last executing test programs: 4m14.315484811s ago: executing program 2 (id=2774): io_setup(0x81, &(0x7f0000000400)=0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) io_submit(r0, 0x1, &(0x7f0000000440)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 4m14.164503756s ago: executing program 2 (id=2783): mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[]) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='clear_refs\x00') write$binfmt_format(r0, &(0x7f0000000300)='1\x00', 0x2) 4m14.086309813s ago: executing program 2 (id=2787): r0 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000412000/0x2000)=nil) setuid(0xee01) shmctl$IPC_RMID(r0, 0x0) 4m14.072617134s ago: executing program 2 (id=2791): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0x8) 4m13.986076296s ago: executing program 2 (id=2794): r0 = fsopen(&(0x7f0000000100)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000700)='source', &(0x7f0000000580)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&t&A0\xa7\xef\x9cL\x8e1K', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000700)='source', &(0x7f00000004c0)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael,\xc4\x00\x00\x00\x00\x00\x00\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x00\x00\x00\x00\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\xf9\xff\x1b\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&\xc1&A0\xa7\xef\x9cL\x8e1K', 0x0) 4m13.689022859s ago: executing program 2 (id=2804): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000b00)='./file0\x00', 0x2) 4m13.651807465s ago: executing program 32 (id=2804): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000b00)='./file0\x00', 0x2) 3m52.886376127s ago: executing program 4 (id=3595): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="010000"], 0x48) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r0, 0x4b4c, &(0x7f0000000280)) 3m52.885940498s ago: executing program 4 (id=3597): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) rename(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='./file0\x00') 3m52.805043055s ago: executing program 4 (id=3599): mount$9p_virtio(&(0x7f0000000040), &(0x7f00000001c0)='.\x00', &(0x7f0000000000), 0x4, &(0x7f0000000200)={'trans=virtio,', {[{@dfltuid}]}}) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') read$FUSE(r0, &(0x7f0000003480)={0x2020}, 0x2020) 3m52.73765894s ago: executing program 4 (id=3601): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0xc) 3m52.465140857s ago: executing program 4 (id=3606): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000000280)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x2, @private1, 0x3}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000300)="14", 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e23, 0x9, @remote, 0x1}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000400)="91", 0x1}], 0x1}}], 0x2, 0x54) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0) 3m51.757881448s ago: executing program 4 (id=3623): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000900)={0x38, r1, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x2}]}]}]}, 0x38}}, 0xc000) 3m51.63222075s ago: executing program 33 (id=3623): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000900)={0x38, r1, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x2}]}]}]}, 0x38}}, 0xc000) 3m14.007256017s ago: executing program 1 (id=4458): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3800000054000147880000000000000007008209", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="00001000e000030000010001000000000000000008"], 0x38}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3m14.007046834s ago: executing program 1 (id=4459): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x5b2, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) 3m13.953434304s ago: executing program 1 (id=4462): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3, &(0x7f0000000080)=0xb, 0x8, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) 3m13.730074669s ago: executing program 1 (id=4465): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 3m12.834908104s ago: executing program 1 (id=4469): r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x300000f, 0x12, r0, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) 3m12.407437934s ago: executing program 1 (id=4474): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r0, 0x0) mremap(&(0x7f000000e000/0x7000)=nil, 0x7000, 0x2000, 0x3, &(0x7f0000007000/0x2000)=nil) 3m12.40008518s ago: executing program 34 (id=4474): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r0, 0x0) mremap(&(0x7f000000e000/0x7000)=nil, 0x7000, 0x2000, 0x3, &(0x7f0000007000/0x2000)=nil) 2.238936049s ago: executing program 5 (id=8184): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 2.053947088s ago: executing program 5 (id=8185): syz_open_dev$media(0x0, 0xa, 0x41) unshare(0x62040200) r0 = socket(0x2b, 0x1, 0x1) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'mangle\x00', 0x0, [0xfffffffe, 0x83800000, 0xa, 0x0, 0x2]}, &(0x7f0000000080)=0x54) 1.814465382s ago: executing program 0 (id=8188): pipe(&(0x7f0000000140)={0xffffffffffffffff}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000080), 0xfffffe13) close_range(r0, 0xffffffffffffffff, 0x0) 1.804761659s ago: executing program 5 (id=8189): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000100)) 1.734894526s ago: executing program 5 (id=8193): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x20a00, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff0000000000010902"], 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000540)=0x7) 1.734805958s ago: executing program 0 (id=8194): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x20) fcntl$setlease(r0, 0x400, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20) fcntl$getflags(r0, 0x401) 1.684585301s ago: executing program 3 (id=8196): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x68, 0x30, 0xf8f5, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xbabd, 0x3c, 0x10000000, 0x1, 0xfff}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.623870384s ago: executing program 3 (id=8197): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc9", 0x26, 0x800, &(0x7f0000000180)={0xc9, 0x3, r1, 0x1, 0x0, 0x6, @local}, 0x14) 1.56437351s ago: executing program 3 (id=8200): r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) setreuid(0x0, 0xee01) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xfc77b000) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001340)={0x53, 0xfffffffffffffffc, 0x6, 0x8b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001200)="50e2bed8a1f6", 0x0, 0x1000, 0x10000, 0xffffffffffffffff, 0x0}) 1.13272924s ago: executing program 3 (id=8201): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfdffa000) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 892.483471ms ago: executing program 0 (id=8202): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xe8694000) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) 683.572212ms ago: executing program 6 (id=8203): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xf8) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) dup2(r1, r0) read$FUSE(r0, &(0x7f0000000480)={0x2020}, 0x2020) 683.204427ms ago: executing program 6 (id=8204): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000001c0)={{0xffff, 0xfffd, 0x8, 0xe1a4}, 'syz0\x00'}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 625.633362ms ago: executing program 6 (id=8205): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-256\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f000000b800)=[{{0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000000400)="8ca9379f", 0x4}, {&(0x7f0000000e80)="02", 0x1}], 0x2, 0x0, 0x0, 0xc010}}], 0x1, 0xc040000) 588.322783ms ago: executing program 6 (id=8206): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c40)=@newtfilter={0x84, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x2, 0xfff3}, {0x0, 0xfff3}, {0xb, 0x10}}, [@filter_kind_options=@f_fw={{0x7}, {0x58, 0x2, [@TCA_FW_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x20000000, 0x0, 0x1, 0x7, {0x19, 0x2, 0x8000, 0x3, 0x7}, {0x5, 0x1, 0xedf3, 0xfffa, 0xa9, 0xffffff00}, 0x91, 0x10001, 0x2}}]}, @TCA_FW_INDEV={0x14, 0x3, 'veth1_to_hsr\x00'}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x24041091}, 0x0) 579.257251ms ago: executing program 3 (id=8207): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)={0x3c, r1, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x6}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8003}]}, 0x3c}}, 0x20000000) 431.931532ms ago: executing program 6 (id=8208): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000540), 0x200000b1, 0x8a681) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001100)={r0, 0x0, {0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "244333791f045158d97405000000000000040000000100", [0xfffffffffeff7ffc]}}) ioctl$BTRFS_IOC_SPACE_INFO(r1, 0x4c07, 0x0) 390.212806ms ago: executing program 6 (id=8209): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6cd00000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) 364.105462ms ago: executing program 0 (id=8210): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={r1, 0xfff0}, 0x8) 275.304522ms ago: executing program 0 (id=8211): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_freezer_state(r0, &(0x7f00000002c0), 0x2, 0x0) sendfile(r1, r1, 0x0, 0x8000002) 216.594153ms ago: executing program 0 (id=8212): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000100000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x20, 0x7, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) 212.212935ms ago: executing program 5 (id=8213): r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r0, 0x2) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') 102.936169ms ago: executing program 5 (id=8214): r0 = syz_open_dev$loop(&(0x7f0000000040), 0xffffffff80000001, 0x1680a2) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/rcu_normal', 0x82802, 0x8) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf900000080149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d665f985881a350000ddffffff00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dce141802c4dacf162e43ac6126c370ec00000000a04100", [0xffffffff7ffffce8, 0xa]}}) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x4, 0x71, 0x0, 0x9, 0x19, 0x0, "585633671ffbca2496d5728d0f8f2bfcb2c20f83c6f1fa74940c64d4abfa391b832442b953fc573f4446b09d04892c8343a864c88ace846789292b47ee7a6d8e", "c50f751886fb50e007d5d016c44110f534af43cc07fac51bee22e72e86c01b4928d69bdefd07854c13920811fd7002dc8aada05a7c0bda02f7ff87fdc11bc4ec", "ee221bd6914010cf945a86f1069be93a8dc7d78055821a5718fd6b88965c471e", [0x3, 0x6]}) 0s ago: executing program 3 (id=8215): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0a060e04"], 0xd) kernel console output (not intermixed with test programs): process `syz.6.5205'. [ 260.648803][ T1433] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.650878][ T1433] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.045731][T17479] input: syz0 as /devices/virtual/input/input23 [ 261.446966][ T8760] usb 11-1: new high-speed USB device number 5 using dummy_hcd [ 261.487505][T17492] input: syz0 as /devices/virtual/input/input24 [ 261.606974][ T8760] usb 11-1: Using ep0 maxpacket: 8 [ 261.613315][ T8760] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 261.617674][ T8760] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 261.620914][ T8760] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 261.624455][ T8760] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 261.629100][ T8760] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 261.631979][ T8760] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.846242][ T8760] usb 11-1: GET_CAPABILITIES returned 0 [ 261.849109][ T8760] usbtmc 11-1:16.0: can't read capabilities [ 262.053245][ T5852] usb 11-1: USB disconnect, device number 5 [ 262.091656][T17515] ip6_vti0 speed is unknown, defaulting to 1000 [ 263.447399][T17588] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5268'. [ 263.451438][T17588] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5268'. [ 263.772043][T17608] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5278'. [ 264.647741][ T62] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 265.178790][T17660] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5300'. [ 265.823756][T17704] netem: change failed [ 266.056581][T17723] kvm: kvm [17721]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0x4 [ 266.073348][T17727] netem: change failed [ 266.197084][ T5531] kernel write not supported for file /input/event2 (pid: 5531 comm: kworker/0:3) [ 266.209316][ T5852] kernel write not supported for file /uinput (pid: 5852 comm: kworker/1:4) [ 266.436569][T17747] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5343'. [ 266.441266][T17747] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5343'. [ 266.602211][T17761] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 267.017933][T17780] input: syz1 as /devices/virtual/input/input25 [ 267.019978][T17780] input: failed to attach handler leds to device input25, error: -6 [ 267.179325][T17798] Bluetooth: hci5: Frame reassembly failed (-84) [ 267.184827][T12931] Bluetooth: hci5: Frame reassembly failed (-84) [ 268.033382][T17833] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5382'. [ 268.065890][T17835] sctp: [Deprecated]: syz.3.5383 (pid 17835) Use of struct sctp_assoc_value in delayed_ack socket option. [ 268.065890][T17835] Use struct sctp_sack_info instead [ 268.648865][ T5752] Bluetooth: hci4: command 0x1003 tx timeout [ 268.648925][ T62] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 268.842229][T17851] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 269.058195][ T40] kauditd_printk_skb: 1125 callbacks suppressed [ 269.058207][ T40] audit: type=1326 audit(2000001116.761:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.6.5401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706efcc code=0x7ffc0000 [ 269.069373][ T40] audit: type=1326 audit(2000001116.761:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.6.5401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706efcc code=0x7ffc0000 [ 269.077422][ T40] audit: type=1326 audit(2000001116.761:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.6.5401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706efcc code=0x7ffc0000 [ 269.085298][ T40] audit: type=1326 audit(2000001116.761:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.6.5401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706efcc code=0x7ffc0000 [ 269.093220][ T40] audit: type=1326 audit(2000001116.761:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.6.5401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706efcc code=0x7ffc0000 [ 269.100455][ T40] audit: type=1326 audit(2000001116.761:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.6.5401" exe="/syz-executor" sig=0 arch=40000003 syscall=373 compat=1 ip=0xf706efcc code=0x7ffc0000 [ 269.112096][ T40] audit: type=1326 audit(2000001116.761:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.6.5401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706efcc code=0x7ffc0000 [ 269.121132][ T40] audit: type=1326 audit(2000001116.761:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.6.5401" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf706efcc code=0x7ffc0000 [ 269.130679][ T40] audit: type=1326 audit(2000001116.761:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.6.5401" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf706efcc code=0x7ffc0000 [ 269.153749][T17881] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5404'. [ 269.158558][T17881] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5404'. [ 269.208203][ T5748] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 269.463517][T17902] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5413'. [ 269.567004][ T5531] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 269.728827][ T5531] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 269.739110][ T5531] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 269.745381][ T5531] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 269.752748][ T5531] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 269.756979][ T5531] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 269.760598][ T5531] usb 10-1: Product: syz [ 269.762627][ T5531] usb 10-1: Manufacturer: syz [ 269.764515][ T5531] usb 10-1: SerialNumber: syz [ 269.794560][T17915] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5419'. [ 269.797677][T17915] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5419'. [ 269.802315][T17915] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5419'. [ 