last executing test programs: 6.157449473s ago: executing program 2 (id=41679): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) 4.939958381s ago: executing program 2 (id=41690): sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002e3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d20000000000001a006c540203009f7eae02000000adb20200000000f52c000000cdff00000001020014bb000001000000002300001300030005000020000002"], 0x80}}, 0x0) syz_open_dev$video(&(0x7f0000000300), 0x9, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f00000000c0), 0x2c8, 0x0) 3.931767804s ago: executing program 2 (id=41703): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0xfffffffe, @private1, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000200)={r2, 0x2}, &(0x7f00000002c0)=0x8) 3.329085747s ago: executing program 1 (id=41719): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc) 3.086336579s ago: executing program 1 (id=41722): r0 = socket(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e1f, 0x9, @mcast2, 0x9}, 0x1c) shutdown(r0, 0x1) io_setup(0x101, &(0x7f0000000340)=0x0) io_submit(r1, 0x1, &(0x7f00000008c0)=[&(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x8, r0, 0x0, 0x300, 0x0, 0x0, 0x2}]) 2.851864099s ago: executing program 1 (id=41723): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10) listen(r0, 0xda90) accept4(r0, 0x0, 0x0, 0x0) 2.348102039s ago: executing program 2 (id=41724): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x1c) r2 = add_key$keyring(&(0x7f0000000b40), &(0x7f0000000b80)={'syz', 0x0}, 0x0, 0x0, r0) keyctl$unlink(0x9, r2, r0) 2.001606337s ago: executing program 4 (id=41731): pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RGETLOCK(r1, &(0x7f0000000100)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) fcntl$setstatus(r2, 0x4, 0x2200) splice(r0, 0x0, r3, 0x0, 0x5, 0x4) 1.862129534s ago: executing program 1 (id=41734): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x2, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x800c, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8000, 0x0, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0xe, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x199d, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x9, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x2fcd0, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x8, 0x800, 0xffff, 0x6, 0x96, 0xfbfffff9, 0x2, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x6, 0xe, 0x5, 0x7, 0x6, 0x2, 0x2, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x7, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x5, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x101, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x44, 0x409, 0x3, 0x4, 0x4, 0x10, 0x4, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) readv(r0, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x18}], 0x1) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) 1.808552911s ago: executing program 2 (id=41735): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) listen(r1, 0x3) 1.61098309s ago: executing program 1 (id=41739): r0 = io_uring_setup(0x1684, &(0x7f0000000200)={0x0, 0x3a2b, 0x8, 0x4, 0x2}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a00)=[{0x0}], 0x0, 0x1}, 0x20) 1.503274898s ago: executing program 1 (id=41742): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000003880), 0x4, 0x2) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000004e40)={0xfb, 0x11, 0x0, 0x2ff, "4d512c91002a4950676142687108dcd3f82acf5a895bd90fca2bb40bb4fbf29c"}) 1.370741519s ago: executing program 0 (id=41744): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000580), 0xaad80) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00'}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40045304, &(0x7f0000000100)={{}, {0x0, 0x3}, 0x2}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000240)={0x0, 0x9, 0x7, {0x6}, 0xa}) 1.360635318s ago: executing program 2 (id=41745): madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x17) r0 = syz_usb_connect$midi(0x3, 0x31, &(0x7f0000000200)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x582, 0x16, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1f, 0x1, 0x1, 0x45, 0x60, 0x81, "", {{{0x9, 0x4, 0x0, 0x0, 0x1, 0x1, 0x3, 0x30, 0x9, [], [{{0x9, 0x5, 0xb, 0x4, 0x400, 0x8, 0x7, 0x5, {0x4}}}]}}}}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000800)={0x2c, 0x0, &(0x7f0000000600)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$printer(r0, &(0x7f0000001580)={0x14, 0x0, &(0x7f0000001540)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x500a}}}, 0x0) syz_usb_control_io$uac2(r0, 0x0, 0x0) 1.305949065s ago: executing program 3 (id=41746): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$tun(r0, &(0x7f0000000280)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x6, 0x4, 0x0, 0x3c, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @broadcast, {[@timestamp={0x44, 0x4, 0xf4, 0x0, 0x1}]}}, {{0xa200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0x3a) 1.292980754s ago: executing program 0 (id=41747): syz_open_dev$midi(&(0x7f00000004c0), 0x2, 0x800) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x2000000b}) 1.196521689s ago: executing program 0 (id=41748): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d04, 0xec000000, 0x20000000cd}]}) 1.142849941s ago: executing program 3 (id=41749): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x1, 0x2, 0x4, 0x3, 0xff, 0x1, 0x4, 0xb6, 0x4, 0x2, 0x2, 0x65, 0xf1}, 0xe) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000080)={r1, 0x8, 0xc, 0xffffffff}, 0x10) 1.096899622s ago: executing program 4 (id=41750): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f00000003c0)=0xfffffffffffffffc, 0x12) mkdirat$cgroup(r0, &(0x7f0000000280)='syz1\x00', 0x1ff) 1.054154192s ago: executing program 3 (id=41751): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15) 1.032705912s ago: executing program 0 (id=41752): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000440)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}, 0x80, r2}) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000140)={@loopback, 0x80, r2}) 1.031547436s ago: executing program 4 (id=41753): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) 948.847769ms ago: executing program 0 (id=41754): r0 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCMIWAIT(r1, 0x545c, 0x2000000) 880.192156ms ago: executing program 3 (id=41755): r0 = landlock_create_ruleset(&(0x7f00000000c0)={0x100, 0x1, 0x2}, 0x18, 0x0) landlock_restrict_self(r0, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') fchdir(r1) creat(&(0x7f0000000300)='./bus\x00', 0x0) 806.160157ms ago: executing program 3 (id=41756): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x4}, 0x8) sendto$inet6(r0, &(0x7f00000005c0)="f5", 0x1, 0x80c0, &(0x7f0000000240)={0xa, 0x4e20, 0xffbffffc, @rand_addr=' \x01\x00'}, 0x1c) connect$inet6(r0, &(0x7f0000001880)={0xa, 0x0, 0x9, @private0, 0x1}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x0, 0xa00}, 0x8) 713.180425ms ago: executing program 3 (id=41757): r0 = msgget$private(0x0, 0x1c0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="03"], 0xb7, 0x0) msgsnd(r0, &(0x7f0000000080)=ANY=[@ANYRES8], 0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x5, 0xe8}) 613.766614ms ago: executing program 4 (id=41758): r0 = userfaultfd(0x801) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000480)={0x1d, r2}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 572.870629ms ago: executing program 4 (id=41759): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f000000f000/0x2000)=nil}) socketpair$unix(0x1, 0x3, 0x0, 0x0) 220.826742ms ago: executing program 4 (id=41760): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80003, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_prio={{0x9}, {0xff82, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) recvmmsg(r0, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f00000076c0)=[{&(0x7f0000004b00)=""/59, 0x3b}, {&(0x7f0000004b40)=""/4096, 0x1000}], 0x2}, 0x6}], 0x1, 0x2, 0x0) 0s ago: executing program 0 (id=41761): r0 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98) fcntl$setlease(r0, 0x400, 0x1) creat(&(0x7f0000000080)='./file0\x00', 0x195) open(&(0x7f0000000040)='./file0\x00', 0x109200, 0x25) fcntl$setlease(r0, 0x400, 0x2) kernel console output (not intermixed with test programs): sb 5-1: Product: syz [ 2169.941688][T18134] usb 5-1: Manufacturer: syz [ 2169.946308][T18134] usb 5-1: SerialNumber: syz [ 2169.971330][T18134] usb 5-1: config 0 descriptor?? [ 2169.985016][T18134] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 2170.809348][T18134] usb 5-1: USB disconnect, device number 5 [ 2171.475128][ T29] audit: type=1326 audit(1776599643.009:2052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1304 comm="syz.0.38782" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7ffc0000 [ 2171.500666][ T29] audit: type=1326 audit(1776599643.039:2053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1304 comm="syz.0.38782" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7ffc0000 [ 2171.881495][ T1331] netlink: 12 bytes leftover after parsing attributes in process `syz.4.38793'. [ 2171.899468][ T1331] netlink: 20 bytes leftover after parsing attributes in process `syz.4.38793'. [ 2172.544352][ T1353] ptrace attach of "./syz-executor exec"[19693] was attempted by "./syz-executor exec"[1353] [ 2172.644241][ T1364] netlink: 16 bytes leftover after parsing attributes in process `syz.0.38803'. [ 2172.797690][T27041] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 2172.952403][T27041] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 2172.963582][T27041] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2172.973909][T27041] usb 5-1: Product: syz [ 2172.980306][T27041] usb 5-1: Manufacturer: syz [ 2172.985606][T27041] usb 5-1: SerialNumber: syz [ 2172.995836][T27041] usb 5-1: config 0 descriptor?? [ 2173.012846][T27041] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 006 [ 2173.177008][ T1392] tipc: Enabling of bearer rejected, failed to enable media [ 2173.415521][T27041] (null): failure reading functionality [ 2173.429690][T27041] i2c i2c-2: connected i2c-tiny-usb device [ 2173.475283][ T1411] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 2173.494577][ T1411] bond0 (unregistering): Released all slaves [ 2173.651000][T18134] usb 5-1: USB disconnect, device number 6 [ 2174.777743][T27041] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 2174.947577][T27041] usb 5-1: Using ep0 maxpacket: 16 [ 2174.962757][T27041] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2174.975445][T27041] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 2174.985068][T27041] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2174.993374][ T1101] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 2175.009244][T27041] usb 5-1: config 0 descriptor?? [ 2175.147444][ T1101] usb 2-1: Using ep0 maxpacket: 16 [ 2175.154932][ T1101] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2175.176599][ T1101] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2175.189026][ T1101] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2175.207781][ T1101] usb 2-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00 [ 2175.217148][ T1101] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2175.248351][ T1101] usb 2-1: config 0 descriptor?? [ 2175.353025][ T1561] netlink: 4 bytes leftover after parsing attributes in process `syz.2.38843'. [ 2175.364842][ T1561] netlink: 4 bytes leftover after parsing attributes in process `syz.2.38843'. [ 2175.441751][T27041] mcp2221 0003:04D8:00DD.00A9: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 2175.678763][ T1101] a4tech 0003:09DA:000A.00AA: unknown main item tag 0x0 [ 2175.685857][ T1101] a4tech 0003:09DA:000A.00AA: unknown main item tag 0x0 [ 2175.699288][ T1101] a4tech 0003:09DA:000A.00AA: unknown main item tag 0x0 [ 2175.706346][ T1101] a4tech 0003:09DA:000A.00AA: unknown main item tag 0x0 [ 2175.714570][ T1101] a4tech 0003:09DA:000A.00AA: unknown main item tag 0x0 [ 2175.722139][ T1101] a4tech 0003:09DA:000A.00AA: unknown main item tag 0x0 [ 2175.729802][ T1101] a4tech 0003:09DA:000A.00AA: unknown main item tag 0x0 [ 2175.736819][ T1101] a4tech 0003:09DA:000A.00AA: collection stack underflow [ 2175.745133][ T1101] a4tech 0003:09DA:000A.00AA: item 0 0 0 12 parsing failed [ 2175.752695][ C0] ip6_tunnel: ip6tnl10 xmit: Local address not yet configured! [ 2175.764392][ T1101] a4tech 0003:09DA:000A.00AA: parse failed [ 2175.770557][ T1101] a4tech 0003:09DA:000A.00AA: probe with driver a4tech failed with error -22 [ 2175.871628][T18135] usb 5-1: USB disconnect, device number 7 [ 2175.959198][ T1101] usb 2-1: USB disconnect, device number 13 [ 2176.432672][ T1643] netlink: 64 bytes leftover after parsing attributes in process `syz.3.38860'. [ 2176.704553][ T1661] input: syz0 as /devices/virtual/input/input285 [ 2176.808521][ T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 2177.001589][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2177.013425][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 2177.026860][ T24] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 2177.041839][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 2177.051389][ T24] usb 2-1: SerialNumber: syz [ 2177.292632][ T24] usb 2-1: 0:2 : does not exist [ 2177.355068][ T24] usb 2-1: USB disconnect, device number 14 [ 2177.408545][ T7623] udevd[7623]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 2178.305777][ T1759] vlan2: entered allmulticast mode [ 2178.313999][ T1759] veth0_to_bond: entered allmulticast mode [ 2178.497706][T18135] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 2178.647375][T18135] usb 5-1: Using ep0 maxpacket: 32 [ 2178.651910][ T1785] netlink: 8 bytes leftover after parsing attributes in process `syz.2.38896'. [ 2178.667120][T18135] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 2178.705767][T18135] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2178.741674][T18135] usb 5-1: Product: syz [ 2178.755326][T18135] usb 5-1: Manufacturer: syz [ 2178.767420][T18135] usb 5-1: SerialNumber: syz [ 2178.780086][T18135] usb 5-1: config 0 descriptor?? [ 2178.796729][T18135] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 2178.944100][ T1811] netlink: 92 bytes leftover after parsing attributes in process `syz.3.38911'. [ 2179.605025][T18135] gspca_ov534_9: reg_w failed -71 [ 2179.621607][ T1851] netlink: 'syz.3.38924': attribute type 2 has an invalid length. [ 2179.648666][ T1851] !: entered promiscuous mode [ 2179.656525][ T1851] netlink: 'syz.3.38924': attribute type 2 has an invalid length. [ 2179.666013][ T1851] !: left promiscuous mode [ 2179.907477][T18135] gspca_ov534_9: Unknown sensor 0000 [ 2179.907573][T18135] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22 [ 2179.944692][T18135] usb 5-1: USB disconnect, device number 8 [ 2180.003569][ T1878] netlink: 424 bytes leftover after parsing attributes in process `syz.1.38932'. [ 2180.013135][ T1878] sch_tbf: burst 0 is lower than device lo mtu (1294) ! [ 2180.269971][ T1895] netlink: 'syz.4.38939': attribute type 4 has an invalid length. [ 2180.329698][ T1899] netlink: 8 bytes leftover after parsing attributes in process `syz.3.38941'. [ 2180.341816][ T1899] netlink: 8 bytes leftover after parsing attributes in process `syz.3.38941'. [ 2180.646316][ T1919] netlink: 12 bytes leftover after parsing attributes in process `syz.4.38949'. [ 2180.661651][ T1919] netem: incorrect gi model size [ 2180.670116][ T1919] netem: change failed [ 2181.507576][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 2182.298964][ T29] kauditd_printk_skb: 15 callbacks suppressed [ 2182.298981][ T29] audit: type=1326 audit(1776599653.839:2069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1991 comm="syz.3.38974" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2182.331943][ T29] audit: type=1326 audit(1776599653.839:2070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1991 comm="syz.3.38974" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2182.358184][ T29] audit: type=1326 audit(1776599653.869:2071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1991 comm="syz.3.38974" exe="/root/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2182.380933][ T29] audit: type=1326 audit(1776599653.869:2072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1991 comm="syz.3.38974" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2182.415555][ T29] audit: type=1326 audit(1776599653.869:2073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1991 comm="syz.3.38974" exe="/root/syz-executor" sig=0 arch=40000003 syscall=177 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2182.457782][ T29] audit: type=1326 audit(1776599653.939:2074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1991 comm="syz.3.38974" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2182.488450][T27041] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 2182.489307][ T29] audit: type=1326 audit(1776599653.939:2075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1991 comm="syz.3.38974" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2182.637648][T27041] usb 