last executing test programs: 9m46.093143887s ago: executing program 2 (id=12026): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000980)=ANY=[@ANYBLOB="1400000042000b06"], 0x14}}, 0x0) recvmmsg(r0, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000580)=""/298, 0x12a}, {&(0x7f0000000f00)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/197, 0xc5}, {&(0x7f0000000000)=""/126, 0x7e}, {&(0x7f0000000ac0)=""/239, 0xef}, {&(0x7f0000000180)=""/182, 0xb6}, {&(0x7f0000000c80)=""/154, 0x9a}, {&(0x7f00000002c0)=""/68, 0x44}], 0x8}, 0x1005}], 0x1, 0x0, 0x0) 9m45.988217606s ago: executing program 2 (id=12029): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000000380)=0x400a, 0x4) 9m45.745245436s ago: executing program 2 (id=12038): r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1) fcntl$setlease(r0, 0x400, 0x1) fremovexattr(r0, &(0x7f0000000040)=@known='system.posix_acl_default\x00') 9m45.651381106s ago: executing program 2 (id=12040): set_mempolicy(0x4005, &(0x7f0000000080)=0x4, 0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="010000001a3a08000500000007"], 0x16) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000140)={r0, 0x0}, 0x20) 9m45.552114985s ago: executing program 2 (id=12044): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 9m45.445172426s ago: executing program 2 (id=12047): r0 = fsopen(&(0x7f0000000000)='jfs\x00', 0x1) syz_usb_control_io$rtl8150(0xffffffffffffffff, &(0x7f00000002c0)={0x14, &(0x7f0000000100)={0x40, 0x2, 0x2, {0x2, 0x3}}, 0x0}, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='resize', &(0x7f0000000100), 0x0) 9m29.218250763s ago: executing program 32 (id=12047): r0 = fsopen(&(0x7f0000000000)='jfs\x00', 0x1) syz_usb_control_io$rtl8150(0xffffffffffffffff, &(0x7f00000002c0)={0x14, &(0x7f0000000100)={0x40, 0x2, 0x2, {0x2, 0x3}}, 0x0}, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='resize', &(0x7f0000000100), 0x0) 7m20.290593663s ago: executing program 4 (id=14578): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) ioctl$TUNSETVNETLE(r0, 0x400454dc, 0x0) 7m19.958802725s ago: executing program 4 (id=14586): r0 = fsopen(&(0x7f0000000200)='romfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 7m19.795994321s ago: executing program 4 (id=14589): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="7000000010000100"/20, @ANYRES32=r1, @ANYBLOB="0000000000000000500012800e0001006970366772657461700000003c000280140007002001000000000000000000000000000014000600fe", @ANYBLOB='\b\x00'], 0x70}}, 0x0) 7m19.731583926s ago: executing program 4 (id=14592): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback, 0x0, 0x2}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0) 7m19.540128839s ago: executing program 4 (id=14595): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) 7m19.457464308s ago: executing program 4 (id=14599): r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) ioctl$USBDEVFS_GET_CAPABILITIES(r0, 0x8004551a, &(0x7f0000000100)) 7m18.559490816s ago: executing program 0 (id=14606): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000340)=0x29, 0x4) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 7m17.497407307s ago: executing program 0 (id=14617): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x45c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x3, 0x1, 0x8, 0x2, 0xff, 0x7}, {0x4, 0x0, 0x3, 0xa159, 0x1, 0x7}, 0x3, 0x6, 0x41e}}, @TCA_TBF_PTAB={0x404, 0x3, [0x4, 0x2, 0x8, 0x7ff, 0x0, 0x8ba, 0xa3, 0x4d91, 0x7fffffff, 0x63c4, 0x0, 0x8000, 0x8, 0x255, 0x7, 0xa, 0xd81, 0x0, 0xa, 0xa, 0xa, 0x6, 0x0, 0x200, 0x1, 0x3, 0xb97, 0x5, 0x0, 0xffffffff, 0x200, 0x23, 0x3, 0x78, 0xfffffffc, 0x5, 0x1, 0x2, 0x8, 0x6, 0x0, 0xd, 0x80, 0xe, 0x80, 0x236c13d6, 0x3800000, 0x0, 0xfffff30b, 0x0, 0xf5, 0x81, 0x5, 0x80, 0x101, 0x3f, 0xfffffbff, 0x36a5, 0x4, 0x6, 0x200, 0x1ba, 0x9, 0xab, 0x6, 0xfffffffa, 0x7fffffff, 0x0, 0x3, 0x1, 0x963, 0x1ff, 0x2, 0xfffffffd, 0x6, 0x9, 0x0, 0x3, 0x9e, 0xb09, 0x3ff, 0x7, 0x8000, 0x4, 0xc, 0x1000, 0x101, 0x1, 0x4, 0x6, 0xfffff001, 0x3, 0x1, 0x8762, 0x8e, 0x8, 0xfffff76b, 0x0, 0x4, 0x4275c4e9, 0x8, 0x5, 0x800, 0x0, 0x8, 0x5, 0x6cdf13a3, 0x7, 0x3, 0x5, 0x10001, 0xff, 0x80000001, 0xed2, 0x2, 0xfffffffa, 0x2, 0x18d1, 0x0, 0x10000, 0x9486, 0x800080, 0x6, 0x7ffffffc, 0xdb, 0x3, 0x83, 0xffff8000, 0x6, 0x5, 0x5, 0x1, 0x2, 0x8, 0x7, 0x0, 0x2, 0x81, 0x3, 0x1, 0x26bf, 0x7, 0x3, 0x0, 0xc1, 0x9, 0x1, 0x5, 0x283, 0xb, 0x4, 0x3d, 0x2, 0x4, 0x7, 0x102, 0x400, 0x8, 0x7fffffff, 0xfffffff8, 0xa, 0xfffffff4, 0x8, 0xc, 0x96, 0x6, 0x4, 0x62cc, 0x2, 0x7, 0x2eb7, 0xfffd, 0xcbf, 0x4010000, 0xf, 0x9, 0xfffffff6, 0x1, 0x8, 0x800, 0x8001, 0xf, 0x5, 0x8, 0x8d, 0xffffffff, 0x8, 0x7, 0x1, 0x61, 0xffffffff, 0x494, 0xb, 0x1, 0x1, 0xd1, 0xd, 0x9, 0x1002, 0x0, 0x6, 0x3, 0xfffffffb, 0xffff, 0x80ff, 0x5, 0xe, 0x401, 0x2, 0x8cc5, 0x8, 0x159, 0xfffffff8, 0x81, 0x382ae49b, 0x9, 0xffffffff, 0xffff, 0x9, 0xfffffffb, 0x6, 0x2, 0x8dc4, 0x20000005, 0x5, 0x9, 0x2, 0xfffff803, 0xfffffffe, 0x5, 0x2, 0x7, 0x200, 0x7f, 0x7, 0x1, 0x0, 0xffffffff, 0xdfed, 0xb, 0x77, 0x105, 0xff, 0xb331, 0x9, 0x6, 0x9, 0x7, 0x2, 0x400, 0xffffffff, 0x1, 0x800, 0x6000, 0xfe000000, 0x7]}]}}]}, 0x45c}}, 0x0) 7m17.260487097s ago: executing program 0 (id=14621): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1b) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000580)) 7m17.020954391s ago: executing program 0 (id=14624): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x38, r1, 0x701, 0x2, 0x0, {0x2e}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x48018}, 0x4004004) 7m16.714796274s ago: executing program 0 (id=14629): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) fstat(r0, &(0x7f00000001c0)) 7m16.590258885s ago: executing program 0 (id=14631): inotify_init1(0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000000)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0], 0x0) 7m3.255064441s ago: executing program 33 (id=14599): r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) ioctl$USBDEVFS_GET_CAPABILITIES(r0, 0x8004551a, &(0x7f0000000100)) 7m0.330497943s ago: executing program 34 (id=14631): inotify_init1(0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000000)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0], 0x0) 1m1.234350984s ago: executing program 5 (id=20409): socket$inet6(0xa, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc800000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000005400038050000080080003400000000244000b802c0001800a0001006c696d69740000001c0002800c00024000000000000000030c000140000000000000100014000180090001006c617374000000000400028014000000110001"], 0xe4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) close(r0) 1m0.944417105s ago: executing program 5 (id=20414): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc980000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000006c0003806800008008000340000000025c000b802c0001800a0001006c696d69740000001c0002800c00024000000000000000030c00014000000000000100002c0001800a0001006c696d69740000001c0002800c00024000000000800000000c000140000000000000000814000000110001"], 0xfc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1m0.796626775s ago: executing program 5 (id=20418): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1, 0x7, 0x3, 0x3, 0x100}, 0x50) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00', 0xff}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x353, @time={0x95}}) 1m0.352432748s ago: executing program 5 (id=20426): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0x16, 0x0) mount$overlay(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x20000, 0x0) mount$bind(&(0x7f0000000200)='.\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x2125099, 0x0) 59.972386162s ago: executing program 5 (id=20430): syz_usb_connect(0x0, 0x2d, 0x0, 0x0) r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) 56.991589028s ago: executing program 5 (id=20478): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000040)={0xd, 0x1, 0x1, 0xdd3, r2}, 0x10) 56.505516446s ago: executing program 35 (id=20478): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000040)={0xd, 0x1, 0x1, 0xdd3, r2}, 0x10) 3.661997199s ago: executing program 3 (id=21213): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffeed, 0xfa00, {0x3, &(0x7f00000000c0), 0x2, 0x9}}, 0xfffffffffffffeaf) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) 2.147235147s ago: executing program 7 (id=21236): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="06e28092c5ec1d88d05e0a6f2ce709c63de1ab461557270000fc494605c77dc874d0734eed79ecd2e373cf63d3a4e9a461877edf08af5c6c56be907e383f7a1cce50acae1ed1944d1e00f576d2365e27c059eaceee4e56e1f161effd91efedde230512ce932b03ea7ccfb1442c3d8c8954f4b9cdc4bc9dc1f14af9e5b22f9ba40774572c6992ca3e89d70fc2ab813333d71fbea6b7a7b60004285435319ebbae2cc5f343756ed4c9eb88760294047270864a6921876a953daf8b1e8dfa14c0626ce6597cd21a38b8b115ea15c3d63f4119868d4b3948cfcda7f069a9ccb0bbaa4854f0dc1092e6f0b16873951b1e521e1ce63614fc34a7cc07f154261ec71cd457229a5897a9815f7641bdf50b05aa1d5d1a8449f02cfaaeab93fe13c3d9506d0b6601af66ef870fb98b97b7b9d1c3c2790c21dbf6f7ebd3b0a85faa3288257ab2ae248865498bf0b7f23e12cfa7a3137a9903f866eb874415cf20253e94ddfb1533827d15580041", 