last executing test programs: 7m54.231522841s ago: executing program 2 (id=997): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x3c, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x4}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040410}, 0x30) 7m54.102807292s ago: executing program 2 (id=999): r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x4854, 0x80, 0x0, 0x200000}, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0) syz_io_uring_submit(r1, r2, r3, &(0x7f0000000200)=@IORING_OP_SHUTDOWN={0x22, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x3121, 0xeed, 0x1, 0x0, 0x0) 7m54.070329856s ago: executing program 2 (id=1000): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) fstat(r0, &(0x7f0000000280)) 7m54.012877937s ago: executing program 2 (id=1002): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0x8) 7m53.963538777s ago: executing program 2 (id=1012): r0 = socket$kcm(0x11, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000001340)=@hci={0x1f, 0xd00, 0xe}, 0x80, &(0x7f0000002540)=[{&(0x7f00000006c0)='b', 0x48}], 0x1}, 0x0) 7m53.60554183s ago: executing program 2 (id=1011): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl726\x00', [0x4f27, 0x1f, 0x10000, 0xff, 0x5, 0xcc7, 0xfe4a, 0x7, 0xa, 0x100, 0x2, 0xffffffff, 0x6, 0x9, 0x3, 0x2, 0x41, 0x7, 0x3, 0x40000003, 0x40000089, 0x6, 0x4, 0x20001e58, 0xb, 0x9, 0x7c, 0x208, 0x6, 0x0, 0xb]}) 7m53.503685154s ago: executing program 32 (id=1011): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl726\x00', [0x4f27, 0x1f, 0x10000, 0xff, 0x5, 0xcc7, 0xfe4a, 0x7, 0xa, 0x100, 0x2, 0xffffffff, 0x6, 0x9, 0x3, 0x2, 0x41, 0x7, 0x3, 0x40000003, 0x40000089, 0x6, 0x4, 0x20001e58, 0xb, 0x9, 0x7c, 0x208, 0x6, 0x0, 0xb]}) 7m22.640368212s ago: executing program 1 (id=1829): r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000180)=[{{0x3, 0x0, 0x0, 0x1}, {0x1, 0x0, 0x1, 0x1}}], 0x8) 7m22.505618103s ago: executing program 1 (id=1833): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x8601, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0xb0000005}) 7m22.429785032s ago: executing program 1 (id=1836): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 7m22.415817856s ago: executing program 1 (id=1840): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa080019"], 0x58}}, 0x0) 7m22.35461744s ago: executing program 1 (id=1843): mkdir(&(0x7f0000005800)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000200)='./file0/bus\x00', &(0x7f00000001c0)='sysfs\x00', 0x0, 0x0) 7m22.250873787s ago: executing program 1 (id=1845): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000f00), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000f40)={0x64, r1, 0x1, 0xffffffff, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6}, {0x5}, {0x6}, {0x8, 0xb, 0x5}}]}, 0x64}}, 0x0) 7m6.864583175s ago: executing program 33 (id=1845): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000f00), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000f40)={0x64, r1, 0x1, 0xffffffff, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6}, {0x5}, {0x6}, {0x8, 0xb, 0x5}}]}, 0x64}}, 0x0) 6m12.807295613s ago: executing program 5 (id=3764): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0x10) 6m12.630844948s ago: executing program 5 (id=3766): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) ioctl$BTRFS_IOC_RM_DEV(r1, 0x5000940b, 0x0) 6m12.544487067s ago: executing program 5 (id=3768): r0 = syz_open_dev$media(&(0x7f00000000c0), 0x1, 0x20081) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000080)=0xffffffffffffffff) ioctl$MEDIA_REQUEST_IOC_QUEUE(r1, 0x7c80, 0x0) 6m12.490462396s ago: executing program 5 (id=3769): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0xc) 6m12.475631628s ago: executing program 5 (id=3772): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0) 6m12.103776038s ago: executing program 5 (id=3776): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) 6m11.935545065s ago: executing program 34 (id=3776): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) 1.230845785s ago: executing program 4 (id=10622): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @local, 0x4, 0x2, 0x5e, 0x200000000000, 0x100000000000006, 0x0, 0x7}) 1.170971117s ago: executing program 0 (id=10624): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2}}, 0x120) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2) write$UHID_DESTROY(r0, &(0x7f0000000200), 0x4) 1.170721997s ago: executing program 4 (id=10625): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x100) connect$packet(r0, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x2}, 0x14) shutdown(r0, 0x1) 1.069709871s ago: executing program 0 (id=10626): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CAP_MAX_VCPU_ID(r1, 0x4068aea3, &(0x7f0000000080)={0x80, 0x0, 0x6}) 723.166101ms ago: executing program 0 (id=10635): close(0x3) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000640)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(xcbc(camellia-generic))\x00'}, 0x58) close(0x3) 544.950167ms ago: executing program 0 (id=10633): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x300000c, 0x204031, 0xffffffffffffffff, 0xffffd000) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) getsockopt$inet_buf(r0, 0x118, 0x0, 0x0, &(0x7f00000003c0)=0x14) 477.530117ms ago: executing program 6 (id=10634): ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x23}, 0x8005d}) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, 0x0, 0x0) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x3, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x88fe) 477.206907ms ago: executing program 3 (id=10636): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000a40)=@newsa={0x194, 0x10, 0x1, 0x70bd2d, 0x0, {{@in6=@mcast2, @in=@dev={0xac, 0x14, 0x14, 0x11}, 0xfffe, 0xecdf, 0x0, 0x0, 0xa}, {@in=@private=0xa010101, 0xffffffff, 0x32}, @in=@broadcast, {0xfffffffffffffffe, 0xfffffffffffffffe, 0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x9}, {0xfffffffffffffffd, 0x400804, 0x9, 0x292}, {0x1cb00000, 0x5}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x2c}, [@algo_crypt={0x58, 0x2, {{'cbc(camellia)\x00'}, 0x80, "3ae0bd000b000000366a6a849a739045"}}, @algo_auth_trunc={0x4c, 0x14, {{'hmac(sha256)\x00'}, 0x0, 0x60}}]}, 0x194}}, 0x44050) r1 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r1, &(0x7f0000003780)={0x0, 0x34000, &(0x7f0000000080)=[{&(0x7f00000000c0)="020a000302000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x0) 477.01582ms ago: executing program 6 (id=10637): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000280)={r1}, &(0x7f0000000040)=0x8) 474.965725ms ago: executing program 0 (id=10643): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x54, r1, 0x1, 0xffffbffe, 0x4, {}, [@NBD_ATTR_SOCKETS={0x28, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c1937}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffd}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x2400c0d0) 339.609697ms ago: executing program 3 (id=10638): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000ff0100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008020000b704000000000000850000000300000095"], 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b00)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000100000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 337.944514ms ago: executing program 6 (id=10639): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @local, 0x4, 0x2, 0x5e, 0x200000000000, 0x100000000000006, 0x0, 0x7}) 277.879788ms ago: executing program 4 (id=10640): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe) listen(r0, 0x1) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 277.513704ms ago: executing program 6 (id=10641): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = landlock_create_ruleset(&(0x7f0000000240)={0x20}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f00000002c0)={0x20, r0}, 0x0) 275.517951ms ago: executing program 3 (id=10642): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$FIONREAD(r2, 0x541b, 0x0) 210.349438ms ago: executing program 4 (id=10644): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xc, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000940)="63eced8e46dc3f0adf33c9ffff000000000000cea90344b8877483329ccade00000000000006caa5b024ce6a1e7967541e73415b7d653d4eb2d05d39003a94ba5785b6e0e412b8b6654c22b8663e60929ac77771b1d597cd4a50346f66920f4903271b72df99cb9704cbf2dbde69a5296cbcb5312fa3f988e6f6eba3a526b2a1d3f324aaf340e4c3e6748779df19a5d6a35d8a3e243181432aba125573115c67b4673402688eba6de797da8d10ec62384ce29426db2308eaf3da4ce61f75aa7e25d1009ee1395b71936bb5d672b1379d09e0b73e99bf2bebdc9e0d2777b92ec32fda36c109aabaec603a116991294d1fb5e30e46ff687294f92b00dd5d4775595cdc6ecfa3525a32d9ba206677ea88290ad23b8bf514d3a3754f21f2a8563b85d741d990a9de86fd0b9b7b61a85c0e2fd39ea8a4b02c55f24fdf0206a743c7601aeb78d9b69b600e4d62d0f6038721", 0x0, 0x3800, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x7}, 0x24) 210.164276ms ago: executing program 6 (id=10645): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r1) sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000000180)={0x0, 0x3b, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000004001b0000000c00228059fe00800400008006002100", @ANYRESOCT=r0], 0x28}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000000) 210.039964ms ago: executing program 4 (id=10646): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80143, 0x1ff) close(r0) socket$xdp(0x2c, 0x3, 0x0) read$FUSE(r0, &(0x7f00000019c0)={0x2020}, 0x2020) 139.745657ms ago: executing program 4 (id=10647): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) umount2(0x0, 0x8) 139.538943ms ago: executing program 3 (id=10648): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) readv(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) 54.501253ms ago: executing program 3 (id=10649): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 54.039127ms ago: executing program 3 (id=10650): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 50.54436ms ago: executing program 0 (id=10651): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @local, 0x4, 0x2, 0x5e, 0x200000000000, 0x100000000000006, 0x0, 0x7}) 0s ago: executing program 6 (id=10652): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f0000000740)='./file0\x00', 0x0, 0x0) link(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000440)='./file0\x00') kernel console output (not intermixed with test programs): onflict (0x8005,32) [ 395.111232][T22670] netlink: 'syz.4.7551': attribute type 18 has an invalid length. [ 395.227930][T22676] vivid-008: disconnect [ 395.782543][T22247] Bluetooth: hci1: command 0x0406 tx timeout [ 396.005934][T22674] vivid-008: reconnect [ 396.063178][T22691] overlayfs: failed to clone upperpath [ 396.714195][T22724] sp0: Synchronizing with TNC [ 397.003730][T22746] vivid-002: disconnect [ 397.006273][T22745] vivid-002: reconnect [ 397.722159][T22780] netlink: 'syz.0.7601': attribute type 1 has an invalid length. [ 397.726457][T22780] netlink: 'syz.0.7601': attribute type 7 has an invalid length. [ 397.729767][T22780] netlink: 'syz.0.7601': attribute type 8 has an invalid length. [ 397.735215][T22780] __nla_validate_parse: 11 callbacks suppressed [ 397.735235][T22780] netlink: 208 bytes leftover after parsing attributes in process `syz.0.7601'. [ 397.743283][T22780] NCSI netlink: No device for ifindex 119 [ 399.919665][T22845] netlink: 27 bytes leftover after parsing attributes in process `syz.3.7630'. [ 400.105599][ T828] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 400.582825][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 400.585372][T22247] Bluetooth: hci4: command 0x1003 tx timeout [ 407.054633][T22918] binder: 22917:22918 ioctl c0306201 80000080 returned -14 [ 407.131441][T22922] vivid-007: disconnect [ 407.147040][T22922] vivid-007: reconnect [ 407.718548][T22955] program syz.0.7666 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 409.088077][T23008] ubi16: attaching mtd0 [ 409.090669][T23008] ubi16 error: ubi_attach_mtd_dev: bad VID header (16) or data offsets (80) [ 409.353568][T23027] loop5: detected capacity change from 0 to 7 [ 409.565996][T22916] Dev loop5: unable to read RDB block 7 [ 409.568479][T22916] loop5: unable to read partition table [ 409.571733][T22916] loop5: partition table beyond EOD, truncated [ 409.576114][T23028] Invalid logical block size (-1) [ 409.865860][T23027] Dev loop5: unable to read RDB block 7 [ 409.868589][T23027] loop5: unable to read partition table [ 409.870965][T23027] loop5: partition table beyond EOD, truncated [ 409.889282][T23027] loop_reread_partitions: partition scan of loop5 (Wý* %4FLQk݊5) failed (rc=-5) [ 410.885479][ T6035] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 411.053894][ T6035] usb 5-1: Using ep0 maxpacket: 8 [ 411.062610][ T6035] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 411.066668][ T6035] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 411.077400][ T6035] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.084984][ T6035] usb 5-1: config 0 descriptor?? [ 411.301515][ T6035] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 411.501557][ T6035] usb 5-1: USB disconnect, device number 28 [ 411.940638][ T1143] Bluetooth: hci4: Frame reassembly failed (-84) [ 411.947627][T23091] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 411.963712][ T1143] Bluetooth: hci4: Frame reassembly failed (-84) [ 412.028448][T23095] netlink: 24 bytes leftover after parsing attributes in process `syz.6.7729'. [ 412.033166][T23095] netlink: 32 bytes leftover after parsing attributes in process `syz.6.7729'. [ 413.943063][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 414.054383][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 414.054405][ T40] audit: type=1400 audit(2000000279.380:429): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A50302D302D353A2050434D204361707475726520302D302D35203A20534C4156450A50302D302D363A2050434D20506C61796261636B20302D302D36203A20534C4156450A50302D302D373A2050434D204361707475726520302D302D37203A20534C4156450A50302D302D383A2050434D20506C61796261636B20302D302D38203A20534C4156450A50302D302D393A2050434D204361707475726520302D302D39203A20534C4156450A50302D302D31303A2050434D20506C61796261636B20302D302D3130203A20534C4156450A50302D302D31313A2050434D204361707475726520302D302D3131203A pid=23103 comm="syz.3.7725" [ 414.619195][T23138] input: syz0 as /devices/virtual/input/input39 [ 414.652174][ T40] audit: type=1326 audit(2000000279.970:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23139 comm="syz.3.7742" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf704ef88 code=0x7ffc0000 [ 414.665945][ T40] audit: type=1326 audit(2000000279.970:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23139 comm="syz.3.7742" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 414.676199][ T40] audit: type=1326 audit(2000000279.970:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23139 comm="syz.3.7742" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 414.692779][ T40] audit: type=1326 audit(2000000279.980:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23139 comm="syz.3.7742" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf704ef88 code=0x7ffc0000 [ 414.712139][ T40] audit: type=1326 audit(2000000279.980:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23139 comm="syz.3.7742" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 414.725352][ T40] audit: type=1326 audit(2000000279.980:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23139 comm="syz.3.7742" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf704ef88 code=0x7ffc0000 [ 414.734911][ T40] audit: type=1326 audit(2000000279.980:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23139 comm="syz.3.7742" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf704ef88 code=0x7ffc0000 [ 414.745121][ T40] audit: type=1326 audit(2000000279.980:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23139 comm="syz.3.7742" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 414.751732][ T40] audit: type=1326 audit(2000000279.980:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23139 comm="syz.3.7742" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf704ef88 code=0x7ffc0000 [ 414.882192][T23153] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 415.558179][T23197] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7767'. [ 415.599076][T23200] netlink: 'syz.4.7768': attribute type 3 has an invalid length. [ 416.722656][ T9] usb 11-1: new full-speed USB device number 14 using dummy_hcd [ 416.885061][ T9] usb 11-1: config 0 has no interfaces? [ 416.887754][ T9] usb 11-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 416.895223][ T9] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.913725][ T9] usb 11-1: config 0 descriptor?? [ 416.975540][T23265] binder: 23264:23265 ioctl c0306201 800002c0 returned -14 [ 417.156171][T23271] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7797'. [ 417.181459][ T9] usb 11-1: USB disconnect, device number 14 [ 418.224540][T23314] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7815'. [ 418.229359][T23314] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7815'. [ 419.723533][T23357] loop9: detected capacity change from 0 to 524287999 [ 419.863041][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 419.868509][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 419.874873][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 419.880302][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 419.886333][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 419.892270][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 419.897676][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 419.904600][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 419.912141][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 419.918224][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 420.586460][T23386] veth1_to_bond: entered allmulticast mode [ 420.589921][T23386] veth1_to_bond: left allmulticast mode [ 421.997342][T23450] program syz.0.7877 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 423.137456][T23473] bond2: entered promiscuous mode [ 423.660188][ T34] kernel write not supported for file /amidi2 (pid: 34 comm: kworker/3:0) [ 423.795750][T23512] netlink: 27 bytes leftover after parsing attributes in process `syz.6.7906'. [ 423.870158][T23515] binder: 23514:23515 ioctl c0306201 0 returned -14 [ 424.215056][T23525] netlink: 44 bytes leftover after parsing attributes in process `syz.0.7911'. [ 424.872536][ C1] net_ratelimit: 42301 callbacks suppressed [ 424.872562][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 424.882040][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 424.887359][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 424.892847][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 424.899397][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 424.904685][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 424.910314][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 424.917059][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 424.922502][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 424.928549][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 426.092529][ T9] usb 11-1: new high-speed USB device number 15 using dummy_hcd [ 426.244647][ T9] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 426.248613][ T9] usb 11-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 426.254811][ T9] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 426.262548][ T9] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 426.268547][ T9] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 426.293921][ T9] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 426.297907][ T9] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 426.302000][ T9] usb 11-1: Product: syz [ 426.312507][ T9] usb 11-1: Manufacturer: syz [ 426.321154][ T9] cdc_wdm 11-1:1.0: skipping garbage [ 426.325270][ T9] cdc_wdm 11-1:1.0: skipping garbage [ 426.346000][ T9] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device [ 426.348823][ T9] cdc_wdm 11-1:1.0: Unknown control protocol [ 426.535058][ T9] usb 11-1: USB disconnect, device number 15 [ 427.579503][ T5951] Bluetooth: hci2: unexpected event for opcode 0x2002 [ 427.833347][T23621] netlink: 'syz.0.7953': attribute type 1 has an invalid length. [ 428.240651][T23650] netlink: 148 bytes leftover after parsing attributes in process `syz.0.7964'. [ 428.755864][T23678] loop4: detected capacity change from 0 to 524287936 [ 429.882472][ C1] net_ratelimit: 41522 callbacks suppressed [ 429.882498][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 429.890817][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 429.896760][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 429.902894][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 429.908901][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 429.914221][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 429.920619][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 429.926164][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 429.929085][T23725] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7992'. [ 429.931697][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 429.940928][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 430.982714][ T9] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 431.146413][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 431.152065][ T9] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 431.157350][ T9] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 431.161827][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 431.166448][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 431.170218][ T9] usb 5-1: config 1 has no interface number 0 [ 431.175308][ T9] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 431.179668][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.209696][ T9] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 431.412066][ T9] snd_usb_pod 5-1:1.1: set_interface failed [ 431.425769][ T9] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 431.429859][ T9] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 431.446219][ T9] usb 5-1: USB disconnect, device number 29 [ 431.793154][T23805] loop1: detected capacity change from 0 to 7 [ 431.798361][ C0] blk_print_req_error: 337 callbacks suppressed [ 431.798382][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 431.805995][ C0] buffer_io_error: 335 callbacks suppressed [ 431.806014][ C0] Buffer I/O error on dev loop1, logical block 0, async page read [ 431.815300][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 431.819775][ C0] Buffer I/O error on dev loop1, logical block 0, async page read [ 431.824682][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 431.829576][ C0] Buffer I/O error on dev loop1, logical block 0, async page read [ 431.834143][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 431.839488][ C0] Buffer I/O error on dev loop1, logical block 0, async page read [ 431.846722][ C2] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 431.851060][ C2] Buffer I/O error on dev loop1, logical block 0, async page read [ 431.856519][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 431.860864][ C0] Buffer I/O error on dev loop1, logical block 0, async page read [ 431.871051][ C2] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 431.875344][ C2] Buffer I/O error on dev loop1, logical block 0, async page read [ 431.878935][T23048] ldm_validate_partition_table(): Disk read failed. [ 431.882542][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 431.886926][ C0] Buffer I/O error on dev loop1, logical block 0, async page read [ 431.890487][ C2] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 431.895325][ C2] Buffer I/O error on dev loop1, logical block 0, async page read [ 431.900104][ C2] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 431.904226][ C2] Buffer I/O error on dev loop1, logical block 0, async page read [ 431.909154][T23048] Dev loop1: unable to read RDB block 0 [ 431.915231][T23048] loop1: unable to read partition table [ 431.918267][T23048] loop1: partition table beyond EOD, truncated [ 431.928074][T23805] ldm_validate_partition_table(): Disk read failed. [ 431.932274][T23805] Dev loop1: unable to read RDB block 0 [ 431.935179][T23805] loop1: unable to read partition table [ 431.938875][T23805] loop1: partition table beyond EOD, truncated [ 431.942153][T23805] loop_reread_partitions: partition scan of loop1 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 432.070759][T23815] loop6: detected capacity change from 0 to 524287999 [ 432.075041][T23815] ldm_validate_partition_table(): Disk read failed. [ 432.078807][T23815] Dev loop6: unable to read RDB block 0 [ 432.081522][T23815] loop6: unable to read partition table [ 432.085367][T23815] loop_reread_partitions: partition scan of loop6 (3 x) failed (rc=-5) [ 432.177228][T23815] loop6: unable to read partition table [ 432.180018][T23815] loop_reread_partitions: partition scan of loop6 (3 x) failed (rc=-5) [ 432.194706][ T5345] ldm_validate_partition_table(): Disk read failed. [ 432.200183][ T5345] Dev loop6: unable to read RDB block 0 [ 432.207115][ T5345] loop6: unable to read partition table [ 432.283458][T23821] tipc: Enabling of bearer rejected, failed to enable media [ 432.863627][T23856] netlink: 260 bytes leftover after parsing attributes in process `syz.4.8055'. [ 433.048352][T23869] vivid-003: disconnect [ 433.051099][T23868] vivid-003: reconnect [ 433.890017][T23912] binder: 23911:23912 ioctl c0306201 800002c0 returned -14 [ 434.424607][ T40] kauditd_printk_skb: 125 callbacks suppressed [ 434.424627][ T40] audit: type=1326 audit(2000000299.750:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23925 comm="syz.3.8088" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 434.465004][ T40] audit: type=1326 audit(2000000299.770:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23925 comm="syz.3.8088" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 434.476391][ T40] audit: type=1326 audit(2000000299.770:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23925 comm="syz.3.8088" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 434.892563][ C1] net_ratelimit: 50616 callbacks suppressed [ 434.892586][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 434.900953][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 434.907006][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 434.912848][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 434.918010][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 434.923865][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 434.929492][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 434.935577][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 434.942117][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 434.946405][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 434.968001][ T9] kernel read not supported for file /dsp (pid: 9 comm: kworker/0:0) [ 435.345479][T23962] tipc: Enabling of bearer rejected, failed to enable media [ 435.738264][T23980] sctp: Trying to GSO but underlying device doesn't support it. [ 436.258493][T24014] tipc: New replicast peer: 255.255.255.255 [ 436.265313][T24014] tipc: Enabled bearer , priority 10 [ 436.914291][ T40] audit: type=1326 audit(2000000302.240:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23999 comm="syz.3.8122" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf704ef88 code=0x7ffc0000 [ 436.928625][ T40] audit: type=1326 audit(2000000302.240:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23999 comm="syz.3.8122" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 436.945681][ T40] audit: type=1326 audit(2000000302.240:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23999 comm="syz.3.8122" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf704ef88 code=0x7ffc0000 [ 436.959988][ T40] audit: type=1326 audit(2000000302.240:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23999 comm="syz.3.8122" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 436.970629][ T40] audit: type=1326 audit(2000000302.240:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23999 comm="syz.3.8122" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf704ef88 code=0x7ffc0000 [ 436.981327][ T40] audit: type=1326 audit(2000000302.250:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23999 comm="syz.3.8122" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf704ef88 code=0x7ffc0000 [ 436.992187][ T40] audit: type=1326 audit(2000000302.250:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23999 comm="syz.3.8122" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf704ef88 code=0x7ffc0000 [ 437.129135][T24029] loop9: detected capacity change from 0 to 7 [ 437.137153][ C3] blk_print_req_error: 25 callbacks suppressed [ 437.137170][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 437.143484][ C3] buffer_io_error: 59 callbacks suppressed [ 437.143505][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 437.154450][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 437.158233][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 437.172512][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 437.177802][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 437.184610][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 437.188988][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 437.198148][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 437.202718][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 437.207826][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 437.212428][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 437.286627][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 437.291064][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 437.294350][T23048] ldm_validate_partition_table(): Disk read failed. [ 437.297711][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 437.303479][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 437.308449][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 437.313419][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 437.318509][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 437.322705][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 437.329970][T23048] Dev loop9: unable to read RDB block 0 [ 437.333268][T23048] loop9: unable to read partition table [ 437.336111][T23048] loop9: partition table beyond EOD, truncated [ 437.345363][T24029] ldm_validate_partition_table(): Disk read failed. [ 437.349998][T24029] Dev loop9: unable to read RDB block 0 [ 437.356952][T24029] loop9: unable to read partition table [ 437.359579][T24029] loop9: partition table beyond EOD, truncated [ 437.364500][T24029] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 437.541864][T24040] netlink: 'syz.6.8134': attribute type 39 has an invalid length. [ 439.265435][ T9] kernel read not supported for file /dsp1 (pid: 9 comm: kworker/0:0) [ 439.748170][T24134] netlink: 211856 bytes leftover after parsing attributes in process `syz.3.8179'. [ 439.796600][T24136] Context (ID=0x0) not attached to queue pair (handle=0x2:0x0) [ 439.806272][T24138] bond0: entered promiscuous mode [ 439.808383][T24138] bond_slave_0: entered promiscuous mode [ 439.822825][T24138] bond_slave_1: entered promiscuous mode [ 439.825302][T24138] bond1: entered promiscuous mode [ 439.902455][ C1] net_ratelimit: 48459 callbacks suppressed [ 439.902480][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 439.911746][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 439.918132][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 439.925438][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 439.930818][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 439.936504][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 439.942294][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 439.947614][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 