269.805329][T17915] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5419'. [ 269.996269][ T5531] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 270.193946][ T8760] usb 10-1: USB disconnect, device number 9 [ 270.204525][ T8760] usblp0: removed [ 271.142770][ T5748] Bluetooth: hci0: link tx timeout [ 271.146512][ T5748] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 271.149387][T17992] macvlan2: entered promiscuous mode [ 271.152549][T17992] bridge0: entered promiscuous mode [ 271.356560][T18010] cgroup: fork rejected by pids controller in /syz6 [ 271.376385][T18015] loop4: detected capacity change from 0 to 7 [ 271.385609][ C0] blk_print_req_error: 25 callbacks suppressed [ 271.385621][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 271.392132][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.394941][ C0] buffer_io_error: 25 callbacks suppressed [ 271.394949][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 271.401733][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.404496][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 271.408797][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.412366][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 271.415572][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.418333][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 271.421075][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.424663][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 271.428494][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.432083][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 271.435374][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.439015][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 271.444914][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.447796][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 271.453214][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.456742][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 271.461437][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 271.465064][T18015] ldm_validate_partition_table(): Disk read failed. [ 271.471029][T18015] Dev loop4: unable to read RDB block 0 [ 271.473190][T18015] loop4: unable to read partition table [ 271.475092][T18015] loop4: partition table beyond EOD, truncated [ 271.478369][T18015] loop_reread_partitions: partition scan of loop4 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 272.981242][T18072] kvm_intel: kvm [18071]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x3 [ 273.111728][T18080] veth1_to_bond: entered allmulticast mode [ 273.113863][T18080] veth1_to_bond: left allmulticast mode [ 273.396737][T18089] block nbd1: Unsupported socket: should be TCP or UNIX. [ 273.429802][T18091] cgroup: fork rejected by pids controller in /syz5 [ 273.612572][T18102] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5506'. [ 274.324758][T12930] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.580186][T12930] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.789293][T12930] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.019395][T12930] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.617941][T12930] bridge_slave_1: left promiscuous mode [ 275.620167][T12930] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.678302][T12930] bridge_slave_0: left allmulticast mode [ 275.680104][T12930] bridge_slave_0: left promiscuous mode [ 275.681965][T12930] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.739481][T12930] lo: left allmulticast mode [ 276.418609][T12930] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 276.488675][T12930] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 276.539659][T12930] bond0 (unregistering): Released all slaves [ 276.599757][ T5454] 8021q: adding VLAN 0 to HW filter on device eth10 [ 276.762318][ T5454] 8021q: adding VLAN 0 to HW filter on device eth11 [ 277.048976][ T5454] 8021q: adding VLAN 0 to HW filter on device eth12 [ 277.319228][ T5454] 8021q: adding VLAN 0 to HW filter on device eth13 [ 277.737134][T12930] hsr_slave_0: left promiscuous mode [ 277.777278][T12930] hsr_slave_1: left promiscuous mode [ 277.780180][T12930] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 277.782730][T12930] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.798637][T12930] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 277.801747][T12930] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.861489][T12930] veth1_macvtap: left promiscuous mode [ 277.863929][T12930] veth0_macvtap: left promiscuous mode [ 277.865739][T12930] veth1_vlan: left promiscuous mode [ 277.868440][T12930] veth0_vlan: left promiscuous mode [ 278.708841][T12930] team0 (unregistering): Port device team_slave_1 removed [ 278.749732][T12930] team0 (unregistering): Port device team_slave_0 removed [ 282.384545][ T5748] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 282.391570][ T5748] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 282.395433][ T5748] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 282.401475][ T5748] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 282.404104][ T5748] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 282.512097][ T5748] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 282.530824][ T5748] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 282.539168][ T5748] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 282.545177][ T5748] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 282.549420][ T5748] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 282.761542][T18151] ip6_vti0 speed is unknown, defaulting to 1000 [ 283.235565][T18158] ip6_vti0 speed is unknown, defaulting to 1000 [ 283.486770][T18213] 9p: Invalid uid '0x00000000ffffffff' [ 284.041935][T18151] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.045120][T18151] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.049721][T18151] bridge_slave_0: entered allmulticast mode [ 284.053624][T18151] bridge_slave_0: entered promiscuous mode [ 284.065964][T18151] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.071020][T18151] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.077307][T18151] bridge_slave_1: entered allmulticast mode [ 284.080947][T18151] bridge_slave_1: entered promiscuous mode [ 284.110359][T18151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.121061][T18151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.178578][T18151] team0: Port device team_slave_0 added [ 284.187848][T18151] team0: Port device team_slave_1 added [ 284.225864][T18151] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 284.229077][T18151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 284.240307][T18151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 284.246366][T18151] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 284.249564][T18151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 284.260536][T18151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 284.320091][T18151] hsr_slave_0: entered promiscuous mode [ 284.322825][T18151] hsr_slave_1: entered promiscuous mode [ 284.324984][T18151] debugfs: 'hsr0' already exists in 'hsr' [ 284.327523][T18151] Cannot create hsr debugfs directory [ 284.486984][ T5762] Bluetooth: hci0: command tx timeout [ 284.563893][T18240] loop8: detected capacity change from 0 to 7 [ 284.569718][ C2] blk_print_req_error: 11 callbacks suppressed [ 284.569734][ C2] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.575341][ C2] buffer_io_error: 10 callbacks suppressed [ 284.575356][ C2] Buffer I/O error on dev loop8, logical block 0, async page read [ 284.582325][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.586226][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 284.590927][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.594828][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 284.599571][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.603364][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 284.607209][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.611392][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 284.617955][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.621778][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 284.625839][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.629704][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 284.632689][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.635719][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 284.639049][T18240] ldm_validate_partition_table(): Disk read failed. [ 284.641617][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.644665][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 284.647722][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.650649][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 284.657781][ T5762] Bluetooth: hci2: command tx timeout [ 284.658920][T18240] Dev loop8: unable to read RDB block 0 [ 284.667876][T18158] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.669184][T18240] loop8: unable to read partition table [ 284.673320][T18158] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.673538][T18240] loop8: partition table beyond EOD, truncated [ 284.676689][T18158] bridge_slave_0: entered allmulticast mode [ 284.680357][T18240] loop_reread_partitions: partition scan of loop8 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 284.683161][T18158] bridge_slave_0: entered promiscuous mode [ 284.690867][T18158] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.693640][T18158] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.696531][T18158] bridge_slave_1: entered allmulticast mode [ 284.700023][T18158] bridge_slave_1: entered promiscuous mode [ 284.752391][T18158] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.877922][ T3581] bridge_slave_1: left allmulticast mode [ 284.879910][ T3581] bridge_slave_1: left promiscuous mode [ 284.882017][ T3581] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.958282][ T3581] bridge_slave_0: left allmulticast mode [ 284.960080][ T3581] bridge_slave_0: left promiscuous mode [ 284.961958][ T3581] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.519171][ T3581] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 285.578945][ T3581] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 285.598863][ T3581] bond0 (unregistering): Released all slaves [ 285.663167][T18158] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 285.727608][T18246] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 285.730357][T18246] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 285.732867][T18246] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 285.772769][T18158] team0: Port device team_slave_0 added [ 285.776666][T18158] team0: Port device team_slave_1 added [ 285.807918][T18246] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 285.838792][T18158] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.841745][T18158] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 285.852342][T18158] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.892771][T18246] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 285.895268][T18246] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 285.968284][T18158] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.971009][T18158] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 285.971685][T18246] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 285.980578][T18158] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.986351][ T5454] 8021q: adding VLAN 0 to HW filter on device eth14 [ 286.072351][T18246] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 286.075006][T18246] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 286.130222][T18246] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 286.247659][T18158] hsr_slave_0: entered promiscuous mode [ 286.250122][T18158] hsr_slave_1: entered promiscuous mode [ 286.252253][T18158] debugfs: 'hsr0' already exists in 'hsr' [ 286.254177][T18158] Cannot create hsr debugfs directory [ 286.299658][T18262] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5546'. [ 286.697291][T18272] batman_adv: batadv0: Adding interface: vlan4 [ 286.699564][T18272] batman_adv: batadv0: The MTU of interface vlan4 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 286.707547][T18272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.710823][T18272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.713915][T18272] batman_adv: batadv0: Not using interface vlan4 (retrying later): interface not active [ 286.719233][ T5454] 8021q: adding VLAN 0 to HW filter on device eth15 [ 287.074249][T18291] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 287.310153][ T3581] hsr_slave_0: left promiscuous mode [ 287.348624][ T3581] hsr_slave_1: left promiscuous mode [ 287.351283][ T3581] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.398232][ T3581] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 287.767044][ T5762] Bluetooth: hci3: command 0x2016 tx timeout [ 287.767068][ T5748] Bluetooth: hci1: command 0x0c1a tx timeout [ 287.926915][ T5748] Bluetooth: hci0: command 0x040f tx timeout [ 288.058114][ T3581] team0 (unregistering): Port device team_slave_1 removed [ 288.096929][ T5748] Bluetooth: hci2: command 0x040f tx timeout [ 288.098137][ T3581] team0 (unregistering): Port device team_slave_0 removed [ 288.237720][ T5454] 8021q: adding VLAN 0 to HW filter on device eth16 [ 288.252503][T18336] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0 [ 288.371008][T18354] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5580'. [ 288.470993][ T5454] 8021q: adding VLAN 0 to HW filter on device eth17 [ 288.735213][T18151] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 288.770996][T18151] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 288.773933][T18151] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 288.809082][T18151] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 288.813480][T18151] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 288.859585][T18151] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 289.098393][T18151] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 289.139261][T18151] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 289.195345][T18151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 289.398917][T18151] 8021q: adding VLAN 0 to HW filter on device team0 [ 289.409549][T12930] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.411865][T12930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 289.419530][T12930] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.422935][T12930] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.444077][T18419] input: syz1 as /devices/virtual/input/input26 [ 289.664053][T18431] ipvlan1: entered promiscuous mode [ 289.665859][T18431] ipvlan1: entered allmulticast mode [ 289.668997][T18431] veth0_vlan: entered allmulticast mode [ 289.729747][T18444] syz.3.5601 uses obsolete (PF_INET,SOCK_PACKET) [ 289.848531][ T5748] Bluetooth: hci3: command 0x2016 tx timeout [ 290.006993][ T5748] Bluetooth: hci0: command 0x040f tx timeout [ 290.043468][T18151] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 290.168057][ T5748] Bluetooth: hci2: command 0x040f tx timeout [ 290.179313][T18158] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 290.208457][T18158] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 290.211235][T18158] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 290.239809][T18158] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 290.243606][T18158] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 290.279375][T18158] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 290.283982][T18158] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 290.320027][T18158] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 290.356352][T18151] veth0_vlan: entered promiscuous mode [ 290.383988][T18151] veth1_vlan: entered promiscuous mode [ 290.424395][T18151] veth0_macvtap: entered promiscuous mode [ 290.432075][T18158] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.436189][T18151] veth1_macvtap: entered promiscuous mode [ 290.452644][T18158] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.458090][T18151] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 290.463222][T18151] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 290.469070][ T1217] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.471407][ T1217] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.474559][T18525] kvm: kvm [18523]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0xeb7 [ 290.476768][T12930] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.477600][T12930] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.477621][T12930] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.477640][T12930] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.482467][T12930] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.491909][T12930] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.637829][T18530] pimreg: entered allmulticast mode [ 290.661854][T18530] pimreg: left allmulticast mode [ 291.171012][ T1194] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.175488][ T1194] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.207959][ T1194] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.211831][ T1194] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.254482][T18543] netlink: 'syz.0.5622': attribute type 7 has an invalid length. [ 291.258109][T18543] netem: change failed [ 291.380048][T18158] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 291.537166][T18158] veth0_vlan: entered promiscuous mode [ 291.543292][T18158] veth1_vlan: entered promiscuous mode [ 291.558339][T18158] veth0_macvtap: entered promiscuous mode [ 291.562777][T18158] veth1_macvtap: entered promiscuous mode [ 291.573445][T18158] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 291.580952][T18158] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 291.589441][ T1217] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.592275][ T1217] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.595632][ T1217] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.599608][ T1217] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.828097][ T3581] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.831042][ T3581] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.853362][ T3581] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.856358][ T3581] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.937082][ T5748] Bluetooth: hci3: command 0x2016 tx timeout [ 292.086946][ T5748] Bluetooth: hci0: command 0x040f tx timeout [ 292.257267][ T5748] Bluetooth: hci2: command 0x040f tx timeout [ 292.334562][T18599] overlayfs: invalid origin (0000) [ 292.741060][ T40] audit: type=1326 audit(2000001140.441:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18617 comm="syz.5.5648" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70cefe8 code=0x7ffc0000 [ 292.748409][ T40] audit: type=1326 audit(2000001140.441:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18617 comm="syz.5.5648" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 292.755380][ T40] audit: type=1326 audit(2000001140.441:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18617 comm="syz.5.5648" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70cefe8 code=0x7ffc0000 [ 292.762430][ T40] audit: type=1326 audit(2000001140.441:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18617 comm="syz.5.5648" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70cefe8 code=0x7ffc0000 [ 292.769432][ T40] audit: type=1326 audit(2000001140.441:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18617 comm="syz.5.5648" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70cefe8 code=0x7ffc0000 [ 292.776379][ T40] audit: type=1326 audit(2000001140.441:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18617 comm="syz.5.5648" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70cefe8 code=0x7ffc0000 [ 292.783248][ T40] audit: type=1326 audit(2000001140.441:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18617 comm="syz.5.5648" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 292.791473][ T40] audit: type=1326 audit(2000001140.441:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18617 comm="syz.5.5648" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 292.798617][ T40] audit: type=1326 audit(2000001140.441:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18617 comm="syz.5.5648" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 292.805480][ T40] audit: type=1326 audit(2000001140.441:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18617 comm="syz.5.5648" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 292.863535][T18622] loop9: detected capacity change from 0 to 524287999 [ 292.866230][T18622] buffer_io_error: 11 callbacks suppressed [ 292.866244][T18622] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.871129][T18622] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.873669][T18622] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.876173][T18622] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.878883][T18622] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.881412][T18622] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.883874][T18622] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.886446][T18622] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.891092][T18622] ldm_validate_partition_table(): Disk read failed. [ 292.893370][T18622] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.895922][T18622] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.898704][T18622] Dev loop9: unable to read RDB block 0 [ 292.900796][T18622] loop9: unable to read partition table [ 292.902719][T18622] loop_reread_partitions: partition scan of loop9 (3 x) failed (rc=-5) [ 292.979852][T18622] ldm_validate_partition_table(): Disk read failed. [ 292.983139][T18622] Dev loop9: unable to read RDB block 0 [ 292.986041][T18622] loop9: unable to read partition table [ 292.989283][T18622] loop_reread_partitions: partition scan of loop9 (3 x) failed (rc=-5) [ 293.032732][T18630] syzkaller1: tun_chr_ioctl cmd 35108 [ 293.462574][ T5762] block nbd1: Receive control failed (result -32) [ 293.753999][T18674] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 293.787521][T18676] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5674'. [ 293.902224][T18684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5678'. [ 293.952053][T18692] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5681'. [ 294.177681][ T5762] Bluetooth: hci0: command 0x040f tx timeout [ 294.328823][ T5762] Bluetooth: hci2: command 0x040f tx timeout [ 294.498512][T18725] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5695'. [ 295.646943][ T5830] usb 10-1: new low-speed USB device number 10 using dummy_hcd [ 295.728415][T18782] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5720'. [ 295.828580][ T5830] usb 10-1: config 0 has an invalid interface number: 1 but max is 0 [ 295.832215][ T5830] usb 10-1: config 0 has no interface number 0 [ 295.834812][ T5830] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 295.839601][ T5830] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 295.844038][ T5830] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 295.847934][ T5830] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.853623][ T5830] usb 10-1: config 0 descriptor?? [ 295.856609][T18769] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 295.865793][ T5830] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 296.070392][ T53] usb 10-1: USB disconnect, device number 10 [ 296.257278][ T5748] Bluetooth: hci0: command 0x040f tx timeout [ 296.260053][T18793] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5725'. [ 296.263540][T18793] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5725'. [ 296.408464][ T5748] Bluetooth: hci2: command 0x040f tx timeout [ 296.867118][T18822] loop6: detected capacity change from 0 to 8 [ 296.917351][T18822] loop6: detected capacity change from 8 to 0 [ 297.067965][ T24] usb 11-1: new high-speed USB device number 6 using dummy_hcd [ 297.217682][ T24] usb 11-1: Using ep0 maxpacket: 32 [ 297.222090][ T24] usb 11-1: config 1 interface 0 altsetting 5 bulk endpoint 0x82 has invalid maxpacket 1024 [ 297.229767][ T24] usb 11-1: config 1 interface 0 altsetting 5 bulk endpoint 0x3 has invalid maxpacket 64 [ 297.235773][ T24] usb 11-1: config 1 interface 0 has no altsetting 0 [ 297.243417][ T24] usb 11-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 297.253368][ T24] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.258687][ T24] usb 11-1: Product: syz [ 297.260331][ T24] usb 11-1: Manufacturer: syz [ 297.261952][ T24] usb 11-1: SerialNumber: syz [ 297.265754][T18812] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 297.268964][T18812] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 297.492464][ T24] cdc_ether 11-1:1.0: probe with driver cdc_ether failed with error -71 [ 297.500169][ T24] usb 11-1: USB disconnect, device number 6 [ 297.980057][T18865] Falling back ldisc for ttyS3. [ 298.404444][T18914] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5769'. [ 298.487042][ T5748] Bluetooth: hci2: command 0x040f tx timeout [ 299.225585][T18969] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5800'. [ 299.386707][T18978] ip6_vti0 speed is unknown, defaulting to 1000 [ 299.668125][ T5853] usb 11-1: new full-speed USB device number 7 using dummy_hcd [ 299.848623][ T5853] usb 11-1: config 0 has no interfaces? [ 299.852738][ T5853] usb 11-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d [ 299.856128][ T5853] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.863156][ T5853] usb 11-1: Product: syz [ 299.864945][ T5853] usb 11-1: Manufacturer: syz [ 299.867102][ T5853] usb 11-1: SerialNumber: syz [ 299.871153][ T5853] usb 11-1: config 0 descriptor?? [ 300.125446][ T5853] usb 11-1: USB disconnect, device number 7 [ 300.603443][T19005] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5816'. [ 300.842339][T19022] input: syz0 as /devices/virtual/input/input27 [ 301.274372][T12202] kernel read not supported for file /dsp (pid: 12202 comm: kworker/1:5) [ 301.792251][T19059] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.5841'. [ 301.822482][T19061] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5842'. [ 301.872715][ T40] kauditd_printk_skb: 62 callbacks suppressed [ 301.872731][ T40] audit: type=1326 audit(2000001149.571:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19065 comm="syz.6.5844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 301.895762][ T40] audit: type=1326 audit(2000001149.571:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19065 comm="syz.6.5844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 301.905407][ T40] audit: type=1326 audit(2000001149.591:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19065 comm="syz.6.5844" exe="/syz-executor" sig=0 arch=40000003 syscall=12 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 301.914955][ T40] audit: type=1326 audit(2000001149.591:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19065 comm="syz.6.5844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 301.924584][ T40] audit: type=1326 audit(2000001149.591:1359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19065 comm="syz.6.5844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 301.933905][ T40] audit: type=1326 audit(2000001149.591:1360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19065 comm="syz.6.5844" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 301.942054][ T40] audit: type=1326 audit(2000001149.591:1361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19065 comm="syz.6.5844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 301.949372][ T40] audit: type=1326 audit(2000001149.591:1362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19065 comm="syz.6.5844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 301.960424][ T40] audit: type=1326 audit(2000001149.591:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19065 comm="syz.6.5844" exe="/syz-executor" sig=0 arch=40000003 syscall=143 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 301.964288][T19070] input: syz1 as /devices/virtual/input/input28 [ 301.967926][ T40] audit: type=1326 audit(2000001149.591:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19065 comm="syz.6.5844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 301.978514][T19072] bridge_slave_0: invalid flags given to default FDB implementation [ 302.239075][T19083] bond1 (unregistering): Released all slaves [ 302.433602][T19092] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5855'. [ 302.438733][T19092] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5855'. [ 302.443859][T19092] netlink: 33 bytes leftover after parsing attributes in process `syz.5.5855'. [ 302.448205][T19092] veth1_to_bridge: entered allmulticast mode [ 302.451465][T19092] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5855'. [ 302.455361][T19092] netlink: 33 bytes leftover after parsing attributes in process `syz.5.5855'. [ 302.687986][T19112] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5866'. [ 303.073958][T19144] netlink: 'syz.0.5879': attribute type 5 has an invalid length. [ 303.378186][T12202] kernel read not supported for file /dsp1 (pid: 12202 comm: kworker/1:5) [ 304.362380][T19226] __nla_validate_parse: 5 callbacks suppressed [ 304.362392][T19226] netlink: 168 bytes leftover after parsing attributes in process `syz.6.5917'. [ 304.367897][T19226] netlink: 168 bytes leftover after parsing attributes in process `syz.6.5917'. [ 304.473342][T19237] netlink: 'syz.3.5923': attribute type 39 has an invalid length. [ 305.098902][T19253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5929'. [ 305.101907][T19253] netlink: 'syz.3.5929': attribute type 14 has an invalid length. [ 305.112033][T12931] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.115006][T12931] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.118348][T12931] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.121813][T12931] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.126897][T19253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5929'. [ 305.129888][T19253] netlink: 'syz.3.5929': attribute type 14 has an invalid length. [ 305.530872][T19294] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5948'. [ 306.123846][T19308] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5953'. [ 306.631623][T19333] Invalid ELF header magic: != ELF [ 307.025085][T19355] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5975'. [ 307.030640][T19356] kernel read not supported for file /:){{:, (pid: 19356 comm: syz.6.5974) [ 307.047583][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 307.047599][ T40] audit: type=1800 audit(2000001154.751:1366): pid=19356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.5974" name=":){{:," dev="mqueue" ino=77269 res=0 errno=0 [ 307.144939][T19366] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5979'. [ 307.149824][T19366] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5979'. [ 307.154320][T19365] evm: overlay not supported [ 307.368340][T19379] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5987'. [ 307.526625][T19392] Invalid source name [ 309.588610][T19483] netlink: 'syz.6.6030': attribute type 39 has an invalid length. [ 310.482046][T19509] __nla_validate_parse: 3 callbacks suppressed [ 310.482066][T19509] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6043'. [ 310.758517][T19527] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 310.897642][T19532] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6042'. [ 311.152664][T19552] binder: 19550:19552 ioctl c0306201 0 returned -14 [ 311.969060][T19580] ref_ctr_offset mismatch. inode: 0x1bd7 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x300000018 [ 312.040486][T19584] netem: change failed [ 312.578539][ T40] audit: type=1326 audit(2000001160.281:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19617 comm="syz.0.6091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 312.589038][ T40] audit: type=1326 audit(2000001160.281:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19617 comm="syz.0.6091" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 312.596442][ T40] audit: type=1326 audit(2000001160.291:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19617 comm="syz.0.6091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 312.605807][ T40] audit: type=1326 audit(2000001160.291:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19617 comm="syz.0.6091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 312.614411][ T40] audit: type=1326 audit(2000001160.291:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19617 comm="syz.0.6091" exe="/syz-executor" sig=0 arch=40000003 syscall=247 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 312.622358][ T40] audit: type=1326 audit(2000001160.291:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19617 comm="syz.0.6091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 312.741457][T19628] loop9: detected capacity change from 0 to 7 [ 312.749978][ C3] blk_print_req_error: 11 callbacks suppressed [ 312.749998][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 312.757067][ C3] buffer_io_error: 24 callbacks suppressed [ 312.757081][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 312.766332][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 312.770769][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 