5-1: Using ep0 maxpacket: 8 [ 2182.647152][T27041] usb 5-1: unable to get BOS descriptor or descriptor too short [ 2182.660206][T27041] usb 5-1: config 117 has an invalid interface number: 163 but max is 0 [ 2182.669883][T27041] usb 5-1: config 117 has no interface number 0 [ 2182.676296][T27041] usb 5-1: config 117 interface 163 has no altsetting 0 [ 2182.690794][T27041] usb 5-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=5d.24 [ 2182.701858][T27041] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2182.713149][T27041] usb 5-1: Product: syz [ 2182.720777][T27041] usb 5-1: Manufacturer: syz [ 2182.727024][T27041] usb 5-1: SerialNumber: syz [ 2182.786766][ T2010] netlink: 'syz.3.38980': attribute type 1 has an invalid length. [ 2182.795664][ T2010] netlink: 'syz.3.38980': attribute type 2 has an invalid length. [ 2182.917544][ T24] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 2183.069679][ T24] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 2183.079118][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2183.093111][ T24] usb 3-1: config 0 descriptor?? [ 2183.116485][ T24] cp210x 3-1:0.0: cp210x converter detected [ 2183.151552][ T2019] netlink: 4 bytes leftover after parsing attributes in process `syz.1.38982'. [ 2183.535821][ T24] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 2183.552313][T27041] f81534a_ctrl 5-1:117.163: failed to enable ports: -71 [ 2183.564684][ T24] usb 3-1: cp210x converter now attached to ttyUSB0 [ 2183.570902][T27041] f81534a_ctrl 5-1:117.163: probe with driver f81534a_ctrl failed with error -71 [ 2183.604963][T27041] usb 5-1: USB disconnect, device number 9 [ 2183.758235][ T24] usb 3-1: USB disconnect, device number 79 [ 2183.780013][ T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 2183.804056][ T24] cp210x 3-1:0.0: device disconnected [ 2184.577474][ T24] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 2184.737599][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 2184.750754][ T24] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 2184.760290][ T24] usb 3-1: config 0 has no interface number 0 [ 2184.772618][ T24] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 2184.784565][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2184.793410][ T24] usb 3-1: Product: syz [ 2184.798284][ T24] usb 3-1: Manufacturer: syz [ 2184.803527][ T24] usb 3-1: SerialNumber: syz [ 2184.811400][ T24] usb 3-1: config 0 descriptor?? [ 2184.819843][ T24] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 2185.050466][ T2126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.39008'. [ 2185.063959][ T2126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.39008'. [ 2185.646045][ T24] gspca_spca1528: reg_w err -71 [ 2185.667985][ T24] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71 [ 2185.679910][ T24] usb 3-1: USB disconnect, device number 80 [ 2185.984792][ T2174] IPv6: Can't replace route, no match found [ 2186.359426][ T2185] netlink: 'syz.2.39023': attribute type 1 has an invalid length. [ 2186.368293][ T2185] netlink: 'syz.2.39023': attribute type 2 has an invalid length. [ 2186.376166][ T2185] netlink: 'syz.2.39023': attribute type 1 has an invalid length. [ 2187.177518][ T24] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 2187.327446][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 2187.337791][ T24] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 2187.346307][ T24] usb 2-1: config 0 has no interface number 0 [ 2187.363661][ T24] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2187.375121][ T24] usb 2-1: config 0 interface 85 has no altsetting 0 [ 2187.384511][ T24] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 2187.394145][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2187.402431][ T24] usb 2-1: Product: syz [ 2187.406811][ T24] usb 2-1: Manufacturer: syz [ 2187.411850][ T24] usb 2-1: SerialNumber: syz [ 2187.420353][ T24] usb 2-1: config 0 descriptor?? [ 2187.706715][ T2252] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2187.754679][ T2252] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2188.042509][ T24] appletouch 2-1:0.85: Geyser mode initialized. [ 2188.053423][ T24] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input287 [ 2188.223545][ T2276] input: syz1 as /devices/virtual/input/input288 [ 2188.256508][ T24] usb 2-1: USB disconnect, device number 15 [ 2188.313052][ T24] appletouch 2-1:0.85: input: appletouch disconnected [ 2189.397812][ T1101] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 2189.534893][ T2346] blkio.reset_stats is deprecated [ 2189.599320][ T1101] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 2189.610082][ T1101] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 2189.621465][ T1101] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 2189.641855][ T1101] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 2189.661433][ T1101] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 2189.671282][ T1101] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2189.687728][ T1101] usb 2-1: Product: syz [ 2189.697675][ T1101] usb 2-1: Manufacturer: syz [ 2189.719172][ T1101] usb 2-1: SerialNumber: syz [ 2189.731961][ T1101] usb 2-1: config 0 descriptor?? [ 2189.743996][ T1101] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 2189.952825][ T1101] scsi host1: usb-storage 2-1:0.0 [ 2190.162656][ T1101] usb 2-1: USB disconnect, device number 16 [ 2190.616805][ T2432] input: syz1 as /devices/virtual/input/input289 [ 2190.727186][ T29] audit: type=1326 audit(1776599662.259:2076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2444 comm="syz.1.39108" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2190.758313][ T29] audit: type=1326 audit(1776599662.259:2077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2444 comm="syz.1.39108" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2190.783704][ T29] audit: type=1326 audit(1776599662.289:2078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2444 comm="syz.1.39108" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2190.814806][ T29] audit: type=1326 audit(1776599662.289:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2444 comm="syz.1.39108" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2190.851478][ T29] audit: type=1326 audit(1776599662.289:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2444 comm="syz.1.39108" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2190.904497][ T29] audit: type=1326 audit(1776599662.299:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2444 comm="syz.1.39108" exe="/root/syz-executor" sig=0 arch=40000003 syscall=226 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2190.957847][ T29] audit: type=1326 audit(1776599662.299:2082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2444 comm="syz.1.39108" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2190.986315][ T29] audit: type=1326 audit(1776599662.299:2083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2444 comm="syz.1.39108" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2191.013782][ T29] audit: type=1326 audit(1776599662.319:2084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2444 comm="syz.1.39108" exe="/root/syz-executor" sig=0 arch=40000003 syscall=230 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2191.052369][ T29] audit: type=1326 audit(1776599662.319:2085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2444 comm="syz.1.39108" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2191.128251][ T2465] lo: Caught tx_queue_len zero misconfig [ 2191.945758][ T2523] netlink: 8 bytes leftover after parsing attributes in process `syz.4.39133'. [ 2191.966621][ T2525] program syz.3.39134 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 2192.019611][ T2528] program syz.3.39134 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 2193.021399][ T2572] erspan0: left promiscuous mode [ 2193.078631][ T2572] bridge0: left promiscuous mode [ 2193.099910][ T2572] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2193.145403][ T2574] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2194.197469][ T1101] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 2194.359539][ T1101] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 2194.371698][ T1101] usb 5-1: config 0 interface 0 has no altsetting 0 [ 2194.383223][ T1101] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 2194.393455][ T1101] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 2194.402561][ T1101] usb 5-1: Product: syz [ 2194.406964][ T1101] usb 5-1: Manufacturer: syz [ 2194.414335][ T1101] usb 5-1: SerialNumber: syz [ 2194.425821][ T1101] usb 5-1: config 0 descriptor?? [ 2194.441012][ T1101] usb 5-1: selecting invalid altsetting 0 [ 2194.449795][ T2642] geneve4: entered promiscuous mode [ 2194.681521][ T1101] usb 5-1: USB disconnect, device number 10 [ 2195.419134][ T2748] input: syz1 as /devices/virtual/input/input290 [ 2195.732828][ T2770] netlink: 212360 bytes leftover after parsing attributes in process `syz.1.39188'. [ 2196.049803][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 2196.049820][ T29] audit: type=1326 audit(1776599667.579:2088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2793 comm="syz.4.39196" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2196.095899][ T29] audit: type=1326 audit(1776599667.619:2089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2793 comm="syz.4.39196" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2196.156449][ T2800] netlink: 212340 bytes leftover after parsing attributes in process `syz.0.39198'. [ 2196.158626][ T29] audit: type=1326 audit(1776599667.619:2090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2793 comm="syz.4.39196" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2196.179108][ T2800] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 2196.190818][ T29] audit: type=1326 audit(1776599667.619:2091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2793 comm="syz.4.39196" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2196.232601][ T2802] lo: Caught tx_queue_len zero misconfig [ 2196.302737][ T29] audit: type=1326 audit(1776599667.629:2092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2793 comm="syz.4.39196" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2196.357520][ T29] audit: type=1326 audit(1776599667.629:2093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2793 comm="syz.4.39196" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2196.393881][ T2811] netlink: 12 bytes leftover after parsing attributes in process `syz.0.39202'. [ 2196.412527][ T2811] netlink: 12 bytes leftover after parsing attributes in process `syz.0.39202'. [ 2196.422003][ T29] audit: type=1326 audit(1776599667.629:2094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2793 comm="syz.4.39196" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2196.468477][ T29] audit: type=1326 audit(1776599667.659:2095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2793 comm="syz.4.39196" exe="/root/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2196.505118][ T2818] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 2196.515963][ T2818] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 2196.528824][ T29] audit: type=1326 audit(1776599667.659:2096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2793 comm="syz.4.39196" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2196.587784][T18134] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 2196.595678][ T29] audit: type=1326 audit(1776599667.659:2097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2793 comm="syz.4.39196" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2196.774033][T18134] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2196.785113][T18134] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 2196.812849][T18134] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 2196.823000][T18134] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 2196.838168][T18134] usb 5-1: SerialNumber: syz [ 2196.975662][ T2839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2197.014367][ T2839] 8021q: adding VLAN 0 to HW filter on device team0 [ 2197.060667][ T2839] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2197.090727][T18134] usb 5-1: 0:2 : does not exist [ 2197.212249][T18134] usb 5-1: USB disconnect, device number 11 [ 2197.261916][ T2842] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2198.087187][ T2901] pimreg1: tun_chr_ioctl cmd 1074025681 [ 2198.204483][ T2909] netlink: 4 bytes leftover after parsing attributes in process `syz.1.39221'. [ 2198.228190][ T2909] netlink: 4 bytes leftover after parsing attributes in process `syz.1.39221'. [ 2198.257952][ T2913] geneve3: entered promiscuous mode [ 2198.847123][ T2954] geneve3: entered promiscuous mode [ 2198.960348][ T2967] netlink: 4 bytes leftover after parsing attributes in process `syz.0.39242'. [ 2198.990323][ T2967] netlink: 4 bytes leftover after parsing attributes in process `syz.0.39242'. [ 2199.012910][ T2971] netlink: 4 bytes leftover after parsing attributes in process `syz.2.39236'. [ 2199.214148][ T2971] netlink: 4 bytes leftover after parsing attributes in process `syz.2.39236'. [ 2199.468626][ T2996] erspan0: left promiscuous mode [ 2199.575839][ T2996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2199.594425][ T2996] 8021q: adding VLAN 0 to HW filter on device team0 [ 2199.607002][ T2996] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2199.704881][ T3000] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2200.370771][ T3046] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 2200.738064][ T3067] ip6tnl0: Caught tx_queue_len zero misconfig [ 2200.744380][ T3067] netlink: 724 bytes leftover after parsing attributes in process `syz.1.39280'. [ 2201.034703][ T3082] netlink: 48 bytes leftover after parsing attributes in process `syz.2.39283'. [ 2201.049854][ T3082] netlink: 48 bytes leftover after parsing attributes in process `syz.2.39283'. [ 2201.584780][ T3098] netlink: 8 bytes leftover after parsing attributes in process `syz.4.39292'. [ 2201.621768][ T3098] bridge0: port 2(bridge_slave_1) entered disabled state [ 2202.046491][ T3123] sctp: [Deprecated]: syz.1.39300 (pid 3123) Use of int in maxseg socket option. [ 2202.046491][ T3123] Use struct sctp_assoc_value instead [ 2202.157702][T21121] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 2202.317992][T21121] usb 5-1: Using ep0 maxpacket: 16 [ 2202.336090][T21121] usb 5-1: unable to get BOS descriptor or descriptor too short [ 2202.348613][T21121] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2202.362119][T21121] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 2202.375204][T21121] usb 5-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 2202.390243][T21121] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2202.407380][T21121] usb 5-1: Product: syz [ 2202.413576][T21121] usb 5-1: Manufacturer: syz [ 2202.423792][T21121] usb 5-1: SerialNumber: syz [ 2202.656766][T21121] usb 5-1: unit 14 not found! [ 2202.734348][T21121] usb 5-1: USB disconnect, device number 12 [ 2202.833819][ T679] udevd[679]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 2203.416244][ T3211] ip6gretap6: entered allmulticast mode [ 2203.420704][ T3212] netlink: 8 bytes leftover after parsing attributes in process `syz.3.39327'. [ 2205.364013][ T3329] loop5: detected capacity change from 0 to 7 [ 2205.382966][ C1] blk_print_req_error: 5 callbacks suppressed [ 2205.382983][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2205.398324][ C1] buffer_io_error: 5 callbacks suppressed [ 2205.398342][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 2205.417971][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2205.427156][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 2205.440745][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2205.449950][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 2205.460701][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2205.469910][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 2205.478786][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2205.487983][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 2205.498398][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2205.507593][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 2205.551436][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2205.560662][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 2205.568853][ T3329] ldm_validate_partition_table(): Disk read failed. [ 2205.580711][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2205.589929][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 2205.598243][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2205.607493][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 2205.619408][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2205.628619][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 2205.640367][ T3329] Dev loop5: unable to read RDB block 0 [ 2205.674931][ T3329] loop5: unable to read partition table [ 2205.689106][ T3329] loop5: partition table beyond EOD, truncated [ 2205.720714][ T3329] loop_reread_partitions: partition scan of loop5 () failed (rc=-5) [ 2207.779869][ T3426] netlink: 12 bytes leftover after parsing attributes in process `syz.1.39392'. [ 2208.045301][ T3429] erspan0: left promiscuous mode [ 2208.131426][ T3447] netlink: 4 bytes leftover after parsing attributes in process `syz.1.39400'. [ 2208.243536][ T3429] ip6gretap0: left promiscuous mode [ 2208.305634][ T3429] 8021q: adding VLAN 0 to HW filter on device .2442 [ 2208.374957][ T3429] 8021q: adding VLAN 0 to HW filter on device team0 [ 2208.399279][ T3461] loop8: detected capacity change from 0 to 7 [ 2208.411118][ T3461] Dev loop8: unable to read RDB block 7 [ 2208.418685][ T3461] loop8: unable to read partition table [ 2208.424760][ T3461] loop8: partition table beyond EOD, truncated [ 2208.433688][ T3461] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 2208.566459][ T3429] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2208.642606][ T3432] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2209.308951][ T3514] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2209.374960][ T3514] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2210.211388][ T3568] syzkaller0: tun_chr_ioctl cmd 1074812118 [ 2210.507516][ T3583] netlink: 16 bytes leftover after parsing attributes in process `syz.2.39440'. [ 2211.222732][ T3612] sctp: [Deprecated]: syz.3.39452 (pid 3612) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2211.222732][ T3612] Use struct sctp_sack_info instead [ 2211.396298][ T3614] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2211.481238][ T3618] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2211.511905][ T3615] lo: Caught tx_queue_len zero misconfig [ 2211.685183][ T3615] netlink: 'syz.2.39443': attribute type 6 has an invalid length. [ 2212.264294][ T3648] dummy0: Caught tx_queue_len zero misconfig [ 2212.471636][ T3655] input: syz0 as /devices/virtual/input/input291 [ 2212.743972][ T3669] Context (ID=0x0) not attached to queue pair (handle=0x4db:0x80) [ 2213.386980][ T3699] batadv_slave_0: entered promiscuous mode [ 2213.394886][ T3698] batadv_slave_0: left promiscuous mode [ 2214.147499][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 2214.362644][ T3758] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 2214.369522][ T3758] syzkaller0: linktype set to 773 [ 2214.810517][ T3776] netlink: 36 bytes leftover after parsing attributes in process `syz.2.39515'. [ 2214.820603][ T3776] netlink: 32 bytes leftover after parsing attributes in process `syz.2.39515'. [ 2214.966311][ T3784] netlink: 'syz.2.39519': attribute type 2 has an invalid length. [ 2214.982291][ T3784] !: entered promiscuous mode [ 2214.992241][ T3784] netlink: 'syz.2.39519': attribute type 2 has an invalid length. [ 2215.033109][ T3788] netlink: 'syz.2.39520': attribute type 8 has an invalid length. [ 2215.042725][ T3788] netem: change failed [ 2215.176289][ T3798] bond0: entered promiscuous mode [ 2215.184248][ T3798] batadv0: entered promiscuous mode [ 2215.253338][ T3798] batadv0: left promiscuous mode [ 2215.265531][ T3798] bond0: left promiscuous mode [ 2215.759156][ T3837] macvlan0: entered promiscuous mode [ 2215.765800][ T3837] netlink: 'syz.4.39537': attribute type 1 has an invalid length. [ 2215.774884][ T3837] netlink: 'syz.4.39537': attribute type 2 has an invalid length. [ 2215.892204][ T3849] netlink: 'syz.2.39541': attribute type 15 has an invalid length. [ 2215.966551][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 2215.966570][ T29] audit: type=1326 audit(1776599687.499:2108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3852 comm="syz.2.39543" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2216.000757][ T29] audit: type=1326 audit(1776599687.539:2109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3852 comm="syz.2.39543" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2216.027062][ T29] audit: type=1326 audit(1776599687.559:2110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3852 comm="syz.2.39543" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2216.051215][ T29] audit: type=1326 audit(1776599687.569:2111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3852 comm="syz.2.39543" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2216.075227][ T29] audit: type=1326 audit(1776599687.569:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3852 comm="syz.2.39543" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2216.098664][ T29] audit: type=1326 audit(1776599687.589:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3852 comm="syz.2.39543" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2216.121990][ T29] audit: type=1326 audit(1776599687.589:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3852 comm="syz.2.39543" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2216.144907][T27041] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 2216.152604][ T29] audit: type=1326 audit(1776599687.589:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3852 comm="syz.2.39543" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2216.154278][ T29] audit: type=1326 audit(1776599687.689:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3852 comm="syz.2.39543" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2216.198320][ T29] audit: type=1326 audit(1776599687.689:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3852 comm="syz.2.39543" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2216.381623][T27041] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024 [ 2216.394031][T27041] usb 5-1: New USB device found, idVendor=0b05, idProduct=1abe, bcdDevice= 0.00 [ 2216.404912][T27041] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2216.418803][T27041] usb 5-1: config 0 descriptor?? [ 2216.425054][ T3844] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 2216.844313][T27041] hid (null): unknown global tag 0xe [ 2216.861012][T27041] asus 0003:0B05:1ABE.00AB: unknown main item tag 0x0 [ 2216.869871][T27041] asus 0003:0B05:1ABE.00AB: unknown main item tag 0x0 [ 2216.877161][T27041] asus 0003:0B05:1ABE.00AB: unknown main item tag 0x0 [ 2216.885943][T27041] asus 0003:0B05:1ABE.00AB: unknown main item tag 0x0 [ 2216.893124][T27041] asus 0003:0B05:1ABE.00AB: unknown main item tag 0x0 [ 2216.901438][T27041] asus 0003:0B05:1ABE.00AB: unknown main item tag 0x0 [ 2216.909271][T27041] asus 0003:0B05:1ABE.00AB: unknown main item tag 0x0 [ 2216.923146][T27041] asus 0003:0B05:1ABE.00AB: unknown main item tag 0x0 [ 2216.938914][T27041] asus 0003:0B05:1ABE.00AB: unknown main item tag 0x0 [ 2216.957922][T27041] asus 0003:0B05:1ABE.00AB: unknown main item tag 0x0 [ 2216.966528][T27041] asus 0003:0B05:1ABE.00AB: unknown global tag 0xe [ 2216.978291][T27041] asus 0003:0B05:1ABE.00AB: item 0 0 1 14 parsing failed [ 2216.992253][T27041] asus 0003:0B05:1ABE.00AB: Asus hid parse failed: -22 [ 2217.014254][T27041] asus 0003:0B05:1ABE.00AB: probe with driver asus failed with error -22 [ 2217.104015][ T24] usb 5-1: USB disconnect, device number 13 [ 2217.630921][ T3931] input: syz1 as /devices/virtual/input/input292 [ 2218.187134][ T3979] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 2218.235291][ T3981] netlink: 'syz.3.39581': attribute type 2 has an invalid length. [ 2218.258087][ T3981] !: entered promiscuous mode [ 2218.270877][ T3981] netlink: 'syz.3.39581': attribute type 2 has an invalid length. [ 2218.747768][T27041] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 2218.813906][ T4011] bond0: Caught tx_queue_len zero misconfig [ 2218.917975][T27041] usb 5-1: Using ep0 maxpacket: 16 [ 2218.928622][T27041] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 130, using maximum allowed: 30 [ 2218.940527][T27041] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130 [ 2218.954235][T27041] usb 5-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 2218.966635][T27041] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2218.977788][T27041] usb 5-1: config 0 descriptor?? [ 2219.097892][ T1101] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 2219.258001][ T1101] usb 3-1: Using ep0 maxpacket: 32 [ 2219.284056][ T1101] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 2219.302940][ T1101] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 2219.317725][ T1101] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 2219.326932][ T1101] usb 3-1: config 1 has no interface number 0 [ 2219.333634][ T1101] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2219.355995][ T1101] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 2219.370648][ T1101] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 2219.380355][ T1101] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2219.424897][ T1101] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 2219.435298][T27041] lenovo 0003:17EF:6062.00AC: hidraw0: USB HID v0.0a Device [HID 17ef:6062] on usb-dummy_hcd.4-1/input0 [ 2219.615477][ T24] usb 5-1: USB disconnect, device number 14 [ 2219.686587][ T1101] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 2220.381404][T27041] usb 3-1: USB disconnect, device number 81 [ 2220.392325][T27041] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 2220.853997][ T4113] loop7: detected capacity change from 0 to 7 [ 2220.978694][ T4113] Dev loop7: unable to read RDB block 7 [ 2221.014468][ T4113] loop7: unable to read partition table [ 2221.041722][ T4113] loop7: partition table beyond EOD, truncated [ 2221.073254][ T4113] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 2221.182986][ T5196] Dev loop7: unable to read RDB block 7 [ 2221.200816][ T5196] loop7: unable to read partition table [ 2221.211752][ T5196] loop7: partition table beyond EOD, truncated [ 2221.717695][T18134] usb 3-1: new full-speed USB device number 82 using dummy_hcd [ 2221.842923][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 2221.849539][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 2221.901746][T18134] usb 3-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c [ 2221.925156][T18134] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2221.941938][T18134] usb 3-1: Product: syz [ 2221.951392][T18134] usb 3-1: Manufacturer: syz [ 2221.962102][T18134] usb 3-1: SerialNumber: syz [ 2221.982937][T18134] usb 3-1: config 0 descriptor?? [ 2222.009579][T18134] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state. [ 2222.019393][T18134] dw2102: su3000_power_ctrl: 1, initialized 0 [ 2222.025581][T18134] dvb-usb: bulk message failed: -22 (2/0) [ 2222.036388][T18134] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 2222.053160][T18134] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 error while loading driver (-19) [ 2222.215138][T18134] usb 3-1: USB disconnect, device number 82 [ 2222.266480][ T4195] netlink: 52 bytes leftover after parsing attributes in process `syz.0.39637'. [ 2222.276220][ T4195] lo: Caught tx_queue_len zero misconfig [ 2222.425689][ T4201] loop7: detected capacity change from 0 to 7 [ 2222.496429][ T4201] Dev loop7: unable to read RDB block 7 [ 2222.512003][ T4201] loop7: unable to read partition table [ 2222.524312][ T4201] loop7: partition table beyond EOD, truncated [ 2222.531518][ T4201] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 2222.601038][ T5196] Dev loop7: unable to read RDB block 7 [ 2222.606738][ T5196] loop7: unable to read partition table [ 2222.613102][ T5196] loop7: partition table beyond EOD, truncated [ 2222.780851][ T4215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.39653'. [ 2222.821497][ T4215] hsr_slave_0: left promiscuous mode [ 2222.849100][ T4215] hsr_slave_1: left promiscuous mode [ 2224.526649][ T4287] netlink: 16 bytes leftover after parsing attributes in process `syz.0.39672'. [ 2225.120897][ T4311] loop9: detected capacity change from 0 to 7 [ 2225.155175][ C1] blk_print_req_error: 10 callbacks suppressed [ 2225.155194][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2225.170684][ C1] buffer_io_error: 10 callbacks suppressed [ 2225.170702][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 2225.186637][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2225.195878][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 2225.212642][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2225.221890][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 2225.260727][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2225.269946][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 2225.296696][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2225.305977][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 2225.315151][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2225.324377][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 2225.332532][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2225.341761][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 2225.349707][ T4311] ldm_validate_partition_table(): Disk read failed. [ 2225.358663][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2225.367853][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 2225.375991][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2225.385262][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 2225.400327][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2225.409573][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 2225.424151][ T4311] Dev loop9: unable to read RDB block 0 [ 2225.439085][ T4311] loop9: unable to read partition table [ 2225.448505][ T4311] loop9: partition table beyond EOD, truncated [ 2225.462148][ T4311] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 2226.057215][ T4352] netlink: 1 bytes leftover after parsing attributes in process `syz.0.39694'. [ 2226.242756][ T4365] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 2227.040733][ T4410] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.39714'. [ 2228.432895][ T4487] loop9: detected capacity change from 0 to 524287936 [ 2228.985456][ T4510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.39755'. [ 2230.716627][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 2230.716644][ T29] audit: type=1326 audit(1776599702.249:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4602 comm="syz.2.39788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2230.749542][ T29] audit: type=1326 audit(1776599702.289:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4602 comm="syz.2.39788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2230.782364][ T29] audit: type=1326 audit(1776599702.319:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4602 comm="syz.2.39788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2230.808438][ T29] audit: type=1326 audit(1776599702.319:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4602 comm="syz.2.39788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2230.836837][ T29] audit: type=1326 audit(1776599702.339:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4602 comm="syz.2.39788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=395 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2230.878161][ T29] audit: type=1326 audit(1776599702.339:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4602 comm="syz.2.39788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2230.911987][ T29] audit: type=1326 audit(1776599702.339:2127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4602 comm="syz.2.39788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2230.935234][ T29] audit: type=1326 audit(1776599702.349:2128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4602 comm="syz.2.39788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2230.959174][ T29] audit: type=1326 audit(1776599702.349:2129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4602 comm="syz.2.39788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2230.982499][ T29] audit: type=1326 audit(1776599702.369:2130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4602 comm="syz.2.39788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=397 compat=1 ip=0xf7f9801c code=0x7ffc0000 [ 2231.130052][ T4623] netlink: 56 bytes leftover after parsing attributes in process `syz.0.39794'. [ 2231.261802][ T4626] 8021q: adding VLAN 0 to HW filter on device bond1 [ 2231.300712][ T4626] team0: Port device bond1 added [ 2231.444514][ T4673] ip6tnl0: Caught tx_queue_len zero misconfig [ 2231.783331][ T4697] lo: Caught tx_queue_len zero misconfig [ 2232.457445][T18134] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 2232.607397][T18134] usb 5-1: Using ep0 maxpacket: 16 [ 2232.615810][T18134] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 2232.625474][T18134] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2232.634010][T18134] usb 5-1: Product: syz [ 2232.638388][T18134] usb 5-1: Manufacturer: syz [ 2232.643021][T18134] usb 5-1: SerialNumber: syz [ 2232.655655][T18134] usb 5-1: config 0 descriptor?? [ 2233.078839][T18134] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 2233.101736][T18134] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 2233.145842][T18134] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 2233.162592][T18134] usb 5-1: media controller created [ 2233.182967][T18134] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2233.279724][T18134] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 