693.250:3812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19844 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21fbd8e929 code=0x7ffc0000 [ 440.124999][ T30] audit: type=1326 audit(1751569693.280:3813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19844 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f21fbd8e929 code=0x7ffc0000 [ 440.187381][ T30] audit: type=1326 audit(1751569693.280:3814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19844 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21fbd8e929 code=0x7ffc0000 [ 440.215560][ T30] audit: type=1326 audit(1751569693.280:3815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19844 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21fbd8e929 code=0x7ffc0000 [ 440.273088][ T30] audit: type=1326 audit(1751569693.290:3816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19844 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=18 compat=0 ip=0x7f21fbd8e929 code=0x7ffc0000 [ 440.323272][ T30] audit: type=1326 audit(1751569693.290:3817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19844 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21fbd8e929 code=0x7ffc0000 [ 440.361626][ T30] audit: type=1326 audit(1751569693.290:3818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19844 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21fbd8e929 code=0x7ffc0000 [ 441.572158][T19924] netlink: 'syz.0.6493': attribute type 9 has an invalid length. [ 441.581671][T19924] netlink: 'syz.0.6493': attribute type 6 has an invalid length. [ 441.692787][ T9] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 441.733305][T19930] mkiss: ax0: crc mode is auto. [ 441.857348][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 441.880342][ T9] usb 5-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 441.910717][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.942080][ T9] usb 5-1: config 0 descriptor?? [ 442.581298][ T9] razer 0003:1532:010E.0079: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.4-1/input0 [ 442.772289][ T24] usb 5-1: USB disconnect, device number 57 [ 443.660583][T20008] nbd: socks must be embedded in a SOCK_ITEM attr [ 443.683507][T20011] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 443.731760][T20012] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 444.084127][ T30] audit: type=1326 audit(1751569697.361:3819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20022 comm="syz.1.6539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 444.105808][ C0] vkms_vblank_simulate: vblank timer overrun [ 444.155404][ T30] audit: type=1326 audit(1751569697.361:3820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20022 comm="syz.1.6539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575318e929 code=0x7ffc0000 [ 445.755084][ T9] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 445.844999][T20074] block nbd3: server does not support multiple connections per device. [ 445.859524][T20074] block nbd3: shutting down sockets [ 445.932563][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 445.941099][ T9] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 445.959842][ T9] usb 5-1: config 0 has no interface number 0 [ 445.980101][ T9] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 446.002595][ T9] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 446.019155][ T9] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 446.031707][T20083] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6563'. [ 446.041283][ T9] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 446.074836][ T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 446.099440][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.127209][ T9] usb 5-1: config 0 descriptor?? [ 446.156781][ T9] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 446.351294][ T24] usb 5-1: USB disconnect, device number 58 [ 446.379639][ T24] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 446.572603][T20108] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.6577'. [ 447.033687][T20119] kvm: kvm [20118]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000001b) [ 447.571168][ T13] bridge_slave_1: left allmulticast mode [ 447.594801][ T13] bridge_slave_1: left promiscuous mode [ 447.605788][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.714523][ T13] bridge_slave_0: left allmulticast mode [ 447.734777][ T13] bridge_slave_0: left promiscuous mode [ 447.753483][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.284701][T20153] block nbd3: server does not support multiple connections per device. [ 448.285024][T20153] block nbd3: shutting down sockets [ 448.350752][ T13] batman_adv: batadv0: Removing interface: gretap1 [ 448.397226][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 448.428717][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 448.437197][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 448.448272][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 448.456016][ T5836] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 448.745416][ T13] bridge0 (unregistering): left promiscuous mode [ 449.009467][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 449.019971][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 449.029673][ T13] bond0 (unregistering): Released all slaves [ 449.104146][ T13] U: left promiscuous mode [ 449.280822][ T13] tipc: Left network mode [ 449.948248][ T13] hsr_slave_0: left promiscuous mode [ 449.962305][ T13] hsr_slave_1: left promiscuous mode [ 449.976341][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 450.001525][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 450.514475][ T5826] Bluetooth: hci1: command tx timeout [ 450.620714][T20249] input: syz0 as /devices/virtual/input/input41 [ 450.892793][ T13] team0 (unregistering): Port device team_slave_1 removed [ 450.983765][ T13] team0 (unregistering): Port device team_slave_0 removed [ 451.503884][T20261] 2g,{: renamed from lo (while UP) [ 451.572523][T20161] chnl_net:caif_netlink_parms(): no params data found [ 451.899043][T20161] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.911536][T20161] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.922481][T20161] bridge_slave_0: entered allmulticast mode [ 451.930217][T20161] bridge_slave_0: entered promiscuous mode [ 451.938844][T20161] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.946153][T20161] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.956251][T20161] bridge_slave_1: entered allmulticast mode [ 451.971675][T20161] bridge_slave_1: entered promiscuous mode [ 452.067978][T20161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 452.084735][T20161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 452.125296][ T13] IPVS: stop unused estimator thread 0... [ 452.298427][T20161] team0: Port device team_slave_0 added [ 452.316494][T20161] team0: Port device team_slave_1 added [ 452.339476][T20304] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6642'. [ 452.405617][T20304] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6642'. [ 452.504500][T20161] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 452.511494][T20161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 452.577385][T20161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 452.597218][ T5826] Bluetooth: hci1: command tx timeout [ 452.677549][T20320] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6649'. [ 452.684274][T20161] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 452.699074][T20161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 452.737586][T20161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 452.749153][T20324] netlink: 'syz.4.6650': attribute type 39 has an invalid length. [ 452.926229][T20161] hsr_slave_0: entered promiscuous mode [ 452.945982][T20161] hsr_slave_1: entered promiscuous mode [ 453.021379][T20333] sctp: [Deprecated]: syz.2.6654 (pid 20333) Use of struct sctp_assoc_value in delayed_ack socket option. [ 453.021379][T20333] Use struct sctp_sack_info instead [ 453.494340][T20357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6664'. [ 453.540181][T20357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6664'. [ 453.633601][T20161] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 453.691326][T20161] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 453.723108][T20161] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 453.770244][T20161] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 453.969829][T20390] netlink: 152 bytes leftover after parsing attributes in process `syz.2.6674'. [ 454.172585][T20161] 8021q: adding VLAN 0 to HW filter on device bond0 [ 454.238045][T20161] 8021q: adding VLAN 0 to HW filter on device team0 [ 454.273444][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.280682][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.356856][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.364060][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 454.622895][T20414] program syz.0.6683 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 454.674009][ T5826] Bluetooth: hci1: command tx timeout [ 455.098690][T20161] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 455.279931][ T5881] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 455.476386][ T5881] usb 5-1: Using ep0 maxpacket: 16 [ 455.521257][ T5881] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 455.545003][ T5881] usb 5-1: config 0 has no interface number 0 [ 455.551150][ T5881] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 455.617431][ T5881] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 455.651372][ T5881] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 455.676476][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 455.698276][ T5881] usb 5-1: Product: syz [ 455.738623][ T5881] usb 5-1: SerialNumber: syz [ 455.787945][ T5881] usb 5-1: config 0 descriptor?? [ 455.832697][ T5881] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 455.904267][ T5881] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input42 [ 455.977026][T20161] veth0_vlan: entered promiscuous mode [ 456.022637][T20161] veth1_vlan: entered promiscuous mode [ 456.044831][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 456.132008][T20161] veth0_macvtap: entered promiscuous mode [ 456.172304][T20161] veth1_macvtap: entered promiscuous mode [ 456.249185][T20161] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 456.272016][ C1] cm109_urb_ctl_callback: 67 callbacks suppressed [ 456.272039][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 456.285879][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 456.293352][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 456.302509][T20161] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 456.303626][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 456.324128][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 456.333884][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 456.341272][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 456.348481][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 456.355728][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 456.362894][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 456.365236][T20161] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.395296][ T24] usb 5-1: USB disconnect, device number 59 [ 456.401352][ C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 456.447119][T20161] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.466622][T20161] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.475625][T20161] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.489222][ T24] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 