312.774121][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 312.777797][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 312.781249][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 312.784472][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 312.787264][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 312.790144][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 312.793019][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 312.796044][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 312.799186][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 312.802322][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 312.804751][T19628] ldm_validate_partition_table(): Disk read failed. [ 312.808427][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 312.812149][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 312.815182][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 312.818366][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 312.821954][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 312.824908][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 312.835076][T19628] Dev loop9: unable to read RDB block 0 [ 312.842666][T19628] loop9: unable to read partition table [ 312.844873][T19628] loop9: partition table beyond EOD, truncated [ 312.848497][T19628] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 312.870819][T19639] netlink: 32 bytes leftover after parsing attributes in process `syz.6.6100'. [ 312.996728][T19651] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6106'. [ 313.251937][T19680] binder: 19679:19680 ioctl c018620c 80000880 returned -1 [ 314.441520][T19726] netlink: 'syz.0.6142': attribute type 64 has an invalid length. [ 314.444145][T19726] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6142'. [ 315.355181][T19806] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6172'. [ 316.490740][T19843] Context (ID=0x1) not attached to queue pair (handle=0x0:0x2) [ 316.619426][T19856] netlink: 'syz.5.6192': attribute type 39 has an invalid length. [ 317.097626][T19871] netlink: 'syz.0.6201': attribute type 5 has an invalid length. [ 318.879240][T19932] block nbd2: server does not support multiple connections per device. [ 318.882889][T19932] block nbd2: shutting down sockets [ 319.492932][T19967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6237'. [ 319.809374][T19986] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6246'. [ 319.813171][T19986] netlink: 'syz.3.6246': attribute type 30 has an invalid length. [ 319.818673][T19986] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6246'. [ 319.822146][T19986] netlink: 'syz.3.6246': attribute type 30 has an invalid length. [ 319.841754][T19985] ref_ctr_offset mismatch. inode: 0x33a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x300000018 [ 319.852494][T19988] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6247'. [ 319.906664][T19992] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6249'. [ 320.079162][T20002] nr0: tun_chr_ioctl cmd 21731 [ 320.123050][T20001] binder: 19999:20001 ioctl c0306201 0 returned -14 [ 320.444427][T20019] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 320.449567][ T3581] Bluetooth: hci4: Frame reassembly failed (-84) [ 321.266928][ T10] usb 11-1: new high-speed USB device number 8 using dummy_hcd [ 321.416891][ T10] usb 11-1: Using ep0 maxpacket: 8 [ 321.419853][ T10] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 321.423042][ T10] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 321.426264][ T10] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 321.434520][ T10] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 321.438876][ T10] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 321.441901][ T10] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.657600][ T10] usb 11-1: GET_CAPABILITIES returned 0 [ 321.660121][ T10] usbtmc 11-1:16.0: can't read capabilities [ 321.866987][ T53] usb 11-1: USB disconnect, device number 8 [ 322.089134][ T1433] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.091947][ T1433] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.486995][ T62] Bluetooth: hci4: command 0x1003 tx timeout [ 322.487716][ T5752] Bluetooth: hci5: command 0x1003 tx timeout [ 322.496476][ T5762] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 322.498826][ T5748] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 323.792929][T20084] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6289'. [ 323.802515][T20084] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6289'. [ 324.154818][T20104] dummy0: entered allmulticast mode [ 324.159662][T20102] dummy0: left allmulticast mode [ 324.466852][ T40] audit: type=1326 audit(2000001172.161:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20124 comm="syz.6.6308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 324.480104][ T40] audit: type=1326 audit(2000001172.171:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20124 comm="syz.6.6308" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 324.493505][ T40] audit: type=1326 audit(2000001172.171:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20124 comm="syz.6.6308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 324.502779][ T40] audit: type=1326 audit(2000001172.171:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20124 comm="syz.6.6308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 324.513362][ T40] audit: type=1326 audit(2000001172.171:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20124 comm="syz.6.6308" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 324.523547][ T40] audit: type=1326 audit(2000001172.171:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20124 comm="syz.6.6308" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 324.531283][ T40] audit: type=1326 audit(2000001172.171:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20124 comm="syz.6.6308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 324.539307][ T40] audit: type=1326 audit(2000001172.171:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20124 comm="syz.6.6308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 324.547501][ T40] audit: type=1326 audit(2000001172.171:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20124 comm="syz.6.6308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 324.556429][ T40] audit: type=1326 audit(2000001172.171:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20124 comm="syz.6.6308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 324.662518][T20139] sctp: [Deprecated]: syz.5.6315 (pid 20139) Use of int in max_burst socket option. [ 324.662518][T20139] Use struct sctp_assoc_value instead [ 325.021371][T20150] bond0: (slave bond_slave_1): Releasing backup interface [ 325.168752][ T54] kernel read not supported for file /dsp1 (pid: 54 comm: kworker/3:1) [ 325.384433][T20172] serio: Serial port ttynull [ 325.506887][ T53] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 325.670524][T20202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6345'. [ 325.675473][T20202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6345'. [ 325.677178][ T53] usb 10-1: Using ep0 maxpacket: 8 [ 325.681828][ T53] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 325.686265][ T53] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 325.691218][ T53] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 325.695412][ T53] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 325.700904][ T53] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 325.704518][ T53] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.927698][ T53] usb 10-1: GET_CAPABILITIES returned 0 [ 325.932727][ T53] usbtmc 10-1:16.0: can't read capabilities [ 326.135034][ T8760] usb 10-1: USB disconnect, device number 11 [ 327.193062][T20283] binder: BINDER_SET_CONTEXT_MGR already set [ 327.196274][T20283] binder: 20282:20283 ioctl 4018620d 80004a80 returned -16 [ 327.280510][T20286] CUSE: info not properly terminated [ 327.563691][T20300] input: syz0 as /devices/virtual/input/input29 [ 327.571076][T20302] Bluetooth: MGMT ver 1.23 [ 327.639731][ T5531] kernel read not supported for file /dsp (pid: 5531 comm: kworker/0:3) [ 327.978527][T20324] bond0: (slave bond_slave_1): Releasing backup interface [ 329.548999][T20391] bond0: (slave bond_slave_1): Releasing backup interface [ 329.584165][T20395] vcan0: tx address claim with dlc 0 [ 329.618119][T20397] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 330.837496][T20431] bond0: (slave bond_slave_1): Releasing backup interface [ 330.984458][T20444] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6448'. [ 331.073860][T20454] netlink: 'syz.3.6453': attribute type 7 has an invalid length. [ 331.148776][T20461] netlink: 212336 bytes leftover after parsing attributes in process `syz.5.6456'. [ 331.747747][ T39] usb 10-1: new high-speed USB device number 12 using dummy_hcd [ 331.898158][ T39] usb 10-1: Using ep0 maxpacket: 32 [ 331.903157][ T39] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 331.910001][ T39] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 331.919026][ T39] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 331.921701][ T39] usb 10-1: Product: syz [ 331.923067][ T39] usb 10-1: Manufacturer: syz [ 331.924661][ T39] usb 10-1: SerialNumber: syz [ 331.928870][ T39] usb 10-1: config 0 descriptor?? [ 331.931221][T20494] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 331.934687][ T39] hub 10-1:0.0: bad descriptor, ignoring hub [ 331.938108][ T39] hub 10-1:0.0: probe with driver hub failed with error -5 [ 331.987977][ T39] kernel read not supported for file /dsp1 (pid: 39 comm: kworker/2:1) [ 332.215424][T20526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6486'. [ 332.247068][ T8760] usb 10-1: USB disconnect, device number 12 [ 332.759270][T20551] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 333.906612][T20585] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.199198][T20585] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.509609][T20585] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.859607][T20585] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.025671][T20619] netlink: 'syz.5.6531': attribute type 14 has an invalid length. [ 335.071251][T12931] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.078389][T12931] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.085359][T12931] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.094763][T12931] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.148764][T20626] sctp: [Deprecated]: syz.6.6534 (pid 20626) Use of struct sctp_assoc_value in delayed_ack socket option. [ 335.148764][T20626] Use struct sctp_sack_info instead [ 335.256354][T12931] tipc: Subscription rejected, illegal request [ 336.245567][ T53] kernel write not supported for file /input/event2 (pid: 53 comm: kworker/1:1) [ 336.294491][T20682] netlink: 200 bytes leftover after parsing attributes in process `syz.6.6561'. [ 336.623820][T20700] kvm: kvm [20699]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000005e) = 0x1 [ 337.149794][T20713] ip6_vti0 speed is unknown, defaulting to 1000 [ 337.462438][T20737] netlink: 'syz.6.6586': attribute type 1 has an invalid length. [ 337.465530][T20737] netlink: 'syz.6.6586': attribute type 7 has an invalid length. [ 337.468169][T20737] netlink: 'syz.6.6586': attribute type 8 has an invalid length. [ 337.470602][T20737] netlink: 208 bytes leftover after parsing attributes in process `syz.6.6586'. [ 337.473596][T20737] NCSI netlink: No device for ifindex 119 [ 337.566613][T20747] overlayfs: failed to clone lowerpath [ 337.827174][ T5531] hid-generic 0000:0000:0000.000D: unknown main item tag 0x3 [ 337.829920][T20767] netem: change failed [ 337.832863][ T5531] hid-generic 0000:0000:0000.000D: unknown main item tag 0x3 [ 337.837252][ T5531] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 337.839700][ T5531] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 337.842129][ T5531] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 337.844333][ T5531] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 337.849829][ T5531] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 337.852336][ T5531] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 337.854742][ T5531] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 337.859992][ T5531] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 337.866960][ T5531] hid-generic 0000:0000:0000.000D: hidraw1: HID v0.03 Device [syz1] on syz1 qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x198000) [ 337.988913][ T1128] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 337.991518][ T1128] ata1: failed to read log page 10h (errno=-5) [ 337.993757][ T1128] ata1.00: exception Emask 0x1 SAct 0x800 SErr 0x0 action 0x0 [ 337.996128][ T1128] ata1.00: irq_stat 0x41000000 [ 337.997971][ T1128] ata1.00: failed command: READ FPDMA QUEUED [ 337.999973][ T1128] ata1.00: cmd 60/c0:58:76:89:03/0c:00:00:00:00/40 tag 11 ncq dma 1671168 in [ 337.999973][ T1128] res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 338.005358][ T1128] ata1.00: status: { DRDY } [ 338.007301][ T1128] ata1.00: error: { ABRT } [ 338.011580][ T1128] ata1.00: configured for UDMA/100 [ 338.013689][ T1128] sd 0:0:0:0: [sda] tag#11 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 338.017292][ T1128] sd 0:0:0:0: [sda] tag#11 Sense Key : Aborted Command [current] [ 338.021088][ T1128] sd 0:0:0:0: [sda] tag#11 Add. Sense: No additional sense information [ 338.024446][ T1128] sd 0:0:0:0: [sda] tag#11 CDB: Read(10) 28 00 00 03 89 76 00 0c c0 00 [ 338.028261][ T1128] blk_print_req_error: 15 callbacks suppressed [ 338.028273][ T1128] I/O error, dev sda, sector 231798 op 0x0:(READ) flags 0x80700 phys_seg 26 prio class 2 [ 338.033578][ T1128] ata1: EH complete [ 338.129813][T20775] fido_id[20775]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 338.149211][T20795] batman_adv: batadv0: Adding interface: gretap1 [ 338.151623][T20795] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 338.161026][T20795] batman_adv: batadv0: Interface activated: gretap1 [ 338.424173][T20812] input: syz1 as /devices/virtual/input/input30 [ 338.512129][T20814] bond1: invalid ARP target 0.0.0.0 specified for addition [ 338.515101][T20814] bond1: option arp_ip_target: invalid value (0) [ 338.578741][T20814] bond1 (unregistering): Released all slaves [ 338.650651][T20827] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6626'. [ 338.751213][T20833] erspan0: entered promiscuous mode [ 338.802292][ T40] kauditd_printk_skb: 64 callbacks suppressed [ 338.802305][ T40] audit: type=1326 audit(2000001186.501:1447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20840 comm="syz.5.6633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 338.816989][ T40] audit: type=1326 audit(2000001186.501:1448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20840 comm="syz.5.6633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 338.825954][ T40] audit: type=1326 audit(2000001186.501:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20840 comm="syz.5.6633" exe="/syz-executor" sig=0 arch=40000003 syscall=83 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 338.836926][ T40] audit: type=1326 audit(2000001186.501:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20840 comm="syz.5.6633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 338.843661][ T40] audit: type=1326 audit(2000001186.501:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20840 comm="syz.5.6633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 338.852081][ T40] audit: type=1326 audit(2000001186.501:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20840 comm="syz.5.6633" exe="/syz-executor" sig=0 arch=40000003 syscall=227 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 338.859192][ T40] audit: type=1326 audit(2000001186.501:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20840 comm="syz.5.6633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 338.866419][ T40] audit: type=1326 audit(2000001186.501:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20840 comm="syz.5.6633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 339.088042][ T39] usb 10-1: new high-speed USB device number 13 using dummy_hcd [ 339.158168][ T1341] usb 11-1: new full-speed USB device number 9 using dummy_hcd [ 339.238464][ T39] usb 10-1: Using ep0 maxpacket: 16 [ 339.241828][ T39] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 339.245147][ T39] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 339.250420][ T39] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 339.253443][ T39] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 339.258269][ T39] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 339.265650][ T39] usb 10-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 