439.954746][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 439.963607][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 440.587218][ T6035] kernel write not supported for file /amidi2 (pid: 6035 comm: kworker/2:3) [ 441.302686][ T34] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 441.473083][ T34] usb 5-1: Using ep0 maxpacket: 8 [ 441.508128][ T34] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 441.512961][ T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 441.516762][ T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 441.520329][ T34] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 441.531313][ T34] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 441.535285][ T40] kauditd_printk_skb: 73 callbacks suppressed [ 441.535308][ T40] audit: type=1326 audit(2000000306.850:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24192 comm="syz.4.8207" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7fc00000 [ 441.552649][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.672330][T24215] netlink: 44 bytes leftover after parsing attributes in process `syz.4.8217'. [ 441.773837][ T34] usb 5-1: GET_CAPABILITIES returned 0 [ 441.775793][ T34] usbtmc 5-1:16.0: can't read capabilities [ 441.976805][ T6035] usb 5-1: USB disconnect, device number 30 [ 442.449811][T24229] binder: 24228:24229 ioctl c0306201 0 returned -14 [ 443.834803][T24300] netlink: 'syz.4.8257': attribute type 4 has an invalid length. [ 444.336218][T24312] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8263'. [ 444.340334][T24312] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8263'. [ 444.912425][ C1] net_ratelimit: 50361 callbacks suppressed [ 444.912445][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 444.920760][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 444.927767][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 444.933571][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 444.940800][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 444.945619][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 444.950270][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 444.955828][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 444.960779][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 444.965633][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 445.157359][T24347] misc userio: Begin command sent, but we're already running [ 445.232859][ T9] kernel read not supported for file /dsp1 (pid: 9 comm: kworker/0:0) [ 445.377255][ T24] e1000 0000:00:06.0 eth0: Reset adapter [ 445.466292][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.503515][ T828] e1000 0000:00:06.0 eth0: Reset adapter [ 447.703730][ T828] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 449.922469][ C1] net_ratelimit: 60653 callbacks suppressed [ 449.922486][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 449.929577][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 449.934095][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 449.938529][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 449.943739][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 449.949070][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 449.952946][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 449.957735][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 449.962986][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 449.967271][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 454.932588][ C1] net_ratelimit: 51238 callbacks suppressed [ 454.932612][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 454.940895][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 454.946543][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 454.952760][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 454.958003][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 454.963693][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 454.970111][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 454.975622][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 454.981422][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 454.987654][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 459.942455][ C1] net_ratelimit: 54637 callbacks suppressed [ 459.942478][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 459.950375][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 459.956804][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 459.961073][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 459.965555][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 459.971390][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 459.977075][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 459.982224][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 459.987878][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 459.993837][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 462.749252][T24412] input: syz0 as /devices/virtual/input/input42 [ 463.051593][T24438] ptrace attach of "/syz-executor exec"[8220] was attempted by "/syz-executor exec"[24438] [ 463.248503][T24454] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8311'. [ 463.464005][ T5987] usb 11-1: new full-speed USB device number 16 using dummy_hcd [ 463.471561][T24455] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.478508][T24455] bridge0: entered promiscuous mode [ 463.480926][T24455] bridge0: entered allmulticast mode [ 463.635398][ T5987] usb 11-1: config 0 has an invalid interface number: 8 but max is 0 [ 463.642569][ T5987] usb 11-1: config 0 has no interface number 0 [ 463.646330][ T5987] usb 11-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 463.652150][ T5987] usb 11-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 463.658800][ T5987] usb 11-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 463.666067][ T5987] usb 11-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 463.669938][ T5987] usb 11-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 463.674318][ T5987] usb 11-1: Product: syz [ 463.676905][ T5987] usb 11-1: SerialNumber: syz [ 463.681444][ T5987] usb 11-1: config 0 descriptor?? [ 463.689898][ T5987] cm109 11-1:0.8: invalid payload size 0, expected 4 [ 463.705993][ T5987] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.8/input/input43 [ 464.126769][T24475] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 464.130844][T24475] IPv6: NLM_F_CREATE should be set when creating new route [ 464.134506][T24475] IPv6: NLM_F_CREATE should be set when creating new route [ 464.138678][T24475] IPv6: NLM_F_CREATE should be set when creating new route [ 464.436531][ C0] cm109 11-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 464.436689][ T34] usb 11-1: USB disconnect, device number 16 [ 464.442961][ C0] cm109 11-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 464.468596][ T34] cm109 11-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 464.725734][T24492] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8331'. [ 464.952612][ C1] net_ratelimit: 52449 callbacks suppressed [ 464.952644][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 464.964381][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 464.970432][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 464.978017][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 464.985170][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 464.991359][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 464.997679][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 465.003386][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 465.011557][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 465.017872][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 465.838056][T24544] gfs2: path_lookup on  returned error -2 [ 466.179631][T24560] trusted_key: encrypted_key: keyword 'upw' not recognized [ 467.188530][T24616] netlink: 'syz.6.8384': attribute type 2 has an invalid length. [ 467.764322][T24648] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8398'. [ 467.782107][T24648] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8398'. [ 467.932930][ T6035] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 468.005128][T24660] netlink: 28 bytes leftover after parsing attributes in process `syz.6.8403'. [ 468.009953][T24660] netlink: 28 bytes leftover after parsing attributes in process `syz.6.8403'. [ 468.016550][T24660] netlink: 28 bytes leftover after parsing attributes in process `syz.6.8403'. [ 468.020346][T24660] netlink: 28 bytes leftover after parsing attributes in process `syz.6.8403'. [ 468.113657][ T6035] usb 9-1: Using ep0 maxpacket: 8 [ 468.127033][ T6035] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 468.131804][ T6035] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.147398][ T6035] pvrusb2: Hardware description: Terratec Grabster AV400 [ 468.156493][ T6035] pvrusb2: ********** [ 468.158303][ T6035] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 468.163709][ T6035] pvrusb2: Important functionality might not be entirely working. [ 468.167939][ T6035] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 468.173068][ T6035] pvrusb2: ********** [ 468.354193][ T2483] pvrusb2: Invalid write control endpoint [ 468.450078][ T2483] pvrusb2: Invalid write control endpoint [ 468.462446][ T2483] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 468.467421][ T2483] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 468.470528][ T2483] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 468.478629][ T2483] pvrusb2: Device being rendered inoperable [ 468.485905][ T2483] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 468.490018][ T2483] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 468.499584][ T2483] pvrusb2: Attached sub-driver cx25840 [ 468.503790][ T2483] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 468.508584][ T2483] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 468.551188][ T5987] usb 9-1: USB disconnect, device number 20 [ 469.140346][T24689] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8416'. [ 469.473091][T24711] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8426'. [ 469.494703][T24711] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8426'. [ 469.962518][ C1] net_ratelimit: 45961 callbacks suppressed [ 469.962544][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 469.971096][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 469.976720][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 469.983591][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 469.988987][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 469.995024][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 470.000835][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 470.006440][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 470.012742][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 470.018180][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 471.063074][ C3] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 472.141577][T24814] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8468'. [ 472.156067][T24814] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8468'. [ 472.161383][T24814] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8468'. [ 472.399746][T24822] loop7: detected capacity change from 0 to 7 [ 472.427974][ C0] blk_print_req_error: 25 callbacks suppressed [ 472.427998][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 472.436507][ C0] buffer_io_error: 25 callbacks suppressed [ 472.436524][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 472.449085][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 472.453367][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 472.459818][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 472.464118][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 472.469819][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 472.474499][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 472.480576][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 472.485400][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 472.493825][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 472.496807][T24827] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8474'. [ 472.499718][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 472.509685][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 472.528855][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 472.532875][T24822] ldm_validate_partition_table(): Disk read failed. [ 472.537082][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 472.541566][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 472.549116][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 472.553068][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 472.556998][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 472.562238][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 472.584654][T24822] Dev loop7: unable to read RDB block 0 [ 472.592089][T24822] loop7: unable to read partition table [ 472.596094][T24822] loop7: partition table beyond EOD, truncated [ 472.599076][T24822] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 472.634937][T24824] ldm_validate_partition_table(): Disk read failed. [ 472.638952][T24824] Dev loop7: unable to read RDB block 0 [ 472.645742][T24824] loop7: unable to read partition table [ 472.649335][T24824] loop7: partition table beyond EOD, truncated [ 472.766536][T24843] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 472.770099][T24843] IPv6: NLM_F_CREATE should be set when creating new route [ 472.774311][T24843] IPv6: NLM_F_CREATE should be set when creating new route [ 472.810484][T24843] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 472.913836][T24849] netlink: 276 bytes leftover after parsing attributes in process `syz.3.8483'. [ 472.925390][T24853] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8486'. [ 472.945109][T24856] netlink: 276 bytes leftover after parsing attributes in process `syz.3.8483'. [ 473.614662][ T34] kernel read not supported for file /dsp1 (pid: 34 comm: kworker/3:0) [ 473.763696][T24895] IPv6: NLM_F_CREATE should be specified when creating new route [ 474.206084][T24919] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8517'. [ 474.972434][ C1] net_ratelimit: 50006 callbacks suppressed [ 474.972451][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 474.981750][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 474.987369][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 474.994177][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.000484][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.007327][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.013136][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.020341][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.026196][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.032631][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.384519][ T5951] Bluetooth: hci1: command 0x0406 tx timeout [ 475.744764][T25001] bridge0: port 3(syz_tun) entered blocking state [ 475.749565][T25001] bridge0: port 3(syz_tun) entered disabled state [ 475.752151][T25001] syz_tun: entered allmulticast mode [ 475.756818][T25001] syz_tun: entered promiscuous mode [ 475.761730][T25001] bridge0: port 3(syz_tun) entered blocking state [ 475.764830][T25001] bridge0: port 3(syz_tun) entered forwarding state [ 476.112330][T25017] overlayfs: failed to clone upperpath [ 476.903330][ T40] audit: type=1326 audit(2000000342.230:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25047 comm="syz.0.8571" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 476.935502][ T40] audit: type=1326 audit(2000000342.230:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25047 comm="syz.0.8571" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 476.949295][ T40] audit: type=1326 audit(2000000342.230:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25047 comm="syz.0.8571" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 476.958078][ T40] audit: type=1326 audit(2000000342.230:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25047 comm="syz.0.8571" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 476.994413][ T40] audit: type=1326 audit(2000000342.230:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25047 comm="syz.0.8571" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 477.014773][ T40] audit: type=1326 audit(2000000342.230:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25047 comm="syz.0.8571" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 477.033786][ T40] audit: type=1326 audit(2000000342.230:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25047 comm="syz.0.8571" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 477.052582][ T40] audit: type=1326 audit(2000000342.230:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25047 comm="syz.0.8571" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 477.067752][ T40] audit: type=1326 audit(2000000342.230:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25047 comm="syz.0.8571" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 477.081983][ T40] audit: type=1326 audit(2000000342.230:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25047 comm="syz.0.8571" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 477.115958][T25053] gfs2: path_lookup on  returned error -2 [ 477.672723][ T5987] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 477.822519][ T5987] usb 5-1: Using ep0 maxpacket: 16 [ 477.830032][ T5987] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 477.834810][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.838617][ T5987] usb 5-1: Product: syz [ 477.840766][ T5987] usb 5-1: Manufacturer: syz [ 477.843782][ T5987] usb 5-1: SerialNumber: syz [ 478.065044][ T5987] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 478.075021][ T5987] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 478.079430][ T5987] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 478.085068][ T5987] usb 5-1: media controller created [ 478.098978][ T5987] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 478.232568][T25089] netlink: 1008 bytes leftover after parsing attributes in process `syz.4.8590'. [ 478.342927][ T5987] zl10353_read_register: readreg error (reg=127, ret==-110) [ 478.388049][ T5987] dvb_usb_gl861 5-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 478.396083][ T5987] usb 5-1: USB disconnect, device number 31 [ 478.940370][T25115] netlink: 200 bytes leftover after parsing attributes in process `syz.3.8601'. [ 479.982445][ C1] net_ratelimit: 48819 callbacks suppressed [ 479.982468][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 479.991027][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 479.996185][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.002294][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.008304][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.013470][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.019288][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.024856][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.031136][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.036507][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.716520][T25167] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.744557][T25172] sp0: Synchronizing with TNC [ 482.152443][ C1] sched: DL replenish lagged too much [ 482.742780][T22247] Bluetooth: hci4: command 0x1003 tx timeout [ 482.743644][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 482.999106][T25246] netlink: 28 bytes leftover after parsing attributes in process `syz.6.8659'. [ 483.156047][ T1151] tipc: Subscription rejected, illegal request [ 484.154096][T25290] block nbd1: Unsupported socket: should be TCP or UNIX. [ 484.342971][T25298] netlink: 20 bytes leftover after parsing attributes in process `syz.6.8685'. [ 484.346838][T25298] netlink: 20 bytes leftover after parsing attributes in process `syz.6.8685'. [ 484.992542][ C1] net_ratelimit: 53797 callbacks suppressed [ 484.992567][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.000347][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.006052][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.011733][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.017068][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.023244][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.028404][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.033858][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.039812][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.043981][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.063114][ T6035] usb 11-1: new high-speed USB device number 17 using dummy_hcd [ 485.198048][T25349] netlink: 'syz.4.8710': attribute type 39 has an invalid length. [ 485.222812][ T6035] usb 11-1: Using ep0 maxpacket: 8 [ 485.227063][ T6035] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 485.232108][ T6035] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 485.239230][ T6035] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 485.244524][ T6035] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 485.250639][ T6035] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 485.255973][ T6035] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.498163][ T6035] usb 11-1: GET_CAPABILITIES returned 0 [ 485.500449][ T6035] usbtmc 11-1:16.0: can't read capabilities [ 485.707740][ T6035] usb 11-1: USB disconnect, device number 17 [ 486.119017][ T79] Bluetooth: hci4: Frame reassembly failed (-84) [ 486.150557][T25374] input: syz1 as /devices/virtual/input/input44 [ 486.286235][T25378] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8724'. [ 486.536473][T25390] Bluetooth: hci1: too big key_count value 37575 [ 487.330650][T25422] loop9: detected capacity change from 0 to 8 [ 487.335465][T24434] Dev loop9: unable to read RDB block 8 [ 487.337982][T24434] loop9: unable to read partition table [ 487.341250][T24434] loop9: partition table beyond EOD, truncated [ 487.375023][T25422] Dev loop9: unable to read RDB block 8 [ 487.377826][T25422] loop9: unable to read partition table [ 487.380914][T25422] loop9: partition table beyond EOD, truncated [ 487.388180][T25422] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 487.468930][T25427] kvm_intel: kvm [25426]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x3 [ 488.182854][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 488.185439][T22247] Bluetooth: hci4: command 0x1003 tx timeout [ 488.760117][T25484] Attempt to restore checkpoint with obsolete wellknown handles [ 488.802969][ T34] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 488.839473][ T40] kauditd_printk_skb: 74 callbacks suppressed [ 488.839559][ T40] audit: type=1804 audit(2000000354.160:732): pid=25488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.8776" name="/newroot/1222/file0/file0" dev="9p" ino=79432137 res=1 errno=0 [ 488.965015][ T34] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD4, changing to 0x84 [ 488.970255][ T34] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 51544, setting to 1024 [ 488.978444][ T34] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1024 [ 488.987190][ T34] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 488.991690][ T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.997258][ T34] usb 9-1: Product: syz [ 488.999238][ T34] usb 9-1: Manufacturer: syz [ 489.001505][ T34] usb 9-1: SerialNumber: syz [ 489.013687][ T34] usb 9-1: config 0 descriptor?? [ 489.017405][T25478] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 489.238582][T25478] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 489.458535][ T828] usb 9-1: USB disconnect, device number 21 [ 489.780099][T25520] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8785'. [ 489.784748][T25520] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8785'. [ 489.790419][T25520] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8785'. [ 489.796482][T25520] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8785'. [ 490.002518][ C1] net_ratelimit: 51032 callbacks suppressed [ 490.002543][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 490.011674][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 490.018052][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 490.025771][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 490.030778][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 490.044203][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 490.050660][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 490.056675][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 490.064283][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 490.069452][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 490.300807][T25554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8801'. [ 490.385124][T25560] netlink: 'syz.0.8804': attribute type 8 has an invalid length. [ 490.876755][ T161] Bluetooth: hci4: Frame reassembly failed (-84) [ 491.085639][T25589] batadv0: entered promiscuous mode [ 491.091046][T25589] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 491.095398][T25589] team0: Device macvlan3 is up. Set it down before adding it as a team port [ 491.100661][T25589] batadv0: left promiscuous mode [ 491.129160][ T40] audit: type=1326 audit(2000000356.450:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25590 comm="syz.0.8818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 491.150690][ T40] audit: type=1326 audit(2000000356.450:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25590 comm="syz.0.8818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 491.172537][ T40] audit: type=1326 audit(2000000356.450:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25590 comm="syz.0.8818" exe="/syz-executor" sig=0 arch=40000003 syscall=14 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 491.183797][ T40] audit: type=1326 audit(2000000356.450:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25590 comm="syz.0.8818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 491.194461][ T40] audit: type=1326 audit(2000000356.450:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25590 comm="syz.0.8818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 491.212809][ T40] audit: type=1326 audit(2000000356.450:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25590 comm="syz.0.8818" exe="/syz-executor" sig=0 arch=40000003 syscall=271 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 491.226566][ T40] audit: type=1326 audit(2000000356.450:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25590 comm="syz.0.8818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 491.496801][T25605] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8825'. [ 492.313737][ T40] audit: type=1800 audit(2000000357.640:740): pid=25651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.8845" name="file0" dev="9p" ino=79432137 res=0 errno=0 [ 492.902652][T22247] Bluetooth: hci4: command 0x1003 tx timeout [ 492.909349][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 493.033958][T25682] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.8859'. [ 493.416318][T25705] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8871'. [ 493.484483][T25713] usb usb9: usbfs: process 25713 (syz.6.8874) did not claim interface 37 before use [ 493.803986][T25733] geneve2: entered allmulticast mode [ 495.012434][ C1] net_ratelimit: 54392 callbacks suppressed [ 495.012458][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 495.020608][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 495.025833][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 495.030288][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 495.036116][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 495.040635][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 495.046231][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 495.051221][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 495.056417][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 495.061647][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 495.707550][T25825] bridge0: port 3(veth0_to_bridge) entered disabled state [ 495.711597][T25825] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.716783][T25825] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.731305][T25825] bridge0: entered promiscuous mode [ 495.734691][T25825] bridge0: entered allmulticast mode [ 496.180276][T25850] kvm: kvm [25849]: vcpu128, guest rIP: 0xfff0 Unhandled RDMSR(0x40000076) [ 496.399858][T25857] bridge0: entered allmulticast mode [ 496.566375][ T1021] kernel read not supported for file /dsp (pid: 1021 comm: kworker/0:2) [ 496.893507][T25884] binder: Binderfs stats mode cannot be changed during a remount [ 496.951405][T25886] can0: slcan on ttyS3. [ 497.009081][T25889] bridge0: port 3(syz_tun) entered disabled state [ 497.012514][T25889] bridge0: port 2(bridge_slave_1) entered disabled state [ 497.016880][T25889] bridge0: port 1(bridge_slave_0) entered disabled state [ 497.023007][T25889] bridge0: entered allmulticast mode [ 497.053142][T25886] can0 (unregistered): slcan off ttyS3. [ 497.890282][T25938] netlink: 200 bytes leftover after parsing attributes in process `syz.0.8965'. [ 498.676006][T25966] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 499.118628][ T34] kernel write not supported for file /uinput (pid: 34 comm: kworker/3:0) [ 500.676861][T26066] overlayfs: invalid origin (0000) [ 502.032527][T26132] netlink: 60 bytes leftover after parsing attributes in process `syz.6.9051'. [ 502.042902][T26132] netlink: 60 bytes leftover after parsing attributes in process `syz.6.9051'. [ 502.062297][T26132] netlink: 60 bytes leftover after parsing attributes in process `syz.6.9051'. [ 502.539026][ T42] tipc: Subscription rejected, illegal request [ 502.761275][T26150] netlink: 'syz.6.9068': attribute type 30 has an invalid length. [ 502.869018][T26156] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9060'. [ 503.000594][T26165] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 503.005096][T26165] batadv_slave_0: entered promiscuous mode [ 503.163806][T26178] vivid-001: disconnect [ 503.172702][T26177] vivid-001: reconnect [ 503.190064][T26180] input: syz0 as /devices/virtual/input/input45 [ 503.302256][T26185] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9076'. [ 503.306900][T26185] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9076'. [ 503.315914][T26186] block nbd1: Unsupported socket: should be TCP or UNIX. [ 503.444926][T26196] vlan1: entered allmulticast mode [ 503.447453][T26196] veth0_to_bond: entered allmulticast mode [ 504.090835][ T40] audit: type=1804 audit(2000000369.410:741): pid=26243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.9105" name="/newroot/2053/file0/file0" dev="9p" ino=79432137 res=1 errno=0 [ 504.407851][ T828] kernel write not supported for file /input/mouse0 (pid: 828 comm: kworker/2:2) [ 504.511601][ T40] audit: type=1804 audit(2000000369.830:742): pid=26270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.9117" name="/newroot/2350/file0/file0" dev="9p" ino=79432137 res=1 errno=0 [ 504.774828][T26274] netlink: 60 bytes leftover after parsing attributes in process `syz.4.9121'. [ 504.848168][T26284] netlink: 62967 bytes leftover after parsing attributes in process `syz.4.9123'. [ 504.921982][T26287] netlink: 16 bytes leftover after parsing attributes in process `syz.6.9125'. [ 504.930557][T26287] netlink: 12 bytes leftover after parsing attributes in process `syz.6.9125'. [ 504.935203][T26287] netlink: 12 bytes leftover after parsing attributes in process `syz.6.9125'. [ 505.001382][T26296] input: syz1 as /devices/virtual/input/input46 [ 505.152586][T26307] netlink: 'syz.4.9135': attribute type 8 has an invalid length. [ 505.156699][ T40] audit: type=1326 audit(2000000370.480:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26301 comm="syz.6.9134" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f24f88 code=0x7ffc0000 [ 505.182498][ T40] audit: type=1326 