456.671677][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 456.696296][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 456.739989][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 456.752825][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 456.760454][ T5826] Bluetooth: hci1: command tx timeout [ 457.443914][ T24] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 457.627288][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.672164][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.702798][ T24] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 457.726683][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.771020][ T24] usb 3-1: config 0 descriptor?? [ 458.012317][T20532] macvlan3: entered promiscuous mode [ 458.196585][ T24] arvo 0003:1E7D:30D4.007A: unknown main item tag 0x0 [ 458.208390][T20535] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6720'. [ 458.229068][ T24] arvo 0003:1E7D:30D4.007A: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.2-1/input0 [ 458.256291][T20535] netlink: 3 bytes leftover after parsing attributes in process `syz.4.6720'. [ 458.507002][T20544] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 458.625268][ T5932] usb 3-1: USB disconnect, device number 55 [ 459.747528][T20578] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.6732'. [ 459.965607][T20586] netlink: 1041 bytes leftover after parsing attributes in process `syz.3.6735'. [ 460.963891][T20629] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6748'. [ 460.979546][T20629] netlink: 152 bytes leftover after parsing attributes in process `syz.2.6748'. [ 461.113735][T20641] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.6752'. [ 461.131201][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 461.131217][ T30] audit: type=1326 audit(1751569714.413:3827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20605 comm="syz.3.6740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7fc00000 [ 461.418271][T20654] 9p: Unknown Cache mode or invalid value r [ 461.654932][T20669] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6764'. [ 461.683023][T20669] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6764'. [ 461.887423][T20678] tap0: tun_chr_ioctl cmd 1074025677 [ 461.911661][T20678] tap0: linktype set to 825 [ 462.286512][T20695] autofs4:pid:20695:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(0.0), cmd(0xc0189379) [ 462.345961][T20695] autofs4:pid:20695:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189379) [ 462.880185][T20715] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6781'. [ 463.473080][ T5881] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 463.630838][T20745] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6795'. [ 463.646697][ T5881] usb 5-1: Using ep0 maxpacket: 16 [ 463.657387][ T5881] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.678880][ T5881] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.697004][ T5881] usb 5-1: config 0 interface 0 has no altsetting 0 [ 463.725561][ T5881] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 463.757596][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.783319][ T5881] usb 5-1: config 0 descriptor?? [ 464.007690][T20729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 464.043376][T20729] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 464.542834][ T5881] usb 5-1: USB disconnect, device number 60 [ 464.635579][ T30] audit: type=1800 audit(1751569717.923:3828): pid=20766 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.6804" name="dmabuf" dev="dmabuf" ino=4 res=0 errno=0 [ 465.121282][T20779] xt_CT: You must specify a L4 protocol and not use inversions on it [ 465.158556][T20781] netem: incorrect gi model size [ 465.166079][T20781] netem: change failed [ 465.860551][T20815] syz.4.6827: attempt to access beyond end of device [ 465.860551][T20815] loop9: rw=0, sector=2, nr_sectors = 2 limit=0 [ 465.897513][T20815] syz.4.6827: attempt to access beyond end of device [ 465.897513][T20815] loop9: rw=0, sector=16, nr_sectors = 2 limit=0 [ 466.189395][T20825] netlink: 'syz.3.6831': attribute type 1 has an invalid length. [ 466.452453][T20832] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 466.976164][T20856] xt_hashlimit: size too large, truncated to 1048576 [ 467.050114][T20858] : renamed from vxcan1 (while UP) [ 468.615725][ T30] audit: type=1326 audit(1751569721.903:3829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20908 comm="syz.2.6866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ee938e929 code=0x7ffc0000 [ 468.682407][ T30] audit: type=1326 audit(1751569721.903:3830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20908 comm="syz.2.6866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ee938e929 code=0x7ffc0000 [ 468.742192][ T30] audit: type=1326 audit(1751569721.903:3831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20908 comm="syz.2.6866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2ee938e929 code=0x7ffc0000 [ 468.804655][ T30] audit: type=1326 audit(1751569721.903:3832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20908 comm="syz.2.6866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ee938e929 code=0x7ffc0000 [ 468.857853][ T30] audit: type=1326 audit(1751569721.903:3833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20908 comm="syz.2.6866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ee938e929 code=0x7ffc0000 [ 468.921032][ T30] audit: type=1326 audit(1751569721.903:3834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20908 comm="syz.2.6866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2ee938e929 code=0x7ffc0000 [ 468.973492][ T30] audit: type=1326 audit(1751569721.933:3835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20908 comm="syz.2.6866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ee938e929 code=0x7ffc0000 [ 469.022168][ T30] audit: type=1326 audit(1751569721.953:3836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20908 comm="syz.2.6866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f2ee938e929 code=0x7ffc0000 [ 469.044173][ T30] audit: type=1326 audit(1751569721.953:3837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20908 comm="syz.2.6866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ee938e929 code=0x7ffc0000 [ 469.109988][ T30] audit: type=1326 audit(1751569721.953:3838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20908 comm="syz.2.6866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ee938e929 code=0x7ffc0000 [ 469.549568][T20946] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6879'. [ 469.912079][ T5881] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 469.942282][ T5932] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 470.091992][ T5881] usb 5-1: Using ep0 maxpacket: 32 [ 470.099255][ T5881] usb 5-1: config 0 interface 0 has no altsetting 0 [ 470.114098][ T5881] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 470.131976][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.135586][ T5932] usb 4-1: Using ep0 maxpacket: 32 [ 470.163772][ T5881] usb 5-1: config 0 descriptor?? [ 470.173639][ T5932] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.220559][ T5932] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.237581][ T5932] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 470.264977][ T5932] usb 4-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 470.294923][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.338524][ T5932] usb 4-1: config 0 descriptor?? [ 470.439404][T20975] netlink: 277 bytes leftover after parsing attributes in process `syz.0.6893'. [ 470.595830][ T5881] corsair-cpro 0003:1B1C:0C10.007C: unknown main item tag 0x0 [ 470.622220][ T5881] corsair-cpro 0003:1B1C:0C10.007C: unknown main item tag 0x0 [ 470.648136][ T5881] corsair-cpro 0003:1B1C:0C10.007C: unknown main item tag 0x0 [ 470.665099][ T5881] corsair-cpro 0003:1B1C:0C10.007C: unknown main item tag 0x0 [ 470.693486][ T5881] corsair-cpro 0003:1B1C:0C10.007C: unknown main item tag 0x0 [ 470.725886][ T5881] corsair-cpro 0003:1B1C:0C10.007C: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.4-1/input0 [ 470.764001][ T5932] hid (null): nested delimiters [ 470.822778][ T5932] input: HID 0458:5011 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5011.007D/input/input43 [ 470.949016][ T5932] input: HID 0458:5011 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5011.007D/input/input44 [ 471.033368][ T5932] kye 0003:0458:5011.007D: input,hiddev0,hidraw1: USB HID v9.00 Mouse [HID 0458:5011] on usb-dummy_hcd.3-1/input0 [ 471.116379][ T5932] usb 4-1: USB disconnect, device number 54 [ 471.120754][ T5881] corsair-cpro 0003:1B1C:0C10.007C: probe with driver corsair-cpro failed with error -110 [ 471.223824][ T5881] usb 5-1: USB disconnect, device number 61 [ 471.276489][T20997] fido_id[20997]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 471.984028][T21016] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6911'. [ 472.801060][T21055] pim6reg: left allmulticast mode [ 473.017962][T21063] netlink: 1 bytes leftover after parsing attributes in process `syz.5.6933'. [ 473.030907][T21063] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6933'. [ 473.105885][T21063] netlink: 1 bytes leftover after parsing attributes in process `syz.5.6933'. [ 473.127829][T21065] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6934'. [ 474.191762][ T5932] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 474.215905][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 474.215920][ T30] audit: type=1400 audit(1751569727.504:3849): lsm=SMACK fn=smack_inode_setattr action=denied subject="y" object="_" requested=w pid=21127 comm="syz.3.6963" name="1476" dev="tmpfs" ino=7453 [ 474.363058][ T5932] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 474.378286][ T5932] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 474.411423][ T5932] usb 6-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 474.420508][ T5932] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.482550][ T5932] usb 6-1: config 0 descriptor?? [ 474.915646][ T5932] hid-led 0003:1D34:0004.007E: unknown main item tag 0x0 [ 475.126983][ T5932] hid-led 0003:1D34:0004.007E: probe with driver hid-led failed with error -71 [ 475.155887][ T5932] usb 6-1: USB disconnect, device number 2 [ 475.344775][ T13] bridge_slave_1: left allmulticast mode [ 475.351571][ T13] bridge_slave_1: left promiscuous mode [ 475.357389][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.370902][ T13] bridge_slave_0: left allmulticast mode [ 475.377360][ T13] bridge_slave_0: left promiscuous mode [ 475.398056][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 475.817008][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 475.832266][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 475.844480][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 475.867171][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 475.875895][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 476.016100][T21163] cgroup: fork rejected by pids controller in /syz5 [ 476.024046][ T13] bridge0 (unregistering): left promiscuous mode [ 476.370182][T21662] 9pnet_fd: Insufficient options for proto=fd [ 476.373167][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 476.425459][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 476.481871][ T13] bond0 (unregistering): Released all slaves [ 476.648193][ T13] tipc: Disabling bearer [ 476.714352][ T13] tipc: Left network mode [ 477.196722][T22121] netlink: 'syz.2.6993': attribute type 1 has an invalid length. [ 477.259408][ T13] hsr_slave_0: left promiscuous mode [ 477.266195][ T13] hsr_slave_1: left promiscuous