0x168}, {&(0x7f0000001600)="c9fbe0378bef0a6749d715b5c3e27d03e68c83579553d3bd9cc08edbae86d2f95e95a3fa8ab031e21b5a47e4205c87eefc819e6ea7bd0f6772e957f739339398cd07aeb0522339dde07af5b6ee6b94221ca3494c29be340810d421808f27877885583a2c80d4331aca54533ad84a0ccc5fa28956504f2eafc0f098f878ae3caf30b7981d5e778aaa197d235aa31c4c77fdf0e1c0d31fc7c43969830f82c4b5631e47df6b9a9f59a57e0e7bd1f9e4fcdb4150f713fb9e3530650b43a92853d1e3334fe72113d518a558343615ba8d3412bda82b725855e14c29f7ed81e1cbb76f9684cc6b7fcdc2808119a0f8328b0c5d0e996e50e95605724abb1c635b0bf633f4bcca6213fef03260e56321e3270f322eb13b8ab70c726cbce78c93e4c87d7d7b363542b1b4eb90242ae9459775aa7c045233df9912fc47d6793f40bb5543b537ed6b79e0091e3c069644ce8d6ea00125815fae3c25f4d5c847e76c0c697d7df260ba36e6917f75ccd289070477665e64ac3e00c93228b72763f28104defab475f03841980110b23d02a3d1b74d25c8f2e1c8dfd9243e0bb7a583f091f829329f045f2fc0c40bb4a5205b071d4b6959663c6bfc1f04b23db627ac9fc792cd3355dbbc031d56107ea3379209a49abf03a8347fce6d48cf1968b64558e30210b02214cd0728c6743b89bd4cc2f1d1424fcedd95fa700751a4ff438469fd9e6f3a47200f3fbbde74bdbbeabfb6f96e32366d85a8e6bb6d576687634daac56c9619e4bbeea7606f223d3976c4bea9a07406b037cef4d06cc9e447dc06901c91145aeb9b9726cbf808d253cb01e0806f21d82b928173be2f5bbed1a97e725b17d1d1bd19c14935abd242ca6501c4282f5f1a3e813c68bdb88add0b6fcc14b8355a81b9ac915e5d51212438c5d2993f26456c9ecde871752c99ddbaecb3f6f5f02a0542e898b64a6d475aae01f2aca6c6013907c085ef56483c910cdf4cdcdb516533aeb97644462cd012e0407dfdeff5428e23edd335b1590641353c54f0802f45d880cb8f22ebbac0cc094a771877aac6491aa62350ccde2993826928e6614b76c15e4aae8ede6de392f4f6567f0833ced4458bca37928cc2a70ca20cd38c11138b6ba39a6374ef7f150eb2d5a500a6b9c010d13dcf7318deb8c106e2448c6b21f62051300080dcc9d87db52cefe722035f1508fff231c22bfc8f1d2e14de70a281be8eb3649ace61896f0c33357fcd838db94aaca611b228f76cb4ab983ad3ab636c7260d57bba0061574bb0876afbeb916e252572687b8d28ba7c945f07e0286bedfd7c259769016225a158bf607dd62e11c83bc686a7ab2903ddd64d4e2c44f39ac1f76b80d6be086396e7515441afcadfecb940776ee4f776d3c294dce9aab77e5c2f6c36c20b4343d80d0c3da5f838b948aa684729c578718d3a0811a1dd654e7ad5e414d892ceb3dd704632caa4dcfdc947ce9391ab9abaa0951d12d56623b0028fe78da20a65df9eabb16e4b14bbbfea7108ab4308e7cb540ab8a810cebbf0d3b64ba108d281c91b011f2a8e565c4b802448bad1a57fe6e74fd3278211a70f0767746ed1f234e8edbcb6f8a215e66849a7f10d1533ef626e31725439afd95c9b3a673041459e473d5ddbcc187f55d72d054bf16a714ee0f4bb5d14cf29b853fd6f703b54f227d20ca414b3d6314e9448d211707158ea758e04a2fe7dad468374d62ab4240bb3c9782faa9f87aec26876714b169198931cbd486c01bb2156488467cda498d0a0c62ff6cf03fc68aa3b8051fff5d68e8374796439e9cf12dae426d3692c2d50699eae00ba4b9797fe5295740d8efb64a48bda389e841254638a118337404194e440a2338e2ce0b32395874e0d5cc36c0f1231426d82636e5a7182f82ea545bf7cd5d19ff42a1e8b90193a82452a0eec6575bf7181275d5c2ba2d74a5bda47934d8c89f3225f38959c12b3a2cae85e5108439bc262b69f5bd5f73a86776525f4ecb1685175ffc05aa5faadcc3be80d0b1d1bfc34ffc2ee1cde6bdf0000000000000000000000000000000061293c817aaec775b1f08ddb2e3ce8679267da0b1fb826483e9838e0e283", 0x5d0}], 0x2, 0x0, 0x0, 0x2c}, 0x40440c4) 1.6838185s ago: executing program 7 (id=21244): write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB="340200000200000005f3000005"], 0x234) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'wlan1\x00', 0x0}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.623405295s ago: executing program 3 (id=21246): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r1, 0x0, &(0x7f0000000040)="05", 0x1, 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x5, r1, 0x0, &(0x7f0000adf000/0x3000)=nil, 0x3000, 0x40000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000300)={0x28, 0x3, r1, 0x0, &(0x7f0000ae0000/0x2000)=nil, 0x2000, 0xffffffff7fffffff}) ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000240)={0x18, r1, 0x14c0, 0x80000000}) 1.508878697s ago: executing program 3 (id=21248): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x12, 0x6, 0x4, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000340), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20) 1.391972887s ago: executing program 6 (id=21250): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000440)={0x1, &(0x7f0000000340)=[{0x6, 0x4e, 0x5, 0x7fff0000}]}) r0 = syz_clone(0x800400, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2}], 0x1c) ptrace(0x10, r0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0xb117, 0x0) 1.312222051s ago: executing program 3 (id=21252): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x2c, 0x24, 0xd0f, 0xfffffffd, 0xffffffff, {0x60, 0x0, 0x0, 0x0, {0xffe0, 0x2}, {0xfff2, 0x10}, {0xfff3, 0xfff2}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x4c}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000844}, 0x2000c8d1) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r0) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"}) 1.030551219s ago: executing program 7 (id=21255): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000010400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0", 0x49}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/88, 0x58}], 0x1}, 0x0) 991.7ms ago: executing program 6 (id=21257): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) unshare(0x20000400) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x9) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x2}, 0x38) 926.172442ms ago: executing program 3 (id=21258): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000017ffffffffffff00000000000088a848008100560008004b"], 0x14b) 894.255412ms ago: executing program 8 (id=21259): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="05000000d8000001118006b05c6a8ce2", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000080"], 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x5, 0x802, 0x0, {}, {0x77359400}, {0x0, 0x0, 0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "cb7d302847bb1a28e8a4004b789607ed47df355645f2178a039ed508ff76df3536741848cc6cb65c6e77aad714472cb8856fcdd536f9d9655dcf800549436e96"}}, 0x80}}, 0x800) close_range(r0, 0xffffffffffffffff, 0x0) 882.382347ms ago: executing program 7 (id=21260): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000003000000000000000040000018010000786c6c250000000000202020731af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ff0000008500000006000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x37, &(0x7f0000000080)=ANY=[], 0x0) 794.043638ms ago: executing program 6 (id=21261): munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10) sendmsg$can_bcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r0, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 746.797533ms ago: executing program 8 (id=21263): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1, r0}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) clock_nanosleep(0x2, 0x1, &(0x7f00000000c0), 0x0) 675.165389ms ago: executing program 6 (id=21264): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x4a02, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000096c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x64, 0x30, 0xb, 0x0, 0xfffffffd, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x740, 0x1800, 0x1, 0xac, 0x5}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0xfe33) 656.995595ms ago: executing program 1 (id=21265): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x8501, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x6, 0x80800) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000280)={0x0, r2}) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f00000002c0)={0x400002, r2}) close(0x4) 656.320681ms ago: executing program 7 (id=21266): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x18f887, 0x0) umount2(&(0x7f0000000040)='./file0/file0\x00', 0x0) 543.841685ms ago: executing program 8 (id=21267): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c) sendto$unix(r1, 0x0, 0x0, 0x40000, &(0x7f0000000040)=@abs={0x1, 0x0, 0x4e20}, 0x1c) 539.10034ms ago: executing program 6 (id=21268): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x9a) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000026c0)='./file0\x00', 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 471.913199ms ago: executing program 3 (id=21269): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000a69000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7f, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x0, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x1}, {0x0, 0xffff}}}, 0x24}}, 0x8000) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 471.503105ms ago: executing program 1 (id=21270): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000180)={0xb770}) 462.50319ms ago: executing program 7 (id=21271): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x1, 0x7, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 412.553815ms ago: executing program 6 (id=21272): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20) 400.945473ms ago: executing program 8 (id=21273): r0 = socket$kcm(0x2, 0x5, 0x84) r1 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x5, 0x0, 0x0) close(0xffffffffffffffff) setsockopt$sock_attach_bpf(r1, 0x84, 0x6e, &(0x7f0000000000), 0x10) setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000), 0x10) 355.867435ms ago: executing program 1 (id=21274): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000140)=r2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_BSS(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4080) 235.067982ms ago: executing program 1 (id=21275): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x6, 0x31435641, 0x1ff, 0x12000000, 0x2, @discrete={0x2, 0x2}}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x40, 0x1, 0x1, 0x201, 0x0, 0x0, {0x2, 0x0, 0x9}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x99}}]}, @CTA_FILTER={0x14, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x6}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x80}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x406c450}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="780000001000010400"/20, @ANYRES32=r2, @ANYBLOB="60300300001400005800128009000100626f6e6400000000480002802c0008"], 0x78}}, 0x0) 234.407444ms ago: executing program 8 (id=21276): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f00000001c0)=0x7004, 0x4) r1 = dup(r0) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000000)="be39", 0xffeb}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}], 0xf}, 0x0) recvmmsg$unix(r1, &(0x7f00000033c0)=[{{0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000001640)=""/4096, 0x1000}], 0x1}}], 0x1, 0x40010002, 0x0) 111.561666ms ago: executing program 1 (id=21277): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000240)='.\x00', 0x60000726) r2 = fanotify_init(0x1a, 0x800) fanotify_mark(r2, 0x1, 0x40000000, r0, 0x0) fanotify_mark(r2, 0x80, 0x18, r0, 0x0) 51.565213ms ago: executing program 1 (id=21278): r0 = creat(&(0x7f0000000040)='./file0\x00', 0xe2) close(r0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, 0x0) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000180)={r2, 0x0, 0x4, 0x4, 0xa5}) 0s ago: executing program 8 (id=21279): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)={0x30, r3, 0x801, 0x70bd29, 0x0, {0x7}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x9}, @L2TP_ATTR_IFNAME={0x14}]}, 0x30}}, 0x0) kernel console output (not intermixed with test programs): d connection 11:aa:aa:aa:aa:aa [ 969.572810][T22566] Bluetooth: hci2: link tx timeout [ 969.572820][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.572920][T22566] Bluetooth: hci2: link tx timeout [ 969.572931][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.573029][T22566] Bluetooth: hci2: link tx timeout [ 969.573039][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.573138][T22566] Bluetooth: hci2: link tx timeout [ 969.573149][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.573294][T22566] Bluetooth: hci2: link tx timeout [ 969.573304][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.580801][T22566] Bluetooth: hci2: link tx timeout [ 969.580818][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.582074][T22566] Bluetooth: hci2: link tx timeout [ 969.582088][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.582197][T22566] Bluetooth: hci2: link tx timeout [ 969.582220][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.582345][T22566] Bluetooth: hci2: link tx timeout [ 969.582356][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.582665][T22566] Bluetooth: hci2: link tx timeout [ 969.582677][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.583433][T22566] Bluetooth: hci2: link tx timeout [ 969.583446][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.583554][T22566] Bluetooth: hci2: link tx timeout [ 969.583565][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.584403][T22566] Bluetooth: hci2: link tx timeout [ 969.584417][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.601093][T22566] Bluetooth: hci2: link tx timeout [ 969.601112][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.601222][T22566] Bluetooth: hci2: link tx timeout [ 969.601234][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.601499][T22566] Bluetooth: hci2: link tx timeout [ 969.601511][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.602275][T22566] Bluetooth: hci2: link tx timeout [ 969.602289][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.605052][T22566] Bluetooth: hci2: link tx timeout [ 969.605066][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.605176][T22566] Bluetooth: hci2: link tx timeout [ 969.605186][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.605289][T22566] Bluetooth: hci2: link tx timeout [ 969.605300][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.606362][T22566] Bluetooth: hci2: link tx timeout [ 969.606384][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.606569][T22566] Bluetooth: hci2: link tx timeout [ 969.606581][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.606765][T22566] Bluetooth: hci2: link tx timeout [ 969.606776][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.606877][T22566] Bluetooth: hci2: link tx timeout [ 969.606900][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.607957][T22566] Bluetooth: hci2: link tx timeout [ 969.607969][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.608139][T22566] Bluetooth: hci2: link tx timeout [ 969.608150][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.608253][T22566] Bluetooth: hci2: link tx timeout [ 969.608264][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.608365][T22566] Bluetooth: hci2: link tx timeout [ 969.608375][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.609515][T22566] Bluetooth: hci2: link tx timeout [ 969.609527][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.609634][T22566] Bluetooth: hci2: link tx timeout [ 969.609644][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.610495][T22566] Bluetooth: hci2: link tx timeout [ 969.610507][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.610612][T22566] Bluetooth: hci2: link tx timeout [ 969.610622][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.610724][T22566] Bluetooth: hci2: link tx timeout [ 969.610734][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.611483][T22566] Bluetooth: hci2: link tx timeout [ 969.611496][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.611972][T22566] Bluetooth: hci2: link tx timeout [ 969.611983][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.613108][T22566] Bluetooth: hci2: link tx timeout [ 969.613121][T22566] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 970.991729][ T6957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15609'. [ 971.272880][ T6961] IPVS: ovf: SCTP 172.20.20.187:0 - no destination available [ 971.433413][ T31] IPVS: starting estimator thread 0... [ 971.530041][ T6964] IPVS: using max 9 ests per chain, 21600 per kthread [ 971.680608][T22566] Bluetooth: hci2: command 0x0406 tx timeout [ 975.988517][ T5631] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 976.170160][ T5631] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 976.170190][ T5631] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 976.262467][ T5631] usb 2-1: config 0 descriptor?? [ 976.284056][ T5631] cp210x 2-1:0.0: cp210x converter detected [ 976.525035][ T7112] netlink: 4 bytes leftover after parsing attributes in process `syz.7.15679'. [ 976.687456][ T7114] netlink: 32 bytes leftover after parsing attributes in process `syz.3.15680'. [ 976.732804][ T5631] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 976.775708][ T5631] usb 2-1: cp210x converter now attached to ttyUSB0 [ 977.004999][ T5631] usb 2-1: USB disconnect, device number 116 [ 977.077768][ T5631] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 977.217687][ T5631] cp210x 2-1:0.0: device disconnected [ 977.293626][ T7133] netlink: 4 bytes leftover after parsing attributes in process `syz.5.15686'. [ 977.733210][ T7158] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(9) [ 977.733235][ T7158] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 977.738722][ T7158] vhci_hcd vhci_hcd.0: Device attached [ 977.757609][ T7158] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(11) [ 977.757634][ T7158] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 977.757679][ T7158] vhci_hcd vhci_hcd.0: Device attached [ 977.775401][ T7152] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 977.775426][ T7152] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 977.776270][ T7152] vhci_hcd vhci_hcd.0: Device attached [ 977.820207][ T7156] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(6) [ 977.820232][ T7156] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 977.820284][ T7156] vhci_hcd vhci_hcd.0: Device attached [ 977.879856][ T7162] vhci_hcd: connection closed [ 977.880314][ T7154] vhci_hcd: connection closed [ 977.884578][ T7165] vhci_hcd: connection closed [ 977.886309][ T7159] vhci_hcd: connection closed [ 977.894136][ T5009] vhci_hcd vhci_hcd.3: stop threads [ 977.894161][ T5009] vhci_hcd vhci_hcd.3: release socket [ 977.935339][ T5009] vhci_hcd vhci_hcd.3: disconnect device [ 977.940130][ T31] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 978.001728][ T5009] vhci_hcd vhci_hcd.3: stop threads [ 978.001750][ T5009] vhci_hcd vhci_hcd.3: release socket [ 978.001814][ T5009] vhci_hcd vhci_hcd.3: disconnect device [ 978.056622][ T31] usb 39-3: new full-speed USB device number 2 using vhci_hcd [ 978.073451][ T5009] vhci_hcd vhci_hcd.3: stop threads [ 978.073514][ T5009] vhci_hcd vhci_hcd.3: release socket [ 978.153563][ T5009] vhci_hcd vhci_hcd.3: disconnect device [ 978.166077][ T5009] vhci_hcd vhci_hcd.3: stop threads [ 978.166096][ T5009] vhci_hcd vhci_hcd.3: release socket [ 978.166183][ T5009] vhci_hcd vhci_hcd.3: disconnect device [ 978.232119][ T31] usb 39-3: enqueue for inactive port 2 [ 978.320894][ T31] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 979.203451][ T7202] netlink: 24 bytes leftover after parsing attributes in process `syz.1.15706'. [ 979.597234][ T7217] netlink: 8 bytes leftover after parsing attributes in process `syz.7.15712'. [ 979.911450][ T7223] macvlan2: entered promiscuous mode [ 979.911471][ T7223] bridge0: entered promiscuous mode [ 980.963881][ T7270] netlink: 12 bytes leftover after parsing attributes in process `syz.6.15730'. [ 981.305070][ T7284] loop8: detected capacity change from 0 to 7 [ 981.648370][ T7284] loop8: [POWERTEC] [ 981.773826][ T95] tipc: Subscription rejected, illegal request [ 982.274696][ T7311] netlink: 'syz.7.15747': attribute type 29 has an invalid length. [ 982.274955][ T7308] netlink: 'syz.7.15747': attribute type 29 has an invalid length. [ 982.276357][ T7308] netlink: 'syz.7.15747': attribute type 29 has an invalid length. [ 982.931869][ T7337] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15761'. [ 984.444244][ T5501] usb 4-1: new high-speed USB device number 120 using dummy_hcd [ 984.598727][ T7392] netlink: 52 bytes leftover after parsing attributes in process `syz.5.15785'. [ 984.617489][ T5501] usb 4-1: Using ep0 maxpacket: 8 [ 984.623422][ T5501] usb 4-1: config 0 interface 0 altsetting 144 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 984.623452][ T5501] usb 4-1: config 0 interface 0 altsetting 144 endpoint 0x81 has invalid wMaxPacketSize 0 [ 984.623473][ T5501] usb 4-1: config 0 interface 0 has no altsetting 0 [ 984.623503][ T5501] usb 4-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00 [ 984.623524][ T5501] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 984.733485][ T5501] usb 4-1: config 0 descriptor?? [ 985.191927][ T7398] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 985.192089][ T7398] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 985.211893][ T5501] hid_parser_main: 440 callbacks suppressed [ 985.211915][ T5501] smartjoyplus 0003:6666:8804.0025: unknown main item tag 0x1 [ 985.211945][ T5501] smartjoyplus 0003:6666:8804.0025: unknown main item tag 0x6 [ 985.211970][ T5501] smartjoyplus 0003:6666:8804.0025: item fetching failed at offset 4/5 [ 985.243300][ T5501] smartjoyplus 0003:6666:8804.0025: parse failed [ 985.243366][ T5501] smartjoyplus 0003:6666:8804.0025: probe with driver smartjoyplus failed with error -22 [ 985.255348][ T37] audit: type=1400 audit(1778268094.527:1004): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=7409 comm="syz.5.15792" src=65532 dest=20002 netif=wpan0 [ 985.406747][ T5501] usb 4-1: USB disconnect, device number 120 [ 985.507653][ T7398] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 985.507771][ T7398] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 985.715377][ T7421] binder: 7420:7421 ioctl 4018620d 0 returned -22 [ 985.732255][ T7398] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 985.853259][ T7398] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 985.853723][ T7398] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 986.172784][ T7428] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15800'. [ 986.896782][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 986.896848][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 987.405602][T22566] Bluetooth: hci5: command 0x0405 tx timeout [ 987.662430][T22566] Bluetooth: hci4: command 0x0c1a tx timeout [ 987.909298][ T7487] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15822'. [ 987.940595][ T7406] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 988.015144][T22566] Bluetooth: hci2: command 0x0406 tx timeout [ 988.100409][ T7406] usb 4-1: Using ep0 maxpacket: 32 [ 988.102534][ T7406] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 988.102565][ T7406] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 988.102600][ T7406] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 988.102622][ T7406] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 988.156323][ T7406] usb 4-1: config 0 descriptor?? [ 988.159680][ T7406] hub 4-1:0.0: USB hub found [ 988.394218][ T7406] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 988.846151][ T7406] hid-generic 0003:046D:C31C.0026: item fetching failed at offset 0/1 [ 988.864241][ T7406] hid-generic 0003:046D:C31C.0026: probe with driver hid-generic failed with error -22 [ 989.211407][ T7524] netlink: 'syz.7.15834': attribute type 3 has an invalid length. [ 989.211430][ T7524] netlink: 13435 bytes leftover after parsing attributes in process `syz.7.15834'. [ 989.276832][ T7406] usb 4-1: USB disconnect, device number 121 [ 989.580836][ T7530] ipvlan2: entered promiscuous mode [ 989.611282][ T7530] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 989.629702][T22566] Bluetooth: hci5: command 0x0405 tx timeout [ 989.885703][T22566] Bluetooth: hci4: command 0x0c1a tx timeout [ 990.227853][T22566] Bluetooth: hci2: command 0x0406 tx timeout [ 990.887905][ T37] audit: type=1400 audit(1778268099.812:1005): lsm=SMACK fn=smack_task_setioprio action=denied subject="w" object="_" requested=w pid=7568 comm="syz.5.15847" opid=31500 ocomm="syz-executor" [ 991.097352][ T7575] program syz.5.15849 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 991.824043][ T7594] netlink: 24 bytes leftover after parsing attributes in process `syz.6.15854'. [ 992.110609][T22566] Bluetooth: hci4: command 0x0c1a tx timeout [ 992.537945][ T5009] wlan1: Trigger new scan to find an IBSS to join [ 993.963034][ T7658] pimreg: tun_chr_ioctl cmd 2147767517 [ 995.249313][ T37] audit: type=1800 audit(1778268103.881:1006): pid=7670 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.15875" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 995.289030][ T7670] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 995.289072][ T7670] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 995.289090][ T7670] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 995.853799][ T7670] syz.5.15875 (7670) used greatest stack depth: 18296 bytes left [ 996.094327][ T7709] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 997.930196][ T6180] wlan1: Trigger new scan to find an IBSS to join [ 998.093246][ T7771] netlink: 8 bytes leftover after parsing attributes in process `syz.7.15916'. [ 998.371941][ T7773] netlink: 'syz.5.15917': attribute type 12 has an invalid length. [ 998.371962][ T7773] netlink: 'syz.5.15917': attribute type 29 has an invalid length. [ 998.371974][ T7773] netlink: 148 bytes leftover after parsing attributes in process `syz.5.15917'. [ 999.284140][ T3456] wlan1: Creating new IBSS network, BSSID 6e:03:ba:4c:40:91 [ 999.785558][ T5501] usb 2-1: new full-speed USB device number 117 using dummy_hcd [ 999.965434][ T5501] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 999.965467][ T5501] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 999.965504][ T5501] usb 2-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 999.965525][ T5501] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 999.972561][ T5501] usb 2-1: config 0 descriptor?? [ 1000.110007][ T7821] batadv0: entered promiscuous mode [ 1000.151182][ T7821] batadv0: left promiscuous mode [ 1000.443736][ T5501] wacom 0003:056A:5000.0027: unknown main item tag 0x0 [ 1000.443774][ T5501] wacom 0003:056A:5000.0027: unknown main item tag 0x0 [ 1000.443800][ T5501] wacom 0003:056A:5000.0027: unknown main item tag 0x0 [ 1000.443826][ T5501] wacom 0003:056A:5000.0027: unknown main item tag 0x0 [ 1000.443850][ T5501] wacom 0003:056A:5000.0027: unknown main item tag 0x0 [ 1000.443876][ T5501] wacom 0003:056A:5000.0027: unknown main item tag 0x0 [ 1000.443902][ T5501] wacom 0003:056A:5000.0027: unknown main item tag 0x0 [ 1000.443928][ T5501] wacom 0003:056A:5000.0027: unknown main item tag 0x0 [ 1000.443954][ T5501] wacom 0003:056A:5000.0027: unknown main item tag 0x0 [ 1000.443979][ T5501] wacom 0003:056A:5000.0027: unknown main item tag 0x0 [ 1000.444797][ T5501] wacom 0003:056A:5000.0027: unexpected long global item [ 1000.469952][ T5501] wacom 0003:056A:5000.0027: parse failed [ 1000.470059][ T5501] wacom 0003:056A:5000.0027: probe with driver wacom failed with error -22 [ 1000.685450][ T5501] usb 2-1: USB disconnect, device number 117 [ 1001.155129][ T7853] netlink: 216 bytes leftover after parsing attributes in process `syz.6.15954'. [ 1001.155151][ T7853] netlink: 24 bytes leftover after parsing attributes in process `syz.6.15954'. [ 1001.497793][ T7870] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15960'. [ 1001.694341][ T7878] netlink: 24 bytes leftover after parsing attributes in process `syz.1.15964'. [ 1001.885929][ T7889] netlink: 108 bytes leftover after parsing attributes in process `syz.1.15969'. [ 1002.615962][ T7919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15984'. [ 1003.540406][ T7958] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16001'. [ 