339.270772][ T39] usb 10-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 339.274089][ T39] usb 10-1: Manufacturer: syz [ 339.277944][ T39] usb 10-1: config 0 descriptor?? [ 339.310929][ T1341] usb 11-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 339.313955][ T1341] usb 11-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 339.316598][ T1341] usb 11-1: Product: syz [ 339.320227][ T1341] usb 11-1: Manufacturer: syz [ 339.322302][ T1341] usb 11-1: SerialNumber: syz [ 339.331332][ T1341] usb 11-1: config 0 descriptor?? [ 339.409463][T20867] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6645'. [ 339.538755][ T39] rc_core: IR keymap rc-hauppauge not found [ 339.541195][ T39] Registered IR keymap rc-empty [ 339.544868][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.545855][ T54] usb 11-1: USB disconnect, device number 9 [ 339.567585][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.588858][ T39] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0 [ 339.594480][ T39] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input31 [ 339.605584][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.628029][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.647871][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.668418][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.688460][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.708209][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.728359][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.748580][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.768398][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.787638][ T39] mceusb 10-1:0.0: Error: mce write submit urb error = -90 [ 339.810421][ T39] mceusb 10-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 339.814955][ T39] mceusb 10-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 339.824039][ T39] usb 10-1: USB disconnect, device number 13 [ 339.941199][T20882] loop5: detected capacity change from 0 to 7 [ 340.118093][T20882] Dev loop5: unable to read RDB block 7 [ 340.121941][T20882] loop5: unable to read partition table [ 340.124777][T20882] loop5: partition table beyond EOD, truncated [ 340.128043][T20882] loop_reread_partitions: partition scan of loop5 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 340.855854][T20920] netlink: 'syz.5.6668': attribute type 21 has an invalid length. [ 340.859217][T20920] netlink: 128 bytes leftover after parsing attributes in process `syz.5.6668'. [ 340.863116][T20920] netlink: 3 bytes leftover after parsing attributes in process `syz.5.6668'. [ 341.272582][ T5752] block nbd2: Receive control failed (result -32) [ 341.312393][T20938] loop4: detected capacity change from 0 to 524287936 [ 341.634431][T20952] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6683'. [ 341.702529][ T40] audit: type=1326 audit(2000001189.401:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20958 comm="syz.5.6685" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 341.711172][ T40] audit: type=1326 audit(2000001189.401:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20958 comm="syz.5.6685" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cefcc code=0x7ffc0000 [ 342.369324][T20990] netlink: 'syz.5.6700': attribute type 9 has an invalid length. [ 343.680706][T21029] can0: slcan on ttynull. [ 343.928989][ T39] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 343.976893][ T5531] usb 11-1: new high-speed USB device number 10 using dummy_hcd [ 344.078954][ T39] usb 10-1: config 0 has no interfaces? [ 344.080740][ T39] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 344.083650][ T39] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.088555][ T39] usb 10-1: config 0 descriptor?? [ 344.137204][ T5531] usb 11-1: Using ep0 maxpacket: 8 [ 344.140281][ T5531] usb 11-1: config 0 has no interfaces? [ 344.143752][ T5531] usb 11-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 344.146775][ T5531] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.149501][ T5531] usb 11-1: Product: syz [ 344.150872][ T5531] usb 11-1: Manufacturer: syz [ 344.152412][ T5531] usb 11-1: SerialNumber: syz [ 344.155264][ T5531] usb 11-1: config 0 descriptor?? [ 344.295190][ T39] usb 10-1: USB disconnect, device number 14 [ 344.367171][ T5531] usb 11-1: USB disconnect, device number 10 [ 344.507648][T21028] can0 (unregistered): slcan off ttynull. [ 344.905371][T21054] input: syz0 as /devices/virtual/input/input32 [ 345.150076][T21068] netlink: 'syz.0.6730': attribute type 12 has an invalid length. [ 345.154642][T21068] netlink: 'syz.0.6730': attribute type 29 has an invalid length. [ 345.158522][T21068] netlink: 148 bytes leftover after parsing attributes in process `syz.0.6730'. [ 345.161999][T21068] netlink: 'syz.0.6730': attribute type 1 has an invalid length. [ 345.164890][T21068] netlink: 'syz.0.6730': attribute type 2 has an invalid length. [ 345.323522][T21081] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6736'. [ 345.329014][T21081] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6736'. [ 345.574304][T21104] can0: slcan on ttynull. [ 345.822993][T21124] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.6752'. [ 345.827159][ T5531] usb 11-1: new high-speed USB device number 11 using dummy_hcd [ 345.945031][T21131] netlink: 71 bytes leftover after parsing attributes in process `syz.5.6757'. [ 345.988670][ T5531] usb 11-1: config 0 has no interfaces? [ 345.990476][ T5531] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 345.994047][ T5531] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.002989][ T5531] usb 11-1: config 0 descriptor?? [ 346.183132][T21146] 8021q: adding VLAN 0 to HW filter on device bond2 [ 346.188710][T21146] bond0: (slave bond2): Enslaving as an active interface with an up link [ 346.210172][ T5531] usb 11-1: USB disconnect, device number 11 [ 346.417515][T21103] can0 (unregistered): slcan off ttynull. [ 347.292827][T21222] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6793'. [ 347.390794][T21229] batman_adv: batadv0: Adding interface: ipvlan2 [ 347.393202][T21229] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 347.402260][T21229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 347.406106][T21229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.413479][T21229] batman_adv: batadv0: Interface activated: ipvlan2 [ 347.495570][ T60] tipc: Subscription rejected, illegal request [ 347.607075][T21243] input: syz0 as /devices/virtual/input/input33 [ 347.777902][ T39] usb 11-1: new high-speed USB device number 12 using dummy_hcd [ 347.927702][ T39] usb 11-1: Using ep0 maxpacket: 8 [ 347.930712][ T39] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 347.934348][ T39] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 347.938348][ T39] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.942205][ T39] usb 11-1: config 0 descriptor?? [ 348.127464][ T1194] bridge_slave_1: left allmulticast mode [ 348.129403][ T1194] bridge_slave_1: left promiscuous mode [ 348.131408][ T1194] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.152887][ T39] iowarrior 11-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 348.208100][ T1194] bridge_slave_0: left allmulticast mode [ 348.210267][ T1194] bridge_slave_0: left promiscuous mode [ 348.212300][ T1194] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.361477][ T53] usb 11-1: USB disconnect, device number 12 [ 348.426184][T21261] sctp: [Deprecated]: syz.0.6809 (pid 21261) Use of struct sctp_assoc_value in delayed_ack socket option. [ 348.426184][T21261] Use struct sctp_sack_info instead [ 348.700229][ T60] tipc: Subscription rejected, illegal request [ 349.188887][ T1194] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 349.277495][ T1194] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 349.328837][ T1194] bond0 (unregistering): Released all slaves [ 349.337995][ T1194] bond1 (unregistering): Released all slaves [ 349.401090][T21254] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 349.568525][ T1194] tipc: Disabling bearer [ 349.648810][ T1194] tipc: Disabling bearer [ 349.652018][ T1194] tipc: Left network mode [ 350.077018][ T5531] usb 11-1: new high-speed USB device number 13 using dummy_hcd [ 350.136917][ T10] usb 10-1: new high-speed USB device number 15 using dummy_hcd [ 350.236946][ T5531] usb 11-1: Using ep0 maxpacket: 8 [ 350.240889][ T5531] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 350.245535][ T5531] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 350.251554][ T5531] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.264200][ T5531] usb 11-1: config 0 descriptor?? [ 350.340489][ T10] usb 10-1: unable to get BOS descriptor or descriptor too short [ 350.346284][ T10] usb 10-1: unable to read config index 0 descriptor/start: -71 [ 350.349914][ T10] usb 10-1: can't read configurations, error -71 [ 350.492286][ T5531] iowarrior 11-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 350.692993][ T5531] usb 11-1: USB disconnect, device number 13 [ 351.140541][ T1194] hsr_slave_0: left promiscuous mode [ 351.178275][ T1194] hsr_slave_1: left promiscuous mode [ 351.181373][ T1194] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 351.184698][ T1194] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 351.227948][ T1194] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 351.231130][ T1194] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 351.328572][ T1194] veth1_to_batadv: left promiscuous mode [ 351.331127][ T1194] veth1_vlan: left promiscuous mode [ 351.333358][ T1194] veth0_vlan: left promiscuous mode [ 351.568045][T21337] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6845'. [ 351.622067][T21338] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6845'. [ 352.028910][ T1194] team0 (unregistering): Port device team_slave_1 removed [ 352.068415][ T1194] team0 (unregistering): Port device team_slave_0 removed [ 352.244903][ T1194] smc: removing net device vcan0 with user defined pnetid SYZ1 [ 352.461691][T21350] netlink: 'syz.3.6848': attribute type 1 has an invalid length. [ 352.466450][T21350] netlink: 96 bytes leftover after parsing attributes in process `syz.3.6848'. [ 352.472191][T21350] netlink: 'syz.3.6848': attribute type 1 has an invalid length. [ 352.475189][T21350] netlink: 'syz.3.6848': attribute type 8 has an invalid length. [ 352.478895][T21350] netlink: 'syz.3.6848': attribute type 1 has an invalid length. [ 352.964795][T21398] netlink: 'syz.0.6863': attribute type 14 has an invalid length. [ 353.045129][T21405] netlink: 'syz.0.6866': attribute type 9 has an invalid length. [ 353.050155][T21405] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6866'. [ 353.069196][T21405] macvlan2: entered promiscuous mode [ 353.073581][T21405] hsr0: entered promiscuous mode [ 353.076102][T21405] macvlan2: entered allmulticast mode [ 353.079905][T21405] hsr0: entered allmulticast mode [ 353.082178][T21405] hsr_slave_0: entered allmulticast mode [ 353.084405][T21405] hsr_slave_1: entered allmulticast mode [ 353.097752][T21390] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 353.100674][T21390] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 353.103336][T21390] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 353.286424][ T1194] IPVS: stop unused estimator thread 0... [ 354.330119][T21471] overlayfs: failed to clone lowerpath [ 355.136934][ T5752] Bluetooth: hci2: command 0x040f tx timeout [ 355.139132][ T5762] Bluetooth: hci3: command 0x2016 tx timeout [ 355.139163][ T5748] Bluetooth: hci1: command 0x0c1a tx timeout [ 355.546087][T21532] Failed to get privilege flags for destination (handle=0x2:0x0) [ 355.559070][T21530] mac80211_hwsim hwsim20 wlan0: entered promiscuous mode [ 355.568358][T21530] batadv_slave_0: entered promiscuous mode [ 355.570492][T21530] batadv_slave_0: left promiscuous mode [ 355.608251][T21530] mac80211_hwsim hwsim20 wlan0: left promiscuous mode [ 356.041718][T21556] netlink: 56 bytes leftover after parsing attributes in process `syz.0.6926'. [ 356.081505][T21561] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6928'. [ 356.802568][T21599] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 356.848018][ T39] kernel read not supported for file /dsp1 (pid: 39 comm: kworker/2:1) [ 356.916979][T21605] netlink: 36 bytes leftover after parsing attributes in process `syz.6.6949'. [ 356.974355][T21611] binder: 21608:21611 ioctl c0306201 0 returned -14 [ 357.003827][ T1217] tipc: Subscription rejected, illegal request [ 357.254238][ T40] kauditd_printk_skb: 359 callbacks suppressed [ 357.254251][ T40] audit: type=1326 audit(2000001204.951:1816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21631 comm="syz.3.6962" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704efcc code=0x0 [ 359.715137][T21707] overlayfs: upper fs does not support tmpfile. [ 359.746611][T21709] ip6_vti0 speed is unknown, defaulting to 1000 [ 359.808180][T21715] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6995'. [ 359.821076][T21717] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 360.355566][T21744] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 360.399845][ T53] kernel read not supported for file /dsp1 (pid: 53 comm: kworker/1:1) [ 360.956726][T21767] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 361.758067][T21819] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7042'. [ 362.333108][T21856] batman_adv: batadv0: Adding interface: dummy0 [ 362.336262][T21856] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 362.348831][T21856] batman_adv: batadv0: Interface activated: dummy0 [ 363.256761][ T8760] kernel write not supported for file /uinput (pid: 8760 comm: kworker/3:5) [ 363.358863][T21929] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 363.364086][T21929] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 363.815311][T21954] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7102'. [ 363.928785][T21959] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7105'. [ 363.998962][T21965] batadv0: entered promiscuous mode [ 364.058244][T21965] batadv0: left promiscuous mode [ 364.903033][T22009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7134'. [ 364.906165][T22009] netlink: 'syz.0.7134': attribute type 25 has an invalid length. [ 364.909674][T22009] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7134'. [ 365.062717][ T5838] hid_parser_main: 68 callbacks suppressed [ 365.062742][ T5838] hid-generic 0005:00B6:0009.000E: unknown main item tag 0x0 [ 365.076927][ T5838] hid-generic 0005:00B6:0009.000E: unknown main item tag 0x0 [ 365.082493][ T5838] hid-generic 0005:00B6:0009.000E: unknown main item tag 0x0 [ 365.092532][ T5838] hid-generic 0005:00B6:0009.000E: unknown main item tag 0x0 [ 365.095728][ T5838] hid-generic 0005:00B6:0009.000E: unknown main item tag 0x0 [ 365.099631][ T5838] hid-generic 0005:00B6:0009.000E: unknown main item tag 0x0 [ 365.103103][ T5838] hid-generic 0005:00B6:0009.000E: unknown main item tag 0x0 [ 365.107837][ T5838] hid-generic 0005:00B6:0009.000E: unknown main item tag 0x0 [ 365.112110][ T5838] hid-generic 0005:00B6:0009.000E: unknown main item tag 0x0 [ 365.115171][ T5838] hid-generic 0005:00B6:0009.000E: unknown main item tag 0x0 [ 365.166018][ T5838] hid-generic 0005:00B6:0009.000E: hidraw1: BLUETOOTH HID v1ade12.f3 Device [syz0] on syz1 [ 365.278326][T22025] fido_id[22025]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 365.638157][T22056] netlink: 176 bytes leftover after parsing attributes in process `syz.6.7146'. [ 365.642838][T22056] netlink: 'syz.6.7146': attribute type 1 has an invalid length. [ 367.252588][T22135] netlink: 24 bytes leftover after parsing attributes in process `syz.6.7184'. [ 367.679955][T22168] macvlan1: entered promiscuous mode [ 367.682320][T22168] bridge0: entered promiscuous mode [ 367.857615][T22180] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 367.862301][T22180] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 367.874826][T22184] can0: slcan on ttyS3. [ 368.051851][T22184] can0 (unregistered): slcan off ttyS3. [ 368.360962][T22208] veth1_macvtap: left promiscuous mode [ 368.363391][T22208] macsec0: entered allmulticast mode [ 368.378093][ T39] usb 11-1: new high-speed USB device number 14 using dummy_hcd [ 368.528235][ T39] usb 11-1: Using ep0 maxpacket: 8 [ 368.532332][ T39] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 368.538293][ T39] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 368.542199][ T39] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 368.546426][ T39] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 368.552890][ T39] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 368.555917][ T39] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.661013][T22223] input: syz0 