mode [ 477.289835][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 477.320305][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 477.391729][ T13] pim6reg (unregistering): left allmulticast mode [ 477.448687][ T13] pimreg3 (unregistering): left allmulticast mode [ 477.602208][T22136] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7000'. [ 477.951248][ T5836] Bluetooth: hci0: command tx timeout [ 478.383141][ T13] team0 (unregistering): Port device team_slave_1 removed [ 478.425143][ T13] team0 (unregistering): Port device team_slave_0 removed [ 478.604668][ T30] audit: type=1326 audit(1751569731.895:3850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22156 comm="syz.2.7010" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ee938e929 code=0x0 [ 479.166908][T21164] chnl_net:caif_netlink_parms(): no params data found [ 479.249484][T22173] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7017'. [ 479.269050][ T13] IPVS: stop unused estimator thread 0... [ 479.418805][T21164] bridge0: port 1(bridge_slave_0) entered blocking state [ 479.429875][T21164] bridge0: port 1(bridge_slave_0) entered disabled state [ 479.437203][T21164] bridge_slave_0: entered allmulticast mode [ 479.445164][T21164] bridge_slave_0: entered promiscuous mode [ 479.455354][T21164] bridge0: port 2(bridge_slave_1) entered blocking state [ 479.462701][T21164] bridge0: port 2(bridge_slave_1) entered disabled state [ 479.469868][T21164] bridge_slave_1: entered allmulticast mode [ 479.478664][T21164] bridge_slave_1: entered promiscuous mode [ 479.569327][T21164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 479.598500][T21164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 479.706132][T21164] team0: Port device team_slave_0 added [ 479.721698][T21164] team0: Port device team_slave_1 added [ 479.789665][T21164] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 479.796934][T21164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.836543][T21164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 479.849680][T21164] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 479.859217][T21164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.887602][T21164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 480.031872][ T5836] Bluetooth: hci0: command tx timeout [ 480.043716][T22174] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 480.113944][T21164] hsr_slave_0: entered promiscuous mode [ 480.120508][T21164] hsr_slave_1: entered promiscuous mode [ 480.132644][T21164] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 480.140295][T21164] Cannot create hsr debugfs directory [ 480.351297][T19403] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 480.522362][T19403] usb 6-1: Using ep0 maxpacket: 32 [ 480.530274][T19403] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 480.542514][T19403] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.568149][T19403] usb 6-1: config 0 descriptor?? [ 480.650574][T21164] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 480.673491][T21164] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 480.695269][T21164] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 480.707181][T21164] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 480.790173][T19403] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 480.806049][T19403] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 480.823721][T19403] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 480.838354][T21164] 8021q: adding VLAN 0 to HW filter on device bond0 [ 480.845191][T19403] usb 6-1: media controller created [ 480.884628][T21164] 8021q: adding VLAN 0 to HW filter on device team0 [ 480.887919][T19403] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 480.901564][ T24] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 480.933758][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.940985][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.976731][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.983899][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 481.005688][T19403] az6027: usb out operation failed. (-71) [ 481.019864][T19403] az6027: usb out operation failed. (-71) [ 481.027635][T19403] stb0899_attach: Driver disabled by Kconfig [ 481.042796][T19403] az6027: no front-end attached [ 481.042796][T19403] [ 481.058511][T19403] az6027: usb out operation failed. (-71) [ 481.064872][T19403] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 481.070824][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 481.081268][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 481.085536][T19403] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input45 [ 481.091628][ T24] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 481.120641][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.128172][T19403] dvb-usb: schedule remote query interval to 400 msecs. [ 481.133121][ T24] usb 4-1: Product: syz [ 481.139770][ T24] usb 4-1: Manufacturer: syz [ 481.144770][ T24] usb 4-1: SerialNumber: syz [ 481.148233][T19403] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 481.173095][ T24] usb 4-1: config 0 descriptor?? [ 481.200308][T19403] usb 6-1: USB disconnect, device number 3 [ 481.244575][T21164] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 481.367359][T19403] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 481.595665][ T24] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 481.657452][T21164] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 482.033620][T19403] usb 4-1: USB disconnect, device number 55 [ 482.111593][ T5836] Bluetooth: hci0: command 0x040f tx timeout [ 482.174550][ T5826] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 482.185840][ T5826] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 482.194552][ T5826] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 482.204863][ T5826] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 482.231467][ T5826] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 482.284609][T21164] veth0_vlan: entered promiscuous mode [ 482.316824][T21164] veth1_vlan: entered promiscuous mode [ 482.409547][T21164] veth0_macvtap: entered promiscuous mode [ 482.450320][T21164] veth1_macvtap: entered promiscuous mode [ 482.506501][T21164] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 482.555286][T21164] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 482.609011][T21164] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.635157][T21164] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.644826][T21164] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.654029][T21164] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.814888][T22245] chnl_net:caif_netlink_parms(): no params data found [ 482.929312][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 482.946046][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.109750][T22245] bridge0: port 1(bridge_slave_0) entered blocking state [ 483.149181][T22245] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.170640][T22245] bridge_slave_0: entered allmulticast mode [ 483.196286][T22245] bridge_slave_0: entered promiscuous mode [ 483.218011][T22283] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 483.236477][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.247274][T22245] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.259721][T22245] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.267379][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.279068][T22245] bridge_slave_1: entered allmulticast mode [ 483.308061][T22245] bridge_slave_1: entered promiscuous mode [ 483.425239][T22245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 483.465798][T22245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 483.555775][T22245] team0: Port device team_slave_0 added [ 483.586108][T22245] team0: Port device team_slave_1 added [ 483.690459][ T1211] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 483.702877][T22245] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 483.720102][T22245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.752003][T22245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 483.764961][T22245] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 483.777147][T22245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.822414][T22245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 483.900909][ T1211] usb 4-1: Using ep0 maxpacket: 32 [ 483.912250][ T1211] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 483.927567][ T1211] usb 4-1: config 0 has no interface number 0 [ 483.936805][ T1211] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 483.957031][ T1211] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.976242][ T1211] usb 4-1: Product: syz [ 483.984935][ T1211] usb 4-1: Manufacturer: syz [ 483.989719][ T1211] usb 4-1: SerialNumber: syz [ 484.024133][ T1211] usb 4-1: config 0 descriptor?? [ 484.035087][T22245] hsr_slave_0: entered promiscuous mode [ 484.045613][ T1211] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 484.060256][ T1211] usb 4-1: selecting invalid altsetting 1 [ 484.061934][T22245] hsr_slave_1: entered promiscuous mode [ 484.066114][ T1211] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 484.083271][T22245] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 484.092875][ T1211] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 484.095443][T22245] Cannot create hsr debugfs directory [ 484.117252][ T1211] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 484.118877][ T30] audit: type=1326 audit(1751569737.405:3851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22304 comm="syz.5.7067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f422f5858e7 code=0x7ffc0000 [ 484.127398][ T1211] usb 4-1: media controller created [ 484.191853][ T5836] Bluetooth: hci0: command 0x040f tx timeout [ 484.208280][ T30] audit: type=1326 audit(1751569737.405:3852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22304 comm="syz.5.7067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f422f52ab19 code=0x7ffc0000 [ 484.240826][ T1211] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 484.255611][ T30] audit: type=1326 audit(1751569737.405:3853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22304 comm="syz.5.7067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f422f5858e7 code=0x7ffc0000 [ 484.279271][ T5836] Bluetooth: hci3: command tx timeout [ 484.305283][ T30] audit: type=1326 audit(1751569737.405:3854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22304 comm="syz.5.7067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f422f52ab19 code=0x7ffc0000 [ 484.327582][ T30] audit: type=1326 audit(1751569737.405:3855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22304 comm="syz.5.7067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f422f5858e7 code=0x7ffc0000 [ 484.349347][ T30] audit: type=1326 audit(1751569737.405:3856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22304 comm="syz.5.7067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f422f52ab19 code=0x7ffc0000 [ 484.440943][ T30] audit: type=1326 audit(1751569737.405:3857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22304 comm="syz.5.7067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f422f5858e7 code=0x7ffc0000 [ 484.441514][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 484.526851][ T30] audit: type=1326 audit(1751569737.405:3858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22304 comm="syz.5.7067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f422f52ab19 code=0x7ffc0000 [ 484.617732][ T30] audit: type=1326 audit(1751569737.405:3859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22304 