audit(2000000370.490:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26301 comm="syz.6.9134" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f24f88 code=0x7ffc0000 [ 505.192885][ T40] audit: type=1326 audit(2000000370.490:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26301 comm="syz.6.9134" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f24f88 code=0x7ffc0000 [ 505.205961][ T40] audit: type=1326 audit(2000000370.490:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26301 comm="syz.6.9134" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f24f88 code=0x7ffc0000 [ 505.216265][ T40] audit: type=1326 audit(2000000370.490:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26301 comm="syz.6.9134" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 505.226785][ T40] audit: type=1326 audit(2000000370.490:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26301 comm="syz.6.9134" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f24f88 code=0x7ffc0000 [ 505.238386][ T40] audit: type=1326 audit(2000000370.490:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26301 comm="syz.6.9134" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 505.250368][ T40] audit: type=1326 audit(2000000370.490:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26301 comm="syz.6.9134" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 505.334051][T26313] mkiss: ax0: crc mode is auto. [ 505.859660][T26348] Bluetooth: hci1: too big key_count value 37575 [ 505.934816][ T828] kernel write not supported for file /uinput (pid: 828 comm: kworker/2:2) [ 506.163225][ T29] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 506.334943][ T29] usb 5-1: config index 0 descriptor too short (expected 65472, got 45) [ 506.342837][ T29] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 506.347035][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.350364][ T29] usb 5-1: Product: syz [ 506.352240][ T29] usb 5-1: Manufacturer: syz [ 506.354899][ T29] usb 5-1: SerialNumber: syz [ 506.567217][ T29] net_ratelimit: 7488 callbacks suppressed [ 506.567337][ T29] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 506.575786][ T29] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 506.580750][ T29] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 506.593050][ T29] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 506.606394][ T29] usb 5-1: USB disconnect, device number 32 [ 506.910118][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 508.660412][T26436] 9p: Invalid uid '0x00000000ffffffff' [ 509.093084][ T828] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 509.198877][ T6035] kernel read not supported for file /dsp (pid: 6035 comm: kworker/2:3) [ 509.272821][ T828] usb 5-1: Using ep0 maxpacket: 8 [ 509.282899][ T828] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 509.287447][ T828] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 509.292333][ T828] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 509.297376][ T828] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 509.302998][ T828] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 509.308559][ T828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.523403][ T6035] e1000 0000:00:06.0 eth0: Reset adapter [ 509.526200][ T828] usb 5-1: GET_CAPABILITIES returned 0 [ 509.528864][ T828] usbtmc 5-1:16.0: can't read capabilities [ 509.664631][ T6035] e1000 0000:00:06.0 eth0: Reset adapter [ 509.745977][ T29] usb 5-1: USB disconnect, device number 33 [ 511.873744][ T6035] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 519.797192][T26529] loop8: detected capacity change from 0 to 524287999 [ 519.825477][T26525] buffer_io_error: 25 callbacks suppressed [ 519.825496][T26525] Buffer I/O error on dev loop8, logical block 65535998, async page read [ 520.518347][T26578] 8021q: VLANs not supported on gre0 [ 521.769990][ T40] kauditd_printk_skb: 72 callbacks suppressed [ 521.770007][ T40] audit: type=1326 audit(2000000387.090:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26652 comm="syz.4.9280" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f24f6c code=0x0 [ 522.247059][T26664] netlink: 211856 bytes leftover after parsing attributes in process `syz.3.9285'. [ 522.652610][ T828] usb 11-1: new full-speed USB device number 18 using dummy_hcd [ 522.659463][T26679] netlink: 68 bytes leftover after parsing attributes in process `syz.4.9292'. [ 522.828180][ T828] usb 11-1: unable to get BOS descriptor or descriptor too short [ 522.833647][ T828] usb 11-1: not running at top speed; connect to a high speed hub [ 522.841463][ T828] usb 11-1: New USB device found, idVendor=0582, idProduct=000c, bcdDevice= 0.40 [ 522.846327][ T828] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.849607][ T828] usb 11-1: Product: syz [ 522.851333][ T828] usb 11-1: Manufacturer: syz [ 522.853668][ T828] usb 11-1: SerialNumber: syz [ 523.042652][ T6035] kernel read not supported for file /dsp1 (pid: 6035 comm: kworker/2:3) [ 523.083254][ T828] usb 11-1: 1:1 : no cluster descriptor [ 523.085422][ T828] usb 11-1: Quirk or no altset; falling back to MIDI 1.0 [ 523.089168][ T828] snd-usb-audio 11-1:1.0: probe with driver snd-usb-audio failed with error -2 [ 523.106518][ T828] usb 11-1: 1:1 : no cluster descriptor [ 523.108772][ T828] usb 11-1: Quirk or no altset; falling back to MIDI 1.0 [ 523.111733][ T828] snd-usb-audio 11-1:1.1: probe with driver snd-usb-audio failed with error -2 [ 523.119009][ T828] usb 11-1: 1:1 : no cluster descriptor [ 523.121541][ T828] usb 11-1: Quirk or no altset; falling back to MIDI 1.0 [ 523.145440][ T828] snd-usb-audio 11-1:1.2: probe with driver snd-usb-audio failed with error -2 [ 523.154962][ T828] usb 11-1: USB disconnect, device number 18 [ 523.181480][T26525] udevd[26525]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb11/11-1/11-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 523.644219][T26707] netlink: 27 bytes leftover after parsing attributes in process `syz.3.9304'. [ 525.382143][T26773] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9335'. [ 525.388181][T26773] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9335'. [ 525.393419][T26773] netlink: 'syz.4.9335': attribute type 20 has an invalid length. [ 526.543014][ T40] audit: type=1800 audit(2000000391.870:824): pid=26809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.9350" name="file0" dev="9p" ino=79432137 res=0 errno=0 [ 527.090106][T26833] netlink: 212340 bytes leftover after parsing attributes in process `syz.6.9362'. [ 527.091865][T26834] overlayfs: upper fs does not support file handles, falling back to index=off. [ 527.094835][T26833] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 527.098834][T26834] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 527.165445][T26838] netlink: 'syz.4.9364': attribute type 7 has an invalid length. [ 527.613608][ T828] kernel write not supported for file /snd/seq (pid: 828 comm: kworker/2:2) [ 528.204138][ T1021] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 528.363468][ T1021] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 528.367045][ T1021] usb 5-1: config 0 has no interfaces? [ 528.372130][ T1021] usb 5-1: config 0 has no interfaces? [ 528.375323][ T1021] usb 5-1: config 0 has no interfaces? [ 528.378718][ T1021] usb 5-1: config 0 has no interfaces? [ 528.382697][ T1021] usb 5-1: config 0 has no interfaces? [ 528.387075][ T1021] usb 5-1: config 0 has no interfaces? [ 528.391332][ T1021] usb 5-1: config 0 has no interfaces? [ 528.397639][ T1021] usb 5-1: config 0 has no interfaces? [ 528.404541][ T1021] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 528.408825][ T1021] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 528.413124][ T1021] usb 5-1: Product: syz [ 528.415239][ T1021] usb 5-1: Manufacturer: syz [ 528.417534][ T1021] usb 5-1: SerialNumber: syz [ 528.422139][ T1021] usb 5-1: config 0 descriptor?? [ 528.634192][ T1021] usb 5-1: USB disconnect, device number 34 [ 529.612616][ T5995] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 529.777313][ T5995] usb 9-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 529.782125][ T5995] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.786122][ T5995] usb 9-1: Product: syz [ 529.787949][ T5995] usb 9-1: Manufacturer: syz [ 529.790337][ T5995] usb 9-1: SerialNumber: syz [ 530.040502][ T5995] rtl8150 9-1:1.0: couldn't reset the device [ 530.045713][ T5995] rtl8150 9-1:1.0: probe with driver rtl8150 failed with error -5 [ 530.053446][ T5995] usb 9-1: USB disconnect, device number 22 [ 530.837802][T26968] netlink: 'syz.0.9410': attribute type 1 has an invalid length. [ 531.162507][ T40] audit: type=1326 audit(2000000396.480:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26987 comm="syz.6.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f24f88 code=0x7ffc0000 [ 531.181569][ T40] audit: type=1326 audit(2000000396.480:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26987 comm="syz.6.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f24f88 code=0x7ffc0000 [ 531.193469][ T40] audit: type=1326 audit(2000000396.480:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26987 comm="syz.6.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 531.203231][ T40] audit: type=1326 audit(2000000396.480:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26987 comm="syz.6.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 531.213055][ T40] audit: type=1326 audit(2000000396.480:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26987 comm="syz.6.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f24f88 code=0x7ffc0000 [ 531.221590][ T40] audit: type=1326 audit(2000000396.490:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26987 comm="syz.6.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f24f88 code=0x7ffc0000 [ 531.231360][ T40] audit: type=1326 audit(2000000396.490:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26987 comm="syz.6.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f24f88 code=0x7ffc0000 [ 531.239461][ T40] audit: type=1326 audit(2000000396.490:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26987 comm="syz.6.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 531.247922][ T40] audit: type=1326 audit(2000000396.490:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26987 comm="syz.6.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 531.256172][ T40] audit: type=1326 audit(2000000396.490:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26987 comm="syz.6.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 531.493270][T27015] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.9432'. [ 532.612203][T27070] loop5: detected capacity change from 0 to 7 [ 532.664250][ T5344] blk_print_req_error: 25 callbacks suppressed [ 532.664266][ T5344] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 532.670312][ T5344] Buffer I/O error on dev loop5, logical block 0, async page read [ 532.675041][T27070] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 532.684473][T27070] Buffer I/O error on dev loop5, logical block 0, async page read [ 532.687462][T27070] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 532.691855][T27070] Buffer I/O error on dev loop5, logical block 0, async page read [ 532.702621][T27070] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 532.707517][T27070] Buffer I/O error on dev loop5, logical block 0, async page read [ 532.711182][T27070] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 532.716241][T27070] Buffer I/O error on dev loop5, logical block 0, async page read [ 532.720695][T27070] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 532.725148][T27070] Buffer I/O error on dev loop5, logical block 0, async page read [ 532.728458][T27070] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 532.732624][T27070] Buffer I/O error on dev loop5, logical block 0, async page read [ 532.736815][T27070] ldm_validate_partition_table(): Disk read failed. [ 532.739914][T27070] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 532.745313][T27070] Buffer I/O error on dev loop5, logical block 0, async page read [ 532.749171][T27070] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 532.753675][T27070] Buffer I/O error on dev loop5, logical block 0, async page read [ 532.757260][T27070] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 532.761993][T27070] Buffer I/O error on dev loop5, logical block 0, async page read [ 532.767219][T27070] Dev loop5: unable to read RDB block 0 [ 532.769947][T27070] loop5: unable to read partition table [ 532.773559][T27070] loop5: partition table beyond EOD, truncated [ 532.776342][T27070] loop_reread_partitions: partition scan of loop5 (Wý* %4FLQk݊5) failed (rc=-5) [ 532.790946][T22897] hid-generic 0000:0000:0002.0008: unknown main item tag 0x0 [ 532.801454][T22897] hid-generic 0000:0000:0002.0008: unknown main item tag 0x0 [ 532.808701][T22897] hid-generic 0000:0000:0002.0008: hidraw1: HID v0.00 Device [syz1] on syz0 [ 532.884113][T27079] fido_id[27079]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 532.908544][T27083] netlink: 'syz.3.9462': attribute type 4 has an invalid length. [ 534.002618][ T5995] usb 11-1: new high-speed USB device number 19 using dummy_hcd [ 534.060830][T27148] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.9490'. [ 534.152659][ T5995] usb 11-1: Using ep0 maxpacket: 32 [ 534.156572][ T5995] usb 11-1: config 0 has an invalid interface number: 119 but max is 0 [ 534.159999][ T5995] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 534.164461][ T5995] usb 11-1: config 0 has no interface number 0 [ 534.166892][ T5995] usb 11-1: config 0 interface 119 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 534.174002][ T5995] usb 11-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 534.176988][ T5995] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.179804][ T5995] usb 11-1: Product: syz [ 534.182182][ T5995] usb 11-1: Manufacturer: syz [ 534.184508][ T5995] usb 11-1: SerialNumber: syz [ 534.188194][ T5995] usb 11-1: config 0 descriptor?? [ 534.200106][ T5995] input: bcm5974 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.119/input/input49 [ 534.419964][ T1021] usb 11-1: USB disconnect, device number 19 [ 534.704830][T27191] input: syz1 as /devices/virtual/input/input50 [ 535.165966][T27221] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9522'. [ 535.174250][T27221] veth0_macvtap: left promiscuous mode [ 535.419450][ T828] kernel write not supported for file /input/mouse0 (pid: 828 comm: kworker/2:2) [ 535.484333][T27255] Invalid ELF header magic: != ELF [ 535.572063][T27270] netlink: 3 bytes leftover after parsing attributes in process `syz.4.9546'. [ 535.576178][T27270] netlink: 3 bytes leftover after parsing attributes in process `syz.4.9546'. [ 535.582126][T27272] netlink: 'syz.0.9545': attribute type 4 has an invalid length. [ 536.598931][T27332] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 536.670250][T27338] vlan3: entered allmulticast mode [ 536.672080][T27338] veth0_to_bond: entered allmulticast mode [ 537.166644][T27376] input: syz0 as /devices/virtual/input/input51 [ 537.183900][T26525] udevd[26525]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 537.332694][T27386] usb usb9: usbfs: process 27386 (syz.0.9598) did not claim interface 37 before use [ 537.825037][T27402] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 537.916176][T27408] mkiss: ax0: crc mode is auto. [ 538.136424][T27414] usb usb9: usbfs: process 27414 (syz.3.9610) did not claim interface 37 before use [ 538.405773][T27443] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9626'. [ 538.613991][T27467] input: syz1 as /devices/virtual/input/input52 [ 539.297005][T27493] batadv0: entered promiscuous mode [ 539.299917][T27493] debugfs: 'hsr1' already exists in 'hsr' [ 539.302180][T27493] Cannot create hsr debugfs directory [ 539.304362][T27493] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 539.308876][T27493] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 539.326042][T27493] batadv0: left promiscuous mode [ 539.488875][ T828] hid-generic 0000:0000:0002.0009: unknown main item tag 0x0 [ 539.491918][ T828] hid-generic 0000:0000:0002.0009: unknown main item tag 0x0 [ 539.496753][ T828] hid-generic 0000:0000:0002.0009: hidraw1: HID v0.00 Device [syz1] on syz0 [ 539.586781][T27513] fido_id[27513]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 539.771012][T27536] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 539.775802][T27536] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 540.364695][ T6009] hid-generic 0000:0000:0002.000A: unknown main item tag 0x0 [ 540.368234][ T6009] hid-generic 0000:0000:0002.000A: unknown main item tag 0x0 [ 540.379186][ T6009] hid-generic 0000:0000:0002.000A: hidraw1: HID v0.00 Device [syz1] on syz0 [ 540.425186][T27568] netlink: 3 bytes leftover after parsing attributes in process `syz.3.9677'. [ 540.428633][T27568] netlink: 3 bytes leftover after parsing attributes in process `syz.3.9677'. [ 540.456235][T27564] fido_id[27564]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 540.982966][ T828] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 541.142801][ T828] usb 9-1: Using ep0 maxpacket: 32 [ 541.154886][ T828] usb 9-1: config 0 has an invalid interface number: 119 but max is 0 [ 541.158451][ T828] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 541.172534][ T828] usb 9-1: config 0 has no interface number 0 [ 541.175472][ T828] usb 9-1: config 0 interface 119 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 541.205593][ T828] usb 9-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 541.209386][ T828] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.214258][ T828] usb 9-1: Product: syz [ 541.216683][ T828] usb 9-1: Manufacturer: syz [ 541.219084][ T828] usb 9-1: SerialNumber: syz [ 541.236858][ T828] usb 9-1: config 0 descriptor?? [ 541.244665][ T828] input: bcm5974 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.119/input/input53 [ 541.378759][T27596] netlink: 3 bytes leftover after parsing attributes in process `syz.0.9691'. [ 541.382892][T27596] netlink: 3 bytes leftover after parsing attributes in process `syz.0.9691'. [ 541.453587][ T6009] usb 9-1: USB disconnect, device number 23 [ 541.523909][T27605] 8021q: VLANs not supported on gre0 [ 542.094214][T27650] loop8: detected capacity change from 0 to 524287999 [ 542.116194][T26525] buffer_io_error: 5 callbacks suppressed [ 542.116217][T26525] Buffer I/O error on dev loop8, logical block 65535998, async page read [ 542.290578][ T40] kauditd_printk_skb: 95 callbacks suppressed [ 542.290599][ T40] audit: type=1326 audit(2000000419.612:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27661 comm="syz.6.9722" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f24f6c code=0x0 [ 542.309565][T27656] geneve0: entered allmulticast mode [ 543.219811][T27703] netlink: 27 bytes leftover after parsing attributes in process `syz.4.9745'. [ 543.251808][T27707] sctp: [Deprecated]: syz.6.9740 (pid 27707) Use of struct sctp_assoc_value in delayed_ack socket option. [ 543.251808][T27707] Use struct sctp_sack_info instead [ 543.414063][ T6009] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 543.486433][ T6009] hid-generic 0000:0000:0000.000B: hidraw1: HID v0.00 Device [syz1] on syz0 [ 543.532089][T27737] fido_id[27737]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 543.715068][T27752] loop4: detected capacity change from 0 to 524287936 [ 545.917934][ T40] audit: type=1800 audit(2000000423.242:931): pid=27832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.9799" name="SYSV00000000" dev="hugetlbfs" ino=5 res=0 errno=0 [ 546.286471][T27854] genirq: Flags mismatch irq 4. 00200000 (aio_iiro_16) vs. 00200080 (ttyS0) [ 547.030352][T27864] Bluetooth: hci1: expected 13058 bytes, got 2 bytes [ 547.591886][T27898] netlink: 212340 bytes leftover after parsing attributes in process `syz.0.9826'. [ 547.596768][T27898] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 547.647401][T27901] overlayfs: upper fs does not support file handles, falling back to index=off. [ 547.650911][T27901] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 547.695138][T27904] IPv6: NLM_F_REPLACE set, but no existing node found! [ 548.516154][T27928] binder: 27927:27928 ioctl c0306201 80000480 returned -22 [ 548.679394][T27933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9843'. [ 548.683317][T27933] netlink: 'syz.3.9843': attribute type 30 has an invalid length. [ 548.730338][T27934] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9843'. [ 548.733501][T27934] netlink: 'syz.3.9843': attribute type 30 has an invalid length. [ 549.024609][T27944] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9848'. [ 549.322821][T27954] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9852'. [ 549.913793][T27996] input: syz1 as /devices/virtual/input/input54 [ 549.917814][T27996] input: failed to attach handler leds to device input54, error: -6 [ 550.048502][ T40] audit: type=1326 audit(2000000427.372:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28008 comm="syz.3.9877" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 550.056317][ T40] audit: type=1326 audit(2000000427.372:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28008 comm="syz.3.9877" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 550.064956][ T40] audit: type=1326 audit(2000000427.372:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28008 comm="syz.3.9877" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 550.071834][ T40] audit: type=1326 audit(2000000427.372:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28008 comm="syz.3.9877" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 550.079635][ T40] audit: type=1326 audit(2000000427.372:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28008 comm="syz.3.9877" exe="/syz-executor" sig=0 arch=40000003 syscall=373 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 550.090892][ T40] audit: type=1326 audit(2000000427.372:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28008 comm="syz.3.9877" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 550.099058][ T40] audit: type=1326 audit(2000000427.372:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28008 comm="syz.3.9877" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 550.106667][ T40] audit: type=1326 audit(2000000427.372:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28008 comm="syz.3.9877" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 550.115055][ T40] audit: type=1326 audit(2000000427.372:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28008 comm="syz.3.9877" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 550.388683][ T40] audit: type=1804 audit(2000000427.712:941): pid=28020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.9883" name="/newroot/2525/file0/file0" dev="9p" ino=79432137 res=1 errno=0 [ 551.153452][T28035] block nbd1: server does not support multiple connections per device. [ 551.157224][T28035] block nbd1: shutting down sockets [ 551.206052][T28044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9893'. [ 551.210214][T28044] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9893'. [ 552.019060][T28067] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9903'. [ 552.272827][ T29] kernel read not supported for file /dsp1 (pid: 29 comm: kworker/1:0) [ 552.450336][T28094] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.9914'. [ 552.503120][T28102] input: syz1 as /devices/virtual/input/input57 [ 553.172612][ T5987] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 553.345564][ T5987] usb 9-1: too many configurations: 9, using maximum allowed: 8 [ 553.348837][T28163] support for the xor transformation has been removed. [ 553.352689][ T5987] usb 9-1: config 0 has no interfaces? [ 553.357299][ T5987] usb 9-1: config 0 has no interfaces? [ 553.360505][ T5987] usb 9-1: config 0 has no interfaces? [ 553.364010][ T5987] usb 9-1: config 0 has no interfaces? [ 553.366856][ T5987] usb 9-1: config 0 has no interfaces? [ 553.369486][ T5987] usb 9-1: config 0 has no interfaces? [ 553.372095][ T5987] usb 9-1: config 0 has no interfaces? [ 553.374947][ T5987] usb 9-1: config 0 has no interfaces? [ 553.378720][ T5987] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 553.381881][ T5987] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 553.385954][ T5987] usb 9-1: Product: syz [ 553.387512][ T5987] usb 9-1: Manufacturer: syz [ 553.389078][ T5987] usb 9-1: SerialNumber: syz [ 553.393634][ T5987] usb 9-1: config 0 descriptor?? [ 553.453498][T28169] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9943'. [ 553.458756][T28169] veth0_vlan: left promiscuous mode [ 553.491059][T28173] netlink: 28 bytes leftover after parsing attributes in process `syz.6.9945'. [ 553.605560][ T5987] usb 9-1: USB disconnect, device number 24 [ 554.717138][T28218] netlink: 'syz.0.9964': attribute type 8 has an invalid length. [ 554.934401][T28235] input: syz0 as /devices/virtual/input/input58 [ 554.986765][T28241] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9971'. [ 555.491280][ T6009] hid-generic 0002:0008:0000.000C: unknown main item tag 0x0 [ 555.497143][ T6009] hid-generic 0002:0008:0000.000C: unknown main item tag 0x0 [ 555.500273][ T6009] hid-generic 0002:0008:0000.000C: unknown main item tag 0x0 [ 555.503511][ T6009] hid-generic 0002:0008:0000.000C: unknown main item tag 0x0 [ 555.506905][ T6009] hid-generic 0002:0008:0000.000C: unknown main item tag 0x0 [ 555.510755][ T6009] hid-generic 0002:0008:0000.000C: unknown main item tag 0x0 [ 555.514273][ T6009] hid-generic 0002:0008:0000.000C: unknown main item tag 0x0 [ 555.517328][ T6009] hid-generic 0002:0008:0000.000C: unknown main item tag 0x0 [ 555.520403][ T6009] hid-generic 0002:0008:0000.000C: unknown main item tag 0x0 [ 555.523897][ T6009] hid-generic 0002:0008:0000.000C: unknown main item tag 0x0 [ 555.531160][ T6009] hid-generic 0002:0008:0000.000C: hidraw1: HID v0.00 Device [syz0] on syz0 [ 555.559211][T28264] fido_id[28264]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 555.616157][T28268] ptrace attach of "/syz-executor exec"[8220] was attempted by ""[28268] [ 556.262700][T14998] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 556.412506][T14998] usb 5-1: Using ep0 maxpacket: 8 [ 556.416997][T14998] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 556.420584][T14998] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 556.427968][T14998] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 556.433089][T14998] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 556.443114][T14998] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 556.448506][T14998] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 556.452093][T14998] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.666162][T28302] sch_tbf: burst 0 is lower than device veth0_to_bridge mtu (1514) ! [ 556.686121][T14998] usb 5-1: GET_CAPABILITIES returned 0 [ 556.687997][T14998] usbtmc 5-1:16.0: can't read capabilities [ 556.889114][T14998] usb 5-1: USB disconnect, device number 35 [ 557.113595][T28329] o2cb: This node has not been configured. [ 557.116307][T28329] o2cb: Cluster check failed. Fix errors before retrying. [ 557.119144][T28329] (syz.4.10013,28329,1):user_dlm_register:674 ERROR: status = -22 [ 557.123814][T28329] (syz.4.10013,28329,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 557.140748][T28331] netlink: 284 bytes leftover after parsing attributes in process `syz.6.10014'. [ 557.181012][T28335] netlink: 'syz.6.10016': attribute type 12 has an invalid length. [ 557.481350][T28360] netlink: 36 bytes leftover after parsing attributes in process `syz.0.10023'. [ 557.484570][T28361] devpts: Bad value for 'max' [ 557.841615][T28393] netlink: 224 bytes leftover after parsing attributes in process `syz.4.10042'. [ 557.845948][T28393] netlink: 220 bytes leftover after parsing attributes in process `syz.4.10042'. [ 558.760227][T28446] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10065'. [ 558.770833][T28441] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 558.779161][T26356] Bluetooth: hci4: Frame reassembly failed (-84) [ 559.010049][T28461] Failed to get privilege flags for destination (handle=0x2:0x0) [ 559.528055][T28488] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10083'. [ 559.532534][T28488] netlink: 32 bytes leftover after parsing attributes in process `syz.3.10083'. [ 559.536582][T28488] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10083'. [ 559.541436][T28488] netlink: 32 bytes leftover after parsing attributes in process `syz.3.10083'. [ 559.758352][ T40] kauditd_printk_skb: 71 callbacks suppressed [ 559.758372][ T40] audit: type=1800 audit(2000000693.085:1013): pid=28499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.10088" name="file1" dev="tmpfs" ino=11637 res=0 errno=0 [ 560.152484][T28519] netlink: 112 bytes leftover after parsing attributes in process `syz.3.10097'. [ 560.164504][ T6009] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 560.312623][ T6009] usb 5-1: Using ep0 maxpacket: 8 [ 560.317147][ T6009] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 560.320994][ T6009] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.337064][ T6009] pvrusb2: Hardware description: Terratec Grabster AV400 [ 560.340000][ T6009] pvrusb2: ********** [ 560.341729][ T6009] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 560.346418][ T6009] pvrusb2: Important functionality might not be entirely working. [ 560.350232][ T6009] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 560.356263][ T6009] pvrusb2: ********** [ 560.540026][ T2483] pvrusb2: Invalid write control endpoint [ 560.584275][ T2483] pvrusb2: Invalid write control endpoint [ 560.586604][ T2483] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 560.589597][ T2483] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 560.591996][ T2483] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 560.595560][ T2483] pvrusb2: Device being rendered inoperable [ 560.598199][ T2483] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 560.601299][ T2483] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 560.606782][ T2483] pvrusb2: Attached sub-driver cx25840 [ 560.608672][ T2483] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 560.611900][ T2483] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 560.718712][T28536] macvlan0: entered promiscuous mode [ 560.726569][T28536] netlink: 'syz.3.10105': attribute type 1 has an invalid length. [ 560.731304][T28536] netlink: 'syz.3.10105': attribute type 2 has an invalid length. [ 560.742699][T28539] netlink: 32 bytes leftover after parsing attributes in process `syz.4.10106'. [ 560.744614][T28511] pvrusb2: Killing an I2C write to 5 that is too large (desired=62 limit=61) [ 560.756375][ T5987] usb 5-1: USB disconnect, device number 36 [ 560.822820][T22247] Bluetooth: hci4: command 0x1003 tx timeout [ 560.822845][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 561.054685][T28561] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.10116'. [ 561.555598][T28590] program syz.6.10129 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 561.834057][T28608] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10136'. [ 561.909951][T28612] kvm: kvm [28611]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0xcd [ 561.942666][ T29] usb 9-1: new high-speed USB device number 25 using dummy_hcd [ 562.102833][ T29] usb 9-1: Using ep0 maxpacket: 32 [ 562.107927][ T29] usb 9-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 562.110925][ T29] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.120539][ T29] usb 9-1: config 0 descriptor?? [ 562.131695][ T29] as10x_usb: device has been detected [ 562.136727][ T29] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 562.143638][ T29] usb 9-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 562.168227][ T29] as10x_usb: error during firmware upload part1 [ 562.170996][ T29] Registered device nBox DVB-T Dongle [ 562.333185][ T29] usb 9-1: USB disconnect, device number 25 [ 562.350799][ T29] Unregistered device nBox DVB-T Dongle [ 