as /devices/virtual/input/input36 [ 368.765926][ T39] usb 11-1: GET_CAPABILITIES returned 0 [ 368.769259][ T39] usbtmc 11-1:16.0: can't read capabilities [ 368.808443][T22227] trusted_key: encrypted_key: keyword 'upw' not recognized [ 368.973715][ C2] usbtmc 11-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 368.983332][T22201] usbtmc 11-1:16.0: Unable to send data, error -71 [ 368.990186][ T39] usb 11-1: USB disconnect, device number 14 [ 369.541615][T22247] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7235'. [ 369.761367][T22264] can0: slcan on ttyS3. [ 369.787171][T22260] block nbd3: server does not support multiple connections per device. [ 369.792747][T22260] block nbd3: shutting down sockets [ 369.879948][T22264] can0 (unregistered): slcan off ttyS3. [ 369.930598][T22274] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7245'. [ 370.030804][T22278] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7246'. [ 370.038384][T22278] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7246'. [ 370.049268][T22278] netlink: 'syz.3.7246': attribute type 13 has an invalid length. [ 370.055961][T22278] netlink: 'syz.3.7246': attribute type 14 has an invalid length. [ 370.418097][ T39] usb 11-1: new high-speed USB device number 15 using dummy_hcd [ 370.502067][ T1194] tipc: Subscription rejected, illegal request [ 370.570064][ T39] usb 11-1: Using ep0 maxpacket: 8 [ 370.574310][ T39] usb 11-1: config 179 has an invalid interface number: 65 but max is 0 [ 370.583252][ T39] usb 11-1: config 179 has no interface number 0 [ 370.586417][ T39] usb 11-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 370.592931][ T39] usb 11-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 370.598910][ T39] usb 11-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 370.603333][ T39] usb 11-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 370.608851][ T39] usb 11-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 370.615269][ T39] usb 11-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 370.621130][ T39] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.635583][T22286] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 370.853969][ T39] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:179.65/input/input38 [ 371.061128][ T54] usb 11-1: USB disconnect, device number 15 [ 371.061274][ C2] xpad 11-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 371.067932][ C2] xpad 11-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 371.595568][T22341] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.601601][T22341] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.605236][T22343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7275'. [ 371.605968][T22341] bridge0: entered allmulticast mode [ 372.665378][T22365] pimreg: tun_chr_ioctl cmd 1074025678 [ 372.670729][T22365] pimreg: group set to 768 [ 373.727688][T22448] program syz.3.7323 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 374.096602][T22476] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 374.102077][T22476] overlayfs: fs on './cgroup' does not support file handles, falling back to index=off,nfs_export=off. [ 374.108908][T22476] overlayfs: fs on './cgroup' does not support file handles, falling back to xino=off. [ 376.766598][T22595] sg_write: process 1022 (syz.6.7389) changed security contexts after opening file descriptor, this is not allowed. [ 376.914291][T22615] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.7399'. [ 376.957632][T22619] loop4: detected capacity change from 0 to 7 [ 376.960852][T22620] devpts: Bad value for 'max' [ 376.962873][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 376.967036][ C0] buffer_io_error: 15 callbacks suppressed [ 376.967055][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 376.975078][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 376.978705][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 376.985131][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 376.988155][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 376.991226][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 376.994196][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 377.000122][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 377.003415][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 377.006234][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 377.009166][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 377.016261][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 377.020148][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 377.025113][T22619] ldm_validate_partition_table(): Disk read failed. [ 377.028901][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 377.032580][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 377.035576][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 377.039390][ C3] Buffer I/O error on dev loop4, logical block 0, async page read [ 377.042849][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 377.046189][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 377.049407][T22619] Dev loop4: unable to read RDB block 0 [ 377.051611][T22619] loop4: unable to read partition table [ 377.053451][T22619] loop4: partition table beyond EOD, truncated [ 377.055408][T22619] loop_reread_partitions: partition scan of loop4 (Cj̖P= ) failed (rc=-5) [ 377.291994][T22644] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7411'. [ 377.402638][T22652] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7415'. [ 377.406557][T22652] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7415'. [ 377.411700][T22652] netlink: 'syz.3.7415': attribute type 20 has an invalid length. [ 377.418378][ T1341] kernel read not supported for file /dsp (pid: 1341 comm: kworker/2:2) [ 377.567367][ T39] usb 10-1: new low-speed USB device number 17 using dummy_hcd [ 377.718965][ T39] usb 10-1: config 0 has an invalid interface number: 1 but max is 0 [ 377.721694][ T39] usb 10-1: config 0 has no interface number 0 [ 377.724388][ T39] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 377.730521][ T39] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 377.734505][ T39] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 377.739588][ T39] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.744149][ T39] usb 10-1: config 0 descriptor?? [ 377.749414][T22646] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 377.756312][ T39] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 377.792596][T22680] loop4: detected capacity change from 0 to 7 [ 377.798108][T22680] ldm_validate_partition_table(): Disk read failed. [ 377.801832][T22680] Dev loop4: unable to read RDB block 0 [ 377.805011][T22680] loop4: unable to read partition table [ 377.807722][T22680] loop4: partition table beyond EOD, truncated [ 377.811410][T22680] loop_reread_partitions: partition scan of loop4 (Cj̖P= ) failed (rc=-5) [ 377.967536][T12202] usb 10-1: USB disconnect, device number 17 [ 378.510663][T22719] netlink: 'syz.5.7446': attribute type 4 has an invalid length. [ 378.514074][T22719] netlink: 'syz.5.7446': attribute type 8 has an invalid length. [ 378.518002][T22719] netlink: 212 bytes leftover after parsing attributes in process `syz.5.7446'. [ 378.735890][T22729] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7450'. [ 378.880987][T22737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7454'. [ 378.887910][T22737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7454'. [ 378.934432][ T39] kernel read not supported for file /dsp (pid: 39 comm: kworker/2:1) [ 378.973859][ T40] audit: type=1326 audit(2000001226.671:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.6.7455" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 378.984189][ T40] audit: type=1326 audit(2000001226.671:1818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.6.7455" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 378.994824][ T40] audit: type=1326 audit(2000001226.671:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.6.7455" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 379.004008][ T40] audit: type=1326 audit(2000001226.671:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.6.7455" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 379.014522][ T40] audit: type=1326 audit(2000001226.671:1821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.6.7455" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 379.024766][ T40] audit: type=1326 audit(2000001226.671:1822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.6.7455" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 379.034511][ T40] audit: type=1326 audit(2000001226.671:1823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.6.7455" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 379.044324][ T40] audit: type=1326 audit(2000001226.671:1824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.6.7455" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 379.053713][ T40] audit: type=1326 audit(2000001226.671:1825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.6.7455" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 379.062976][ T40] audit: type=1326 audit(2000001226.671:1826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.6.7455" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 379.211769][T22750] bond3 (unregistering): Released all slaves [ 379.704285][T22775] input: syz0 as /devices/virtual/input/input39 [ 380.534752][T22820] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7489'. [ 380.665986][ T10] kernel read not supported for file /dsp (pid: 10 comm: kworker/0:1) [ 380.896261][T22838] e1000 0000:00:06.0 eth0: Unsupported Speed/Duplex configuration [ 380.908364][ T39] usb 11-1: new full-speed USB device number 16 using dummy_hcd [ 381.059951][ T39] usb 11-1: config 0 has no interfaces? [ 381.063735][ T39] usb 11-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 381.069198][ T39] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.072489][ T39] usb 11-1: Product: syz [ 381.074239][ T39] usb 11-1: Manufacturer: syz [ 381.076239][ T39] usb 11-1: SerialNumber: syz [ 381.082608][ T39] usb 11-1: config 0 descriptor?? [ 381.299427][ T39] usb 11-1: USB disconnect, device number 16 [ 381.425549][T22867] binder: Binderfs stats mode cannot be changed during a remount [ 382.203937][T22904] Bluetooth: hci1: too big key_count value 37575 [ 382.556988][ T5853] usb 11-1: new high-speed USB device number 17 using dummy_hcd [ 382.709768][ T5853] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 382.714124][ T5853] usb 11-1: config 0 has no interfaces? [ 382.723843][ T5853] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 382.735595][ T5853] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.749713][ T5853] usb 11-1: config 0 descriptor?? [ 382.966210][T12202] usb 11-1: USB disconnect, device number 17 [ 383.029398][T22927] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7538'. [ 383.033656][T22927] netem: change failed [ 383.539167][ T1433] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.542032][ T1433] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.621356][ T5531] kernel read not supported for file /dsp1 (pid: 5531 comm: kworker/0:3) [ 384.231860][T22969] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 384.378542][T22975] netem: incorrect gi model size [ 384.382476][T22975] netem: change failed [ 385.561532][T22995] netlink: 'syz.6.7571': attribute type 1 has an invalid length. [ 385.885495][T23008] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 386.073651][T23018] kvm: kvm [23017]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x4000001f) [ 386.418750][T23038] netlink: 'syz.0.7589': attribute type 4 has an invalid length. [ 386.422008][T23038] netlink: 4168 bytes leftover after parsing attributes in process `syz.0.7589'. [ 386.707158][ T5853] usb 11-1: new high-speed USB device number 18 using dummy_hcd [ 386.856957][ T5853] usb 11-1: Using ep0 maxpacket: 8 [ 386.862049][ T5853] usb 11-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 386.876865][ T5853] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.887753][ T5853] pvrusb2: Hardware description: Terratec Grabster AV400 [ 386.891463][ T5853] pvrusb2: ********** [ 386.893608][ T5853] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 386.902848][ T5853] pvrusb2: Important functionality might not be entirely working. [ 386.906280][ T5853] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 386.911344][ T5853] pvrusb2: ********** [ 387.071956][T23061] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 387.102133][ T2510] pvrusb2: Invalid write control endpoint [ 387.157797][ T2510] pvrusb2: Invalid write control endpoint [ 387.163942][ T2510] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 387.169908][ T2510] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 387.172787][ T2510] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 387.175964][ T2510] pvrusb2: Device being rendered inoperable [ 387.187967][ T2510] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 387.191843][ T2510] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 387.206769][ T2510] pvrusb2: Attached sub-driver cx25840 [ 387.209752][ T2510] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 387.213445][ T2510] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 387.300380][ T39] usb 11-1: USB disconnect, device number 18 [ 387.830377][ T40] kauditd_printk_skb: 146 callbacks suppressed [ 387.830394][ T40] audit: type=1326 audit(2000001235.531:1973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23080 comm="syz.5.7607" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cefcc code=0x0 [ 387.873443][ T5531] kernel read not supported for file /rfkill (pid: 5531 comm: kworker/0:3) [ 388.331491][T23102] netlink: 'syz.6.7617': attribute type 8 has an invalid length. [ 388.980321][ T40] audit: type=1326 audit(2000001236.681:1974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23136 comm="syz.3.7634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 388.990181][ T40] audit: type=1326 audit(2000001236.681:1975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23136 comm="syz.3.7634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 389.000194][ T40] audit: type=1326 audit(2000001236.691:1976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23136 comm="syz.3.7634" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 389.013146][ T40] audit: type=1326 audit(2000001236.711:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23136 comm="syz.3.7634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 389.023948][ T40] audit: type=1326 audit(2000001236.711:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23136 comm="syz.3.7634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 389.033112][ T40] audit: type=1326 audit(2000001236.711:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23136 comm="syz.3.7634" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 389.042990][ T40] audit: type=1326 audit(2000001236.711:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23136 comm="syz.3.7634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 389.051593][ T40] audit: type=1326 audit(2000001236.711:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23136 comm="syz.3.7634" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 389.060266][ T40] audit: type=1326 audit(2000001236.711:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23136 comm="syz.3.7634" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 389.177367][T23151] netlink: 188 bytes leftover after parsing attributes in process `syz.3.7641'. [ 389.541278][T23173] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7652'. [ 389.710078][T23191] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7661'. [ 389.713495][T23191] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7661'. [ 389.716672][T23191] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7661'. [ 389.721390][T23191] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7661'. [ 389.839260][ T5531] Process accounting resumed [ 390.066253][T23209] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 390.868343][T23233] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7678'. [ 390.881359][T23233] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7678'. [ 391.470568][T12202] kernel read not supported for file /vcs (pid: 12202 comm: kworker/1:5) [ 392.326687][T23302] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7710'. [ 392.331933][T23302] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7710'. [ 392.984540][T23331] netlink: 'syz.5.7722': attribute type 1 has an invalid length. [ 393.529399][T23366] loop9: detected capacity change from 0 to 7 [ 393.546417][ C1] blk_print_req_error: 26 callbacks suppressed [ 