1005.297097][ T8025] netlink: 12 bytes leftover after parsing attributes in process `syz.7.16033'. [ 1006.362406][ T8056] netlink: 8 bytes leftover after parsing attributes in process `syz.6.16046'. [ 1006.503000][ T8062] netlink: 43 bytes leftover after parsing attributes in process `syz.6.16050'. [ 1007.198241][ T8081] netem: change failed [ 1007.501975][ T8094] __vm_enough_memory: pid: 8094, comm: syz.6.16064, bytes: 21199687254016 not enough memory for the allocation [ 1007.957251][ T8116] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1007.957282][ T8116] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1008.005582][ T8117] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1008.186282][ T8126] netlink: 'syz.1.16078': attribute type 1 has an invalid length. [ 1008.186304][ T8126] netlink: 44 bytes leftover after parsing attributes in process `syz.1.16078'. [ 1008.348462][ C1] sd 0:0:1:0: [sda] tag#9622 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1008.348542][ C1] sd 0:0:1:0: [sda] tag#9622 CDB: Read(6) 08 00 bb 00 00 00 00 00 00 00 00 00 [ 1009.043569][ T5501] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 1009.209271][ T5501] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1009.209316][ T5501] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1009.209339][ T5501] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1009.209360][ T5501] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1009.215620][ T5501] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1009.215647][ T5501] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1009.215665][ T5501] usb 4-1: Manufacturer: syz [ 1009.313827][ T5501] usb 4-1: config 0 descriptor?? [ 1009.760053][ T5501] hid_parser_main: 63 callbacks suppressed [ 1009.760077][ T5501] appleir 0003:05AC:8243.0028: unknown main item tag 0x0 [ 1009.863272][ T5501] appleir 0003:05AC:8243.0028: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 1010.162443][ T8180] tun0: tun_chr_ioctl cmd 1074025684 [ 1010.264649][ T5501] usb 4-1: USB disconnect, device number 122 [ 1011.126346][ T8208] netlink: 36 bytes leftover after parsing attributes in process `syz.6.16114'. [ 1011.126369][ T8208] netlink: 24 bytes leftover after parsing attributes in process `syz.6.16114'. [ 1011.496175][ T8224] netlink: 28 bytes leftover after parsing attributes in process `syz.1.16121'. [ 1011.496209][ T8224] netlink: 28 bytes leftover after parsing attributes in process `syz.1.16121'. [ 1011.630962][ T820] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 1011.711373][ T8237] netlink: 40 bytes leftover after parsing attributes in process `syz.3.16128'. [ 1011.790801][ T820] usb 6-1: Using ep0 maxpacket: 32 [ 1011.794969][ T820] usb 6-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1011.794996][ T820] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1011.827963][ T820] usb 6-1: config 0 descriptor?? [ 1011.856172][ T820] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 1012.713984][ T820] gspca_vc032x: reg_w err -71 [ 1012.714015][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714021][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714027][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714031][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714036][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714040][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714045][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714049][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714054][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714058][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714062][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714067][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714071][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714076][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714080][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714084][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714089][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714093][ T820] gspca_vc032x: I2c Bus Busy Wait 00 [ 1012.714100][ T820] gspca_vc032x: Unknown sensor... [ 1012.714152][ T820] vc032x 6-1:0.0: probe with driver vc032x failed with error -22 [ 1012.718102][ T820] usb 6-1: USB disconnect, device number 25 [ 1013.605856][ T8279] tap0: tun_chr_ioctl cmd 35111 [ 1014.263472][ T5723] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 1014.431595][ T5723] usb 2-1: Using ep0 maxpacket: 8 [ 1014.433912][ T5723] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 1014.433936][ T5723] usb 2-1: config 0 has no interface number 0 [ 1014.433981][ T5723] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1014.434003][ T5723] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1014.434027][ T5723] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1014.434050][ T5723] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1014.434088][ T5723] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1014.434110][ T5723] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1014.519228][T22566] Bluetooth: hci2: SCO packet for unknown connection handle 200 [ 1014.529067][ T5723] usb 2-1: config 0 descriptor?? [ 1014.555034][ T5723] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1014.680275][ T6386] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 1014.757366][ T5501] usb 2-1: USB disconnect, device number 118 [ 1014.792299][ T5501] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 1014.837652][ T6386] usb 4-1: Using ep0 maxpacket: 16 [ 1014.843025][ T6386] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1014.843055][ T6386] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1014.843093][ T6386] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1014.843113][ T6386] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1014.898489][ T6386] usb 4-1: config 0 descriptor?? [ 1015.379824][ T6386] HID 045e:07da: Invalid code 65791 type 1 [ 1015.411332][ T6386] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0029/input/input50 [ 1015.529791][ T6386] microsoft 0003:045E:07DA.0029: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 1015.678621][ C1] usb 4-1: input irq status -75 received [ 1015.898524][ T6386] usb 4-1: USB disconnect, device number 123 [ 1015.974760][T26958] udevd[26958]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 1016.819664][ T8371] netlink: 'syz.3.16190': attribute type 9 has an invalid length. [ 1019.894325][ T8504] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1019.894365][ T8504] IPv6: NLM_F_CREATE should be set when creating new route [ 1019.894393][ T8504] IPv6: NLM_F_CREATE should be set when creating new route [ 1019.898424][ T8504] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1020.131266][ T8514] netlink: 316 bytes leftover after parsing attributes in process `syz.3.16259'. [ 1020.801570][ T8549] netlink: 36 bytes leftover after parsing attributes in process `syz.5.16276'. [ 1020.815244][ T8549] netlink: 220 bytes leftover after parsing attributes in process `syz.5.16276'. [ 1021.335477][ T8567] Bluetooth: MGMT ver 1.23 [ 1021.605344][ T5501] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1021.767697][ T5501] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1021.767724][ T5501] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1021.787436][ T5501] usb 6-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 1.00 [ 1021.787463][ T5501] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1021.787481][ T5501] usb 6-1: Product: syz [ 1021.787493][ T5501] usb 6-1: Manufacturer: syz [ 1021.787506][ T5501] usb 6-1: SerialNumber: syz [ 1021.907868][ T5501] usb 6-1: config 0 descriptor?? [ 1022.114813][ T8586] nbd1: detected capacity change from 0 to 127 [ 1022.161232][ T8573] netlink: 16 bytes leftover after parsing attributes in process `syz.5.16287'. [ 1022.183169][T22566] block nbd1: Receive control failed (result -32) [ 1022.219856][ T5505] usb 6-1: USB disconnect, device number 26 [ 1022.243668][T26958] block nbd1: Send control failed (result -32) [ 1022.243818][T26958] block nbd1: Request send failed, requeueing [ 1022.322638][ T367] block nbd1: Dead connection, failed to find a fallback [ 1022.322665][ T367] block nbd1: shutting down sockets [ 1022.322870][ T367] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1022.322992][ T367] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1022.323621][T26958] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1022.323645][T26958] Buffer I/O error on dev nbd1, logical block 1, async page read [ 1022.324046][T26958] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1022.324065][T26958] Buffer I/O error on dev nbd1, logical block 2, async page read [ 1022.324185][T26958] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1022.324202][T26958] Buffer I/O error on dev nbd1, logical block 3, async page read [ 1022.324328][T26958] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1022.324346][T26958] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1022.324470][T26958] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1022.324487][T26958] Buffer I/O error on dev nbd1, logical block 1, async page read [ 1022.324588][T26958] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1022.324604][T26958] Buffer I/O error on dev nbd1, logical block 2, async page read [ 1022.324706][T26958] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1022.324722][T26958] Buffer I/O error on dev nbd1, logical block 3, async page read [ 1022.324843][T26958] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1022.324861][T26958] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1022.324966][T26958] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1022.324981][T26958] Buffer I/O error on dev nbd1, logical block 1, async page read [ 1022.328135][T26958] ldm_validate_partition_table(): Disk read failed. [ 1022.330337][T26958] Dev nbd1: unable to read RDB block 0 [ 1022.538082][T26958] nbd1: unable to read partition table [ 1022.565284][T26958] ldm_validate_partition_table(): Disk read failed. [ 1022.579144][T26958] Dev nbd1: unable to read RDB block 0 [ 1022.581575][T26958] nbd1: unable to read partition table [ 1023.666144][ T8644] netlink: 8 bytes leftover after parsing attributes in process `syz.6.16320'. [ 1023.880190][ T8657] vxcan1: tx address claim with dest, not broadcast [ 1024.391702][ T8680] netlink: 212340 bytes leftover after parsing attributes in process `syz.5.16336'. [ 1024.391804][ T8680] openvswitch: netlink: Message has 16 unknown bytes. [ 1024.709641][ T8691] netlink: 24 bytes leftover after parsing attributes in process `syz.5.16341'. [ 1025.076481][ T8703] netlink: 4 bytes leftover after parsing attributes in process `syz.6.16347'. [ 1025.329275][ T8713] netlink: 16 bytes leftover after parsing attributes in process `syz.3.16352'. [ 1026.092356][ T8745] netlink: 108 bytes leftover after parsing attributes in process `syz.3.16367'. [ 1026.153945][ T8746] ALSA: mixer_oss: invalid OSS volume 'MONITO' [ 1026.198338][ T37] audit: type=1400 audit(1778268132.841:1007): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=8747 comm="syz.6.16369" dest=20000 netif=wpan0 [ 1026.574161][ T8754] input: syz1 as /devices/virtual/input/input53 [ 1028.036153][ T8811] syz_tun: entered allmulticast mode [ 1028.359244][ T5723] IPVS: starting estimator thread 0... [ 1028.446945][ T8823] IPVS: using max 9 ests per chain, 21600 per kthread [ 1028.922396][ T8851] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1029.108942][ T8862] bridge0: port 3(erspan0) entered blocking state [ 1029.109160][ T8862] bridge0: port 3(erspan0) entered disabled state [ 1029.209788][ T8862] erspan0: entered allmulticast mode [ 1029.256581][ T8862] erspan0: entered promiscuous mode [ 1029.258290][ T8862] bridge0: port 3(erspan0) entered blocking state [ 1029.258403][ T8862] bridge0: port 3(erspan0) entered listening state [ 1029.449515][ T31] kernel read not supported for file /media4 (pid: 31 comm: kworker/1:0) [ 1030.766968][ T4752] Bluetooth: hci2: command 0x0406 tx timeout [ 1031.449309][ T3456] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1032.008209][ T8980] bond2: entered promiscuous mode [ 1034.847983][ T9101] binder: 9100:9101 unknown command 64 [ 1034.848004][ T9101] binder: 9100:9101 ioctl c0306201 200000000440 returned -22 [ 1037.352405][T22566] Bluetooth: hci2: command 0x0406 tx timeout [ 1038.460930][ T5723] kernel write not supported for file /523/uid_map (pid: 5723 comm: kworker/1:3) [ 1041.665457][ T9356] kvm: kvm [9354]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0x8000000000000 [ 1045.409476][ T9499] netlink: 32 bytes leftover after parsing attributes in process `syz.7.16723'. [ 1045.738323][ C1] bridge0: port 3(erspan0) entered learning state [ 1046.616640][ T9545] kAFS: unable to lookup cell 'a))) [ 1046.616640][ T9545] driver ' [ 1046.785251][ T9551] program syz.7.16747 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1048.075907][ T9606] netlink: 12 bytes leftover after parsing attributes in process `syz.7.16773'. [ 1048.075951][ T9606] netem: incorrect gi model size [ 1048.075979][ T9606] netem: change failed [ 1048.274552][ T9614] netlink: 140 bytes leftover after parsing attributes in process `syz.6.16777'. [ 1048.890214][ C1] sd 0:0:1:0: [sda] tag#9659 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1048.890305][ C1] sd 0:0:1:0: [sda] tag#9659 CDB: Write(6) 0a 00 4e 22 00 00 [ 1049.540671][ T9668] netlink: 24 bytes leftover after parsing attributes in process `syz.7.16802'. [ 1050.638411][ T9716] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16826'. [ 1051.777599][ T9756] netlink: 16 bytes leftover after parsing attributes in process `syz.3.16842'. [ 1052.626445][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 1052.626513][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 1052.853476][ T5501] usb 4-1: new full-speed USB device number 124 using dummy_hcd [ 1053.020105][ T5501] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1053.021521][ T5501] usb 4-1: not running at top speed; connect to a high speed hub [ 1053.023181][ T5501] usb 4-1: config 6 has an invalid interface number: 115 but max is 0 [ 1053.023205][ T5501] usb 4-1: config 6 has no interface number 0 [ 1053.023249][ T5501] usb 4-1: config 6 interface 115 has no altsetting 0 [ 1053.064681][ T5501] usb 4-1: Dual-Role OTG device on HNP port [ 1053.065012][ T5501] usb 4-1: New USB device found, idVendor=15c2, idProduct=0034, bcdDevice=f4.e6 [ 1053.065042][ T5501] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1053.065060][ T5501] usb 4-1: Product: syz [ 1053.065073][ T5501] usb 4-1: Manufacturer: syz [ 1053.065085][ T5501] usb 4-1: SerialNumber: syz [ 1053.364950][ T5501] imon 4-1:6.115: unable to register, err -19 [ 1053.394516][ T5501] usb 4-1: USB disconnect, device number 124 [ 1054.556158][ T9858] netlink: 4 bytes leftover after parsing attributes in process `syz.6.16891'. [ 1054.741763][ T9866] sctp: [Deprecated]: syz.5.16895 (pid 9866) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1054.741763][ T9866] Use struct sctp_sack_info instead [ 1056.779478][ T9969] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16945'. [ 1056.780168][ T9969] netem: invalid attributes len -10 [ 1056.780182][ T9969] netem: change failed [ 1058.369597][ T31] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 1058.459567][ T31] hid-generic 0000:0000:0000.002A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1058.665938][T10053] netlink: 40 bytes leftover after parsing attributes in process `syz.3.16983'. [ 1058.896694][T10060] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 1058.896906][T10060] syzkaller1: linktype set to 774 [ 1059.143300][T10064] netlink: 'syz.3.16986': attribute type 29 has an invalid length. [ 1059.143741][T10061] netlink: 'syz.3.16986': attribute type 29 has an invalid length. [ 1059.144141][T10066] netlink: 'syz.3.16986': attribute type 29 has an invalid length. [ 1061.456076][T10174] netlink: 4 bytes leftover after parsing attributes in process `syz.5.17042'. [ 1061.456105][T10174] netlink: 5 bytes leftover after parsing attributes in process `syz.5.17042'. [ 1061.952016][T10194] netlink: 20 bytes leftover after parsing attributes in process `syz.3.17048'. [ 1062.154279][ C1] bridge0: port 3(erspan0) entered forwarding state [ 1062.154301][ C1] bridge0: topology change detected, propagating [ 1062.407791][T10221] netlink: 72 bytes leftover after parsing attributes in process `syz.3.17062'. [ 1062.407810][T10221] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17062'. [ 1062.407818][T10221] netlink: 20 bytes leftover after parsing attributes in process `syz.3.17062'. [ 1063.980146][T10294] tipc: Started in network mode [ 1063.980176][T10294] tipc: Node identity ac141441, cluster identity 4711 [ 1064.042441][T10296] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17099'. [ 1064.084728][T10294] tipc: Enabling of bearer rejected, failed to enable media [ 1064.400523][T10310] netlink: 12 bytes leftover after parsing attributes in process `syz.5.17106'. [ 1064.617316][ T1182] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1067.057275][T10451] bridge0: port 2(bridge_slave_1) entered disabled state [ 1067.420425][T10470] netlink: 8 bytes leftover after parsing attributes in process `syz.7.17181'. [ 1067.420636][T10470] netlink: 'syz.7.17181': attribute type 1 has an invalid length. [ 1067.420651][T10470] netlink: 'syz.7.17181': attribute type 2 has an invalid length. [ 1068.940761][T10555] program syz.3.17221 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1069.804369][T10599] netlink: 16 bytes leftover after parsing attributes in process `syz.3.17243'. [ 1069.804409][T10599] netlink: 16 bytes leftover after parsing attributes in process `syz.3.17243'. [ 1070.213193][T10619] syzkaller1: tun_chr_ioctl cmd 1074025673 [ 1070.360019][T10631] netlink: 'syz.3.17258': attribute type 1 has an invalid length. [ 1070.360039][T10631] netlink: 16 bytes leftover after parsing attributes in process `syz.3.17258'. [ 1070.643142][ T37] audit: type=1400 audit(1778268174.439:1008): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=10643 comm="syz.7.17265" saddr=0.0.3.0 daddr=224.0.0.1 netif=wpan0 [ 1070.674042][T10647] netlink: 'syz.3.17266': attribute type 9 has an invalid length. [ 1071.053090][T10662] netlink: 252 bytes leftover after