562.357555][ T29] as10x_usb: device has been disconnected [ 562.834021][T28673] overlayfs: failed to clone upperpath [ 563.807766][T28735] bond0: entered promiscuous mode [ 563.810032][T28735] bond_slave_0: entered promiscuous mode [ 563.812231][T28735] bond_slave_1: entered promiscuous mode [ 563.816632][T28735] dummy0: entered promiscuous mode [ 563.820512][T28735] batadv0: entered promiscuous mode [ 563.824103][T28735] debugfs: 'hsr1' already exists in 'hsr' [ 563.826797][T28735] Cannot create hsr debugfs directory [ 563.830120][T28735] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 563.838499][T28735] bond0: left promiscuous mode [ 563.840603][T28735] bond_slave_0: left promiscuous mode [ 563.844045][T28735] bond_slave_1: left promiscuous mode [ 563.846237][T28735] dummy0: left promiscuous mode [ 563.849680][T28735] batadv0: left promiscuous mode [ 564.166881][T28765] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10208'. [ 564.181673][T28765] veth0_macvtap: left promiscuous mode [ 564.294180][T28774] sctp: [Deprecated]: syz.0.10212 (pid 28774) Use of struct sctp_assoc_value in delayed_ack socket option. [ 564.294180][T28774] Use struct sctp_sack_info instead [ 564.503960][T28789] binder: Binderfs stats mode cannot be changed during a remount [ 565.000807][T14998] hid_parser_main: 24 callbacks suppressed [ 565.000823][T14998] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 565.074121][T14998] hid-generic 0000:0000:0000.000D: hidraw1: HID v0.00 Device [syz1] on syz0 [ 565.124553][T28823] fido_id[28823]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 565.676721][T28863] sch_tbf: burst 0 is lower than device veth0_to_bridge mtu (1514) ! [ 565.967737][T28881] o2cb: This node has not been configured. [ 565.969904][T28881] o2cb: Cluster check failed. Fix errors before retrying. [ 565.972317][T28881] (syz.6.10259,28881,0):user_dlm_register:674 ERROR: status = -22 [ 565.976332][T28881] (syz.6.10259,28881,0):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 566.040532][T28890] netlink: 36 bytes leftover after parsing attributes in process `syz.4.10260'. [ 566.162753][T28898] netlink: 284 bytes leftover after parsing attributes in process `syz.4.10264'. [ 566.472557][ T6009] usb 9-1: new high-speed USB device number 26 using dummy_hcd [ 566.488548][T28910] devpts: Bad value for 'max' [ 566.531883][T28912] o2cb: This node has not been configured. [ 566.534995][T28912] o2cb: Cluster check failed. Fix errors before retrying. [ 566.537810][T28912] (syz.0.10270,28912,1):user_dlm_register:674 ERROR: status = -22 [ 566.541157][T28912] (syz.0.10270,28912,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 566.642744][ T6009] usb 9-1: Using ep0 maxpacket: 8 [ 566.646154][ T6009] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 566.649319][ T6009] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 566.653030][ T6009] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 566.656765][ T6009] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 566.660380][ T6009] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 566.664984][ T6009] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 566.668551][ T6009] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.884495][ T6009] usb 9-1: GET_CAPABILITIES returned 0 [ 566.886705][ T6009] usbtmc 9-1:16.0: can't read capabilities [ 567.092155][T14998] usb 9-1: USB disconnect, device number 26 [ 567.934652][T28984] Bluetooth: hci1: expected 13058 bytes, got 2 bytes [ 568.301752][T29010] binder: 29008:29010 ioctl c0306201 80000480 returned -22 [ 568.344689][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 569.031462][ T40] audit: type=1800 audit(2000000702.355:1014): pid=29039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.10328" name="file1" dev="tmpfs" ino=8142 res=0 errno=0 [ 569.240486][T29064] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10346'. [ 569.245181][T29064] netlink: 'syz.6.10346': attribute type 30 has an invalid length. [ 569.259284][T29064] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10346'. [ 569.262260][T29064] netlink: 'syz.6.10346': attribute type 30 has an invalid length. [ 569.262524][ T13] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 569.269957][ T13] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 569.277702][ T54] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 569.280570][ T54] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 569.457422][T29079] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.10342'. [ 569.642419][T29096] program syz.4.10351 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 570.263077][T29120] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10361'. [ 571.069659][ T40] audit: type=1326 audit(2000000704.395:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29143 comm="syz.4.10370" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 571.077323][ T40] audit: type=1326 audit(2000000704.395:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29143 comm="syz.4.10370" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 571.084463][ T40] audit: type=1326 audit(2000000704.395:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29143 comm="syz.4.10370" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 571.091856][ T40] audit: type=1326 audit(2000000704.395:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29143 comm="syz.4.10370" exe="/syz-executor" sig=0 arch=40000003 syscall=373 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 571.100011][ T40] audit: type=1326 audit(2000000704.395:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29143 comm="syz.4.10370" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 571.107480][ T40] audit: type=1326 audit(2000000704.395:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29143 comm="syz.4.10370" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 571.114923][ T40] audit: type=1326 audit(2000000704.395:1021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29143 comm="syz.4.10370" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 571.122018][ T40] audit: type=1326 audit(2000000704.395:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29143 comm="syz.4.10370" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 571.130267][ T40] audit: type=1326 audit(2000000704.395:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29143 comm="syz.4.10370" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf7f24f6c code=0x7ffc0000 [ 571.668977][T29177] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10385'. [ 571.725964][T29181] kvm: kvm [29180]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0xcd [ 571.817636][ T1151] Bluetooth: hci4: Frame reassembly failed (-84) [ 571.820089][T29185] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 572.164674][T29195] block nbd1: server does not support multiple connections per device. [ 572.170506][T29195] block nbd1: shutting down sockets [ 572.916880][T29250] support for the xor transformation has been removed. [ 573.862523][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 574.515926][T29299] input: syz1 as /devices/virtual/input/input59 [ 574.811469][T29326] netlink: 'syz.4.10448': attribute type 8 has an invalid length. [ 575.772632][ T6009] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 575.837810][T29349] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10458'. [ 575.932545][ T6009] usb 5-1: Using ep0 maxpacket: 8 [ 575.936999][ T6009] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 575.940071][ T6009] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 575.958269][ T6009] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 575.965045][ T6009] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 575.970296][ T6009] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 575.976601][ T6009] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 575.981888][ T6009] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 575.987916][ T6009] usb 5-1: config 168 interface 0 has no altsetting 0 [ 575.992223][ T6009] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 575.996067][ T6009] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 576.001259][ T6009] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 576.009575][ T6009] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 576.015646][ T6009] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 576.020479][ T6009] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 576.026209][ T6009] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 576.032206][ T6009] usb 5-1: config 168 interface 0 has no altsetting 0 [ 576.037467][ T6009] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 576.041402][ T6009] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 576.052491][ T6009] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 576.057438][ T6009] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 576.062313][ T6009] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 576.067699][ T6009] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 576.071948][ T6009] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 576.077056][ T6009] usb 5-1: config 168 interface 0 has no altsetting 0 [ 576.081619][ T6009] usb 5-1: string descriptor 0 read error: -22 [ 576.084097][ T6009] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 576.087253][ T6009] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.100597][ T6009] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 576.166103][T29365] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10466'. [ 577.914467][T29425] netlink: 16 bytes leftover after parsing attributes in process `syz.4.10494'. [ 578.343143][ T6009] usb 5-1: USB disconnect, device number 37 [ 578.587113][T29484] netlink: 224 bytes leftover after parsing attributes in process `syz.6.10529'. [ 578.591036][T29484] netlink: 220 bytes leftover after parsing attributes in process `syz.6.10529'. [ 579.148236][T29506] tipc: Resetting bearer [ 579.442582][ T5987] usb 11-1: new high-speed USB device number 20 using dummy_hcd [ 579.602463][ T5987] usb 11-1: Using ep0 maxpacket: 32 [ 579.605977][ T5987] usb 11-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 579.609225][ T5987] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.618548][ T5987] usb 11-1: config 0 descriptor?? [ 579.630740][ T5987] as10x_usb: device has been detected [ 579.633249][ T5987] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 579.642058][ T5987] usb 11-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 579.654619][ T5987] as10x_usb: error during firmware upload part1 [ 579.656963][ T5987] Registered device nBox DVB-T Dongle [ 579.829405][ T6009] usb 11-1: USB disconnect, device number 20 [ 579.847829][ T6009] Unregistered device nBox DVB-T Dongle [ 579.848590][ T6009] as10x_usb: device has been disconnected [ 579.995202][T29551] netlink: 'syz.3.10551': attribute type 12 has an invalid length. [ 580.250125][ T40] audit: type=1326 audit(2000000713.575:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29565 comm="syz.0.10565" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 580.257281][ T40] audit: type=1326 audit(2000000713.575:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29565 comm="syz.0.10565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 580.264274][ T40] audit: type=1326 audit(2000000713.575:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29565 comm="syz.0.10565" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 580.270998][ T40] audit: type=1326 audit(2000000713.575:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29565 comm="syz.0.10565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 580.278472][ T40] audit: type=1326 audit(2000000713.575:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29565 comm="syz.0.10565" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 580.291338][ T40] audit: type=1326 audit(2000000713.575:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29565 comm="syz.0.10565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 580.301116][ T40] audit: type=1326 audit(2000000713.575:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29565 comm="syz.0.10565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 580.309992][ T40] audit: type=1326 audit(2000000713.575:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29565 comm="syz.0.10565" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 580.318689][ T40] audit: type=1326 audit(2000000713.575:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29565 comm="syz.0.10565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 580.329893][ T40] audit: type=1326 audit(2000000713.575:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29565 comm="syz.0.10565" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf6feef88 code=0x7ffc0000 [ 580.902832][T22247] Bluetooth: hci3: command 0x0c1a tx timeout [ 581.111289][T29578] ptrace attach of "/syz-executor exec"[5938] was attempted by ""[29578] [ 581.852615][ T5987] usb 9-1: new high-speed USB device number 27 using dummy_hcd [ 582.012588][ T5987] usb 9-1: Using ep0 maxpacket: 16 [ 582.016087][ T5987] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 582.020185][ T5987] usb 9-1: config 0 has no interfaces? [ 582.021993][ T5987] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 582.025271][ T5987] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.029737][ T5987] usb 9-1: config 0 descriptor?? qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xab000) [ 582.085094][ T1112] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 582.087792][ T1112] ata1: failed to read log page 10h (errno=-5) [ 582.090301][ T1112] ata1.00: NCQ disabled due to excessive errors [ 582.093124][ T1112] ata1.00: exception Emask 0x1 SAct 0x4000 SErr 0x0 action 0x0 [ 582.096300][ T1112] ata1.00: irq_stat 0x41000000 [ 582.098222][ T1112] ata1.00: failed command: READ FPDMA QUEUED [ 582.100653][ T1112] ata1.00: cmd 60/58:70:7e:27:01/05:00:00:00:00/40 tag 14 ncq dma 700416 in [ 582.100653][ T1112] res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 582.107842][ T1112] ata1.00: status: { DRDY } [ 582.110038][ T1112] ata1.00: error: { ABRT } [ 582.113474][ T1112] ata1.00: configured for UDMA/100 [ 582.116116][ T1112] sd 0:0:0:0: [sda] tag#14 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 582.120097][ T1112] sd 0:0:0:0: [sda] tag#14 Sense Key : Aborted Command [current] [ 582.123604][ T1112] sd 0:0:0:0: [sda] tag#14 Add. Sense: No additional sense information [ 582.126294][ T1112] sd 0:0:0:0: [sda] tag#14 CDB: Read(10) 28 00 00 01 27 7e 00 05 58 00 [ 582.129449][ T1112] blk_print_req_error: 5 callbacks suppressed [ 582.129466][ T1112] I/O error, dev sda, sector 75646 op 0x0:(READ) flags 0x80700 phys_seg 168 prio class 2 [ 582.136199][ T1112] ata1: EH complete [ 582.234731][ T5987] usb 9-1: USB disconnect, device number 27 [ 583.008084][T29650] skbuff: bad partial csum: csum=65535/0 headroom=64 headlen=65537 [ 583.014936][T29654] netlink: 112 bytes leftover after parsing attributes in process `syz.4.10598'. [ 583.647627][T14998] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 583.655989][T14998] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 583.667095][T14998] hid-generic 0000:0000:0000.000E: hidraw1: HID v0.00 Device [syz0] on syz1 [ 583.725493][T29716] fido_id[29716]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 584.162768][ T5995] kernel read not supported for file /dsp1 (pid: 5995 comm: kworker/1:4) [ 584.333739][T29748] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10636'. [ 584.743406][T29755] nbd1: detected capacity change from 0 to 127 [ 584.750501][ T5951] block nbd1: Receive control failed (result -32) [ 584.750501][ T5949] block nbd1: Receive control failed (result -32) [ 584.750537][T22247] block nbd1: Receive control failed (result -32) [ 584.765348][T29225] block nbd1: Dead connection, failed to find a fallback [ 584.769527][T29225] block nbd1: shutting down sockets [ 584.772039][T29225] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 584.784154][T29225] Buffer I/O error on dev