393.546434][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 393.552983][ C1] buffer_io_error: 30 callbacks suppressed [ 393.553000][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 393.560132][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 393.564378][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 393.569023][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 393.572921][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 393.576719][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 393.581056][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 393.585340][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 393.589811][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 393.599180][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 393.607499][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 393.612083][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 393.617261][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 393.620907][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 393.628903][T23366] ldm_validate_partition_table(): Disk read failed. [ 393.637164][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 393.641448][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 393.644957][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 393.648700][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 393.653269][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 393.656392][T23366] Dev loop9: unable to read RDB block 0 [ 393.659303][T23366] loop9: unable to read partition table [ 393.661860][T23366] loop9: partition table beyond EOD, truncated [ 393.665967][T23366] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 393.723050][T23375] netem: change failed [ 393.923265][T23395] program syz.0.7750 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 394.715202][T23457] kvm: user requested TSC rate below hardware speed [ 395.368297][ T39] kernel read not supported for file /dsp1 (pid: 39 comm: kworker/2:1) [ 395.644685][T23491] loop9: detected capacity change from 0 to 7 [ 395.653213][T23491] ldm_validate_partition_table(): Disk read failed. [ 395.658115][T23491] Dev loop9: unable to read RDB block 0 [ 395.661334][T23491] loop9: unable to read partition table [ 395.664101][T23491] loop9: partition table beyond EOD, truncated [ 395.668211][T23491] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 396.078660][T23514] misc userio: Begin command sent, but we're already running [ 396.505018][T23531] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7812'. [ 396.517035][T23531] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7812'. [ 396.897590][T23551] netlink: 'syz.5.7821': attribute type 4 has an invalid length. [ 396.900403][T23551] netlink: 'syz.5.7821': attribute type 1 has an invalid length. [ 396.903321][T23551] netlink: 'syz.5.7821': attribute type 3 has an invalid length. [ 396.906211][T23551] netlink: 184 bytes leftover after parsing attributes in process `syz.5.7821'. [ 396.910556][T23551] NCSI netlink: No device for ifindex 830110067 [ 397.010150][T23561] Attempt to restore checkpoint with obsolete wellknown handles [ 397.769592][T23613] netlink: 'syz.0.7851': attribute type 4 has an invalid length. [ 397.878899][T23625] misc userio: Can't change port type on an already running userio instance [ 398.505896][ T5748] block nbd3: Receive control failed (result -32) [ 398.514168][ T5752] block nbd3: Receive control failed (result -32) [ 398.555612][T23666] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 399.193509][T23695] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7890'. [ 399.295009][T23709] ubi16: attaching mtd0 [ 399.299691][T23709] ubi16 error: ubi_attach_mtd_dev: bad VID header (16) or data offsets (80) [ 400.163959][T23769] vivid-007: disconnect [ 400.166714][T23769] vivid-007: reconnect [ 400.402294][T23776] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7926'. [ 400.409675][T23776] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7926'. [ 400.504211][T23782] binder: 23781:23782 ioctl c0306201 80000080 returned -14 [ 400.885117][T23798] netlink: 'syz.5.7936': attribute type 1 has an invalid length. [ 400.889938][T23798] netlink: 'syz.5.7936': attribute type 2 has an invalid length. [ 400.893329][T23798] netlink: 'syz.5.7936': attribute type 1 has an invalid length. [ 400.896487][T23798] netlink: 'syz.5.7936': attribute type 3 has an invalid length. [ 400.900398][T23798] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7936'. [ 401.187825][ T5752] block nbd4: Receive control failed (result -32) [ 401.188032][ T5748] block nbd4: Receive control failed (result -32) [ 401.443647][T23824] vivid-007: disconnect [ 401.446271][T23824] vivid-007: reconnect [ 402.014305][ T5748] block nbd5: Receive control failed (result -32) [ 402.016929][ T5752] block nbd5: Receive control failed (result -32) [ 402.475281][T23862] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7966'. [ 402.486546][T23862] block nbd6: Unsupported socket: should be TCP or UNIX. [ 402.497468][T23864] overlay: filesystem on ./file0 is read-only [ 402.505544][T23866] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7968'. [ 402.511880][T23866] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7968'. [ 402.515482][T23866] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7968'. [ 402.548291][ T39] usb 11-1: new high-speed USB device number 19 using dummy_hcd [ 402.697741][ T39] usb 11-1: Using ep0 maxpacket: 16 [ 402.702874][ T39] usb 11-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 402.710927][ T39] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.714525][ T39] usb 11-1: Product: syz [ 402.716533][ T39] usb 11-1: Manufacturer: syz [ 402.720956][ T39] usb 11-1: SerialNumber: syz [ 402.954061][ T39] usb 11-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 402.971973][ T39] usb 11-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 402.986552][ T39] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 402.992651][ T39] usb 11-1: media controller created [ 403.003004][ T39] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 403.169536][T23887] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7979'. [ 403.172466][T23887] netlink: 'syz.5.7979': attribute type 21 has an invalid length. [ 403.236568][ T39] zl10353_read_register: readreg error (reg=127, ret==-110) [ 403.266127][ T39] dvb_usb_gl861 11-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 403.271529][ T39] usb 11-1: USB disconnect, device number 19 [ 404.182651][T23942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8004'. [ 405.087585][T23994] ip6_vti0 speed is unknown, defaulting to 1000 [ 405.746466][ T40] audit: type=1326 audit(2000001253.441:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24028 comm="syz.6.8041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 405.764885][ T40] audit: type=1326 audit(2000001253.441:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24028 comm="syz.6.8041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 405.787163][ T40] audit: type=1326 audit(2000001253.441:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24028 comm="syz.6.8041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 405.803983][ T40] audit: type=1326 audit(2000001253.441:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24028 comm="syz.6.8041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 405.807635][T24032] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8042'. [ 405.823896][ T40] audit: type=1326 audit(2000001253.441:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24028 comm="syz.6.8041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 405.842200][ T40] audit: type=1326 audit(2000001253.441:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24028 comm="syz.6.8041" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 405.869518][ T40] audit: type=1326 audit(2000001253.441:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24028 comm="syz.6.8041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 405.878675][ T40] audit: type=1326 audit(2000001253.441:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24028 comm="syz.6.8041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 405.889909][ T40] audit: type=1326 audit(2000001253.441:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24028 comm="syz.6.8041" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 405.900271][ T40] audit: type=1326 audit(2000001253.441:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24028 comm="syz.6.8041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 406.905268][T24096] loop5: detected capacity change from 0 to 7 [ 406.960410][ T5168] blk_print_req_error: 32 callbacks suppressed [ 406.960428][ T5168] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 406.970912][ T5168] buffer_io_error: 30 callbacks suppressed [ 406.970927][ T5168] Buffer I/O error on dev loop5, logical block 0, async page read [ 406.977487][T24096] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 406.982330][T24096] Buffer I/O error on dev loop5, logical block 0, async page read [ 406.985028][T24096] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 406.989378][T24096] Buffer I/O error on dev loop5, logical block 0, async page read [ 406.992710][T24096] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 406.996656][T24096] Buffer I/O error on dev loop5, logical block 0, async page read [ 406.999703][T24096] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 407.002748][T24096] Buffer I/O error on dev loop5, logical block 0, async page read [ 407.005456][T24096] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 407.008683][T24096] Buffer I/O error on dev loop5, logical block 0, async page read [ 407.011315][T24096] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 407.014395][T24096] Buffer I/O error on dev loop5, logical block 0, async page read [ 407.019343][T24096] ldm_validate_partition_table(): Disk read failed. [ 407.022058][T24096] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 407.024980][T24096] Buffer I/O error on dev loop5, logical block 0, async page read [ 407.027592][T24096] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 407.030621][T24096] Buffer I/O error on dev loop5, logical block 0, async page read [ 407.033223][T24096] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 407.036483][T24096] Buffer I/O error on dev loop5, logical block 0, async page read [ 407.039810][T24096] Dev loop5: unable to read RDB block 0 [ 407.042133][T24096] loop5: unable to read partition table [ 407.044041][T24096] loop5: partition table beyond EOD, truncated [ 407.046910][T24096] loop_reread_partitions: partition scan of loop5 (Wý* %4FLQk݊5) failed (rc=-5) [ 407.397066][ T53] usb 10-1: new high-speed USB device number 18 using dummy_hcd [ 407.569033][ T53] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 407.576902][ T53] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 407.587503][ T53] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 407.592596][ T53] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 407.601028][ T53] usb 10-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 407.601687][T24111] netlink: 'syz.0.8070': attribute type 4 has an invalid length. [ 407.604963][ T53] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.611876][ T53] usb 10-1: Product: syz [ 407.613917][ T53] usb 10-1: Manufacturer: syz [ 407.616013][ T53] usb 10-1: SerialNumber: syz [ 407.620681][ T53] usb 10-1: config 0 descriptor?? [ 407.660493][ T5853] kernel read not supported for file /adsp1 (pid: 5853 comm: kworker/3:3) [ 407.764610][T24125] veth0: entered promiscuous mode [ 407.768855][T24124] veth0: left promiscuous mode [ 407.838398][ T53] adutux 10-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 407.866168][T24131] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8082'. [ 407.916484][T24135] netlink: 'syz.0.8084': attribute type 3 has an invalid length. [ 407.920118][T24135] netlink: 72 bytes leftover after parsing attributes in process `syz.0.8084'. [ 407.961203][T24137] block nbd3: NBD_DISCONNECT [ 407.964191][T24137] block nbd3: Send disconnect failed -32 [ 407.970837][T24137] block nbd3: Send disconnect failed -32 [ 407.974558][T24137] block nbd3: shutting down sockets [ 408.036677][T24099] usb 10-1: Couldn't submit interrupt_out_urb -90 [ 408.042934][ T39] usb 10-1: USB disconnect, device number 18 [ 408.109668][T24145] ip6_vti0 speed is unknown, defaulting to 1000 [ 408.112171][T24147] netlink: 'syz.0.8089': attribute type 9 has an invalid length. [ 408.115549][T24147] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.8089'. [ 408.268066][T24158] netem: change failed [ 408.768641][ T53] kernel read not supported for file /dsp1 (pid: 53 comm: kworker/1:1) [ 409.412874][T24173] hub 1-0:1.0: USB hub found [ 409.426729][T24173] hub 1-0:1.0: 2 ports detected [ 409.447172][T24171] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 409.450239][T24171] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 409.453219][T24171] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 409.641525][T24187] ip6_vti0 speed is unknown, defaulting to 1000 [ 410.171174][T24210] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 410.715972][T24240] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8131'. [ 410.722092][T24240] netlink: 80 bytes leftover after parsing attributes in process `syz.5.8131'. [ 411.527486][ T5752] Bluetooth: hci2: command 0x040f tx timeout [ 411.527558][ T5748] Bluetooth: hci3: command 0x2016 tx timeout [ 411.527692][ T5762] Bluetooth: hci1: command 0x0c1a tx timeout [ 411.619356][T24294] netlink: 540 bytes leftover after parsing attributes in process `syz.6.8156'. [ 412.156503][T24300] ip6_vti0 speed is unknown, defaulting to 1000 [ 412.615426][T24334] input: syz0 as /devices/virtual/input/input44 [ 413.001361][ T40] kauditd_printk_skb: 415 callbacks suppressed [ 413.001373][ T40] audit: type=1326 audit(2000001260.701:2408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24350 comm="syz.6.8182" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 413.026019][ T40] audit: type=1326 audit(2000001260.701:2409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24350 comm="syz.6.8182" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 413.028774][T24355] overlayfs: missing 'workdir' [ 413.034429][ T40] audit: type=1326 audit(2000001260.701:2410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24350 comm="syz.6.8182" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 413.045095][ T40] audit: type=1326 audit(2000001260.701:2411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24350 comm="syz.6.8182" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 413.054146][ T40] audit: type=1326 audit(2000001260.701:2412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24350 comm="syz.6.8182" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7f84fcc code=0x7ffc0000 [ 413.061775][ T40] audit: type=1326 audit(2000001260.701:2413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24350 comm="syz.6.8182" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 413.070060][ T40] audit: type=1326 audit(2000001260.701:2414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24350 comm="syz.6.8182" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 413.080418][ T40] audit: type=1326 audit(2000001260.701:2415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24350 comm="syz.6.8182" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 413.089775][ T40] audit: type=1326 audit(2000001260.701:2416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24350 comm="syz.6.8182" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 413.097476][ T40] audit: type=1326 audit(2000001260.701:2417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24350 comm="syz.6.8182" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f84fe8 code=0x7ffc0000 [ 413.242189][T24358] ip6_vti0 speed is unknown, defaulting to 1000 [ 413.279162][T24361] binder: 24360:24361 ioctl c0306201 80000480 returned -22 [ 413.520023][ T53] IPVS: starting estimator thread 0... [ 413.608221][T24378] IPVS: using max 42 ests per chain, 100800 per kthread [ 413.827886][ T1341] usb 10-1: new high-speed USB device number 19 using dummy_hcd [ 413.982263][ T1341] usb 10-1: config 0 has no interfaces? [ 413.984910][ T1341] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 413.989355][ T1341] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.993193][ T1341] usb 10-1: config 0 descriptor?? [ 414.133507][T24410] ip6_vti0 speed is unknown, defaulting to 1000 [ 414.201371][ T5531] usb 10-1: USB disconnect, device number 19 [ 414.399695][ T9838] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 414.700759][ T9838] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 