2233.293463][T18134] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 2233.500525][T18134] usb 5-1: USB disconnect, device number 15 [ 2233.570034][T18134] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 2233.713277][ T4789] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.39837'. [ 2233.840495][ T4800] input: syz0 as /devices/virtual/input/input294 [ 2234.225574][ T4828] netlink: 28 bytes leftover after parsing attributes in process `syz.1.39850'. [ 2234.972679][ T24] hid_parser_main: 149 callbacks suppressed [ 2234.972700][ T24] hid-generic 0000:0000:0000.00AD: unknown main item tag 0x0 [ 2234.991614][ T24] hid-generic 0000:0000:0000.00AD: hidraw0: HID v0.00 Device [syz1] on syz0 [ 2235.252950][ T4886] batadv0: entered promiscuous mode [ 2235.260301][ T4886] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 2235.271267][ T4886] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 2235.280126][ T4886] batadv0: left promiscuous mode [ 2235.704395][ T4911] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 2235.716893][ T4911] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2235.725496][ T4911] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 2235.739878][ T4911] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2235.965208][ T4922] geneve2: entered promiscuous mode [ 2235.978081][ T4922] geneve2: entered allmulticast mode [ 2237.257148][ T4999] 8021q: adding VLAN 0 to HW filter on device macsec2 [ 2237.617430][T18134] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 2237.747474][T19687] Bluetooth: hci4: command 0x0c1a tx timeout [ 2237.753926][T19687] Bluetooth: hci3: command 0x0406 tx timeout [ 2237.765517][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 2237.765531][T19687] Bluetooth: hci2: command 0x0c1a tx timeout [ 2237.777900][T18134] usb 5-1: Using ep0 maxpacket: 8 [ 2237.785955][T18134] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 2237.799857][T18134] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 2237.809862][T18134] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 2237.820150][T18134] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 2237.830706][T18134] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2237.844168][T18134] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 2237.845147][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 2237.845162][ T29] audit: type=1326 audit(1776599709.379:2140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5035 comm="syz.3.39924" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2237.854082][T18134] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2237.877278][ T29] audit: type=1326 audit(1776599709.379:2141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5035 comm="syz.3.39924" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2237.942549][ T29] audit: type=1326 audit(1776599709.399:2142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5035 comm="syz.3.39924" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7195cab code=0x7ffc0000 [ 2237.966538][ T29] audit: type=1326 audit(1776599709.399:2143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5035 comm="syz.3.39924" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2237.991379][ T29] audit: type=1326 audit(1776599709.399:2144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5035 comm="syz.3.39924" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2238.020652][ T29] audit: type=1326 audit(1776599709.399:2145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5035 comm="syz.3.39924" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2238.046813][ T29] audit: type=1326 audit(1776599709.399:2146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5035 comm="syz.3.39924" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2238.073226][ T29] audit: type=1326 audit(1776599709.399:2147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5035 comm="syz.3.39924" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2238.101791][ T29] audit: type=1326 audit(1776599709.399:2148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5035 comm="syz.3.39924" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x7ffc0000 [ 2238.143109][T18134] usb 5-1: GET_CAPABILITIES returned 0 [ 2238.157414][T18134] usbtmc 5-1:16.0: can't read capabilities [ 2238.318919][ T5058] netlink: 4 bytes leftover after parsing attributes in process `syz.3.39931'. [ 2238.340242][T21121] usb 5-1: USB disconnect, device number 16 [ 2238.356352][ T5058] netlink: 116 bytes leftover after parsing attributes in process `syz.3.39931'. [ 2238.371390][ T5058] netlink: 116 bytes leftover after parsing attributes in process `syz.3.39931'. [ 2238.743077][ T5096] netlink: 'syz.1.39940': attribute type 14 has an invalid length. [ 2239.569388][ T5149] netlink: 4 bytes leftover after parsing attributes in process `syz.3.39960'. [ 2239.588814][ T5149] netlink: 28 bytes leftover after parsing attributes in process `syz.3.39960'. [ 2240.629946][T18134] IPVS: starting estimator thread 0... [ 2240.739729][ T5224] IPVS: using max 26 ests per chain, 62400 per kthread [ 2240.895290][ T29] audit: type=1326 audit(1776599712.429:2149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5237 comm="syz.4.39993" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2241.009531][ T5246] netlink: 8 bytes leftover after parsing attributes in process `syz.2.39996'. [ 2241.363489][ T5258] netlink: 4 bytes leftover after parsing attributes in process `syz.4.40001'. [ 2242.911838][ T5326] netlink: 4 bytes leftover after parsing attributes in process `syz.4.40027'. [ 2243.300162][ T5354] netlink: 60 bytes leftover after parsing attributes in process `syz.1.40036'. [ 2243.347599][ T24] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 2243.497522][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 2243.506252][ T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 2243.526639][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2243.565807][ T24] pvrusb2: Hardware description: Terratec Grabster AV400 [ 2243.584365][ T24] pvrusb2: ********** [ 2243.589137][ T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 2243.600649][ T24] pvrusb2: Important functionality might not be entirely working. [ 2243.609199][ T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 2243.622610][ T24] pvrusb2: ********** [ 2243.760169][ T2352] pvrusb2: Invalid write control endpoint [ 2243.840638][ T2352] pvrusb2: Invalid write control endpoint [ 2243.850692][ T2352] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 2243.861301][ T2352] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 2243.871009][ T2352] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 2243.882219][ T2352] pvrusb2: Device being rendered inoperable [ 2243.890183][ T2352] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 2243.897618][ T2352] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_e) [ 2243.909913][ T2352] pvrusb2: Attached sub-driver cx25840 [ 2243.915436][ T2352] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 2243.928687][ T2352] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 2243.966035][ T24] usb 5-1: USB disconnect, device number 17 [ 2244.511462][ T5402] netlink: 11 bytes leftover after parsing attributes in process `syz.2.40056'. [ 2245.052437][ T5437] sch_fq: defrate 0 ignored. [ 2245.337727][T21121] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 2245.528358][T21121] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 2245.543037][T21121] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2245.556081][T21121] usb 3-1: config 0 descriptor?? [ 2245.575598][T21121] cp210x 3-1:0.0: cp210x converter detected [ 2245.603749][ T5450] netlink: 'syz.4.40063': attribute type 2 has an invalid length. [ 2245.967938][ T1101] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 2246.127746][ T1101] usb 5-1: Using ep0 maxpacket: 32 [ 2246.136167][ T1101] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2246.152008][ T1101] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 2246.162606][ T1101] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2246.177408][ T1101] usb 5-1: config 0 interface 0 has no altsetting 1 [ 2246.184826][T21121] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 2246.194130][T21121] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 2246.203284][ T1101] usb 5-1: New USB device found, idVendor=1199, idProduct=9004, bcdDevice= f.8c [ 2246.218365][T21121] usb 3-1: cp210x converter now attached to ttyUSB0 [ 2246.226780][ T1101] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2246.250662][T21121] usb 3-1: USB disconnect, device number 83 [ 2246.256771][ T1101] usb 5-1: Product: syz [ 2246.266909][ T1101] usb 5-1: Manufacturer: syz [ 2246.283422][T21121] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 2246.294701][ T1101] usb 5-1: SerialNumber: syz [ 2246.304351][T21121] cp210x 3-1:0.0: device disconnected [ 2246.313814][ T1101] usb 5-1: config 0 descriptor?? [ 2246.537091][ T1101] usb 5-1: USB disconnect, device number 18 [ 2246.937622][ T5526] netlink: 36 bytes leftover after parsing attributes in process `syz.2.40077'. [ 2246.946940][ T5526] netlink: 16 bytes leftover after parsing attributes in process `syz.2.40077'. [ 2246.957978][ T5526] netlink: 36 bytes leftover after parsing attributes in process `syz.2.40077'. [ 2247.124815][ T5568] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2247.132115][ T5568] IPv6: NLM_F_CREATE should be set when creating new route [ 2247.139430][ T5568] IPv6: NLM_F_CREATE should be set when creating new route [ 2247.146658][ T5568] IPv6: NLM_F_CREATE should be set when creating new route [ 2247.171183][ T5532] 8021q: adding VLAN 0 to HW filter on device bond2 [ 2247.917860][ T5603] input: syz0 as /devices/virtual/input/input296 [ 2247.984132][ T5609] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2247.991484][ T5609] IPv6: NLM_F_CREATE should be set when creating new route [ 2247.998805][ T5609] IPv6: NLM_F_CREATE should be set when creating new route [ 2248.006081][ T5609] IPv6: NLM_F_CREATE should be set when creating new route [ 2248.248961][ T5625] netlink: 136 bytes leftover after parsing attributes in process `syz.4.40100'. [ 2248.277471][ T5625] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 2249.965296][ T5718] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 2249.977004][ T5719] bond0: Caught tx_queue_len zero misconfig [ 2250.303863][ T5736] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.40143'. [ 2250.407637][ T5739] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 2250.449873][ T5739] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2250.466389][ T5739] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 2250.478199][ T5739] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2250.518691][ T5750] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 2250.648761][ T5755] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 2250.781860][ T5767] netlink: 24 bytes leftover after parsing attributes in process `syz.3.40157'. [ 2250.798793][ T5767] netlink: 24 bytes leftover after parsing attributes in process `syz.3.40157'. [ 2251.219911][ T5791] netlink: 8 bytes leftover after parsing attributes in process `syz.0.40166'. [ 2251.229626][ T5791] netlink: 12 bytes leftover after parsing attributes in process `syz.0.40166'. [ 2251.920338][ T5831] loop7: detected capacity change from 0 to 7 [ 2251.927866][ C0] blk_print_req_error: 10 callbacks suppressed [ 2251.927884][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2251.943349][ C0] buffer_io_error: 10 callbacks suppressed [ 2251.943367][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 2251.958423][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2251.967658][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 2251.975739][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2251.985013][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 2251.993177][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2252.002402][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 2252.012911][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2252.022132][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 2252.058090][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2252.067345][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 2252.076923][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2252.086162][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 2252.094242][ T5831] ldm_validate_partition_table(): Disk read failed. [ 2252.102300][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2252.111533][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 2252.120959][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2252.130191][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 2252.139382][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 2252.148619][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 2252.159156][ T5831] Dev loop7: unable to read RDB block 0 [ 2252.165615][ T5831] loop7: unable to read partition table [ 2252.179133][ T5831] loop7: partition table beyond EOD, truncated [ 2252.207162][ T5831] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 2252.467401][ T5034] Bluetooth: hci0: command 0x0406 tx timeout [ 2252.467746][T19687] Bluetooth: hci2: command 0x0c1a tx timeout [ 2252.473497][ T50] Bluetooth: hci3: command 0x0406 tx timeout [ 2252.552053][ T50] Bluetooth: hci4: command 0x0c1a tx timeout [ 2252.868317][ T5867] kvm: kvm [5866]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010003) = 0x200000000400 [ 2252.947581][T18135] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 2252.988261][ T5873] syzkaller0: tun_chr_ioctl cmd 1074025678 [ 2252.994202][ T5873] syzkaller0: group set to 0 [ 2253.084900][ T5881] input: syz0 as /devices/virtual/input/input297 [ 2253.101777][T18135] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 246, changing to 11 [ 2253.119581][T18135] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2253.137188][T18135] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 2253.148270][T18135] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2253.169042][T18135] usb 5-1: config 0 descriptor?? [ 2253.591072][T18135] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 2253.606040][T18135] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 2253.613716][T18135] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 2253.622261][T18135] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 2253.629925][T18135] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 2253.637172][T18135] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 2253.645611][T18135] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 2253.653172][T18135] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 2253.662554][T18135] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 2253.670914][T18135] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 2253.680252][T18135] kovaplus 0003:1E7D:2D50.00AE: collection stack underflow [ 2253.697965][T18135] kovaplus 0003:1E7D:2D50.00AE: item 0 2 0 12 parsing failed [ 2253.706916][T18135] kovaplus 0003:1E7D:2D50.00AE: parse failed [ 2253.714083][T18135] kovaplus 0003:1E7D:2D50.00AE: probe with driver kovaplus failed with error -22 [ 2253.810414][T18135] usb 5-1: USB disconnect, device number 19 [ 2254.449847][ T5974] netlink: 8 bytes leftover after parsing attributes in process `syz.4.40223'. [ 2254.815222][ T6004] netlink: 4 bytes leftover after parsing attributes in process `syz.0.40232'. [ 2254.829930][ T6004] netlink: 277 bytes leftover after parsing attributes in process `syz.0.40232'. [ 2254.839968][ T6004] netlink: 277 bytes leftover after parsing attributes in process `syz.0.40232'. [ 2255.219281][ T6035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.40240'. [ 2255.366207][ T6041] netlink: 12 bytes leftover after parsing attributes in process `syz.1.40245'. [ 2255.649433][ T6052] netlink: 12 bytes leftover after parsing attributes in process `syz.0.40251'. [ 2255.698146][ T6052] ipvlan3: entered allmulticast mode [ 2255.737719][ T6052] syz_tun: entered allmulticast mode [ 2256.296462][ T6092] netlink: 'syz.1.40264': attribute type 11 has an invalid length. [ 2257.763854][ T6165] bridge0: Caught tx_queue_len zero misconfig [ 2257.793310][ T6168] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 2258.512902][ T6195] could not allocate digest TFM handle -q4O(0&qf=*΀j$;}'jO [ 2258.877465][T18135] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 2259.027587][T18135] usb 5-1: Using ep0 maxpacket: 32 [ 2259.036556][T18135] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 2259.048766][T18135] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2259.058570][T18135] usb 5-1: Product: syz [ 2259.062781][T18135] usb 5-1: Manufacturer: syz [ 2259.069405][T18135] usb 5-1: SerialNumber: syz [ 2259.077839][T18135] usb 5-1: config 0 descriptor?? [ 2259.494916][T18135] airspy 5-1:0.0: Board ID: 00 [ 2259.501029][T18135] airspy 5-1:0.0: Firmware version: [ 2259.812772][ T6257] Attempt to restore checkpoint with obsolete wellknown