nbd1, logical block 0, async page read [ 584.788413][T29225] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 584.794385][T29225] Buffer I/O error on dev nbd1, logical block 1, async page read [ 584.797586][T29225] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 584.801617][T29225] Buffer I/O error on dev nbd1, logical block 2, async page read [ 584.805570][T29225] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 584.808638][T29225] Buffer I/O error on dev nbd1, logical block 3, async page read [ 584.811180][T29225] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 584.815005][T29225] Buffer I/O error on dev nbd1, logical block 0, async page read [ 584.819290][T29225] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 584.823446][T29225] Buffer I/O error on dev nbd1, logical block 1, async page read [ 584.826726][T29225] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 584.830012][T29225] Buffer I/O error on dev nbd1, logical block 2, async page read [ 584.833079][T29225] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 584.837617][T29225] Buffer I/O error on dev nbd1, logical block 3, async page read [ 584.840716][T29225] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 584.846553][T29225] Buffer I/O error on dev nbd1, logical block 0, async page read [ 584.850295][T29225] Buffer I/O error on dev nbd1, logical block 1, async page read [ 584.855576][T29225] ldm_validate_partition_table(): Disk read failed. [ 584.859127][T29225] Dev nbd1: unable to read RDB block 0 [ 584.865278][T29225] nbd1: unable to read partition table [ 584.873637][T29225] ldm_validate_partition_table(): Disk read failed. [ 584.876690][T29225] Dev nbd1: unable to read RDB block 0 [ 584.879390][T29225] nbd1: unable to read partition table [ 584.883888][T29225] [ 584.884992][T29225] ====================================================== [ 584.888281][T29225] WARNING: possible circular locking dependency detected [ 584.891281][T29225] syzkaller #0 Tainted: G L [ 584.893858][T29225] ------------------------------------------------------ [ 584.896812][T29225] udevd/29225 is trying to acquire lock: [ 584.899086][T29225] ffff888027a5b990 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: __submit_bio+0x1e1/0x6c0 [ 584.902947][T29225] [ 584.902947][T29225] but task is already holding lock: [ 584.906862][T29225] ffff88802766acd0 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_get_pages+0x123e/0x2050 [ 584.911913][T29225] [ 584.911913][T29225] which lock already depends on the new lock. [ 584.911913][T29225] [ 584.915877][T29225] [ 584.915877][T29225] the existing dependency chain (in reverse order) is: [ 584.919259][T29225] [ 584.919259][T29225] -> #7 (mapping.invalidate_lock){++++}-{4:4}: [ 584.922381][T29225] down_read+0x99/0x460 [ 584.924308][T29225] filemap_fault+0x2dd/0x2eb0 [ 584.926445][T29225] __do_fault+0x10d/0x550 [ 584.928512][T29225] do_fault+0xabb/0x18e0 [ 584.930530][T29225] __handle_mm_fault+0x1815/0x2b60 [ 584.932972][T29225] handle_mm_fault+0x36d/0xa20 [ 584.935164][T29225] __get_user_pages+0xf9c/0x34d0 [ 584.937259][T29225] faultin_page_range+0x1f1/0x9e0 [ 584.939350][T29225] madvise_do_behavior+0x354/0x510 [ 584.941671][T29225] do_madvise+0x195/0x240 [ 584.943874][T29225] __ia32_sys_madvise+0xa7/0x110 [ 584.946712][T29225] __do_fast_syscall_32+0xe3/0x8c0 [ 584.949248][T29225] do_fast_syscall_32+0x32/0x70 [ 584.951403][T29225] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 584.954028][T29225] [ 584.954028][T29225] -> #6 (&mm->mmap_lock){++++}-{4:4}: [ 584.956906][T29225] __might_fault+0xde/0x140 [ 584.958856][T29225] _copy_from_user+0x29/0xd0 [ 584.960808][T29225] csum_and_copy_from_iter_full+0x21a/0x1fd0 [ 584.963431][T29225] ip_generic_getfrag+0x172/0x270 [ 584.965685][T29225] raw6_getfrag+0x235/0x2a0 [ 584.968371][T29225] __ip6_append_data+0x4220/0x4dc0 [ 584.970885][T29225] ip6_append_data+0x10b/0x410 [ 584.973070][T29225] rawv6_sendmsg+0x169c/0x4420 [ 584.975100][T29225] inet_sendmsg+0x11c/0x140 [ 584.977029][T29225] ____sys_sendmsg+0x98d/0xb70 [ 584.979039][T29225] ___sys_sendmsg+0x190/0x1e0 [ 584.981044][T29225] __sys_sendmsg+0x170/0x220 [ 584.983057][T29225] do_syscall_64+0x106/0xf80 [ 584.985172][T29225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.988453][T29225] [ 584.988453][T29225] -> #5 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 584.991892][T29225] lock_sock_nested+0x41/0xf0 [ 584.993947][T29225] inet_shutdown+0x67/0x410 [ 584.995947][T29225] nbd_mark_nsock_dead+0xae/0x5c0 [ 584.998237][T29225] sock_shutdown+0x16b/0x200 [ 585.000294][T29225] nbd_config_put+0x1eb/0x750 [ 585.002362][T29225] nbd_genl_connect+0xaf8/0x1a40 [ 585.004468][T29225] genl_family_rcv_msg_doit+0x214/0x300 [ 585.007062][T29225] genl_rcv_msg+0x560/0x800 [ 585.009655][T29225] netlink_rcv_skb+0x159/0x420 [ 585.012173][T29225] genl_rcv+0x28/0x40 [ 585.014080][T29225] netlink_unicast+0x5aa/0x870 [ 585.016086][T29225] netlink_sendmsg+0x8b0/0xda0 [ 585.018106][T29225] ____sys_sendmsg+0x9e1/0xb70 [ 585.020110][T29225] ___sys_sendmsg+0x190/0x1e0 [ 585.022126][T29225] __sys_sendmsg+0x170/0x220 [ 585.024251][T29225] __do_fast_syscall_32+0xe3/0x8c0 [ 585.026727][T29225] do_fast_syscall_32+0x32/0x70 [ 585.029172][T29225] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 585.032021][T29225] [ 585.032021][T29225] -> #4 (&nsock->tx_lock){+.+.}-{4:4}: [ 585.035008][T29225] __mutex_lock+0x1a2/0x1b90 [ 585.036968][T29225] nbd_queue_rq+0x428/0x1080 [ 585.038936][T29225] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 585.041271][T29225] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 585.044180][T29225] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 585.047288][T29225] blk_mq_run_hw_queue+0x23c/0x670 [ 585.049502][T29225] blk_mq_dispatch_list+0x51d/0x1360 [ 585.051368][T29225] blk_mq_flush_plug_list+0x130/0x600 [ 585.053321][T29225] __blk_flush_plug+0x2c4/0x4b0 [ 585.055105][T29225] __submit_bio+0x584/0x6c0 [ 585.056785][T29225] submit_bio_noacct_nocheck+0x562/0xc10 [ 585.058815][T29225] submit_bio_noacct+0xd17/0x2010 [ 585.060853][T29225] submit_bh_wbc+0x59c/0x770 [ 585.063116][T29225] block_read_full_folio+0x264/0x8e0 [ 585.065874][T29225] filemap_read_folio+0xfc/0x3b0 [ 585.068021][T29225] do_read_cache_folio+0x2d7/0x6b0 [ 585.070130][T29225] read_part_sector+0xd1/0x370 [ 585.072070][T29225] adfspart_check_ICS+0x93/0x910 [ 585.074252][T29225] bdev_disk_changed+0x7f8/0xc80 [ 585.076750][T29225] blkdev_get_whole+0x187/0x290 [ 585.079494][T29225] bdev_open+0x2c7/0xe40 [ 585.081665][T29225] blkdev_open+0x34e/0x4f0 [ 585.083528][T29225] do_dentry_open+0x6d8/0x1660 [ 585.085695][T29225] vfs_open+0x82/0x3f0 [ 585.087521][T29225] path_openat+0x208c/0x31a0 [ 585.089493][T29225] do_file_open+0x20e/0x430 [ 585.091312][T29225] do_sys_openat2+0x10d/0x1e0 [ 585.093266][T29225] __x64_sys_openat+0x12d/0x210 [ 585.095398][T29225] do_syscall_64+0x106/0xf80 [ 585.097706][T29225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.100901][T29225] [ 585.100901][T29225] -> #3 (&cmd->lock){+.+.}-{4:4}: [ 585.103636][T29225] __mutex_lock+0x1a2/0x1b90 [ 585.105652][T29225] nbd_queue_rq+0xba/0x1080 [ 585.107576][T29225] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 585.109841][T29225] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 585.112387][T29225] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 585.115057][T29225] blk_mq_run_hw_queue+0x23c/0x670 [ 585.117730][T29225] blk_mq_dispatch_list+0x51d/0x1360 [ 585.120442][T29225] blk_mq_flush_plug_list+0x130/0x600 [ 585.122998][T29225] __blk_flush_plug+0x2c4/0x4b0 [ 585.125106][T29225] __submit_bio+0x584/0x6c0 [ 585.127037][T29225] submit_bio_noacct_nocheck+0x562/0xc10 [ 585.129389][T29225] submit_bio_noacct+0xd17/0x2010 [ 585.131508][T29225] submit_bh_wbc+0x59c/0x770 [ 585.133548][T29225] block_read_full_folio+0x264/0x8e0 [ 585.135953][T29225] filemap_read_folio+0xfc/0x3b0 [ 585.138297][T29225] do_read_cache_folio+0x2d7/0x6b0 [ 585.140661][T29225] read_part_sector+0xd1/0x370 [ 585.142784][T29225] adfspart_check_ICS+0x93/0x910 [ 585.144905][T29225] bdev_disk_changed+0x7f8/0xc80 [ 585.146978][T29225] blkdev_get_whole+0x187/0x290 [ 585.149002][T29225] bdev_open+0x2c7/0xe40 [ 585.151142][T29225] blkdev_open+0x34e/0x4f0 [ 585.153377][T29225] do_dentry_open+0x6d8/0x1660 [ 585.155848][T29225] vfs_open+0x82/0x3f0 [ 585.157727][T29225] path_openat+0x208c/0x31a0 [ 585.159729][T29225] do_file_open+0x20e/0x430 [ 585.161707][T29225] do_sys_openat2+0x10d/0x1e0 [ 585.163749][T29225] __x64_sys_openat+0x12d/0x210 [ 585.165908][T29225] do_syscall_64+0x106/0xf80 [ 585.168146][T29225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.171007][T29225] [ 585.171007][T29225] -> #2 (set->srcu){.+.+}-{0:0}: [ 585.174142][T29225] __synchronize_srcu+0xa2/0x300 [ 585.176238][T29225] blk_mq_quiesce_queue+0x149/0x1c0 [ 585.178410][T29225] elevator_switch+0x17b/0x7e0 [ 585.180437][T29225] elevator_change+0x352/0x530 [ 585.182499][T29225] elevator_set_default+0x29e/0x360 [ 585.184673][T29225] blk_register_queue+0x412/0x590 [ 585.186868][T29225] __add_disk+0x73f/0xe40 [ 585.188800][T29225] add_disk_fwnode+0x118/0x5c0 [ 585.191393][T29225] nbd_dev_add+0x77a/0xb10 [ 585.193799][T29225] nbd_init+0x291/0x2b0 [ 585.196119][T29225] do_one_initcall+0x11d/0x760 [ 585.198211][T29225] kernel_init_freeable+0x6e5/0x7a0 [ 585.200501][T29225] kernel_init+0x1f/0x1e0 [ 585.202381][T29225] ret_from_fork+0x754/0xd80 [ 585.204465][T29225] ret_from_fork_asm+0x1a/0x30 [ 585.206624][T29225] [ 585.206624][T29225] -> #1 (&q->elevator_lock){+.+.}-{4:4}: [ 585.210129][T29225] __mutex_lock+0x1a2/0x1b90 [ 585.212330][T29225] elevator_change+0x1bc/0x530 [ 585.214624][T29225] elevator_set_none+0x92/0xf0 [ 585.216616][T29225] blk_mq_update_nr_hw_queues+0x4c1/0x15f0 [ 585.219038][T29225] nbd_start_device+0x1a6/0xbd0 [ 585.221123][T29225] nbd_genl_connect+0xff2/0x1a40 [ 585.223216][T29225] genl_family_rcv_msg_doit+0x214/0x300 [ 585.225692][T29225] genl_rcv_msg+0x560/0x800 [ 585.228039][T29225] netlink_rcv_skb+0x159/0x420 [ 585.230663][T29225] genl_rcv+0x28/0x40 [ 585.232600][T29225] netlink_unicast+0x5aa/0x870 [ 585.234671][T29225] netlink_sendmsg+0x8b0/0xda0 [ 585.236893][T29225] ____sys_sendmsg+0x9e1/0xb70 [ 585.239167][T29225] ___sys_sendmsg+0x190/0x1e0 [ 585.241190][T29225] __sys_sendmsg+0x170/0x220 [ 585.243271][T29225] __do_fast_syscall_32+0xe3/0x8c0 [ 585.245750][T29225] do_fast_syscall_32+0x32/0x70 [ 585.248232][T29225] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 585.250957][T29225] [ 585.250957][T29225] -> #0 (&q->q_usage_counter(io)#50){++++}-{0:0}: [ 585.254272][T29225] __lock_acquire+0x14b8/0x2630 [ 585.256399][T29225] lock_acquire+0x1cf/0x380 [ 585.258458][T29225] blk_mq_submit_bio+0x23ac/0x2bf0 [ 585.260802][T29225] __submit_bio+0x1e1/0x6c0 [ 585.263301][T29225] submit_bio_noacct_nocheck+0x562/0xc10 [ 585.265968][T29225] submit_bio_noacct+0xd17/0x2010 [ 585.268094][T29225] submit_bh_wbc+0x59c/0x770 [ 585.270073][T29225] block_read_full_folio+0x264/0x8e0 [ 585.272276][T29225] filemap_read_folio+0xfc/0x3b0 [ 585.274335][T29225] filemap_get_pages+0x173d/0x2050 [ 585.276207][T29225] filemap_read+0x3b5/0x10a0 [ 585.277980][T29225] blkdev_read_iter+0x2c4/0x4f0 [ 585.280068][T29225] vfs_read+0x825/0xb30 [ 585.281979][T29225] ksys_read+0x12a/0x250 [ 585.283763][T29225] do_syscall_64+0x106/0xf80 [ 585.285440][T29225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.287482][T29225] [ 585.287482][T29225] other info that might help us debug this: [ 585.287482][T29225] [ 585.290741][T29225] Chain exists of: [ 585.290741][T29225] &q->q_usage_counter(io)#50 --> &mm->mmap_lock --> mapping.invalidate_lock [ 585.290741][T29225] [ 585.295822][T29225] Possible unsafe locking scenario: [ 585.295822][T29225] [ 585.298735][T29225] CPU0 CPU1 [ 585.300673][T29225] ---- ---- [ 585.302449][T29225] rlock(mapping.invalidate_lock); [ 585.304151][T29225] lock(&mm->mmap_lock); [ 585.306333][T29225] lock(mapping.invalidate_lock); [ 585.308821][T29225] rlock(&q->q_usage_counter(io)#50); [ 585.310715][T29225] [ 585.310715][T29225] *** DEADLOCK *** [ 585.310715][T29225] [ 585.313711][T29225] 2 locks held by udevd/29225: [ 585.315550][T29225] #0: ffff88802766ab30 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_read_iter+0x2b6/0x4f0 [ 585.319087][T29225] #1: ffff88802766acd0 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_get_pages+0x123e/0x2050 [ 585.322465][T29225] [ 585.322465][T29225] stack backtrace: [ 585.324426][T29225] CPU: 2 UID: 0 PID: 29225 Comm: udevd Tainted: G L syzkaller #0 PREEMPT(full) [ 585.324443][T29225] Tainted: [L]=SOFTLOCKUP [ 585.324447][T29225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 585.324454][T29225] Call Trace: [ 585.324574][T29225] [ 585.324581][T29225] dump_stack_lvl+0x100/0x190 [ 585.324601][T29225] print_circular_bug.cold+0x178/0x1c7 [ 585.324621][T29225] check_noncircular+0x146/0x160 [ 585.324637][T29225] ? mas_wr_node_store+0xb4a/0x13b0 [ 585.324652][T29225] __lock_acquire+0x14b8/0x2630 [ 585.324669][T29225] lock_acquire+0x1cf/0x380 [ 585.324682][T29225] ? __submit_bio+0x1e1/0x6c0 [ 585.324700][T29225] ? blk_mq_submit_bio+0x2381/0x2bf0 [ 585.324718][T29225] ? blk_mq_submit_bio+0x2381/0x2bf0 [ 585.324736][T29225] blk_mq_submit_bio+0x23ac/0x2bf0 [ 585.324755][T29225] ? __submit_bio+0x1e1/0x6c0 [ 585.324771][T29225] ? rcu_is_watching+0x12/0xc0 [ 585.324789][T29225] ? __pfx_blk_mq_submit_bio+0x10/0x10 [ 585.324808][T29225] ? __lock_acquire+0x4a5/0x2630 [ 585.324846][T29225] ? perf_event_mmap+0xbc/0xe40 [ 585.324865][T29225] __submit_bio+0x1e1/0x6c0 [ 585.324882][T29225] ? __pfx___submit_bio+0x10/0x10 [ 585.324899][T29225] ? __pfx_blk_cgroup_bio_start+0x10/0x10 [ 585.324918][T29225] ? bio_associate_blkg_from_css+0x550/0x13f0 [ 585.324936][T29225] ? submit_bio_noacct_nocheck+0x562/0xc10 [ 585.324953][T29225] submit_bio_noacct_nocheck+0x562/0xc10 [ 585.324971][T29225] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 585.324989][T29225] ? __pfx___might_resched+0x10/0x10 [ 585.325062][T29225] ? bio_alloc_bioset+0x309/0x850 [ 585.325080][T29225] submit_bio_noacct+0xd17/0x2010 [ 585.325098][T29225] submit_bh_wbc+0x59c/0x770 [ 585.325113][T29225] block_read_full_folio+0x264/0x8e0 [ 585.325130][T29225] ? __pfx_blkdev_get_block+0x10/0x10 [ 585.325147][T29225] ? filemap_get_read_batch+0x2d3/0x9f0 [ 585.325170][T29225] ? __pfx_blkdev_read_folio+0x10/0x10 [ 585.325187][T29225] filemap_read_folio+0xfc/0x3b0 [ 585.325204][T29225] ? __pfx_filemap_read_folio+0x10/0x10 [ 585.325221][T29225] ? mas_ascend+0x53d/0xb30 [ 585.325233][T29225] filemap_get_pages+0x173d/0x2050 [ 585.325246][T29225] ? __pfx_filemap_get_pages+0x10/0x10 [ 585.325265][T29225] ? __pfx___might_resched+0x10/0x10 [ 585.325284][T29225] filemap_read+0x3b5/0x10a0 [ 585.325297][T29225] ? __pfx_filemap_read+0x10/0x10 [ 585.325311][T29225] ? __pfx_down_read+0x10/0x10 [ 585.325327][T29225] blkdev_read_iter+0x2c4/0x4f0 [ 585.325345][T29225] ? __pfx_blkdev_read_iter+0x10/0x10 [ 585.325363][T29225] vfs_read+0x825/0xb30 [ 585.325374][T29225] ? __pfx_vfs_read+0x10/0x10 [ 585.325386][T29225] ? ksys_mmap_pgoff+0xe9/0x650 [ 585.325399][T29225] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 585.325454][T29225] ksys_read+0x12a/0x250 [ 585.325464][T29225] ? __pfx_ksys_read+0x10/0x10 [ 585.325476][T29225] do_syscall_64+0x106/0xf80 [ 585.325489][T29225] ? clear_bhb_loop+0x40/0x90 [ 585.325502][T29225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.325514][T29225] RIP: 0033:0x7f91542a7407 [ 585.325524][T29225] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 585.325535][T29225] RSP: 002b:00007ffebaa7ab50 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 585.325585][T29225] RAX: ffffffffffffffda RBX: 00007f9154a72880 RCX: 00007f91542a7407 [ 585.325592][T29225] RDX: 0000000000000200 RSI: 00007f9154a71000 RDI: 0000000000000009 [ 585.325599][T29225] RBP: 00005566574c1050 R08: 0000000000000000 R09: 0000000000000000 [ 585.325605][T29225] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 585.325612][T29225] R13: 0000000000000000 R14: 00005566574cddb8 R15: 00007f9154b9939c [ 585.325622][T29225]