parsing attributes in process `syz.7.17273'. [ 1071.254513][ T37] audit: type=1400 audit(1778268175.009:1009): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=10669 comm="syz.7.17276" src=20004 dest=20000 netif=wpan0 [ 1072.438935][T10719] netlink: 'syz.6.17301': attribute type 10 has an invalid length. [ 1072.505791][T10719] syz_tun: entered promiscuous mode [ 1072.597582][T10719] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1072.782073][T10730] binder: 10729:10730 ioctl c018620c 200000000240 returned -1 [ 1073.146410][T10747] netlink: 'syz.3.17314': attribute type 29 has an invalid length. [ 1073.146802][T10742] netlink: 'syz.3.17314': attribute type 29 has an invalid length. [ 1073.151460][T10742] netlink: 'syz.3.17314': attribute type 29 has an invalid length. [ 1073.253079][T10751] misc userio: Begin command sent, but we're already running [ 1073.626442][T10764] dvmrp0: left allmulticast mode [ 1074.206346][T10789] netlink: 20 bytes leftover after parsing attributes in process `syz.7.17334'. [ 1075.798758][T10860] netlink: 'syz.7.17368': attribute type 16 has an invalid length. [ 1075.798781][T10860] netlink: 'syz.7.17368': attribute type 17 has an invalid length. [ 1075.873633][T10860] bridge0: port 1(bridge_slave_0) entered disabled state [ 1076.450993][T10886] netlink: 8 bytes leftover after parsing attributes in process `syz.7.17380'. [ 1077.333536][T10930] tap0: tun_chr_ioctl cmd 1074025677 [ 1077.333725][T10930] tap0: linktype set to 769 [ 1077.572841][T10939] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1077.869804][ T5501] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 1078.032897][ T5501] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 1078.032926][ T5501] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1078.061595][ T5501] usb 4-1: config 0 descriptor?? [ 1078.084639][ T5501] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 1078.519588][ T5501] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 1078.952155][ T5501] gspca_cpia1: usb_control_msg 02, error -71 [ 1078.952490][ T5501] gspca_cpia1: usb_control_msg 05, error -71 [ 1078.952505][ T5501] cpia1 4-1:0.0: unexpected systemstate: 00 [ 1078.979269][ T5501] usb 4-1: USB disconnect, device number 125 [ 1079.996954][ T5723] usb 4-1: new high-speed USB device number 126 using dummy_hcd [ 1080.161368][ T5723] usb 4-1: config 0 has an invalid interface number: 176 but max is 0 [ 1080.161395][ T5723] usb 4-1: config 0 has no interface number 0 [ 1080.161424][ T5723] usb 4-1: config 0 interface 176 has no altsetting 0 [ 1080.163822][ T5723] usb 4-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55 [ 1080.163848][ T5723] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1080.163860][ T5723] usb 4-1: Product: syz [ 1080.163867][ T5723] usb 4-1: Manufacturer: syz [ 1080.163874][ T5723] usb 4-1: SerialNumber: syz [ 1080.178976][ T5723] usb 4-1: config 0 descriptor?? [ 1080.446200][ T5723] gspca_main: sonixb-2.14.0 probing 0c45:6005 [ 1080.446723][ T5723] sonixb 4-1:0.176: Error reading register 00: -71 [ 1080.453543][ T5723] usb 4-1: USB disconnect, device number 126 [ 1081.809645][T11122] netlink: 20 bytes leftover after parsing attributes in process `syz.3.17492'. [ 1082.052546][ T5723] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 1082.214893][ T5723] usb 6-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 1082.214923][ T5723] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1082.214942][ T5723] usb 6-1: Product: syz [ 1082.214954][ T5723] usb 6-1: Manufacturer: syz [ 1082.214968][ T5723] usb 6-1: SerialNumber: syz [ 1082.260565][ T5723] usb 6-1: config 0 descriptor?? [ 1082.284074][ T5723] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 1083.172465][ T5723] gspca_stk1135: reg_w 0x5 err -71 [ 1083.173681][ T5723] gspca_stk1135: serial bus timeout: status=0x00 [ 1083.173694][ T5723] gspca_stk1135: Sensor write failed [ 1083.173718][ T5723] gspca_stk1135: serial bus timeout: status=0x00 [ 1083.173727][ T5723] gspca_stk1135: Sensor write failed [ 1083.173752][ T5723] gspca_stk1135: serial bus timeout: status=0x00 [ 1083.173760][ T5723] gspca_stk1135: Sensor read failed [ 1083.173784][ T5723] gspca_stk1135: serial bus timeout: status=0x00 [ 1083.173800][ T5723] gspca_stk1135: Sensor read failed [ 1083.173807][ T5723] gspca_stk1135: Detected sensor type unknown (0x0) [ 1083.173835][ T5723] gspca_stk1135: serial bus timeout: status=0x00 [ 1083.173844][ T5723] gspca_stk1135: Sensor read failed [ 1083.173867][ T5723] gspca_stk1135: serial bus timeout: status=0x00 [ 1083.173875][ T5723] gspca_stk1135: Sensor read failed [ 1083.173898][ T5723] gspca_stk1135: serial bus timeout: status=0x00 [ 1083.173906][ T5723] gspca_stk1135: Sensor write failed [ 1083.173927][ T5723] gspca_stk1135: serial bus timeout: status=0x00 [ 1083.173936][ T5723] gspca_stk1135: Sensor write failed [ 1083.174028][ T5723] stk1135 6-1:0.0: probe with driver stk1135 failed with error -71 [ 1083.189917][ T5723] usb 6-1: USB disconnect, device number 27 [ 1083.361192][T11166] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1083.559040][T11172] netlink: 'syz.3.17518': attribute type 10 has an invalid length. [ 1084.004621][T11201] netlink: 8 bytes leftover after parsing attributes in process `syz.5.17532'. [ 1084.340679][T11221] pimreg: tun_chr_ioctl cmd 1074025672 [ 1084.340701][T11221] pimreg: ignored: set checksum enabled [ 1084.674505][T11241] netlink: 8 bytes leftover after parsing attributes in process `syz.5.17552'. [ 1084.674540][T11241] netlink: 8 bytes leftover after parsing attributes in process `syz.5.17552'. [ 1085.053337][T11261] binder: 11259:11261 ioctl c0306201 2000000001c0 returned -11 [ 1087.128823][T11381] netlink: 16 bytes leftover after parsing attributes in process `syz.5.17620'. [ 1087.251309][ T5723] kernel read not supported for file /rfkill (pid: 5723 comm: kworker/1:3) [ 1088.575875][T11440] netlink: 8 bytes leftover after parsing attributes in process `syz.7.17647'. [ 1089.653644][T11485] tipc: New replicast peer: 255.255.255.255 [ 1089.653888][T11485] tipc: Enabled bearer , priority 10 [ 1091.010221][T11547] netlink: 36 bytes leftover after parsing attributes in process `syz.6.17696'. [ 1091.363128][T11562] netlink: 64 bytes leftover after parsing attributes in process `syz.3.17704'. [ 1091.957543][T11592] netlink: 80 bytes leftover after parsing attributes in process `syz.7.17719'. [ 1091.957576][T11592] netlink: 24 bytes leftover after parsing attributes in process `syz.7.17719'. [ 1093.410009][T11650] netlink: 'syz.3.17746': attribute type 10 has an invalid length. [ 1093.640839][T11650] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1093.988571][T11671] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1094.041786][T11675] netlink: 'syz.5.17757': attribute type 12 has an invalid length. [ 1094.041809][T11675] netlink: 128 bytes leftover after parsing attributes in process `syz.5.17757'. [ 1094.145740][ T3456] wlan1: Trigger new scan to find an IBSS to join [ 1094.188888][T11683] netlink: 8 bytes leftover after parsing attributes in process `syz.5.17762'. [ 1094.886165][T11714] netlink: 8 bytes leftover after parsing attributes in process `syz.6.17776'. [ 1095.915517][ T5723] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 1096.077061][ T5723] usb 6-1: Using ep0 maxpacket: 8 [ 1096.080259][ T5723] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 36, changing to 7 [ 1096.080302][ T5723] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 243, changing to 7 [ 1096.115240][ T5723] usb 6-1: New USB device found, idVendor=17cc, idProduct=1011, bcdDevice= 0.40 [ 1096.115269][ T5723] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1096.115285][ T5723] usb 6-1: Product: syz [ 1096.115299][ T5723] usb 6-1: Manufacturer: syz [ 1096.115310][ T5723] usb 6-1: SerialNumber: syz [ 1096.345080][T11778] netlink: 8 bytes leftover after parsing attributes in process `syz.6.17805'. [ 1096.391032][ T5723] usb 6-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1096.395067][ T5723] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1096.397489][ T5723] usb 6-1: unable to issue vendor read request (ret = -71) [ 1096.398620][ T5723] usb 6-1: unable to issue vendor read request (ret = -71) [ 1096.401538][ T5723] usb 6-1: unable to issue vendor read request (ret = -71) [ 1096.402125][ T5723] usb 6-1: unable to issue vendor read request (ret = -71) [ 1096.624431][ T5723] usb 6-1: USB disconnect, device number 28 [ 1096.767214][T26958] udevd[26958]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1097.363477][T11820] netlink: 'syz.7.17827': attribute type 83 has an invalid length. [ 1097.464630][T11824] team0: No ports can be present during mode change [ 1097.687352][T11833] netlink: 'syz.3.17833': attribute type 2 has an invalid length. [ 1099.451073][ T4832] wlan1: Trigger new scan to find an IBSS to join [ 1099.490804][T11904] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1099.492328][T11904] bridge_slave_0: left allmulticast mode [ 1099.492358][T11904] bridge_slave_0: left promiscuous mode [ 1099.512686][T11904] bridge0: port 1(bridge_slave_0) entered disabled state [ 1099.554317][T11912] netlink: 216 bytes leftover after