414.818348][T24447] loop9: detected capacity change from 0 to 524287936 [ 415.142372][T24460] loop9: detected capacity change from 0 to 7 [ 415.149109][ C3] blk_print_req_error: 5 callbacks suppressed [ 415.149127][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 415.156241][ C3] buffer_io_error: 5 callbacks suppressed [ 415.156263][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 415.163108][T24441] nbd3: detected capacity change from 0 to 64 [ 415.164977][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 415.169605][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 415.173340][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 415.175144][ T5748] block nbd3: Receive control failed (result -32) [ 415.177447][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 415.182518][T21789] block nbd3: Send control failed (result -32) [ 415.189356][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 415.192529][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 415.196986][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 415.198947][T21789] block nbd3: Request send failed, requeueing [ 415.200793][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 415.207594][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 415.211733][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 415.232890][ T234] block nbd3: Dead connection, failed to find a fallback [ 415.236531][ T234] block nbd3: shutting down sockets [ 415.239597][ T234] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 415.244488][ T234] Buffer I/O error on dev nbd3, logical block 0, async page read [ 415.251674][T21789] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 415.258079][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 415.258713][T21789] Buffer I/O error on dev nbd3, logical block 0, async page read [ 415.261397][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 415.265555][T24460] ldm_validate_partition_table(): Disk read failed. [ 415.269555][T21789] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 415.275872][T21789] Buffer I/O error on dev nbd3, logical block 0, async page read [ 415.279632][T24460] Dev loop9: unable to read RDB block 0 [ 415.282682][T24460] loop9: unable to read partition table [ 415.283310][T21789] ldm_validate_partition_table(): Disk read failed. [ 415.288116][T21789] Dev nbd3: unable to read RDB block 0 [ 415.291104][T21789] nbd3: unable to read partition table [ 415.297282][T24460] loop9: partition table beyond EOD, truncated [ 415.300524][T21789] ldm_validate_partition_table(): Disk read failed. [ 415.301698][T24460] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 415.304046][T21789] Dev nbd3: unable to read RDB block 0 [ 415.310780][T21789] nbd3: unable to read partition table [ 415.315140][T21789] [ 415.316279][T21789] ====================================================== [ 415.319448][T21789] WARNING: possible circular locking dependency detected [ 415.322616][T21789] syzkaller #0 Tainted: G L [ 415.325319][T21789] ------------------------------------------------------ [ 415.328404][T21789] udevd/21789 is trying to acquire lock: [ 415.331104][T21789] ffff8880276d25a0 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: __submit_bio+0x1e1/0x6c0 [ 415.335575][T21789] [ 415.335575][T21789] but task is already holding lock: [ 415.338733][T21789] ffff88802726b780 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_get_pages+0x123e/0x2030 [ 415.343011][T21789] [ 415.343011][T21789] which lock already depends on the new lock. [ 415.343011][T21789] [ 415.347383][T21789] [ 415.347383][T21789] the existing dependency chain (in reverse order) is: [ 415.351215][T21789] [ 415.351215][T21789] -> #7 (mapping.invalidate_lock){++++}-{4:4}: [ 415.355055][T21789] down_read+0x99/0x450 [ 415.357168][T21789] filemap_fault+0x2dd/0x2e90 [ 415.359233][T21789] __do_fault+0x10b/0x440 [ 415.361340][T21789] do_fault+0xa99/0x1750 [ 415.363406][T21789] __handle_mm_fault+0x187d/0x2a00 [ 415.365802][T21789] handle_mm_fault+0x36d/0xa20 [ 415.368051][T21789] __get_user_pages+0x1178/0x32a0 [ 415.370379][T21789] faultin_page_range+0x1f1/0x9e0 [ 415.372737][T21789] madvise_do_behavior+0x354/0x510 [ 415.375284][T21789] do_madvise+0x195/0x240 [ 415.377698][T21789] __ia32_sys_madvise+0xa7/0x110 [ 415.380228][T21789] __do_fast_syscall_32+0xe7/0x950 [ 415.382698][T21789] do_fast_syscall_32+0x32/0x70 [ 415.385092][T21789] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 415.387978][T21789] [ 415.387978][T21789] -> #6 (&mm->mmap_lock){++++}-{4:4}: [ 415.391169][T21789] __might_fault+0xde/0x140 [ 415.393312][T21789] _copy_from_user+0x29/0xd0 [ 415.395460][T21789] csum_and_copy_from_iter_full+0x21a/0x1fd0 [ 415.398355][T21789] ip_generic_getfrag+0x172/0x270 [ 415.400955][T21789] raw6_getfrag+0x235/0x2a0 [ 415.403085][T21789] __ip6_append_data+0x4058/0x4bf0 [ 415.405505][T21789] ip6_append_data+0x10b/0x410 [ 415.407742][T21789] rawv6_sendmsg+0x169c/0x4420 [ 415.409991][T21789] inet_sendmsg+0x11c/0x140 [ 415.412081][T21789] ____sys_sendmsg+0x98d/0xb70 [ 415.414564][T21789] ___sys_sendmsg+0x190/0x1e0 [ 415.417196][T21789] __sys_sendmsg+0x170/0x220 [ 415.419388][T21789] do_syscall_64+0x10b/0xf80 [ 415.421535][T21789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.424206][T21789] [ 415.424206][T21789] -> #5 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 415.427388][T21789] lock_sock_nested+0x41/0xf0 [ 415.429550][T21789] inet_shutdown+0x67/0x410 [ 415.431703][T21789] nbd_mark_nsock_dead+0xae/0x5c0 [ 415.434050][T21789] sock_shutdown+0x16b/0x200 [ 415.436254][T21789] nbd_config_put+0x1eb/0x750 [ 415.438504][T21789] nbd_genl_connect+0xaf8/0x1a40 [ 415.440862][T21789] genl_family_rcv_msg_doit+0x214/0x300 [ 415.443414][T21789] genl_rcv_msg+0x560/0x800 [ 415.445584][T21789] netlink_rcv_skb+0x159/0x420 [ 415.447877][T21789] genl_rcv+0x28/0x40 [ 415.449967][T21789] netlink_unicast+0x585/0x850 [ 415.452193][T21789] netlink_sendmsg+0x8b0/0xda0 [ 415.454523][T21789] ____sys_sendmsg+0x9e1/0xb70 [ 415.456760][T21789] ___sys_sendmsg+0x190/0x1e0 [ 415.459058][T21789] __sys_sendmsg+0x170/0x220 [ 415.461480][T21789] __do_fast_syscall_32+0xe7/0x950 [ 415.464091][T21789] do_fast_syscall_32+0x32/0x70 [ 415.466350][T21789] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 415.469171][T21789] [ 415.469171][T21789] -> #4 (&nsock->tx_lock){+.+.}-{4:4}: [ 415.472309][T21789] __mutex_lock+0x1a4/0x1b10 [ 415.474349][T21789] nbd_queue_rq+0x428/0x1080 [ 415.476368][T21789] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 415.478732][T21789] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 415.481649][T21789] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 415.484556][T21789] blk_mq_run_hw_queue+0x23c/0x670 [ 415.486987][T21789] blk_mq_dispatch_list+0x51d/0x1360 [ 415.489491][T21789] blk_mq_flush_plug_list+0x130/0x600 [ 415.492004][T21789] __blk_flush_plug+0x2c4/0x4b0 [ 415.494709][T21789] __submit_bio+0x584/0x6c0 [ 415.497276][T21789] submit_bio_noacct_nocheck+0x543/0xbf0 [ 415.500654][T21789] submit_bio_noacct+0xd18/0x2000 [ 415.503248][T21789] submit_bh_wbc+0x681/0x890 [ 415.505482][T21789] block_read_full_folio+0x4c8/0x8e0 [ 415.507965][T21789] filemap_read_folio+0xfc/0x3b0 [ 415.510306][T21789] do_read_cache_folio+0x2d7/0x6b0 [ 415.512680][T21789] read_part_sector+0xd1/0x370 [ 415.514944][T21789] adfspart_check_ICS+0x91/0x7d0 [ 415.517244][T21789] bdev_disk_changed+0x7a3/0x1250 [ 415.519604][T21789] blkdev_get_whole+0x187/0x290 [ 415.521893][T21789] bdev_open+0x2c7/0xe40 [ 415.523961][T21789] blkdev_open+0x34e/0x4f0 [ 415.526149][T21789] do_dentry_open+0x6d8/0x1660 [ 415.528505][T21789] vfs_open+0x82/0x3f0 [ 415.530566][T21789] path_openat+0x208c/0x31a0 [ 415.532515][T21789] do_file_open+0x20e/0x430 [ 415.534704][T21789] do_sys_openat2+0x10d/0x1e0 [ 415.537023][T21789] __x64_sys_openat+0x12d/0x210 [ 415.539347][T21789] do_syscall_64+0x10b/0xf80 [ 415.541610][T21789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.544248][T21789] [ 415.544248][T21789] -> #3 (&cmd->lock){+.+.}-{4:4}: [ 415.547247][T21789] __mutex_lock+0x1a4/0x1b10 [ 415.549489][T21789] nbd_queue_rq+0xba/0x1080 [ 415.552174][T21789] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 415.555443][T21789] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 415.558639][T21789] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 415.561312][T21789] blk_mq_run_hw_queue+0x23c/0x670 [ 415.563552][T21789] blk_mq_dispatch_list+0x51d/0x1360 [ 415.566024][T21789] blk_mq_flush_plug_list+0x130/0x600 [ 415.568457][T21789] __blk_flush_plug+0x2c4/0x4b0 [ 415.570731][T21789] __submit_bio+0x584/0x6c0 [ 415.572892][T21789] submit_bio_noacct_nocheck+0x543/0xbf0 [ 415.575653][T21789] submit_bio_noacct+0xd18/0x2000 [ 415.578320][T21789] submit_bh_wbc+0x681/0x890 [ 415.580916][T21789] block_read_full_folio+0x4c8/0x8e0 [ 415.583669][T21789] filemap_read_folio+0xfc/0x3b0 [ 415.586052][T21789] do_read_cache_folio+0x2d7/0x6b0 [ 415.588452][T21789] read_part_sector+0xd1/0x370 [ 415.590575][T21789] adfspart_check_ICS+0x91/0x7d0 [ 415.592894][T21789] bdev_disk_changed+0x7a3/0x1250 [ 415.595373][T21789] blkdev_get_whole+0x187/0x290 [ 415.598022][T21789] bdev_open+0x2c7/0xe40 [ 415.600428][T21789] blkdev_open+0x34e/0x4f0 [ 415.602772][T21789] do_dentry_open+0x6d8/0x1660 [ 415.605056][T21789] vfs_open+0x82/0x3f0 [ 415.607014][T21789] path_openat+0x208c/0x31a0 [ 415.609124][T21789] do_file_open+0x20e/0x430 [ 415.611257][T21789] do_sys_openat2+0x10d/0x1e0 [ 415.613307][T21789] __x64_sys_openat+0x12d/0x210 [ 415.615556][T21789] do_syscall_64+0x10b/0xf80 [ 415.617722][T21789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.620402][T21789] [ 415.620402][T21789] -> #2 (set->srcu){.+.+}-{0:0}: [ 415.623397][T21789] __synchronize_srcu+0xa2/0x300 [ 415.625856][T21789] blk_mq_quiesce_queue+0x149/0x1c0 [ 415.628527][T21789] elevator_switch+0x17b/0x7e0 [ 415.630972][T21789] elevator_change+0x352/0x530 [ 415.633186][T21789] elevator_set_default+0x29e/0x360 [ 415.635669][T21789] blk_register_queue+0x48e/0x630 [ 415.638054][T21789] __add_disk+0x73f/0xe40 [ 415.640139][T21789] add_disk_fwnode+0x118/0x5c0 [ 415.642751][T21789] nbd_dev_add+0x77a/0xb10 [ 415.645155][T21789] nbd_init+0x291/0x2b0 [ 415.647292][T21789] do_one_initcall+0x121/0x750 [ 415.649604][T21789] kernel_init_freeable+0x6ea/0x7b0 [ 415.652107][T21789] kernel_init+0x1f/0x1e0 [ 415.654172][T21789] ret_from_fork+0x72b/0xd50 [ 415.656380][T21789] ret_from_fork_asm+0x1a/0x30 [ 415.658557][T21789] [ 415.658557][T21789] -> #1 (&q->elevator_lock){+.+.}-{4:4}: [ 415.661740][T21789] __mutex_lock+0x1a4/0x1b10 [ 415.663912][T21789] elevator_change+0x1bc/0x530 [ 415.666277][T21789] elevator_set_none+0x92/0xf0 [ 415.668908][T21789] blk_mq_update_nr_hw_queues+0x4c1/0x15f0 [ 415.672191][T21789] nbd_start_device+0x1a6/0xbd0 [ 415.674652][T21789] nbd_genl_connect+0xff2/0x1a40 [ 415.677003][T21789] genl_family_rcv_msg_doit+0x214/0x300 [ 415.679578][T21789] genl_rcv_msg+0x560/0x800 [ 415.681632][T21789] netlink_rcv_skb+0x159/0x420 [ 415.683871][T21789] genl_rcv+0x28/0x40 [ 415.685797][T21789] netlink_unicast+0x585/0x850 [ 415.688015][T21789] netlink_sendmsg+0x8b0/0xda0 [ 415.690179][T21789] ____sys_sendmsg+0x9e1/0xb70 [ 415.692418][T21789] ___sys_sendmsg+0x190/0x1e0 [ 415.694609][T21789] __sys_sendmsg+0x170/0x220 [ 415.696796][T21789] __do_fast_syscall_32+0xe7/0x950 [ 415.699084][T21789] do_fast_syscall_32+0x32/0x70 [ 415.700979][T21789] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 415.703623][T21789] [ 415.703623][T21789] -> #0 (&q->q_usage_counter(io)#52){++++}-{0:0}: [ 415.707427][T21789] __lock_acquire+0x14b8/0x2630 [ 415.709700][T21789] lock_acquire+0x1b1/0x370 [ 415.711721][T21789] blk_mq_submit_bio+0x260c/0x2dd0 [ 415.714109][T21789] __submit_bio+0x1e1/0x6c0 [ 415.716266][T21789] submit_bio_noacct_nocheck+0x543/0xbf0 [ 415.718950][T21789] submit_bio_noacct+0xd18/0x2000 [ 415.721502][T21789] submit_bh_wbc+0x681/0x890 [ 415.724026][T21789] block_read_full_folio+0x4c8/0x8e0 [ 415.726862][T21789] filemap_read_folio+0xfc/0x3b0 [ 415.729250][T21789] filemap_get_pages+0x173d/0x2030 [ 415.731600][T21789] filemap_read+0x3b5/0x10a0 [ 415.733772][T21789] blkdev_read_iter+0x2c4/0x4f0 [ 415.736032][T21789] vfs_read+0x825/0xb30 [ 415.738059][T21789] ksys_read+0x12a/0x250 [ 415.740095][T21789] do_syscall_64+0x10b/0xf80 [ 415.742315][T21789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.745339][T21789] [ 415.745339][T21789] other info that might help us debug this: [ 415.745339][T21789] [ 415.750197][T21789] Chain exists of: [ 415.750197][T21789] &q->q_usage_counter(io)#52 --> &mm->mmap_lock --> mapping.invalidate_lock [ 415.750197][T21789] [ 415.755707][T21789] Possible unsafe locking scenario: [ 415.755707][T21789] [ 415.758693][T21789] CPU0 CPU1 [ 415.760924][T21789] ---- ---- [ 415.763147][T21789] rlock(mapping.invalidate_lock); [ 415.765391][T21789] lock(&mm->mmap_lock); [ 415.768264][T21789] lock(mapping.invalidate_lock); [ 415.771437][T21789] rlock(&q->q_usage_counter(io)#52); [ 415.773832][T21789] [ 415.773832][T21789] *** DEADLOCK *** [ 415.773832][T21789] [ 415.777693][T21789] 2 locks held by udevd/21789: [ 415.779810][T21789] #0: ffff88802726b5e8 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_read_iter+0x2b6/0x4f0 [ 415.784408][T21789] #1: ffff88802726b780 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_get_pages+0x123e/0x2030 [ 415.788788][T21789] [ 415.788788][T21789] stack backtrace: [ 415.790915][T21789] CPU: 1 UID: 0 PID: 21789 Comm: udevd Tainted: G L syzkaller #0 PREEMPT(full) [ 415.790932][T21789] Tainted: [L]=SOFTLOCKUP [ 415.790936][T21789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 415.790942][T21789] Call Trace: [ 415.790948][T21789] [ 415.790952][T21789] dump_stack_lvl+0x100/0x190 [ 415.790967][T21789] print_circular_bug.cold+0x178/0x1c7 [ 415.790985][T21789] check_noncircular+0x146/0x160 [ 415.791004][T21789] __lock_acquire+0x14b8/0x2630 [ 415.791016][T21789] lock_acquire+0x1b1/0x370 [ 415.791025][T21789] ? __submit_bio+0x1e1/0x6c0 [ 415.791037][T21789] ? blk_mq_submit_bio+0x25e1/0x2dd0 [ 415.791050][T21789] ? blk_mq_submit_bio+0x25e1/0x2dd0 [ 415.791063][T21789] blk_mq_submit_bio+0x260c/0x2dd0 [ 415.791076][T21789] ? __submit_bio+0x1e1/0x6c0 [ 415.791087][T21789] ? __pfx_blk_mq_submit_bio+0x10/0x10 [ 415.791103][T21789] __submit_bio+0x1e1/0x6c0 [ 415.791115][T21789] ? __pfx___submit_bio+0x10/0x10 [ 415.791127][T21789] ? __pfx_blk_cgroup_bio_start+0x10/0x10 [ 415.791140][T21789] ? find_held_lock+0x2b/0x80 [ 415.791154][T21789] ? submit_bio_noacct_nocheck+0x543/0xbf0 [ 415.791165][T21789] submit_bio_noacct_nocheck+0x543/0xbf0 [ 415.791178][T21789] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 415.791190][T21789] ? __pfx___might_resched+0x10/0x10 [ 415.791204][T21789] submit_bio_noacct+0xd18/0x2000 [ 415.791216][T21789] submit_bh_wbc+0x681/0x890 [ 415.791233][T21789] block_read_full_folio+0x4c8/0x8e0 [ 415.791244][T21789] ? __pfx_blkdev_get_block+0x10/0x10 [ 415.791256][T21789] ? __pfx_blkdev_read_folio+0x10/0x10 [ 415.791268][T21789] filemap_read_folio+0xfc/0x3b0 [ 415.791285][T21789] ? __pfx_filemap_read_folio+0x10/0x10 [ 415.791303][T21789] filemap_get_pages+0x173d/0x2030 [ 415.791315][T21789] ? __pfx_filemap_get_pages+0x10/0x10 [ 415.791326][T21789] ? __pfx___might_resched+0x10/0x10 [ 415.791337][T21789] ? __pfx_validate_mm+0x10/0x10 [ 415.791353][T21789] filemap_read+0x3b5/0x10a0 [ 415.791367][T21789] ? __pfx_filemap_read+0x10/0x10 [ 415.791380][T21789] ? __pfx_down_read+0x10/0x10 [ 415.791392][T21789] blkdev_read_iter+0x2c4/0x4f0 [ 415.791405][T21789] ? __pfx_blkdev_read_iter+0x10/0x10 [ 415.791417][T21789] vfs_read+0x825/0xb30 [ 415.791429][T21789] ? __pfx_vfs_read+0x10/0x10 [ 415.791442][T21789] ? ksys_mmap_pgoff+0xec/0x610 [ 415.791456][T21789] ksys_read+0x12a/0x250 [ 415.791467][T21789] ? __pfx_ksys_read+0x10/0x10 [ 415.791479][T21789] ? rcu_is_watching+0x12/0xc0 [ 415.791492][T21789] do_syscall_64+0x10b/0xf80 [ 415.791507][T21789] ? clear_bhb_loop+0x40/0x90 [ 415.791519][T21789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.791530][T21789] RIP: 0033:0x7f918c2a7407 [ 415.791543][T21789] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 415.791554][T21789] RSP: 002b:00007ffccc16a2f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 415.791564][T21789] RAX: ffffffffffffffda RBX: 00007f918ca2e880 RCX: 00007f918c2a7407 [ 415.791571][T21789] RDX: 0000000000000200 RSI: 00007f918ca2d000 RDI: 0000000000000009 [ 415.791577][T21789] RBP: 000055ac65bc4050 R08: 0000000000000000 R09: 0000000000000000 [ 415.791583][T21789] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 415.791589][T21789] R13: 0000000000000000 R14: 000055ac65bcbe18 R15: 00007f918cb5539c [ 415.791599][T21789] [ 415.847835][ T5748] Bluetooth: hci3: unexpected event for opcode 0x040e