handles [ 2259.914836][T18135] airspy 5-1:0.0: usb_control_msg() failed -71 request 0e [ 2259.962423][T18135] airspy 5-1:0.0: Registered as swradio24 [ 2259.973719][T18135] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 2260.002159][T18135] usb 5-1: USB disconnect, device number 20 [ 2260.473416][ T6294] netlink: 12 bytes leftover after parsing attributes in process `syz.0.40331'. [ 2260.587363][ T1101] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 2260.675523][ T6307] netlink: 'syz.0.40337': attribute type 1 has an invalid length. [ 2260.757892][ T1101] usb 3-1: Using ep0 maxpacket: 8 [ 2260.766745][ T1101] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 2260.786094][ T1101] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 2260.801289][ T1101] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 2260.812489][ T1101] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2260.826344][ T1101] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 2260.835745][ T1101] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2261.247057][ T1101] usb 3-1: GET_CAPABILITIES returned 0 [ 2261.265910][ T1101] usbtmc 3-1:16.0: can't read capabilities [ 2261.524701][ T6287] usbtmc 3-1:16.0: usbtmc488_ioctl_trigger returned -90 [ 2261.604547][T18134] usb 3-1: USB disconnect, device number 84 [ 2261.652425][ T6339] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 2261.778486][T21121] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 2261.834810][ T6354] geneve2: left promiscuous mode [ 2261.857976][ T6354] batman_adv: batadv0: Interface deactivated: ipvlan2 [ 2261.879275][ T6354] ipvlan2: left allmulticast mode [ 2261.887616][ T6354] batadv_slave_1: left allmulticast mode [ 2261.895984][ T6354] vlan2: left allmulticast mode [ 2261.902751][ T6354] veth0_to_bond: left allmulticast mode [ 2261.925101][ T6356] geneve3: entered promiscuous mode [ 2261.933029][ T36] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2261.942614][ T36] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 47519 - 0 [ 2261.955736][ T36] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2261.969979][T21121] usb 5-1: config 150 has an invalid interface number: 204 but max is 1 [ 2261.975441][ T36] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 47519 - 0 [ 2261.987633][T21121] usb 5-1: config 150 has no interface number 0 [ 2261.994376][T21121] usb 5-1: config 150 interface 204 has no altsetting 0 [ 2262.009924][ T36] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2262.025932][T21121] usb 5-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 2262.029392][ T36] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 47519 - 0 [ 2262.043800][T21121] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2262.043826][T21121] usb 5-1: Product: syz [ 2262.043842][T21121] usb 5-1: Manufacturer: syz [ 2262.043856][T21121] usb 5-1: SerialNumber: syz [ 2262.084898][ T36] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2262.094252][ T36] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 47519 - 0 [ 2262.286298][T21121] xr_serial 5-1:150.204: xr_serial converter detected [ 2262.335421][ T6389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.40360'. [ 2262.349182][ T6389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.40360'. [ 2262.493335][ T6395] pimreg: tun_chr_ioctl cmd 1074025677 [ 2262.500109][ T6395] pimreg: linktype set to 805 [ 2262.888703][T21121] xr_serial ttyUSB0: Failed to set reg 0x0d: -71 [ 2262.911432][T21121] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 2262.958415][T21121] usb 5-1: USB disconnect, device number 21 [ 2262.969307][T21121] xr_serial 5-1:150.204: device disconnected [ 2263.826913][ T6478] vivid-006: disconnect [ 2263.843280][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.40384'. [ 2263.860320][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.40384'. [ 2264.603112][ T6475] vivid-006: reconnect [ 2264.961248][ T6550] tap0: tun_chr_ioctl cmd 1074025677 [ 2264.966844][ T6550] tap0: linktype set to 823 [ 2265.079986][ T6562] netem: unknown loss type 0 [ 2265.089160][ T6562] netem: change failed [ 2265.587624][T21121] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 2265.758439][T21121] usb 5-1: Using ep0 maxpacket: 8 [ 2265.769196][T21121] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 2265.798491][T21121] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 2265.813239][T21121] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2265.822592][T21121] usb 5-1: Product: syz [ 2265.829362][T21121] usb 5-1: Manufacturer: syz [ 2265.834424][T21121] usb 5-1: SerialNumber: syz [ 2266.085490][T21121] usb 5-1: USB disconnect, device number 22 [ 2266.089038][ T6632] input: syz1 as /devices/virtual/input/input298 [ 2266.337136][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 2266.337152][ T29] audit: type=1326 audit(1776599737.869:2154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.1.40420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7fc00000 [ 2267.184792][ T6673] bridge0: port 1(bridge_slave_0) entered disabled state [ 2267.450681][ T6673] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2267.492198][ T6673] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2267.573482][ T6673] macvlan0: left promiscuous mode [ 2267.877017][ T6676] geneve2: entered promiscuous mode [ 2267.912118][ T1107] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2267.930421][ T1107] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 36819 - 0 [ 2267.940031][ T1107] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2267.949510][ T1107] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 36819 - 0 [ 2267.959948][ T1107] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2267.969191][ T1107] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 36819 - 0 [ 2267.980020][T17594] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2267.989289][T17594] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 36819 - 0 [ 2268.274349][ T6717] netlink: 20 bytes leftover after parsing attributes in process `syz.4.40453'. [ 2268.831423][ T6733] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.40460'. [ 2270.685483][ T29] audit: type=1326 audit(1776599742.219:2155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.40501" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2270.719051][ T29] audit: type=1326 audit(1776599742.219:2156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.40501" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2270.743072][ T29] audit: type=1326 audit(1776599742.249:2157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.40501" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2270.797646][ T29] audit: type=1326 audit(1776599742.249:2158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.40501" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2270.829009][ T29] audit: type=1326 audit(1776599742.249:2159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.40501" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2270.859477][ T29] audit: type=1326 audit(1776599742.249:2160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.40501" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2270.882692][ T29] audit: type=1326 audit(1776599742.249:2161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.40501" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2270.905851][ T29] audit: type=1326 audit(1776599742.249:2162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.40501" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2270.935809][ T29] audit: type=1326 audit(1776599742.249:2163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.40501" exe="/root/syz-executor" sig=0 arch=40000003 syscall=371 compat=1 ip=0xf703f01c code=0x7ffc0000 [ 2271.001486][T18135] hid_parser_main: 51 callbacks suppressed [ 2271.001506][T18135] hid-generic 0000:0000:0004.00AF: unknown main item tag 0x0 [ 2271.018309][T18135] hid-generic 0000:0000:0004.00AF: unknown main item tag 0x0 [ 2271.025766][T18135] hid-generic 0000:0000:0004.00AF: unknown main item tag 0x0 [ 2271.044071][T18135] hid-generic 0000:0000:0004.00AF: unknown main item tag 0x0 [ 2271.071246][T18135] hid-generic 0000:0000:0004.00AF: unknown main item tag 0x0 [ 2271.082227][T18135] hid-generic 0000:0000:0004.00AF: unknown main item tag 0x0 [ 2271.101078][T18135] hid-generic 0000:0000:0004.00AF: unknown main item tag 0x0 [ 2271.119931][T18135] hid-generic 0000:0000:0004.00AF: unknown main item tag 0x0 [ 2271.139739][T18135] hid-generic 0000:0000:0004.00AF: unknown main item tag 0x0 [ 2271.159171][T18135] hid-generic 0000:0000:0004.00AF: unknown main item tag 0x0 [ 2271.195550][T18135] hid-generic 0000:0000:0004.00AF: hidraw0: HID v0.03 Device [syz1] on syz0 [ 2271.766772][ T6861] fido_id[6861]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 2272.081991][ T6909] pim6reg: entered allmulticast mode [ 2272.118699][ T6908] pim6reg: left allmulticast mode [ 2272.944343][ T6967] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2273.027550][ C0] ip6_tunnel: ip6tnl10 xmit: Local address not yet configured! [ 2273.074625][ T6975] netlink: 1008 bytes leftover after parsing attributes in process `syz.2.40554'. [ 2273.501282][ T7003] ip6tnl0: Caught tx_queue_len zero misconfig [ 2274.776776][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 2274.776792][ T29] audit: type=1326 audit(1776599746.309:2165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7038 comm="syz.0.40581" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702f01c code=0x0 [ 2274.967470][T18135] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 2275.117754][T18135] usb 5-1: Using ep0 maxpacket: 8 [ 2275.129845][T18135] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 2275.139310][T18135] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2275.148427][T18135] usb 5-1: Product: syz [ 2275.152850][T18135] usb 5-1: Manufacturer: syz [ 2275.157973][T18135] usb 5-1: SerialNumber: syz [ 2275.167008][T18135] usb 5-1: config 0 descriptor?? [ 2275.180231][T18135] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 2275.677161][ T29] audit: type=1326 audit(1776599747.209:2166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7068 comm="syz.0.40591" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x0 [ 2275.843377][ T7082] netlink: 4 bytes leftover after parsing attributes in process `syz.3.40595'. [ 2275.852744][ T7082] netlink: 4 bytes leftover after parsing attributes in process `syz.3.40595'. [ 2275.987564][T18135] gspca_sonixj: reg_r err -71 [ 2276.005416][T18135] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 2276.032654][T18135] usb 5-1: USB disconnect, device number 23 [ 2276.150241][ T7102] batman_adv: batadv0: Adding interface: macvtap1 [ 2276.156913][ T7102] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2276.184059][ T7102] batman_adv: batadv0: Not using interface macvtap1 (retrying later): interface not active [ 2276.895985][ T7144] batman_adv: batadv0: Adding interface: macvtap1 [ 2276.903612][ T7144] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2276.932370][ T7144] batman_adv: batadv0: Not using interface macvtap1 (retrying later): interface not active [ 2278.080337][ T7214] futex_wake_op: syz.4.40632 tries to shift op by -1; fix this program [ 2278.147461][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 2281.143839][ T7367] netlink: 12 bytes leftover after parsing attributes in process `syz.4.40689'. [ 2281.164748][ T7367] ipvlan2: entered allmulticast mode [ 2281.171352][ T7367] syz_tun: entered allmulticast mode [ 2281.538105][ T7394] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 2281.629505][ T7398] netlink: 8 bytes leftover after parsing attributes in process `syz.1.40698'. [ 2281.953016][ T29] audit: type=1326 audit(1776599753.489:2167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7364 comm="syz.0.40688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7fc00000 [ 2282.031028][ T29] audit: type=1326 audit(1776599753.489:2168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7364 comm="syz.0.40688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf702f01c code=0x7fc00000 [ 2282.069366][ T29] audit: type=1326 audit(1776599753.489:2169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7364 comm="syz.0.40688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7fc00000 [ 2282.112692][ T29] audit: type=1326 audit(1776599753.489:2170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7364 comm="syz.0.40688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7fc00000 [ 2282.142674][ T29] audit: type=1326 audit(1776599753.489:2171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7364 comm="syz.0.40688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7fc00000 [ 2282.169497][ T29] audit: type=1326 audit(1776599753.489:2172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7364 comm="syz.0.40688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7fc00000 [ 2282.222960][ T29] audit: type=1326 audit(1776599753.489:2173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7364 comm="syz.0.40688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7fc00000 [ 2282.252246][ T29] audit: type=1326 audit(1776599753.489:2174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7364 comm="syz.0.40688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7fc00000 [ 2282.302985][ T29] audit: type=1326 audit(1776599753.489:2175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7364 comm="syz.0.40688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7fc00000 [ 2282.330084][ T7423] netlink: 4 bytes leftover after parsing attributes in process `syz.1.40709'. [ 2282.348043][ T29] audit: type=1326 audit(1776599753.489:2176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7364 comm="syz.0.40688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702f01c code=0x7fc00000 [ 2282.776923][ T7444] vivid-000: disconnect [ 2282.782711][ T7442] vivid-000: reconnect [ 2283.271468][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 2283.278554][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 2283.360068][ T7474] netlink: 12 bytes leftover after parsing attributes in process `syz.2.40732'. [ 2283.380745][ T7474] ipvlan2: entered allmulticast mode [ 2283.386191][ T7474] syz_tun: entered allmulticast mode [ 2283.855408][ T7503] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 2283.862173][ T7503] pim6reg0: linktype set to 774 [ 2283.978101][ T7509] netlink: 'syz.0.40743': attribute type 12 has an invalid length. [ 2283.986252][ T7509] netlink: 24 bytes leftover after parsing attributes in process `syz.0.40743'. [ 2284.466454][ T7531] netlink: 4 bytes leftover after parsing attributes in process `syz.3.40753'. [ 2284.491764][ T7531] netlink: 12 bytes leftover after parsing attributes in process `syz.3.40753'. [ 2284.898321][ T7555] netlink: 12 bytes leftover after parsing attributes in process `syz.3.40762'. [ 2284.921025][ T7555] ipvlan3: entered allmulticast mode [ 2284.926476][ T7555] syz_tun: entered allmulticast mode [ 2285.217859][T18135] usb 3-1: new low-speed USB device number 85 using dummy_hcd [ 2285.378941][T18135] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 2285.387078][T18135] usb 3-1: config 0 has no interface number 0 [ 2285.393855][T18135] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 2285.404931][T18135] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 2285.415787][T18135] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 2285.425483][T18135] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2285.435693][T18135] usb 3-1: config 0 descriptor?? [ 2285.449220][ T7565] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 2285.462812][T18135] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 2285.689000][T18135] usb 3-1: USB disconnect, device number 85 [ 2285.689001][ C0] iowarrior 3-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 2286.535526][ T7632] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 2286.590628][ T7636] netlink: 60 bytes leftover after parsing attributes in process `syz.4.40783'. [ 2286.889814][ T7660] loop8: detected capacity change from 0 to 8 [ 2286.914868][ T7660] Dev loop8: unable to read RDB block 8 [ 2286.927990][ T7660] loop8: unable to read partition table [ 2286.945377][ T7660] loop8: partition table beyond EOD, truncated [ 2286.952884][ T7660] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 2287.842369][ T7701] dummy0: entered allmulticast mode [ 2287.854025][ T7700] dummy0: left allmulticast mode [ 2288.317425][T18134] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 2288.478439][T18134] usb 5-1: Using ep0 maxpacket: 16 [ 2288.495203][T18134] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2288.510199][T18134] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2288.522170][T18134] usb 5-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31 [ 2288.532934][T18134] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2288.543383][T18134] usb 5-1: Product: syz [ 2288.549290][T18134] usb 5-1: Manufacturer: syz [ 2288.554108][T18134] usb 5-1: SerialNumber: syz [ 2288.575375][T18134] usb 5-1: config 0 descriptor?? [ 2288.832585][ T7713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2288.858360][ T7713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2288.890008][ T7713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2288.913797][ T7713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2288.931164][T18134] usb 5-1: USB disconnect, device number 24 [ 2289.223527][T17594] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20001 - 0 [ 2289.236522][T17594] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20001 - 0 [ 2289.279857][T17594] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20001 - 0 [ 2289.388748][T18134] usb 5-1: new full-speed USB device number 25 using dummy_hcd [ 2289.415326][ T7839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.40829'. [ 2289.425235][ T7839] netlink: 'syz.3.40829': attribute type 21 has an invalid length. [ 2289.558078][T18134] usb 5-1: config 0 has an invalid interface number: 229 but max is 0 [ 2289.577157][T18134] usb 5-1: config 0 has no interface number 0 [ 2289.590787][T18134] usb 5-1: config 0 interface 229 altsetting 0 endpoint 0x8D has an invalid bInterval 0, changing to 10 [ 2289.618322][T18134] usb 5-1: config 0 interface 229 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2289.642985][T18134] usb 5-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38 [ 2289.654918][T18134] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2289.664289][T18134] usb 5-1: Product: syz [ 2289.674169][T18134] usb 5-1: Manufacturer: syz [ 2289.680361][T18134] usb 5-1: SerialNumber: syz [ 2289.715412][T18134] usb 5-1: config 0 descriptor?? [ 2289.967858][T18134] usb 5-1: USB disconnect, device number 25 [ 2290.267830][ T137] tipc: Subscription rejected, illegal request [ 2290.806329][ T7937] netlink: 'syz.2.40851': attribute type 1 has an invalid length. [ 2290.862141][ T7937] netlink: 76 bytes leftover after parsing attributes in process `syz.2.40851'. [ 2291.005946][ T29] kauditd_printk_skb: 31 callbacks suppressed [ 2291.005964][ T29] audit: type=1326 audit(1776599762.539:2208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7947 comm="syz.3.40857" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705f01c code=0x0 [ 2291.213678][ T7964] binder: 7962:7964 ioctl c018620b 80000100 returned -14 [ 2291.697473][T21121] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 2291.850348][T21121] usb 5-1: Using ep0 maxpacket: 8 [ 2291.881742][T21121] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 2291.896795][T21121] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2291.926957][T21121] pvrusb2: Hardware description: Terratec Grabster AV400 [ 2291.952223][T21121] pvrusb2: ********** [ 2291.958137][T21121] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 2291.978522][T21121] pvrusb2: Important functionality might not be entirely working. [ 2291.986431][T21121] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 2292.000480][T21121] pvrusb2: ********** [ 2292.039699][ T8003] netlink: 80 bytes leftover after parsing attributes in process `syz.0.40874'. [ 2292.121632][ T2352] pvrusb2: Invalid write control endpoint [ 2292.172013][ T2352] pvrusb2: Invalid write control endpoint [ 2292.179521][ T2352] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 2292.189403][ T2352] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 2292.197300][ T2352] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 2292.208033][ T2352] pvrusb2: Device being rendered inoperable [ 2292.214431][ T2352] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 2292.229788][ T2352] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_e) [ 2292.249197][ T2352] pvrusb2: Attached sub-driver cx25840 [ 2292.255098][ T2352] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 2292.266098][ T2352] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 2292.333786][T18134] usb 5-1: USB disconnect, device number 26 [ 2292.885552][ T8053] bond0: entered promiscuous mode [ 2292.891374][ T8053] bond_slave_0: entered promiscuous mode [ 2292.900553][ T8053] bond_slave_1: entered promiscuous mode [ 2292.908414][ T8053] batadv0: entered promiscuous mode [ 2292.909985][ T8053] debugfs: 'hsr1' already exists in 'hsr' [ 2292.921001][ T8053] Cannot create hsr debugfs directory [ 2293.079781][T21121] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 2293.217650][T18134] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 2293.259938][T21121] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 2293.276204][T21121] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2293.284755][T21121] usb 3-1: Product: syz [ 2293.291571][T21121] usb 3-1: Manufacturer: syz [ 2293.296563][T21121] usb 3-1: SerialNumber: syz [ 2293.305993][T21121] usb 3-1: config 0 descriptor?? [ 2293.368161][T18134] usb 5-1: Using ep0 maxpacket: 32 [ 2293.375716][T18134] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 2293.386496][T18134] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 2293.403436][T18134] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2293.414735][T18134] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 2293.437883][T18134] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 2293.450021][T18134] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2293.458779][T18134] usb 5-1: Product: syz [ 2293.463108][T18134] usb 5-1: Manufacturer: syz [ 2293.468346][T18134] usb 5-1: SerialNumber: syz [ 2293.484784][ C1] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 2293.504820][T18134] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:155.0/input/input299 [ 2293.717648][T18134] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 2293.726272][T18134] (id 0x00) [ 2293.797842][T18134] rc_core: IR keymap rc-imon-pad not found [ 2293.804106][T18134] Registered IR keymap rc-empty [ 2293.812343][T18134] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 2293.825233][T18134] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 2293.923330][T18134] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:155.0/rc/rc0 [ 2293.936461][T18134] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:155.0/rc/rc0/input300 [ 2293.954879][T18134] imon 5-1:155.0: iMON device (15c2:ffdc, intf0) on usb<5:27> initialized [ 2294.131519][ T8058] imon:vfd_write: invalid payload size [ 2294.141164][T18134] usb 5-1: USB disconnect, device number 27 [ 2294.169437][T21121] usb 3-1: Firmware version (0.0) predates our first public release. [ 2294.180325][T21121] usb 3-1: Please update to version 0.2 or newer [ 2294.244907][T21121] usb 3-1: USB disconnect, device number 86 [ 2294.749083][ T8145] team0: Device ipip0 is up. Set it down before adding it as a team port [ 2295.913379][ T8202] CUSE: info not properly terminated [ 2296.942850][ T8255] binder: 8254:8255 ioctl c0306201 80000480 returned -14 [ 2298.941246][ T8343] syzkaller1: entered promiscuous mode [ 2298.946790][ T8343] syzkaller1: entered allmulticast mode [ 2299.281368][ T29] audit: type=1326 audit(1776599770.819:2209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8365 comm="syz.4.40976" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2299.304807][ T29] audit: type=1326 audit(1776599770.819:2210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8365 comm="syz.4.40976" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2299.331877][ T29] audit: type=1326 audit(1776599770.819:2211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8365 comm="syz.4.40976" exe="/root/syz-executor" sig=0 arch=40000003 syscall=396 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2299.356159][ T29] audit: type=1326 audit(1776599770.819:2212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8365 comm="syz.4.40976" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2299.380269][ T29] audit: type=1326 audit(1776599770.819:2213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8365 comm="syz.4.40976" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2299.403877][ T29] audit: type=1326 audit(1776599770.819:2214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8365 comm="syz.4.40976" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2299.429528][ T29] audit: type=1326 audit(1776599770.819:2215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8365 comm="syz.4.40976" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2299.453112][ T29] audit: type=1326 audit(1776599770.819:2216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8365 comm="syz.4.40976" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2299.479236][ T29] audit: type=1326 audit(1776599770.819:2217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8365 comm="syz.4.40976" exe="/root/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2299.502692][ T29] audit: type=1326 audit(1776599770.819:2218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8365 comm="syz.4.40976" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x7ffc0000 [ 2299.918213][ T8381] netlink: 8 bytes leftover after parsing attributes in process `syz.3.40982'. [ 2300.556767][ T8404] netlink: 'syz.3.40990': attribute type 5 has an invalid length. [ 2300.720476][ T8410] input: syz0 as /devices/virtual/input/input301 [ 2301.468147][ T8436] netlink: 4 bytes leftover after parsing attributes in process `syz.1.40999'. [ 2301.724057][ T8459] netlink: 4 bytes leftover after parsing attributes in process `syz.3.41005'. [ 2302.179998][ T8492] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 2302.350194][ T8505] loop8: detected capacity change from 0 to 8 [ 2302.363215][ T8505] loop8: [CUMANA/ADFS] p1 [ADFS] p1 [ 2302.373083][ T8505] loop8: partition table partially beyond EOD, truncated [ 2302.383993][ T8510] netlink: 48 bytes leftover after parsing attributes in process `syz.0.41020'. [ 2302.384677][ T8505] loop8: p1 size 3004527350 extends beyond EOD, truncated [ 2304.239629][ T8610] netlink: 'syz.2.41057': attribute type 13 has an invalid length. [ 2305.334504][ T8641] sctp: [Deprecated]: syz.3.41068 (pid 8641) Use of int in max_burst socket option deprecated. [ 2305.334504][ T8641] Use struct sctp_assoc_value instead [ 2305.462082][ T8649] ALSA: mixer_oss: invalid OSS volume '' [ 2305.469173][ T8649] ALSA: mixer_oss: invalid OSS volume 'IGAI' [ 2305.731178][ T8667] dummy0: Caught tx_queue_len zero misconfig [ 2305.804653][ T8669] netlink: 28 bytes leftover after parsing attributes in process `syz.0.41080'. [ 2305.816872][ T8669] netlink: 'syz.0.41080': attribute type 7 has an invalid length. [ 2305.826180][ T8669] netlink: 'syz.0.41080': attribute type 8 has an invalid length. [ 2305.835536][ T8669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.41080'. [ 2305.931905][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.0.41083'. [ 2306.029548][ T8683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.41085'. [ 2306.443613][ T8716] netlink: 4 bytes leftover after parsing attributes in process `syz.4.41095'. [ 2306.473876][ T8718] netlink: 92 bytes leftover after parsing attributes in process `syz.3.41096'. [ 2306.638968][ T8732] netlink: 'syz.3.41097': attribute type 12 has an invalid length. [ 2306.660289][ T8732] netlink: 'syz.3.41097': attribute type 12 has an invalid length. [ 2306.906482][ T8754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.41104'. [ 2307.243429][ T8785] netlink: 'syz.2.41111': attribute type 1 has an invalid length. [ 2307.912532][ T8821] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 2308.867962][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2308.965242][ T8887] cifs: Unknown parameter 'fd,ffffffffffffff' [ 2309.087864][T18134] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 2309.247544][T18134] usb 3-1: Using ep0 maxpacket: 16 [ 2309.254865][T18134] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2309.276489][T18134] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2309.301624][T18134] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2309.330354][T18134] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 2309.353721][T18134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2309.400049][T18134] usb 3-1: config 0 descriptor?? [ 2309.767407][T21121] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 2309.885434][T18134] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.00B0/input/input302 [ 2309.949415][T21121] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 2309.964693][T21121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 2309.985631][T21121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 2309.986766][T18134] microsoft 0003:045E:07DA.00B0: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 2310.024624][T21121] usb 5-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 2310.045014][T21121] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2310.055339][T21121] usb 5-1: Product: syz [ 2310.060369][T21121] usb 5-1: Manufacturer: syz [ 2310.065014][T21121] usb 5-1: SerialNumber: syz [ 2310.083519][T21121] usb 5-1: config 0 descriptor?? [ 2310.122585][T18134] usb 3-1: USB disconnect, device number 87 [ 2311.270985][ T8995] netlink: 4 bytes leftover after parsing attributes in process `syz.4.41160'. [ 2311.282373][ T8995] netlink: 4 bytes leftover after parsing attributes in process `syz.4.41160'. [ 2312.354040][ T9013] netlink: 'syz.4.41166': attribute type 13 has an invalid length. [ 2312.360173][ T9016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.41176'. [ 2312.665552][ T9034] input: syz1 as /devices/virtual/input/input304 [ 2312.833866][ T9044] syzkaller1: entered promiscuous mode [ 2312.840610][ T9044] syzkaller1: entered allmulticast mode [ 2312.858569][T18134] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 2313.026573][ T9054] netlink: 116 bytes leftover after parsing attributes in process `syz.3.41178'. [ 2313.041957][T18134] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 2313.059857][T18134] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 2313.085146][T18134] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 2313.109627][T18134] usb 3-1: config 220 has no interface number 2 [ 2313.125210][T18134] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 2313.149122][T18134] usb 3-1: config 220 interface 0 has no altsetting 0 [ 2313.156111][T18134] usb 3-1: config 220 interface 76 has no altsetting 0 [ 2313.163765][T18134] usb 3-1: config 220 interface 1 has no altsetting 0 [ 2313.174369][T18134] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 2313.185059][T18134] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2313.202295][T18134] usb 3-1: Product: syz [ 2313.206612][T18134] usb 3-1: Manufacturer: syz [ 2313.211900][T18134] usb 3-1: SerialNumber: syz [ 2313.492317][T18134] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 2313.500744][T18134] uvcvideo 3-1:220.0: No valid video chain found. [ 2313.508956][T18134] usb 3-1: selecting invalid altsetting 0 [ 2313.525197][T18134] usb 3-1: selecting invalid altsetting 0 [ 2313.532199][T18134] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 2313.555888][T18134] usb 3-1: USB disconnect, device number 88 [ 2315.066823][ T9168] input: syz1 as /devices/virtual/input/input305 [ 2315.609446][ T9200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.41211'. [ 2316.207746][ T9228] syzkaller1: entered promiscuous mode [ 2316.221765][ T9228] syzkaller1: entered allmulticast mode [ 2316.270743][ T9235] loop9: detected capacity change from 0 to 7 [ 2316.300272][ T9235] Dev loop9: unable to read RDB block 7 [ 2316.309865][ T9235] loop9: unable to read partition table [ 2316.323248][ T9235] loop9: partition table beyond EOD, truncated [ 2316.330021][ T9235] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 2317.114013][ T9269] input: syz1 as /devices/virtual/input/input306 [ 2318.394702][ T9291] netlink: 'syz.0.41234': attribute type 13 has an invalid length. [ 2319.822738][ T9356] input: syz1 as /devices/virtual/input/input307 [ 2320.388000][T21121] iguanair 5-1:0.0: failed to get version [ 2320.399838][T21121] iguanair 5-1:0.0: probe with driver iguanair failed with error -110 [ 2320.417536][T21121] usb 5-1: USB disconnect, device number 28 [ 2321.209133][ T9407] input: syz0 as /devices/virtual/input/input308 [ 2322.525661][ T9502] netlink: 24 bytes leftover after parsing attributes in process `syz.4.41280'. [ 2322.694598][ T9509] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.41284'. [ 2322.868583][ T9518] input: syz0 as /devices/virtual/input/input309 [ 2322.892216][ T9518] input: failed to attach handler leds to device input309, error: -6 [ 2323.434535][ T9554] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.41299'. [ 2323.608078][T19409] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 2323.767785][T19409] usb 5-1: Using ep0 maxpacket: 16 [ 2323.779374][T19409] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2323.795332][T19409] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2323.805987][T19409] usb 5-1: config 0 interface 0 has no altsetting 0 [ 2323.813502][T19409] usb 5-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 2323.823170][T21121] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 2323.831914][T19409] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2323.848723][T19409] usb 5-1: config 0 descriptor?? [ 