comm="syz.5.7067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f422f5858e7 code=0x7ffc0000 [ 484.650306][ T30] audit: type=1326 audit(1751569737.405:3860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22304 comm="syz.5.7067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f422f52ab19 code=0x7ffc0000 [ 484.755305][T22245] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.908535][T22245] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.086129][T22245] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.226792][T22245] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.312178][ T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 485.318671][T22291] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 485.320536][ T5928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 485.351086][ T1211] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 485.374070][ T1211] zl10353_read_register: readreg error (reg=127, ret==-71) [ 485.385559][ T1211] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 485.470843][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 485.521667][ T1211] usb 4-1: USB disconnect, device number 56 [ 485.545323][T22335] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7081'. [ 485.595090][T22245] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 485.625702][T22245] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 485.654039][T22245] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 485.678273][T22245] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 485.799936][T22245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 485.844059][T22245] 8021q: adding VLAN 0 to HW filter on device team0 [ 485.875187][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 485.882339][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 485.925823][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 485.933001][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 486.276916][ T5826] Bluetooth: hci0: command 0x040f tx timeout [ 486.334980][T22245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 486.350074][ T5826] Bluetooth: hci3: command tx timeout [ 486.411023][T22245] veth0_vlan: entered promiscuous mode [ 486.429284][T22245] veth1_vlan: entered promiscuous mode [ 486.471285][T22245] veth0_macvtap: entered promiscuous mode [ 486.498167][T22245] veth1_macvtap: entered promiscuous mode [ 486.511612][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 486.546595][T22245] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 486.569104][T22245] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 486.585537][T22245] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.594794][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 486.607630][T22245] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.616943][T22245] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.627100][T22245] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.636732][T22368] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7092'. [ 486.902193][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 486.946842][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.004661][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.022658][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.162963][T22377] binder: 22376:22377 ioctl 40046205 0 returned -22 [ 487.231062][ T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 487.289734][T22384] input: syz1 as /devices/virtual/input/input46 [ 487.363286][T22386] futex_wake_op: syz.5.7098 tries to shift op by 32; fix this program [ 487.467033][ T979] hid-generic 0005:07C0:0007.007F: collection stack underflow [ 487.499955][ T979] hid-generic 0005:07C0:0007.007F: item 0 0 0 12 parsing failed [ 487.512246][ T979] hid-generic 0005:07C0:0007.007F: probe with driver hid-generic failed with error -22 [ 487.551442][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 487.619010][T22398] bridge0: entered promiscuous mode [ 487.639919][T22398] macvlan2: entered promiscuous mode [ 487.657842][T22403] netlink: 56 bytes leftover after parsing attributes in process `syz.5.7103'. [ 488.350303][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.440591][ T5826] Bluetooth: hci3: command 0x040f tx timeout [ 488.594491][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.789789][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 488.897910][T22467] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7129'. [ 488.972271][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 488.989356][ T9] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 489.017211][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.049742][ T9] usb 6-1: config 0 descriptor?? [ 489.499923][T22333] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 489.630256][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 489.670143][T22333] usb 4-1: Using ep0 maxpacket: 8 [ 489.678229][T22333] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 489.688940][T22333] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 489.702406][T22333] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 489.713316][T22333] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 489.721818][T22333] usb 4-1: Product: syz [ 489.726209][T22333] usb 4-1: Manufacturer: syz [ 489.734994][T22333] usb 4-1: SerialNumber: syz [ 489.743557][T22333] usb 4-1: config 0 descriptor?? [ 489.877082][ T9] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 489.887877][ T9] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9 [ 489.909807][ T9] asix 6-1:0.0: probe with driver asix failed with error -71 [ 489.920854][ T9] usb 6-1: USB disconnect, device number 4 [ 490.018362][ T979] usb 4-1: USB disconnect, device number 57 [ 490.509845][ T5836] Bluetooth: hci3: command 0x040f tx timeout [ 490.672617][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 490.997136][T22534] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7156'. [ 491.395050][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.442821][T22556] tipc: New replicast peer: 255.255.255.255 [ 491.493548][T22556] tipc: Enabled bearer , priority 1 [ 491.709965][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.101621][T22592] bridge0: entered allmulticast mode [ 492.128058][T22594] pimreg: entered allmulticast mode [ 492.165516][T22594] pimreg: left allmulticast mode [ 492.283296][ T30] kauditd_printk_skb: 41 callbacks suppressed [ 492.283314][ T30] audit: type=1326 audit(1751569745.576:3902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22601 comm="syz.6.7189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65bcb8e929 code=0x7ffc0000 [ 492.333675][ T30] audit: type=1326 audit(1751569745.576:3903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22601 comm="syz.6.7189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65bcb8e929 code=0x7ffc0000 [ 492.358730][ T30] audit: type=1326 audit(1751569745.586:3904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22601 comm="syz.6.7189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65bcb8e929 code=0x7ffc0000 [ 492.396223][ T30] audit: type=1326 audit(1751569745.596:3905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22601 comm="syz.6.7189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65bcb8e929 code=0x7ffc0000 [ 492.417866][ C0] vkms_vblank_simulate: vblank timer overrun [ 492.418303][T22605] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7190'. [ 492.434751][ T30] audit: type=1326 audit(1751569745.596:3906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22601 comm="syz.6.7189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65bcb8e929 code=0x7ffc0000 [ 492.467009][ T30] audit: type=1326 audit(1751569745.756:3907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22601 comm="syz.6.7189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65bcb8e929 code=0x7ffc0000 [ 492.505934][ T30] audit: type=1326 audit(1751569745.756:3908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22601 comm="syz.6.7189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f65bcb858e7 code=0x7ffc0000 [ 492.528988][ T30] audit: type=1326 audit(1751569745.756:3909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22601 comm="syz.6.7189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f65bcb2ab19 code=0x7ffc0000 [ 492.550556][ C0] vkms_vblank_simulate: vblank timer overrun [ 492.573676][ T30] audit: type=1326 audit(1751569745.756:3910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22601 comm="syz.6.7189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f65bcb858e7 code=0x7ffc0000 [ 492.595460][ T5836] Bluetooth: hci3: command 0x040f tx timeout [ 492.682945][T22607] bridge0: port 3(batadv1) entered blocking state [ 492.692914][T22609] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7191'. [ 492.703058][T22607] bridge0: port 3(batadv1) entered disabled state [ 492.718020][T22607] batadv1: entered allmulticast mode [ 492.719700][ T30] audit: type=1326 audit(1751569745.756:3911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22601 comm="syz.6.7189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f65bcb2ab19 code=0x7ffc0000 [ 492.728975][T22607] batadv1: entered promiscuous mode [ 492.766103][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.866995][T22611] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 493.174970][ T65] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 493.184891][ T65] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 493.435898][T22637] netlink: 'syz.6.7206': attribute type 8 has an invalid length. [ 493.791171][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 494.222504][T22662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7216'. [ 494.429250][ T5928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 494.833403][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.227190][T22703] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.246238][T22703] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.265797][T22703] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.557025][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.607380][T22716] Bluetooth: MGMT ver 1.23 [ 495.883667][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 496.168838][ T24] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 496.326688][ T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 496.341243][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 496.363412][ T24] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 496.372952][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.398849][ T24] usb 6-1: Product: syz [ 496.403057][ T24] usb 6-1: Manufacturer: syz [ 496.413298][ T24] usb 6-1: SerialNumber: syz [ 496.546010][T22752] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 496.644953][ T24] usb 6-1: 0:2 : does not exist [ 496.673017][ T24] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 496.719071][ T24] usb 6-1: USB disconnect, device number 5 [ 496.829840][ T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 496.914022][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.184602][T22774] netlink: 108 bytes leftover after parsing attributes in process `syz.3.7266'. [ 497.417491][T22780] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7268'. [ 497.449692][T22782] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7270'. [ 497.508860][ T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.599612][T22788] netlink: 16215 bytes leftover after parsing attributes in process `syz.6.7273'. [ 497.803107][T22796] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 497.812416][T22796] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 497.821223][T22796] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 