2323.991659][ T24] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 2323.998986][T21121] usb 3-1: Using ep0 maxpacket: 32 [ 2323.999138][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 2324.002626][T21121] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 7 [ 2324.028936][ T24] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 2324.037514][T21121] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 9272, setting to 1024 [ 2324.071929][T21121] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 2324.107764][T21121] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2324.120754][T21121] usb 3-1: Product: syz [ 2324.125035][T21121] usb 3-1: Manufacturer: syz [ 2324.130751][ T9609] netlink: 48 bytes leftover after parsing attributes in process `syz.3.41313'. [ 2324.131379][T21121] usb 3-1: SerialNumber: syz [ 2324.155983][T21121] usb 3-1: config 0 descriptor?? [ 2324.185147][T21121] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 2324.265448][T19409] hid (null): global environment stack underflow [ 2324.277689][T19409] hid (null): global environment stack underflow [ 2324.278342][T18135] IPVS: starting estimator thread 0... [ 2324.291461][T19409] hid (null): global environment stack underflow [ 2324.292756][ T9622] IPVS: rr: FWM 3 0x00000003 - no destination available [ 2324.298911][T19409] hid (null): unknown global tag 0xe [ 2324.312432][T19409] hid (null): global environment stack underflow [ 2324.319074][T19409] hid (null): unknown global tag 0xc [ 2324.324630][T19409] hid (null): unknown global tag 0xd [ 2324.337296][T19409] hid (null): unknown global tag 0xc [ 2324.344625][T19409] hid (null): unknown global tag 0xe [ 2324.350533][T19409] hid (null): report_id 1478990255 is invalid [ 2324.357171][T19409] hid (null): report_id 17176 is invalid [ 2324.368994][T19409] hid_parser_main: 79 callbacks suppressed [ 2324.369014][T19409] cougar 0003:060B:500A.00B1: unknown main item tag 0x0 [ 2324.386392][T19409] cougar 0003:060B:500A.00B1: unknown main item tag 0x0 [ 2324.397083][T19409] cougar 0003:060B:500A.00B1: unknown main item tag 0x0 [ 2324.399899][ T9623] IPVS: using max 30 ests per chain, 72000 per kthread [ 2324.405372][T19409] cougar 0003:060B:500A.00B1: unknown main item tag 0x0 [ 2324.428009][T19409] cougar 0003:060B:500A.00B1: unknown main item tag 0x0 [ 2324.435582][T19409] cougar 0003:060B:500A.00B1: unknown main item tag 0x0 [ 2324.443040][T19409] cougar 0003:060B:500A.00B1: unknown main item tag 0x0 [ 2324.450905][T19409] cougar 0003:060B:500A.00B1: unknown main item tag 0x0 [ 2324.460508][T19409] cougar 0003:060B:500A.00B1: unknown main item tag 0x0 [ 2324.470739][T19409] cougar 0003:060B:500A.00B1: unknown main item tag 0x0 [ 2324.479283][T19409] cougar 0003:060B:500A.00B1: unexpected long global item [ 2324.486791][ T137] usb 3-1: Failed to submit usb control message: -71 [ 2324.486879][T18135] usb 3-1: USB disconnect, device number 89 [ 2324.495432][ T137] usb 3-1: unable to send the bmi data to the device: -71 [ 2324.495476][ T137] usb 3-1: unable to get target info from device [ 2324.495491][ T137] usb 3-1: could not get target info (-71) [ 2324.495525][ T137] usb 3-1: could not probe fw (-71) [ 2324.502317][T19409] cougar 0003:060B:500A.00B1: parse failed [ 2324.535768][T19409] cougar 0003:060B:500A.00B1: probe with driver cougar failed with error -22 [ 2324.551562][T19409] usb 5-1: USB disconnect, device number 29 [ 2324.981389][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 2324.981406][ T29] audit: type=1326 audit(1776599796.519:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9660 comm="syz.3.41324" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705f01c code=0x0 [ 2325.502178][ T9686] netlink: 4 bytes leftover after parsing attributes in process `syz.4.41332'. [ 2325.889056][T19409] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 2326.079523][T19409] usb 3-1: unable to get BOS descriptor or descriptor too short [ 2326.088800][T19409] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2326.099735][T19409] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 2326.108835][T19409] usb 3-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 2326.120456][T19409] usb 3-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 2326.133971][T19409] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 2326.145508][T19409] usb 3-1: config 1 interface 1 has no altsetting 0 [ 2326.152795][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 2326.152862][ T24] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 2326.162392][T19409] usb 3-1: string descriptor 0 read error: -22 [ 2326.172232][T19409] usb 3-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 2326.176529][ T24] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 2326.181823][T19409] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2327.085537][ T9736] netlink: 12 bytes leftover after parsing attributes in process `syz.3.41348'. [ 2327.186264][ T9744] ALSA: mixer_oss: invalid OSS volume '' [ 2327.221756][T19409] usb 3-1: 2:0: failed to get current value for ch 1 (-71) [ 2327.379566][T19409] usb 3-1: USB disconnect, device number 90 [ 2328.227413][ T24] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 2328.227733][ T50] Bluetooth: hci3: command 0x0406 tx timeout [ 2328.239170][ T24] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 2328.463614][ T9819] ipvlan2: entered promiscuous mode [ 2328.526393][ T9819] ipvlan2: entered allmulticast mode [ 2328.539772][ T9819] gretap0: entered allmulticast mode [ 2328.551141][ T9819] team0: Device ipvlan2 failed to register rx_handler [ 2329.340958][ T9886] batadv_slave_1: entered promiscuous mode [ 2329.359506][ T9885] batadv_slave_1: left promiscuous mode [ 2329.707833][T19409] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 2329.859683][T19409] usb 5-1: unable to get BOS descriptor or descriptor too short [ 2329.869652][T19409] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2329.880773][T19409] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 2329.890109][T19409] usb 5-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 2329.903928][T19409] usb 5-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 2329.918013][T19409] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 2329.928895][T19409] usb 5-1: config 1 interface 1 has no altsetting 0 [ 2329.939031][T19409] usb 5-1: string descriptor 0 read error: -22 [ 2329.945541][T19409] usb 5-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 2329.955045][T19409] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2330.046700][ T9909] ip6_tunnel: non-ECT from fe88:a43d:e1a4:0000:0000:0000:0002:7d01 with DS=0x1 [ 2330.098213][ T9915] netlink: 4 bytes leftover after parsing attributes in process `syz.1.41401'. [ 2330.153237][ T9917] netlink: 132 bytes leftover after parsing attributes in process `syz.1.41402'. [ 2330.275327][ T9928] tunl0: Caught tx_queue_len zero misconfig [ 2330.307393][ T24] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 2330.316344][ T24] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 2330.319973][ T50] Bluetooth: hci4: command 0x0c1a tx timeout [ 2330.376211][T19409] usb 5-1: 2:0: cannot get min/max values for control 2 (id 2) [ 2330.384862][T19409] usb 5-1: Warning! Unlikely small volume range (=1), linear volume or custom curve? [ 2330.395672][T19409] usb 5-1: [2] FU [Speaker Playback Volume] ch = 1, val = 0/1/1 [ 2330.477930][T21121] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 2330.648674][T21121] usb 3-1: Using ep0 maxpacket: 32 [ 2330.661027][T21121] usb 3-1: config 0 has no interfaces? [ 2330.672252][T21121] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 2330.682979][T21121] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 2330.693954][T21121] usb 3-1: Product: syz [ 2330.698322][T21121] usb 3-1: Manufacturer: syz [ 2330.702963][T21121] usb 3-1: SerialNumber: syz [ 2330.715576][T21121] usb 3-1: config 0 descriptor?? [ 2330.834680][T19409] usb 5-1: 2:0: failed to get current value for ch 1 (-71) [ 2330.880526][T19409] usb 5-1: USB disconnect, device number 30 [ 2330.956372][ T9921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2330.965816][ T9921] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2330.994204][ T9921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2331.005008][ T9921] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2331.018472][ T24] usb 3-1: USB disconnect, device number 91 [ 2331.326282][T10026] syzkaller1: entered promiscuous mode [ 2331.332014][T10026] syzkaller1: entered allmulticast mode [ 2331.497476][T19409] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 2331.704677][T19409] usb 3-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=b7.5a [ 2331.727786][T19409] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2331.742390][T19409] usb 3-1: Product: syz [ 2331.753364][T19409] usb 3-1: Manufacturer: syz [ 2331.766964][T19409] usb 3-1: SerialNumber: syz [ 2331.782059][T19409] usb 3-1: config 0 descriptor?? [ 2331.796902][T19409] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 2331.818457][T19409] ftdi_sio ttyUSB0: unknown device type: 0xb75a [ 2332.043623][T19409] usb 3-1: USB disconnect, device number 92 [ 2332.053551][T19409] ftdi_sio 3-1:0.0: device disconnected [ 2333.392750][T10166] syzkaller1: entered promiscuous mode [ 2333.407634][T10166] syzkaller1: entered allmulticast mode [ 2334.416090][T10202] syzkaller1: entered promiscuous mode [ 2334.486481][T10202] syzkaller1: entered allmulticast mode [ 2335.256241][ T1101] hid_parser_main: 73 callbacks suppressed [ 2335.256260][ T1101] hid-generic 0000:0000:0000.00B2: unknown main item tag 0x0 [ 2335.279196][ T1101] hid-generic 0000:0000:0000.00B2: hidraw0: HID v0.00 Device [syz1] on syz0 [ 2335.903455][T10266] netlink: 'syz.4.41473': attribute type 5 has an invalid length. [ 2336.729106][T10292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.41481'. [ 2339.481910][T10393] binder: 10392:10393 ioctl c0306201 80000300 returned -22 [ 2339.766165][T10423] gre0: entered promiscuous mode [ 2339.771706][T10423] gre0: entered allmulticast mode [ 2341.363295][T10519] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 2341.772789][T10531] netlink: 8 bytes leftover after parsing attributes in process `syz.4.41539'. [ 2341.784676][T10531] netlink: 12 bytes leftover after parsing attributes in process `syz.4.41539'. [ 2341.962634][ T29] audit: type=1326 audit(1776599813.499:2223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10554 comm="syz.4.41541" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc701c code=0x0 [ 2342.355286][T10575] netlink: 64859 bytes leftover after parsing attributes in process `syz.3.41547'. [ 2342.757859][ T1101] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 2342.947436][ T1101] usb 3-1: Using ep0 maxpacket: 16 [ 2342.963623][T10623] syzkaller1: entered promiscuous mode [ 2342.966501][ T1101] usb 3-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 2342.970504][T10623] syzkaller1: entered allmulticast mode [ 2342.998889][ T1101] usb 3-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 2343.030870][ T1101] usb 3-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2343.073666][ T1101] usb 3-1: config 1 interface 0 has no altsetting 0 [ 2343.090733][ T1101] usb 3-1: New USB device found, idVendor=0521, idProduct=b1a8, bcdDevice= 0.40 [ 2343.108971][ T1101] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2343.123416][ T1101] usb 3-1: Product: syz [ 2343.133927][ T1101] usb 3-1: Manufacturer: syz [ 2343.141264][ T1101] usb 3-1: SerialNumber: syz [ 2343.528638][ T1101] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 93 if 0 alt 255 proto 1 vid 0x0521 pid 0xB1A8 [ 2343.544006][T10654] syzkaller1: entered promiscuous mode [ 2343.556702][T10654] syzkaller1: entered allmulticast mode [ 2343.719654][T10672] macvtap1: entered promiscuous mode [ 2343.726847][T10672] macvtap1: entered allmulticast mode [ 2343.733575][T21121] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 2343.743382][T10672] veth1_vlan: entered allmulticast mode [ 2343.798558][T10675] macvtap2: entered promiscuous mode [ 2343.806660][T10675] macvtap2: entered allmulticast mode [ 2343.842666][ T24] usb 3-1: USB disconnect, device number 93 [ 2343.909308][T21121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2343.935149][T21121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2343.963267][T21121] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 2343.980970][T21121] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2344.010381][T21121] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2344.023578][T21121] usb 5-1: config 0 descriptor?? [ 2344.033940][T10699] netlink: 116 bytes leftover after parsing attributes in process `syz.1.41566'. [ 2344.141430][T10576] usblp0: removed [ 2344.453738][T21121] plantronics 0003:047F:FFFF.00B3: reserved main item tag 0xd [ 2344.476253][T21121] plantronics 0003:047F:FFFF.00B3: unknown main item tag 0x0 [ 2344.484543][T21121] plantronics 0003:047F:FFFF.00B3: unknown main item tag 0x0 [ 2344.493097][T21121] plantronics 0003:047F:FFFF.00B3: unknown main item tag 0x0 [ 2344.503511][T21121] plantronics 0003:047F:FFFF.00B3: unknown main item tag 0x0 [ 2344.511480][T21121] plantronics 0003:047F:FFFF.00B3: unknown main item tag 0x0 [ 2344.543729][T21121] plantronics 0003:047F:FFFF.00B3: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 2344.588134][T10730] netlink: 20 bytes leftover after parsing attributes in process `syz.1.41575'. [ 2344.722586][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 2344.730625][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 2344.853020][T21121] usb 5-1: USB disconnect, device number 31 [ 2344.936999][T10754] netlink: 35 bytes leftover after parsing attributes in process `syz.1.41581'. [ 2344.958590][T10754] netlink: 8 bytes leftover after parsing attributes in process `syz.1.41581'. [ 2345.446409][T10785] netlink: 14 bytes leftover after parsing attributes in process `syz.0.41591'. [ 2345.988130][T21121] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 2346.167821][T21121] usb 5-1: Using ep0 maxpacket: 32 [ 2346.176525][T21121] usb 5-1: config 0 has no interfaces? [ 2346.187168][T21121] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 2346.187635][T10834] syzkaller1: entered promiscuous mode [ 2346.203866][T21121] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 2346.213015][T10834] syzkaller1: entered allmulticast mode [ 2346.223094][T21121] usb 5-1: Product: syz [ 2346.239535][T21121] usb 5-1: Manufacturer: syz [ 2346.248603][T21121] usb 5-1: SerialNumber: syz [ 2346.290465][T21121] usb 5-1: config 0 descriptor?? [ 2346.558287][T10808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2346.575732][T10808] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2346.593013][T10808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2346.603547][T10808] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2346.620036][T21121] usb 5-1: USB disconnect, device number 32 [ 2347.077896][T18134] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 2347.245984][T18134] usb 5-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=b7.5a [ 2347.255898][T18134] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2347.265209][T18134] usb 5-1: Product: syz [ 2347.273888][T18134] usb 5-1: Manufacturer: syz [ 2347.283029][T18134] usb 5-1: SerialNumber: syz [ 2347.296795][T18134] usb 5-1: config 0 descriptor?? [ 2347.308377][T18134] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 2347.318912][T18134] ftdi_sio ttyUSB0: unknown device type: 0xb75a [ 2347.523085][T18134] usb 5-1: USB disconnect, device number 33 [ 2347.540384][T18134] ftdi_sio 5-1:0.0: device disconnected [ 2348.316184][T10948] netlink: 212892 bytes leftover after parsing attributes in process `syz.4.41625'. [ 2349.376903][T10997] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 2349.882548][T11024] loop5: detected capacity change from 0 to 7 [ 2349.891123][T11024] loop5: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 2349.899203][T11024] loop5: partition table partially beyond EOD, truncated [ 2349.909572][T11024] loop5: p1 size 1673702192 extends beyond EOD, truncated [ 2349.926802][T11024] loop5: p2 start 832840281 is beyond EOD, truncated [ 2349.993238][ T7623] udevd[7623]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 2351.299809][T11085] netlink: 4 bytes leftover after parsing attributes in process `syz.4.41676'. [ 2353.045988][T11140] netlink: 4 bytes leftover after parsing attributes in process `syz.0.41692'. [ 2353.060661][T11140] tipc: New replicast peer: 255.255.255.255 [ 2353.068163][T11140] tipc: Enabled bearer , priority 20 [ 2353.560471][T11161] Invalid argument reading file caps for ./file0 [ 2354.088802][T11192] netlink: 27 bytes leftover after parsing attributes in process `syz.4.41711'. [ 2354.201647][T11202] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.41715'. [ 2354.392340][T11214] syzkaller1: entered promiscuous mode [ 2354.406382][T11214] syzkaller1: entered allmulticast mode [ 2355.869529][T11281] input: syz1 as /devices/virtual/input/input312 [ 2356.608514][ T1101] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 2356.778799][ T1101] usb 3-1: unable to get BOS descriptor or descriptor too short [ 2356.807310][ T1101] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 2356.837869][ T1101] usb 3-1: New USB device found, idVendor=0582, idProduct=0016, bcdDevice= 0.40 [ 2356.856337][ T1101] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2356.866038][ T1101] usb 3-1: Product: syz [ 2356.870785][ T1101] usb 3-1: Manufacturer: syz [ 2356.879563][ T1101] usb 3-1: SerialNumber: syz [ 2357.698273][T11375] [ 2357.700643][T11375] ===================================================== [ 2357.707576][T11375] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 2357.715049][T11375] syzkaller #0 Tainted: G L [ 2357.721033][T11375] ----------------------------------------------------- [ 2357.727974][T11375] syz.0.41761/11375 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 2357.735797][T11375] ffff88807c272b20 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 [ 2357.736974][T18134] usb 3-1: USB disconnect, device number 94 [ 2357.744447][T11375] [ 2357.744447][T11375] and this task is already holding: [ 2357.744458][T11375] ffff88803493d408 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 2357.744508][T11375] which would create a new lock dependency: [ 2357.744515][T11375] (&new->fa_lock){....