497.830232][T22796] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 498.997029][T22837] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7294'. [ 500.042335][T22333] net_ratelimit: 4 callbacks suppressed [ 500.042351][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.064570][ T5881] kernel write not supported for file /input/mice (pid: 5881 comm: kworker/0:4) [ 500.125599][T22890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.134443][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.155395][T22890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.163698][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.172135][T22890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.180543][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.189434][T22890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.197684][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.207306][T22890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 501.143593][T22923] block device autoloading is deprecated and will be removed. [ 501.256368][T22931] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7339'. [ 501.296469][T22931] bridge0: entered promiscuous mode [ 501.314238][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.322106][T22931] macsec1: entered allmulticast mode [ 501.339732][T22931] bridge0: port 3(macsec1) entered blocking state [ 501.355822][T22931] bridge0: port 3(macsec1) entered disabled state [ 501.393546][T22931] bridge0: left promiscuous mode [ 501.596500][ T979] kernel write not supported for file /snd/seq (pid: 979 comm: kworker/1:2) [ 502.268592][ T5826] Bluetooth: hci5: command 0x1003 tx timeout [ 502.268881][ T5836] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 502.769401][T22988] netlink: 1041 bytes leftover after parsing attributes in process `syz.3.7366'. [ 503.039053][ T30] kauditd_printk_skb: 94 callbacks suppressed [ 503.039073][ T30] audit: type=1326 audit(1751569756.338:4006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22999 comm="syz.0.7372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facff18e929 code=0x7ffc0000 [ 503.103312][ T30] audit: type=1326 audit(1751569756.338:4007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22999 comm="syz.0.7372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facff18e929 code=0x7ffc0000 [ 503.128784][ T30] audit: type=1326 audit(1751569756.338:4008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22999 comm="syz.0.7372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7facff18e929 code=0x7ffc0000 [ 503.226484][ T30] audit: type=1326 audit(1751569756.338:4009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22999 comm="syz.0.7372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facff18e929 code=0x7ffc0000 [ 503.301628][ T30] audit: type=1326 audit(1751569756.338:4010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22999 comm="syz.0.7372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facff18e929 code=0x7ffc0000 [ 503.791027][T23034] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7388'. [ 503.854571][T23034] netlink: 'syz.2.7388': attribute type 9 has an invalid length. [ 503.918184][T23034] macvlan3: entered allmulticast mode [ 503.923648][T23034] veth0_macvtap: entered allmulticast mode [ 504.766715][T23084] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7411'. [ 504.847885][ T5881] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 504.968050][T23094] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7416'. [ 505.000156][ T5881] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 505.025608][ T5881] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 505.044523][ T5881] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 505.054441][ T5881] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 505.089357][ T5881] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 505.099056][ T30] audit: type=1326 audit(1751569758.388:4011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23097 comm="syz.3.7418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 505.125332][ T5881] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.136934][ T5881] usb 6-1: config 0 descriptor?? [ 505.142398][ T30] audit: type=1326 audit(1751569758.388:4012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23097 comm="syz.3.7418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 505.165415][ T30] audit: type=1326 audit(1751569758.418:4013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23097 comm="syz.3.7418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 505.195402][ T30] audit: type=1326 audit(1751569758.418:4014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23097 comm="syz.3.7418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 505.234089][T22333] net_ratelimit: 2047 callbacks suppressed [ 505.234103][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 505.265446][ T30] audit: type=1326 audit(1751569758.418:4015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23097 comm="syz.3.7418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7ffc0000 [ 505.403457][ T5881] hdpvr 6-1:0.0: firmware version 0x0 dated [ 505.409666][ T5881] hdpvr 6-1:0.0: untested firmware, the driver might not work. [ 505.798830][T23132] input: syz1 as /devices/virtual/input/input49 [ 505.851460][ T5881] hdpvr 6-1:0.0: Could not setup controls [ 505.874889][ T5881] hdpvr 6-1:0.0: registering videodev failed [ 505.897266][ T5881] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -71 [ 505.939337][ T5881] usb 6-1: USB disconnect, device number 6 [ 506.040589][T23142] Attempt to restore checkpoint with obsolete wellknown handles [ 506.268246][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 506.713559][T23168] netlink: 48 bytes leftover after parsing attributes in process `syz.2.7451'. [ 507.059726][T23189] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 507.068727][ T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 507.309023][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 507.719002][ T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 508.047770][ T5881] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 508.131050][T23236] ALSA: mixer_oss: invalid index 40000 [ 508.239922][ T5881] usb 6-1: unable to get BOS descriptor or descriptor too short [ 508.247879][ T5881] usb 6-1: no configurations [ 508.252505][ T5881] usb 6-1: can't read configurations, error -22 [ 508.294548][T23246] overlayfs: missing 'workdir' [ 508.348356][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 508.737733][T23274] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7496'. [ 508.788018][T23274] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.853324][T23274] bridge_slave_0 (unregistering): left allmulticast mode [ 508.862807][T23274] bridge_slave_0 (unregistering): left promiscuous mode [ 508.873060][T23274] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.342722][T23298] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7507'. [ 509.388298][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 509.615806][T23309] sp0: Synchronizing with TNC [ 510.430644][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 510.585067][T23347] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7530'. [ 510.748627][ T5928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 510.873924][T23358] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 511.481369][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 511.889156][T23399] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7551'. [ 511.927915][T23399] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7551'. [ 512.502231][T23434] ieee802154 phy0 wpan0: encryption failed: -22 [ 512.509682][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 512.997080][T23451] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7575'. [ 513.031922][T23451] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.087314][T23451] bridge_slave_0 (unregistering): left allmulticast mode [ 513.097128][T23451] bridge_slave_0 (unregistering): left promiscuous mode [ 513.114407][T23451] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.295304][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 513.295320][ T30] audit: type=1326 audit(1751569770.589:4022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23431 comm="syz.3.7566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf178e929 code=0x7fc00000 [ 513.443959][T23469] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 513.452883][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 513.548224][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 513.788118][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 513.863009][T23486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7590'. [ 513.887739][T23486] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.967834][ T5881] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 513.976945][T23486] bridge_slave_0 (unregistering): left allmulticast mode [ 513.984562][T23486] bridge_slave_0 (unregistering): left promiscuous mode [ 513.994612][T23486] bridge0: port 1(bridge_slave_0) entered disabled state [ 514.152198][ T5881] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 514.162902][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.178162][ T5881] usb 4-1: Product: syz [ 514.182393][ T5881] usb 4-1: Manufacturer: syz [ 514.187006][ T5881] usb 4-1: SerialNumber: syz [ 514.215725][ T5881] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 514.244588][T22333] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 514.588538][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 514.889533][ T5928] usb 4-1: USB disconnect, device number 58 [ 515.551929][T22333] usb 4-1: Service connection timeout for: 256 [ 515.578351][T22333] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 515.598775][T22333] ath9k_htc: Failed to initialize the device [ 515.605112][ T5928] usb 4-1: ath9k_htc: USB layer deinitialized [ 515.627932][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 516.031051][ T5928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 516.323161][T23562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7621'. [ 516.421624][T23562] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.632364][T23562] bridge_slave_0 (unregistering): left promiscuous mode [ 516.657091][T23562] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.688003][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 516.696211][ T5928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 516.718119][ T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 516.944746][T23572] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 517.308480][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 517.453777][T23589] tap0: tun_chr_ioctl cmd 1074025677 [ 517.459710][T23589] tap0: linktype set to 270 [ 517.727925][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 517.909336][T23606] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.7644'. [ 518.042194][ T30] audit: type=1400 audit(1751569776.321:4023): lsm=SMACK fn=smack_key_permission action=denied subject="w" object="_" requested=w pid=23607 comm="syz.2.7646" key_serial=733964301 key_desc="_uid_ses.0" [ 518.253533][T23614] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 518.262995][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.112705][ T30] audit: type=1800 audit(1751569778.401:4024): pid=23679 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.7676" name="nullb0" dev="devtmpfs" ino=4201 res=0 errno=0 [ 520.278655][ T30] audit: type=1326 audit(1751569778.571:4025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23648 comm="syz.6.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65bcb8e929 code=0x7fc00000 [ 520.838226][T22333] net_ratelimit: 6 callbacks suppressed [ 520.838245][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 521.128024][ T24] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 521.329798][ T24] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 521.356146][ T24] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 521.395939][ T24] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 521.424846][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.453946][T23714] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 521.482678][ T24] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 521.738456][ T24] usb 6-1: USB disconnect, device number 9 [ 521.868097][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 522.108279][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 522.849941][T23777] bond0: entered promiscuous mode [ 522.867731][T23777] bond_slave_0: entered promiscuous mode [ 522.873630][T23777] bond_slave_1: entered promiscuous mode [ 522.910050][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 522.983453][T23777] bond0: left promiscuous mode [ 522.989340][T23777] bond_slave_0: left promiscuous mode [ 523.012065][T23777] bond_slave_1: left promiscuous mode [ 523.092569][T23784] tap0: tun_chr_ioctl cmd 2147767506 [ 523.541801][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 523.951703][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 524.806734][T23836] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7747'. [ 524.991870][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 525.149426][ T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.028234][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.268102][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.461309][ T5836] Bluetooth: hci1: link tx timeout [ 526.466979][ T5836] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 526.477119][ T5836] Bluetooth: hci1: link tx timeout [ 526.483646][ T5836] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 526.531710][T23879] netlink: 52 bytes leftover after parsing attributes in process `syz.2.7766'. [ 526.540969][T23879] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7766'. [ 527.068160][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 527.188846][T23896] syz.3.7773: attempt to access beyond end of device [ 527.188846][T23896] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 527.258046][T23896] syz.3.7773: attempt to access beyond end of device [ 527.258046][T23896] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 527.327824][T23896] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 527.348567][T23896] syz.3.7773: attempt to access beyond end of device [ 527.348567][T23896] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 527.387885][T23896] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 527.419197][T23896] syz.3.7773: attempt to access beyond end of device [ 527.419197][T23896] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 527.442605][T23896] syz.3.7773: attempt to access beyond end of device [ 527.442605][T23896] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 527.508117][T23896] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 527.538313][T23896] syz.3.7773: attempt to access beyond end of device [ 527.538313][T23896] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 527.600381][T23896] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 527.608537][T23907] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7779'. [ 527.620676][T23896] syz.3.7773: attempt to access beyond end of device [ 527.620676][T23896] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 527.639382][T23896] syz.3.7773: attempt to access beyond end of device [ 527.639382][T23896] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 527.661153][T23896] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 527.684546][T23896] syz.3.7773: attempt to access beyond end of device [ 527.684546][T23896] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 527.732666][T23896] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 527.746618][T23896] syz.3.7773: attempt to access beyond end of device [ 527.746618][T23896] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 527.787959][T23896] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 527.798045][T23896] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 527.807560][T23896] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 528.108206][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 528.516293][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 529.148603][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.308249][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.723193][T23992] vivid-000: ================= START STATUS ================= [ 529.758374][T23992] vivid-000: Test Pattern: 75% Colorbar [ 529.764358][T23992] vivid-000: Fill Percentage of Frame: 100 [ 529.798600][T23992] vivid-000: Horizontal Movement: No Movement [ 529.812000][T23992] vivid-000: Vertical Movement: No Movement [ 529.828342][T22333] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 529.836041][T23992] vivid-000: OSD Text Mode: All [ 529.858148][T23992] vivid-000: Show Border: false [ 529.863086][T23992] vivid-000: Show Square: false [ 529.886282][T23992] vivid-000: Sensor Flipped Horizontally: false [ 529.900162][T23992] vivid-000: Sensor Flipped Vertically: false [ 529.922277][T23992] vivid-000: Insert SAV Code in Image: false [ 529.945109][T23992] vivid-000: Insert EAV Code in Image: false [ 529.968569][T23992] vivid-000: Insert Video Guard Band: false [ 529.995028][T22333] usb 3-1: Using ep0 maxpacket: 16 [ 530.004614][T23992] vivid-000: Reduced Framerate: false [ 530.018693][T22333] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.038702][T23992] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 530.053453][T22333] usb 3-1: config 0 interface 0 has no altsetting 0 [ 530.072372][T22333] usb 3-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 530.087873][T23992] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 530.110692][ T5928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.112735][T22333] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.127810][T23992] vivid-000: Enable Capture Cropping: true grabbed [ 530.162223][T23992] vivid-000: Enable Capture Composing: true grabbed [ 530.163120][T22333] usb 3-1: config 0 descriptor?? [ 530.189596][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.202590][T23992] vivid-000: Enable Capture Scaler: true grabbed [ 530.222119][T23992] vivid-000: Timestamp Source: Start of Exposure [ 530.249163][T23992] vivid-000: Colorspace: SMPTE 170M [ 530.271650][T23992] vivid-000: Transfer Function: Default [ 530.305399][T23992] vivid-000: Y'CbCr Encoding: Default [ 530.329383][T23992] vivid-000: HSV Encoding: Hue 0-179 [ 530.334967][T23992] vivid-000: Quantization: Default [ 530.345116][T23992] vivid-000: Apply Alpha To Red Only: false [ 530.355704][T23992] vivid-000: Standard Aspect Ratio: 4x3 [ 530.375570][T23992] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 530.414028][T23992] vivid-000: DV Timings: 640x480p59 inactive [ 530.432091][T23992] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 530.457636][T23992] vivid-000: Maximum EDID Blocks: 2 [ 530.477172][T23992] vivid-000: Limited RGB Range (16-235): true [ 530.484391][T24006] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.487442][T23992] vivid-000: Rx RGB Quantization Range: [ 530.492874][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.497524][T23992] Automatic [ 530.525012][T23992] vivid-000: Power Present: 0x00000001 [ 530.530966][T23992] tpg source WxH: 720x576 (Y'CbCr) [ 530.536186][T23992] tpg field: 4 [ 530.564442][T23992] tpg crop: (0,0)/720x16 [ 530.588614][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 530.595035][T23992] tpg compose: (0,0)/720x64 [ 530.618010][T23992] tpg colorspace: 1 [ 530.621860][T23992] tpg transfer function: 0/1 [ 530.627892][T23992] tpg Y'CbCr encoding: 0/1 [ 530.639420][T23992] tpg quantization: 0/2 [ 530.663417][T23992] tpg RGB range: 0/1 [ 530.672600][T22333] logitech-djreceiver 0003:046D:C71B.0080: hidraw0: USB HID v0.05 Device [HID 046d:c71b] on usb-dummy_hcd.2-1/input0 [ 530.687260][T23992] vivid-000: ================== END STATUS ================== [ 531.047649][T22333] usb 3-1: USB disconnect, device number 56 [ 531.228087][ T5881] net_ratelimit: 1 callbacks suppressed [ 531.228111][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 531.347380][T24036] openvswitch: netlink: IP tunnel TTL not specified. [ 531.425471][T24039] netlink: 68 bytes leftover after parsing attributes in process `syz.5.7839'. [ 532.156656][T24080] netlink: 'syz.6.7858': attribute type 1 has an invalid length. [ 532.177040][T24080] netlink: 172 bytes leftover after parsing attributes in process `syz.6.7858'. [ 532.278605][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.360541][ T5928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.618951][T24102] netlink: 24 bytes leftover after parsing attributes in process `syz.5.7868'. [ 532.945940][T24120] netlink: 'syz.2.7876': attribute type 4 has an invalid length. [ 533.287964][ T24] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 533.308079][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 533.424768][T24150] netlink: 76 bytes leftover after parsing attributes in process `syz.2.7892'. [ 533.438066][T24150] nbd: illegal input index -65456 [ 533.458741][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 533.468749][ T24] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 533.484677][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.515864][ T24] usb 4-1: config 0 descriptor?? [ 533.747513][ T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 533.768322][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 533.789494][ T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 533.789717][T22333] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 533.798688][ T24] usb 4-1: media controller created [ 533.819837][T24168] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7901'. [ 533.854142][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 533.915666][T24170] loop8: detected capacity change from 0 to 1 [ 533.946273][T24170] Dev loop8: unable to read RDB block 1 [ 533.954298][T24124] az6027: more than 2 i2c messages at a time is not handled yet. TODO. [ 533.959384][T24172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7903'. [ 533.968089][T24170] loop8: unable to read partition table [ 533.972744][T22333] usb 6-1: Using ep0 maxpacket: 32 [ 533.977436][T24170] loop8: partition table beyond EOD, [ 533.984830][ T24] az6027: usb out operation failed. (-71) [ 533.993928][T22333] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 533.997357][T24170] truncated [ 534.009178][ T24] az6027: usb out operation failed. (-71) [ 534.012536][T22333] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.015982][ T24] stb0899_attach: Driver disabled by Kconfig [ 534.032038][T22333] usb 6-1: config 0 descriptor?? [ 534.037764][T24170] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 534.060067][ T24] az6027: no front-end attached [ 534.060067][ T24] [ 534.067414][ T24] az6027: usb out operation failed. (-71) [ 534.087817][ T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 534.097401][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input50 [ 534.130040][ T24] dvb-usb: schedule remote query interval to 400 msecs. [ 534.152434][ T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 534.203622][ T24] usb 4-1: USB disconnect, device number 59 [ 