}-{3:3} -> (&f_owner->lock){....}-{3:3} [ 2357.744558][T11375] [ 2357.744558][T11375] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 2357.744569][T11375] (&client->buffer_lock){..-.}-{3:3} [ 2357.744590][T11375] [ 2357.744590][T11375] ... which became SOFTIRQ-irq-safe at: [ 2357.744600][T11375] lock_acquire+0x106/0x350 [ 2357.744631][T11375] _raw_spin_lock+0x2e/0x40 [ 2357.744653][T11375] evdev_pass_values+0xb9/0xbd0 [ 2357.744675][T11375] evdev_events+0x1e6/0x340 [ 2357.744695][T11375] input_pass_values+0x288/0x890 [ 2357.744713][T11375] input_event_dispose+0x3e5/0x6b0 [ 2357.744740][T11375] input_inject_event+0x1dc/0x330 [ 2357.744766][T11375] led_trigger_event+0x138/0x210 [ 2357.744786][T11375] kbd_bh+0x1c6/0x2e0 [ 2357.744809][T11375] tasklet_action_common+0x2da/0x4b0 [ 2357.744825][T11375] handle_softirqs+0x22a/0x840 [ 2357.744859][T11375] run_ksoftirqd+0x36/0x60 [ 2357.744877][T11375] smpboot_thread_fn+0x541/0xa50 [ 2357.744895][T11375] kthread+0x388/0x470 [ 2357.744915][T11375] ret_from_fork+0x514/0xb70 [ 2357.744944][T11375] ret_from_fork_asm+0x1a/0x30 [ 2357.744964][T11375] [ 2357.744964][T11375] to a SOFTIRQ-irq-unsafe lock: [ 2357.744973][T11375] (tasklist_lock){.+.+}-{3:3} [ 2357.744993][T11375] [ 2357.744993][T11375] ... which became SOFTIRQ-irq-unsafe at: [ 2357.745004][T11375] ... [ 2357.745009][T11375] lock_acquire+0x106/0x350 [ 2357.745037][T11375] _raw_read_lock+0x36/0x50 [ 2357.745059][T11375] __do_wait+0xde/0x740 [ 2357.745080][T11375] do_wait+0x1e7/0x510 [ 2357.745100][T11375] kernel_wait+0xd6/0x1c0 [ 2357.745118][T11375] call_usermodehelper_exec_work+0xbe/0x230 [ 2357.745140][T11375] process_scheduled_works+0xb5d/0x1860 [ 2357.745166][T11375] worker_thread+0xa53/0xfc0 [ 2357.757385][T11366] netlink: 24 bytes leftover after parsing attributes in process `syz.4.41760'. [ 2357.758421][T11375] kthread+0x388/0x470 [ 2357.952727][T11375] ret_from_fork+0x514/0xb70 [ 2357.957410][T11375] ret_from_fork_asm+0x1a/0x30 [ 2357.962248][T11375] [ 2357.962248][T11375] other info that might help us debug this: [ 2357.962248][T11375] [ 2357.972458][T11375] Chain exists of: [ 2357.972458][T11375] &client->buffer_lock --> &new->fa_lock --> tasklist_lock [ 2357.972458][T11375] [ 2357.985574][T11375] Possible interrupt unsafe locking scenario: [ 2357.985574][T11375] [ 2357.993876][T11375] CPU0 CPU1 [ 2357.999231][T11375] ---- ---- [ 2358.004580][T11375] lock(tasklist_lock); [ 2358.008815][T11375] local_irq_disable(); [ 2358.015552][T11375] lock(&client->buffer_lock); [ 2358.022934][T11375] lock(&new->fa_lock); [ 2358.029696][T11375] [ 2358.033145][T11375] lock(&client->buffer_lock); [ 2358.038158][T11375] [ 2358.038158][T11375] *** DEADLOCK *** [ 2358.038158][T11375] [ 2358.046283][T11375] 5 locks held by syz.0.41761/11375: [ 2358.051550][T11375] #0: ffff88803643e410 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 2358.060688][T11375] #1: ffffffff8eb03d50 (file_rwsem){++++}-{0:0}, at: __break_lease+0x4de/0x1e00 [ 2358.069914][T11375] #2: ffff8880988ef648 (&ctx->flc_lock){+.+.}-{3:3}, at: __break_lease+0x4e8/0x1e00 [ 2358.079393][T11375] #3: ffffffff8e95cce0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 2358.088440][T11375] #4: ffff88803493d408 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 2358.097578][T11375] [ 2358.097578][T11375] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 2358.107972][T11375] -> (&client->buffer_lock){..-.}-{3:3} { [ 2358.113781][T11375] IN-SOFTIRQ-W at: [ 2358.117834][T11375] lock_acquire+0x106/0x350 [ 2358.124159][T11375] _raw_spin_lock+0x2e/0x40 [ 2358.130471][T11375] evdev_pass_values+0xb9/0xbd0 [ 2358.137132][T11375] evdev_events+0x1e6/0x340 [ 2358.143440][T11375] input_pass_values+0x288/0x890 [ 2358.150185][T11375] input_event_dispose+0x3e5/0x6b0 [ 2358.157113][T11375] input_inject_event+0x1dc/0x330 [ 2358.163950][T11375] led_trigger_event+0x138/0x210 [ 2358.170700][T11375] kbd_bh+0x1c6/0x2e0 [ 2358.176493][T11375] tasklet_action_common+0x2da/0x4b0 [ 2358.183671][T11375] handle_softirqs+0x22a/0x840 [ 2358.190255][T11375] run_ksoftirqd+0x36/0x60 [ 2358.196478][T11375] smpboot_thread_fn+0x541/0xa50 [ 2358.203222][T11375] kthread+0x388/0x470 [ 2358.209102][T11375] ret_from_fork+0x514/0xb70 [ 2358.215510][T11375] ret_from_fork_asm+0x1a/0x30 [ 2358.222084][T11375] INITIAL USE at: [ 2358.226058][T11375] lock_acquire+0x106/0x350 [ 2358.232291][T11375] _raw_spin_lock+0x2e/0x40 [ 2358.238522][T11375] evdev_pass_values+0xb9/0xbd0 [ 2358.245099][T11375] evdev_events+0x1e6/0x340 [ 2358.251322][T11375] input_pass_values+0x288/0x890 [ 2358.257987][T11375] input_event_dispose+0x330/0x6b0 [ 2358.264836][T11375] input_inject_event+0x1dc/0x330 [ 2358.271587][T11375] evdev_write+0x325/0x4c0 [ 2358.277726][T11375] vfs_write+0x29a/0xb90 [ 2358.283692][T11375] ksys_write+0x150/0x270 [ 2358.289760][T11375] __do_fast_syscall_32+0x229/0x6e0 [ 2358.296685][T11375] do_fast_syscall_32+0x33/0x70 [ 2358.303260][T11375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2358.311317][T11375] } [ 2358.313886][T11375] ... key at: [] evdev_open.__key.27+0x0/0x20 [ 2358.322114][T11375] -> (&new->fa_lock){....}-{3:3} { [ 2358.327234][T11375] INITIAL USE at: [ 2358.331121][T11375] lock_acquire+0x106/0x350 [ 2358.337196][T11375] _raw_write_lock_irq+0x3d/0x50 [ 2358.343698][T11375] fasync_remove_entry+0xf1/0x1c0 [ 2358.350274][T11375] tun_chr_fasync+0x87/0x1a0 [ 2358.356414][T11375] __fput+0x890/0xa60 [ 2358.361953][T11375] task_work_run+0x1d9/0x270 [ 2358.368096][T11375] exit_to_user_mode_loop+0xed/0x480 [ 2358.375026][T11375] __do_fast_syscall_32+0x446/0x6e0 [ 2358.381785][T11375] do_fast_syscall_32+0x33/0x70 [ 2358.388197][T11375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2358.396077][T11375] INITIAL READ USE at: [ 2358.400391][T11375] lock_acquire+0x106/0x350 [ 2358.406883][T11375] _raw_read_lock_irqsave+0x48/0x60 [ 2358.414072][T11375] kill_fasync+0x199/0x4d0 [ 2358.420471][T11375] fuse_dev_queue_req+0x249/0x2c0 [ 2358.427569][T11375] fuse_simple_background+0xc66/0x1040 [ 2358.435024][T11375] fuse_send_init+0x3ec/0x740 [ 2358.441692][T11375] get_tree_nodev+0xbb/0x150 [ 2358.448354][T11375] fuse_get_tree+0x295/0x3b0 [ 2358.454933][T11375] vfs_get_tree+0x92/0x2a0 [ 2358.461336][T11375] do_new_mount+0x341/0xd30 [ 2358.467827][T11375] __se_sys_mount+0x31d/0x420 [ 2358.474494][T11375] __do_fast_syscall_32+0x229/0x6e0 [ 2358.481681][T11375] do_fast_syscall_32+0x33/0x70 [ 2358.488518][T11375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2358.496838][T11375] } [ 2358.499325][T11375] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 2358.507994][T11375] ... acquired at: [ 2358.511787][T11375] _raw_read_lock_irqsave+0x48/0x60 [ 2358.517148][T11375] kill_fasync+0x199/0x4d0 [ 2358.521731][T11375] evdev_pass_values+0x627/0xbd0 [ 2358.526841][T11375] evdev_events+0x1e6/0x340 [ 2358.531503][T11375] input_pass_values+0x288/0x890 [ 2358.536602][T11375] input_event_dispose+0x330/0x6b0 [ 2358.541881][T11375] input_inject_event+0x1dc/0x330 [ 2358.547088][T11375] evdev_write+0x325/0x4c0 [ 2358.551665][T11375] vfs_write+0x29a/0xb90 [ 2358.556069][T11375] ksys_write+0x150/0x270 [ 2358.560558][T11375] __do_fast_syscall_32+0x229/0x6e0 [ 2358.565923][T11375] do_fast_syscall_32+0x33/0x70 [ 2358.570936][T11375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2358.577433][T11375] [ 2358.579748][T11375] [ 2358.579748][T11375] the dependencies between the lock to be acquired [ 2358.579757][T11375] and SOFTIRQ-irq-unsafe lock: [ 2358.593245][T11375] -> (tasklist_lock){.+.+}-{3:3} { [ 2358.598450][T11375] HARDIRQ-ON-R at: [ 2358.602523][T11375] lock_acquire+0x106/0x350 [ 2358.608843][T11375] _raw_read_lock+0x36/0x50 [ 2358.615158][T11375] __do_wait+0xde/0x740 [ 2358.621126][T11375] do_wait+0x1e7/0x510 [ 2358.627003][T11375] kernel_wait+0xd6/0x1c0 [ 2358.633148][T11375] call_usermodehelper_exec_work+0xbe/0x230 [ 2358.640860][T11375] process_scheduled_works+0xb5d/0x1860 [ 2358.648224][T11375] worker_thread+0xa53/0xfc0 [ 2358.654630][T11375] kthread+0x388/0x470 [ 2358.660506][T11375] ret_from_fork+0x514/0xb70 [ 2358.666912][T11375] ret_from_fork_asm+0x1a/0x30 [ 2358.673485][T11375] SOFTIRQ-ON-R at: [ 2358.677536][T11375] lock_acquire+0x106/0x350 [ 2358.683864][T11375] _raw_read_lock+0x36/0x50 [ 2358.690175][T11375] __do_wait+0xde/0x740 [ 2358.696141][T11375] do_wait+0x1e7/0x510 [ 2358.702021][T11375] kernel_wait+0xd6/0x1c0 [ 2358.708160][T11375] call_usermodehelper_exec_work+0xbe/0x230 [ 2358.715871][T11375] process_scheduled_works+0xb5d/0x1860 [ 2358.723232][T11375] worker_thread+0xa53/0xfc0 [ 2358.729639][T11375] kthread+0x388/0x470 [ 2358.735525][T11375] ret_from_fork+0x514/0xb70 [ 2358.741930][T11375] ret_from_fork_asm+0x1a/0x30 [ 2358.748515][T11375] INITIAL USE at: [ 2358.752494][T11375] lock_acquire+0x106/0x350 [ 2358.758747][T11375] _raw_write_lock_irq+0x3d/0x50 [ 2358.765423][T11375] copy_process+0x2b5e/0x4450 [ 2358.771833][T11375] kernel_clone+0x284/0x8f0 [ 2358.778060][T11375] user_mode_thread+0x110/0x180 [ 2358.784637][T11375] rest_init+0x23/0x300 [ 2358.790518][T11375] start_kernel+0x38a/0x3e0 [ 2358.796753][T11375] x86_64_start_reservations+0x24/0x30 [ 2358.803941][T11375] x86_64_start_kernel+0x143/0x1c0 [ 2358.810792][T11375] common_startup_64+0x13e/0x147 [ 2358.817477][T11375] INITIAL READ USE at: [ 2358.821898][T11375] lock_acquire+0x106/0x350 [ 2358.828589][T11375] _raw_read_lock+0x36/0x50 [ 2358.835253][T11375] __do_wait+0xde/0x740 [ 2358.841572][T11375] do_wait+0x1e7/0x510 [ 2358.847887][T11375] kernel_wait+0xd6/0x1c0 [ 2358.854383][T11375] call_usermodehelper_exec_work+0xbe/0x230 [ 2358.862437][T11375] process_scheduled_works+0xb5d/0x1860 [ 2358.870158][T11375] worker_thread+0xa53/0xfc0 [ 2358.876933][T11375] kthread+0x388/0x470 [ 2358.883171][T11375] ret_from_fork+0x514/0xb70 [ 2358.889939][T11375] ret_from_fork_asm+0x1a/0x30 [ 2358.896889][T11375] } [ 2358.899464][T11375] ... key at: [] tasklist_lock+0x18/0x40 [ 2358.907368][T11375] ... acquired at: [ 2358.911249][T11375] _raw_read_lock+0x36/0x50 [ 2358.915916][T11375] send_sigurg+0x12b/0x420 [ 2358.920494][T11375] sk_send_sigurg+0x6c/0x2e0 [ 2358.925248][T11375] queue_oob+0x42c/0x4f0 [ 2358.929660][T11375] unix_stream_sendmsg+0xcb1/0xe80 [ 2358.934936][T11375] ____sys_sendmsg+0x972/0x9f0 [ 2358.939867][T11375] ___sys_sendmsg+0x2a5/0x360 [ 2358.944706][T11375] __sys_sendmsg+0x183/0x260 [ 2358.949460][T11375] __do_fast_syscall_32+0x229/0x6e0 [ 2358.954825][T11375] do_fast_syscall_32+0x33/0x70 [ 2358.959838][T11375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2358.966329][T11375] [ 2358.968638][T11375] -> (&f_owner->lock){....}-{3:3} { [ 2358.973846][T11375] INITIAL USE at: [ 2358.977724][T11375] lock_acquire+0x106/0x350 [ 2358.983784][T11375] _raw_write_lock_irq+0x3d/0x50 [ 2358.990270][T11375] __f_setown+0x67/0x370 [ 2358.996061][T11375] tun_chr_fasync+0x127/0x1a0 [ 2359.002378][T11375] do_vfs_ioctl+0x1117/0x1530 [ 2359.008609][T11375] __ia32_compat_sys_ioctl+0x572/0x950 [ 2359.015625][T11375] __do_fast_syscall_32+0x229/0x6e0 [ 2359.022383][T11375] do_fast_syscall_32+0x33/0x70 [ 2359.028792][T11375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2359.036672][T11375] INITIAL READ USE at: [ 2359.040987][T11375] lock_acquire+0x106/0x350 [ 2359.047483][T11375] _raw_read_lock_irqsave+0x48/0x60 [ 2359.054676][T11375] send_sigio+0x38/0x370 [ 2359.060900][T11375] dnotify_handle_event+0x169/0x440 [ 2359.068098][T11375] fsnotify+0x1831/0x1ae0 [ 2359.074412][T11375] fsnotify_access+0x22b/0x2a0 [ 2359.081162][T11375] iterate_dir+0x3ea/0x570 [ 2359.087568][T11375] __se_sys_getdents64+0xf1/0x280 [ 2359.094591][T11375] __do_fast_syscall_32+0x229/0x6e0 [ 2359.101783][T11375] do_fast_syscall_32+0x33/0x70 [ 2359.108623][T11375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2359.117117][T11375] } [ 2359.119601][T11375] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 2359.128488][T11375] ... acquired at: [ 2359.132275][T11375] _raw_read_lock_irqsave+0x48/0x60 [ 2359.137645][T11375] send_sigio+0x38/0x370 [ 2359.142047][T11375] kill_fasync+0x24d/0x4d0 [ 2359.146621][T11375] lease_break_callback+0x26/0x30 [ 2359.151839][T11375] __break_lease+0x81c/0x1e00 [ 2359.156674][T11375] do_dentry_open+0x1010/0x14e0 [ 2359.161692][T11375] vfs_open+0x3b/0x340 [ 2359.165927][T11375] path_openat+0x2e08/0x3860 [ 2359.170676][T11375] do_file_open+0x23e/0x4a0 [ 2359.175338][T11375] do_sys_openat2+0x113/0x200 [ 2359.180181][T11375] __ia32_sys_creat+0x8f/0xc0 [ 2359.185022][T11375] __do_fast_syscall_32+0x229/0x6e0 [ 2359.190384][T11375] do_fast_syscall_32+0x33/0x70 [ 2359.195399][T11375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2359.201985][T11375] [ 2359.204294][T11375] [ 2359.204294][T11375] stack backtrace: [ 2359.210169][T11375] CPU: 0 UID: 0 PID: 11375 Comm: syz.0.41761 Tainted: G L syzkaller #0 PREEMPT(full) [ 2359.210193][T11375] Tainted: [L]=SOFTLOCKUP [ 2359.210198][T11375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 2359.210209][T11375] Call Trace: [ 2359.210217][T11375] [ 2359.210224][T11375] dump_stack_lvl+0xe8/0x150 [ 2359.210250][T11375] __lock_acquire+0x2a94/0x2cf0 [ 2359.210280][T11375] ? send_sigio+0x38/0x370 [ 2359.210295][T11375] lock_acquire+0x106/0x350 [ 2359.210315][T11375] ? send_sigio+0x38/0x370 [ 2359.210331][T11375] ? kill_fasync+0x199/0x4d0 [ 2359.210346][T11375] ? lock_acquire+0x106/0x350 [ 2359.210367][T11375] ? kill_fasync+0x199/0x4d0 [ 2359.210384][T11375] _raw_read_lock_irqsave+0x48/0x60 [ 2359.210403][T11375] ? send_sigio+0x38/0x370 [ 2359.210417][T11375] send_sigio+0x38/0x370 [ 2359.210434][T11375] kill_fasync+0x24d/0x4d0 [ 2359.210450][T11375] ? kill_fasync+0x53/0x4d0 [ 2359.210467][T11375] lease_break_callback+0x26/0x30 [ 2359.210484][T11375] __break_lease+0x81c/0x1e00 [ 2359.210503][T11375] ? __pfx___break_lease+0x10/0x10 [ 2359.210518][T11375] ? __pfx_apparmor_file_open+0x10/0x10 [ 2359.210535][T11375] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 2359.210554][T11375] do_dentry_open+0x1010/0x14e0 [ 2359.210580][T11375] vfs_open+0x3b/0x340 [ 2359.210599][T11375] ? path_openat+0x2df0/0x3860 [ 2359.210616][T11375] path_openat+0x2e08/0x3860 [ 2359.210674][T11375] ? __pfx_stack_trace_save+0x10/0x10 [ 2359.210694][T11375] ? stack_depot_save_flags+0x33/0x810 [ 2359.210718][T11375] ? __pfx_path_openat+0x10/0x10 [ 2359.210732][T11375] ? __ia32_sys_creat+0x8f/0xc0 [ 2359.210755][T11375] ? __lock_acquire+0x6b5/0x2cf0 [ 2359.210779][T11375] do_file_open+0x23e/0x4a0 [ 2359.210797][T11375] ? __pfx_do_file_open+0x10/0x10 [ 2359.210819][T11375] ? _raw_spin_unlock+0x28/0x50 [ 2359.210835][T11375] ? alloc_fd+0x64b/0x6c0 [ 2359.210859][T11375] do_sys_openat2+0x113/0x200 [ 2359.210881][T11375] ? __se_sys_futex_time32+0x3ab/0x440 [ 2359.210899][T11375] ? __pfx_do_sys_openat2+0x10/0x10 [ 2359.210921][T11375] ? rcu_is_watching+0x15/0xb0 [ 2359.210938][T11375] __ia32_sys_creat+0x8f/0xc0 [ 2359.210962][T11375] __do_fast_syscall_32+0x229/0x6e0 [ 2359.210983][T11375] ? do_fast_syscall_32+0x33/0x70 [ 2359.211003][T11375] ? irqentry_exit+0x10f/0x730 [ 2359.211021][T11375] ? trace_irq_disable+0x3b/0x140 [ 2359.211041][T11375] do_fast_syscall_32+0x33/0x70 [ 2359.211061][T11375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2359.211080][T11375] RIP: 0023:0xf702f01c [ 2359.211094][T11375] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 2359.211109][T11375] RSP: 002b:00000000f541d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000008 [ 2359.211126][T11375] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 0000000000000195 [ 2359.211138][T11375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2359.211147][T11375] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2359.211157][T11375] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2359.211166][T11375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2359.211181][T11375]