534.250460][T22333] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 534.268782][T22333] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 534.290301][T22333] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 534.308208][T22333] usb 6-1: media controller created [ 534.347976][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 534.367477][ T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 534.387460][T22333] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 534.456991][T22333] az6027: usb out operation failed. (-71) [ 534.473124][T22333] az6027: usb out operation failed. (-71) [ 534.483964][T22333] stb0899_attach: Driver disabled by Kconfig [ 534.492960][T22333] az6027: no front-end attached [ 534.492960][T22333] [ 534.515770][T22333] az6027: usb out operation failed. (-71) [ 534.525205][T22333] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 534.544969][T22333] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input51 [ 534.584981][T22333] dvb-usb: schedule remote query interval to 400 msecs. [ 534.598230][T22333] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 534.643986][T22333] usb 6-1: USB disconnect, device number 10 [ 534.864331][T22333] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 535.218337][T24219] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 535.306423][T24221] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 535.327840][T24221] syzkaller0: linktype set to 780 [ 535.388269][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 535.396462][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 535.893877][T24254] sp0: Synchronizing with TNC [ 536.073642][T24261] vxcan0: tx address claim with dlc 0 [ 536.428315][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 536.448856][T24284] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7956'. [ 537.476878][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 538.438409][ T5928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 538.507970][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.553556][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.629523][T24417] netlink: 56 bytes leftover after parsing attributes in process `syz.5.8013'. [ 540.348379][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 540.459934][T24431] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 540.588035][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 540.910902][ T24] kernel write not supported for file /vcsa1 (pid: 24 comm: kworker/1:0) [ 541.161689][T24464] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8033'. [ 541.183026][T24464] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8033'. [ 541.242481][T24465] sctp: [Deprecated]: syz.0.8032 (pid 24465) Use of int in maxseg socket option. [ 541.242481][T24465] Use struct sctp_assoc_value instead [ 541.328168][ T1211] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 541.467992][ T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 541.494426][ T1211] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 541.523341][ T1211] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 541.553692][ T1211] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 541.582771][ T1211] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=4d.40 [ 541.592485][ T1211] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.611762][ T1211] usb 6-1: Product: syz [ 541.620580][ T1211] usb 6-1: Manufacturer: syz [ 541.628367][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 541.639996][ T1211] usb 6-1: SerialNumber: syz [ 541.662416][T24458] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 541.911355][T24486] ALSA: mixer_oss: invalid OSS volume '' [ 542.487441][ T1211] cdc_ncm 6-1:1.0: SET_CRC_MODE failed [ 542.516745][ T1211] cdc_ncm 6-1:1.0: bind() failure [ 542.534720][ T1211] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 542.554733][ T1211] cdc_ncm 6-1:1.1: bind() failure [ 542.575147][ T1211] usb 6-1: USB disconnect, device number 11 [ 542.686782][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 543.358069][T24510] sctp: [Deprecated]: syz.0.8053 (pid 24510) Use of int in maxseg socket option. [ 543.358069][T24510] Use struct sctp_assoc_value instead [ 543.708756][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 543.934909][T24540] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8066'. [ 543.967457][T24546] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 543.985094][T24545] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.8068'. [ 544.507951][ T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 544.526697][T24365] Set syz1 is full, maxelem 65536 reached [ 544.664959][T24572] bridge0: port 2(bridge_slave_1) entered forwarding state [ 544.748431][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 544.966053][T24593] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 545.011669][T24596] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.019797][T24594] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 545.037759][ T24] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 545.085261][T24596] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.203002][ T30] audit: type=1800 audit(1751569804.489:4026): pid=24607 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.8098" name="[kvm-gmem]" dev="anon_inodefs" ino=78558 res=0 errno=0 [ 545.233240][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 545.263318][ T24] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 545.278222][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.299250][ T24] usb 3-1: config 0 descriptor?? [ 545.418946][T24613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8101'. [ 545.724708][ T24] koneplus 0003:1E7D:2E22.0081: hidraw0: USB HID vff.fe Device [HID 1e7d:2e22] on usb-dummy_hcd.2-1/input0 [ 545.741236][ T979] usb 6-1: new full-speed USB device number 12 using dummy_hcd [ 545.872599][ T30] audit: type=1326 audit(1751569805.169:4027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24631 comm="syz.0.8109" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7facff18e929 code=0x0 [ 545.912009][ T979] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 545.922567][ T979] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 545.938561][ T979] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 545.951034][ T979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.962660][ T979] usb 6-1: config 0 descriptor?? [ 545.971294][ T979] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 545.978040][ T979] dvb-usb: bulk message failed: -22 (3/0) [ 545.987049][ T979] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 546.006676][ T979] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 546.013992][ T979] usb 6-1: media controller created [ 546.022486][ T979] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 546.040202][ T979] dvb-usb: bulk message failed: -22 (6/0) [ 546.046035][ T979] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 546.057331][ T979] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input52 [ 546.071501][ T979] dvb-usb: schedule remote query interval to 150 msecs. [ 546.079784][ T979] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 546.152456][ T1211] usb 3-1: USB disconnect, device number 57 [ 546.189676][T24619] dvb-usb: bulk message failed: -22 (2/0) [ 546.196962][ T5881] usb 6-1: USB disconnect, device number 12 [ 546.224754][ T5881] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 546.350004][T24651] netlink: 'syz.6.8113': attribute type 2 has an invalid length. [ 546.358330][T24651] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8113'. [ 546.480506][T24655] debugfs: Directory 'ptm0' with parent 'caif_serial' already present! [ 546.670018][T24664] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.8119'. [ 546.782323][T24667] net_ratelimit: 6 callbacks suppressed [ 546.782342][T24667] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 546.844422][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 547.004613][T24682] netlink: 212296 bytes leftover after parsing attributes in process `syz.0.8128'. [ 547.098213][T22333] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 547.277773][T22333] usb 3-1: Using ep0 maxpacket: 32 [ 547.303670][T22333] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 547.320964][T22333] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.341669][T22333] usb 3-1: config 0 descriptor?? [ 547.548089][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 547.572091][T22333] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 547.594359][T22333] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 547.615940][T22333] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 547.634151][T22333] usb 3-1: media controller created [ 547.673200][T22333] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 547.773043][T24671] az6027: more than 2 i2c messages at a time is not handled yet. TODO. [ 547.782828][T22333] az6027: usb out operation failed. (-71) [ 547.802427][T22333] az6027: usb out operation failed. (-71) [ 547.810255][T22333] stb0899_attach: Driver disabled by Kconfig [ 547.817260][T22333] az6027: no front-end attached [ 547.817260][T22333] [ 547.834932][T22333] az6027: usb out operation failed. (-71) [ 547.857800][T22333] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 547.868345][ T1211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 547.891192][T22333] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input53 [ 547.904217][T22333] dvb-usb: schedule remote query interval to 400 msecs. [ 547.915537][T22333] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 547.942705][T22333] usb 3-1: USB disconnect, device number 58 [ 547.977349][T24724] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 548.082052][T22333] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 548.781944][T24755] syzkaller1: tun_chr_ioctl cmd 35108 [ 548.908171][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 549.191453][T24783] netlink: 146840 bytes leftover after parsing attributes in process `syz.3.8176'. [ 549.297927][ T24] usb 6-1: new full-speed USB device number 13 using dummy_hcd [ 549.398369][T24791] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8180'. [ 549.469506][ T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 549.494784][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 549.522965][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 549.554780][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 549.583888][ T24] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 549.603757][ T24] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 549.614090][ T24] usb 6-1: Manufacturer: syz [ 549.634693][ T24] usb 6-1: config 0 descriptor?? [ 549.941278][T24820] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 549.949810][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 549.965623][ T5928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 549.977759][ T24] rc_core: IR keymap rc-hauppauge not found [ 549.986902][ T24] Registered IR keymap rc-empty [ 550.006063][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.038319][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.055954][T24776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 550.065273][T24776] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 550.081105][ T24] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 550.112852][ T24] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input54 [ 550.132013][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.161791][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.200163][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.224331][T24829] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8197'. [ 550.234687][T24829] bridge0: port 2(bridge_slave_1) entered disabled state [ 550.248274][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.261935][T24829] bridge0: port 2(bridge_slave_1) entered disabled state [ 550.278593][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.318086][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.357826][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.389392][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.418174][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.449266][ T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 550.483224][ T24] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 550.498986][ T24] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 550.534114][ T24] usb 6-1: USB disconnect, device number 13 [ 550.591901][ T5932] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.989638][T22333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 551.149804][T24861] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 551.273328][T24869] netlink: 'syz.3.8213': attribute type 1 has an invalid length. [ 551.298200][T24869] netlink: 'syz.3.8213': attribute type 3 has an invalid length. [ 551.313847][T24869] netlink: 216 bytes leftover after parsing attributes in process `syz.3.8213'. [ 551.325948][T24869] NCSI netlink: No device for ifindex 813332851 [ 551.334609][T24874] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8215'. [ 551.348012][T24872] tap0: tun_chr_ioctl cmd 1074025677 [ 551.353478][T24872] tap0: linktype set to 6 [ 551.396300][T24874] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8215'. [ 656.727634][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 656.734652][ C1] rcu: 0-...!: (1 GPs behind) idle=065c/1/0x4000000000000000 softirq=108898/108899 fqs=2 [ 656.745599][ C1] rcu: (detected by 1, t=10506 jiffies, g=96861, q=466 ncpus=2) [ 656.753349][ C1] Sending NMI from CPU 1 to CPUs 0: [ 656.753381][ C0] NMI backtrace for cpu 0 [ 656.753408][ C0] CPU: 0 UID: 0 PID: 24637 Comm: kworker/u8:10 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 656.753427][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 656.753438][ C0] Workqueue: bat_events batadv_nc_worker [ 656.753465][ C0] RIP: 0010:debug_object_activate+0x38/0x420 [ 656.753483][ C0] Code: 48 83 ec 48 49 89 f6 48 89 fb 65 48 8b 05 10 ea d8 0d 48 89 44 24 40 48 8d 7c 24 18 31 ed ba 10 00 00 00 31 f6 e8 48 d2 60 fd <48> c7 44 24 28 05 00 00 00 48 89 5c 24 30 4c 89 74 24 38 80 3d f6 [ 656.753495][ C0] RSP: 0018:ffffc90000007c88 EFLAGS: 00000046 [ 656.753507][ C0] RAX: ffffc90000007ca0 RBX: ffff88801a4a7340 RCX: 0000000000000000 [ 656.753518][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90000007cb0 [ 656.753527][ C0] RBP: 0000000000000000 R08: ffffc90000007caf R09: 0000000000000000 [ 656.753536][ C0] R10: ffffc90000007ca0 R11: fffff52000000f96 R12: dffffc0000000000 [ 656.753548][ C0] R13: dffffc0000000000 R14: ffffffff8b8cf3c0 R15: ffff8880b8627cc0 [ 656.753559][ C0] FS: 0000000000000000(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000 [ 656.753571][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 656.753581][ C0] CR2: 0000555589167808 CR3: 000000005b51e000 CR4: 00000000003526f0 [ 656.753594][ C0] Call Trace: [ 656.753603][ C0] [ 656.753611][ C0] ? _raw_spin_lock_irq+0xae/0xf0 [ 656.753631][ C0] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 656.753651][ C0] enqueue_hrtimer+0x30/0x3a0 [ 656.753676][ C0] __hrtimer_run_queues+0x656/0xc60 [ 656.753706][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 656.753725][ C0] ? read_tsc+0x9/0x20 [ 656.753747][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 656.753781][ C0] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 656.753804][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 656.753825][ C0] [ 656.753829][ C0] [ 656.753835][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 656.753855][ C0] RIP: 0010:kasan_byte_accessible+0x1b/0x30 [ 656.753876][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df 0f b6 04 07 3c 08 0f 92 c0 cc cc cc cc cc 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 656.753888][ C0] RSP: 0018:ffffc900033f78f0 EFLAGS: 00000293 [ 656.753900][ C0] RAX: 0000000000000001 RBX: ffffffff8b2e22cb RCX: 3bd84c613a24b900 [ 656.753910][ C0] RDX: 0000000000000000 RSI: ffffffff8b2e22cb RDI: 1ffffffff1c27dc4 [ 656.753920][ C0] RBP: ffffffff8b2e22aa R08: 0000000000000000 R09: 0000000000000000 [ 656.753929][ C0] R10: dffffc0000000000 R11: fffffbfff1f3fc1f R12: 0000000000000002 [ 656.753940][ C0] R13: ffffffff8e13ee20 R14: ffffffff8e13ee20 R15: 0000000000000000 [ 656.753952][ C0] ? batadv_nc_process_nc_paths+0xba/0x3a0 [ 656.753971][ C0] ? batadv_nc_process_nc_paths+0xdb/0x3a0 [ 656.753993][ C0] ? batadv_nc_process_nc_paths+0xdb/0x3a0 [ 656.754014][ C0] __kasan_check_byte+0x12/0x40 [ 656.754032][ C0] lock_acquire+0x8d/0x360 [ 656.754053][ C0] ? batadv_nc_process_nc_paths+0xba/0x3a0 [ 656.754072][ C0] ? __pfx_batadv_nc_sniffed_purge+0x10/0x10 [ 656.754093][ C0] batadv_nc_process_nc_paths+0xdb/0x3a0 [ 656.754112][ C0] ? batadv_nc_process_nc_paths+0xba/0x3a0 [ 656.754133][ C0] ? batadv_nc_process_nc_paths+0xba/0x3a0 [ 656.754154][ C0] batadv_nc_worker+0x52b/0x610 [ 656.754173][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 656.754195][ C0] process_scheduled_works+0xae1/0x17b0 [ 656.754230][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 656.754259][ C0] worker_thread+0x8a0/0xda0 [ 656.754293][ C0] kthread+0x711/0x8a0 [ 656.754310][ C0] ? __pfx_worker_thread+0x10/0x10 [ 656.754330][ C0] ? __pfx_kthread+0x10/0x10 [ 656.754345][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 656.754363][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 656.754382][ C0] ? __pfx_kthread+0x10/0x10 [ 656.754397][ C0] ret_from_fork+0x3fc/0x770 [ 656.754417][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 656.754439][ C0] ? __switch_to_asm+0x39/0x70 [ 656.754452][ C0] ? __switch_to_asm+0x33/0x70 [ 656.754465][ C0] ? __pfx_kthread+0x10/0x10 [ 656.754479][ C0] ret_from_fork_asm+0x1a/0x30 [ 656.754502][ C0] [ 656.755370][ C1] rcu: rcu_preempt kthread starved for 10495 jiffies! g96861 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 657.177500][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 657.187482][ C1] rcu: RCU grace-period kthread stack dump: [ 657.193376][ C1] task:rcu_preempt state:R running task stack:26888 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 657.206900][ C1] Call Trace: [ 657.210195][ C1] [ 657.213141][ C1] __schedule+0x16a2/0x4cb0 [ 657.217674][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 657.222896][ C1] ? schedule+0x165/0x360 [ 657.227248][ C1] ? __lock_acquire+0xab9/0xd20 [ 657.232123][ C1] ? __pfx___schedule+0x10/0x10 [ 657.237008][ C1] ? schedule+0x91/0x360 [ 657.241274][ C1] schedule+0x165/0x360 [ 657.245460][ C1] schedule_timeout+0x12b/0x270 [ 657.250323][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 657.255705][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 657.261632][ C1] ? __pfx_process_timeout+0x10/0x10 [ 657.266966][ C1] ? prepare_to_swait_event+0x341/0x380 [ 657.272538][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 657.277425][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 657.283598][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 657.288903][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 657.294137][ C1] ? finish_swait+0xcd/0x1f0 [ 657.298753][ C1] rcu_gp_kthread+0x99/0x390 [ 657.303360][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 657.308582][ C1] ? __kthread_parkme+0x7b/0x200 [ 657.313546][ C1] ? __kthread_parkme+0x1a1/0x200 [ 657.318624][ C1] kthread+0x711/0x8a0 [ 657.322726][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 657.327950][ C1] ? __pfx_kthread+0x10/0x10 [ 657.332562][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 657.337774][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 657.342986][ C1] ? __pfx_kthread+0x10/0x10 [ 657.347594][ C1] ret_from_fork+0x3fc/0x770 [ 657.352211][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 657.357347][ C1] ? __switch_to_asm+0x39/0x70 [ 657.362130][ C1] ? __switch_to_asm+0x33/0x70 [ 657.366913][ C1] ? __pfx_kthread+0x10/0x10 [ 657.371529][ C1] ret_from_fork_asm+0x1a/0x30 [ 657.376341][ C1] [ 657.379384][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 657.385714][ C1] CPU: 1 UID: 0 PID: 20161 Comm: syz-executor Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 657.397955][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 657.408024][ C1] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0 [ 657.414734][ C1] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 b0 79 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 5b 75 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 40 75 0b [ 657.434368][ C1] RSP: 0018:ffffc9000f667580 EFLAGS: 00000293 [ 657.440457][ C1] RAX: ffffffff81b4d850 RBX: ffff8880b873b040 RCX: ffff88802699da00 [ 657.448453][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 657.456437][ C1] RBP: ffffc9000f6676e0 R08: ffffffff8f9fe0f7 R09: 1ffffffff1f3fc1e [ 657.464419][ C1] R10: dffffc0000000000 R11: fffffbfff1f3fc1f R12: 1ffff110170c835d [ 657.472403][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8641ae8 [ 657.480389][ C1] FS: 000055556533a500(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000 [ 657.489331][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 657.495930][ C1] CR2: 0000001b3181bff8 CR3: 00000000563b2000 CR4: 00000000003526f0 [ 657.503933][ C1] Call Trace: [ 657.507236][ C1] [ 657.510199][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 657.516561][ C1] ? ldt_dup_context+0x336/0x3e0 [ 657.521534][ C1] ? rcu_is_watching+0x15/0xb0 [ 657.526334][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 657.531552][ C1] on_each_cpu_cond_mask+0x3f/0x80 [ 657.536695][ C1] flush_tlb_mm_range+0x6b1/0x12c0 [ 657.541833][ C1] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 657.547407][ C1] ? up_write+0x1c4/0x420 [ 657.551760][ C1] dup_mmap+0x15a0/0x1ac0 [ 657.556122][ C1] ? __pfx_dup_mmap+0x10/0x10 [ 657.560836][ C1] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 657.566763][ C1] ? mm_init+0xccc/0xf20 [ 657.571050][ C1] copy_mm+0x13c/0x4b0 [ 657.575151][ C1] copy_process+0x1706/0x3c00 [ 657.579866][ C1] ? copy_process+0x97f/0x3c00 [ 657.584662][ C1] ? __pfx_copy_process+0x10/0x10 [ 657.589717][ C1] ? __handle_mm_fault+0x1144/0x5620 [ 657.595038][ C1] kernel_clone+0x224/0x7f0 [ 657.599558][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 657.604620][ C1] __x64_sys_clone+0x18b/0x1e0 [ 657.609399][ C1] ? count_memcg_event_mm+0x21/0x260 [ 657.614701][ C1] ? __pfx___x64_sys_clone+0x10/0x10 [ 657.620021][ C1] ? do_user_addr_fault+0xc8a/0x1390 [ 657.625331][ C1] ? do_syscall_64+0xbe/0x3b0 [ 657.630034][ C1] do_syscall_64+0xfa/0x3b0 [ 657.634556][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 657.639768][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.645849][ C1] ? clear_bhb_loop+0x60/0xb0 [ 657.650565][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.656480][ C1] RIP: 0033:0x7f422f585193 [ 657.660933][ C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 657.680654][ C1] RSP: 002b:00007ffe3a39bdc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 657.689364][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f422f585193 [ 657.697355][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 657.705333][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 657.713309][ C1] R10: 000055556533a7d0 R11: 0000000000000246 R12: 0000000000000000 [ 657.721296][ C1] R13: 00000000000927c0 R14: 0000000000086ac0 R15: 00007ffe3a39bf60 [ 657.729305][ C1]