parsing attributes in process `syz.3.17870'. [ 1099.554339][T11912] netlink: 'syz.3.17870': attribute type 2 has an invalid length. [ 1099.683041][T11915] 8021q: adding VLAN 0 to HW filter on device macsec1 [ 1099.683942][ T31] netdevsim netdevsim7 netdevsim0: entered promiscuous mode [ 1100.506538][ T1182] wlan1: Creating new IBSS network, BSSID de:4a:7f:d5:47:24 [ 1100.528736][T11949] netlink: 'syz.6.17886': attribute type 29 has an invalid length. [ 1100.528758][T11949] netlink: 8 bytes leftover after parsing attributes in process `syz.6.17886'. [ 1100.530718][T11949] netlink: 'syz.6.17886': attribute type 29 has an invalid length. [ 1100.530737][T11949] netlink: 8 bytes leftover after parsing attributes in process `syz.6.17886'. [ 1100.660305][T11956] sock: sock_set_timeout: `syz.3.17890' (pid 11956) tries to set negative timeout [ 1102.532889][ T6386] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 1102.769387][ T6386] usb 6-1: Using ep0 maxpacket: 8 [ 1102.771706][ T6386] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1102.771750][ T6386] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 1102.771800][ T6386] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1102.771826][ T6386] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1102.771850][ T6386] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1102.771873][ T6386] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1102.771898][ T6386] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 1102.771923][ T6386] usb 6-1: config 168 interface 0 has no altsetting 0 [ 1102.773016][ T6386] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1102.773050][ T6386] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 1102.773093][ T6386] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1102.773119][ T6386] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1102.773142][ T6386] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1102.773166][ T6386] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1102.773190][ T6386] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 1102.773215][ T6386] usb 6-1: config 168 interface 0 has no altsetting 0 [ 1102.774494][ T6386] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1102.774529][ T6386] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 1102.774566][ T6386] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1102.774592][ T6386] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1102.776393][ T6386] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1102.776423][ T6386] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1102.776449][ T6386] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 1102.776474][ T6386] usb 6-1: config 168 interface 0 has no altsetting 0 [ 1102.870174][ T6386] usb 6-1: string descriptor 0 read error: -22 [ 1102.870338][ T6386] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1102.870359][ T6386] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1102.918454][ T6386] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1103.231471][ T6386] usb 6-1: USB disconnect, device number 29 [ 1103.325259][T12058] netlink: 212340 bytes leftover after parsing attributes in process `syz.3.17938'. [ 1103.325358][T12058] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 1103.426013][T12061] netlink: 'syz.3.17941': attribute type 1 has an invalid length. [ 1104.382278][ T5501] usb 4-1: new high-speed USB device number 127 using dummy_hcd [ 1104.545577][ T5501] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1104.545610][ T5501] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1104.545647][ T5501] usb 4-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01 [ 1104.545668][ T5501] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1104.598116][ T5501] usb 4-1: config 0 descriptor?? [ 1105.070712][ T5501] arvo 0003:1E7D:30D4.002B: item fetching failed at offset 6/7 [ 1105.071327][ T5501] arvo 0003:1E7D:30D4.002B: parse failed [ 1105.071387][ T5501] arvo 0003:1E7D:30D4.002B: probe with driver arvo failed with error -22 [ 1105.297717][ T5501] usb 4-1: USB disconnect, device number 127 [ 1106.122234][T12187] netlink: 500 bytes leftover after parsing attributes in process `syz.3.18000'. [ 1106.122263][T12187] netlink: 500 bytes leftover after parsing attributes in process `syz.3.18000'. [ 1107.003609][T12230] netpci0: tun_chr_ioctl cmd 1074025681 [ 1107.585591][T12254] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 1107.646412][T12255] tap0: tun_chr_ioctl cmd 1074025680 [ 1108.515103][ T4752] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 1109.310831][ T5723] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 1109.481718][ T5723] usb 4-1: Using ep0 maxpacket: 16 [ 1109.484202][ T5723] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1109.484228][ T5723] usb 4-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 1109.484249][ T5723] usb 4-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1109.484274][ T5723] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1109.487502][ T5723] usb 4-1: New USB device found, idVendor=0521, idProduct=b1a8, bcdDevice= 0.40 [ 1109.487527][ T5723] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1109.487545][ T5723] usb 4-1: Product: syz [ 1109.487558][ T5723] usb 4-1: Manufacturer: syz [ 1109.487571][ T5723] usb 4-1: SerialNumber: syz [ 1109.812736][ T5723] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 255 proto 1 vid 0x0521 pid 0xB1A8 [ 1109.966070][T12359] netlink: 64859 bytes leftover after parsing attributes in process `syz.6.18082'. [ 1110.038265][ T5501] usb 4-1: USB disconnect, device number 2 [ 1110.073776][ T5501] usblp0: removed [ 1111.361403][T12411] input: syz1 as /devices/virtual/input/input54 [ 1111.638370][T12427] netlink: 'syz.6.18111': attribute type 29 has an invalid length. [ 1111.659580][T12424] netlink: 'syz.6.18111': attribute type 29 has an invalid length. [ 1111.666386][T12424] netlink: 'syz.6.18111': attribute type 29 has an invalid length. [ 1112.117219][T12446] vxcan1: tx address claim with dlc 0 [ 1112.724643][T12466] : hsr_addr_subst_dest: Unknown node [ 1112.765127][T12466] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1113.802942][T12507] netlink: 4 bytes leftover after parsing attributes in process `syz.7.18152'. [ 1115.479071][ T5505] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 1115.571868][ T6180] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1115.705313][ T5505] usb 6-1: Using ep0 maxpacket: 32 [ 1115.708753][ T5505] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 1115.708778][ T5505] usb 6-1: config 0 has no interface number 0 [ 1115.713068][ T5505] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1115.713094][ T5505] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1115.713113][ T5505] usb 6-1: Product: syz [ 1115.713126][ T5505] usb 6-1: Manufacturer: syz [ 1115.713138][ T5505] usb 6-1: SerialNumber: syz [ 1115.755750][ T5505] usb 6-1: config 0 descriptor?? [ 1115.784934][ T5505] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1115.836800][ T6180] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1115.836973][ T6180] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1115.837009][ T6180] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1116.022156][ T5505] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1116.199589][ T5505] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1116.438707][ C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1116.439423][ T5505] usb 6-1: USB disconnect, device number 30 [ 1116.524408][ T5505] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1116.565726][ T5505] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1116.574057][ T5505] quatech2 6-1:0.51: device disconnected [ 1118.181537][T12684] netlink: 8 bytes leftover after parsing attributes in process `syz.6.18237'. [ 1118.262111][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 1118.262177][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 1118.421381][T12696] blkio.reset_stats is deprecated [ 1119.933340][T12763] netlink: 104 bytes leftover after parsing attributes in process `syz.7.18273'. [ 1120.063443][T12768] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1120.239480][T12768] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1120.563798][T12786] netlink: 64859 bytes leftover after parsing attributes in process `syz.7.18285'. [ 1120.701734][T12794] input: syz1 as /devices/virtual/input/input55 [ 1120.852343][T12804] input: syz1 as /devices/virtual/input/input56 [ 1121.285039][T12821] bridge0: port 3(erspan0) entered disabled state [ 1121.285292][T12821] bridge0: port 2(bridge_slave_1) entered disabled state [ 1121.319153][T12823] dummy0: entered promiscuous mode [ 1121.320232][T12822] dummy0: left promiscuous mode [ 1121.595152][T12836] netlink: 136 bytes leftover after parsing attributes in process `syz.7.18309'. [ 1122.039027][T12853] netlink: 7 bytes leftover after parsing attributes in process `syz.3.18317'. [ 1122.317868][T12864] program syz.6.18322 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1123.280223][T12911] program syz.3.18341 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1123.575696][T12926] netlink: 8 bytes leftover after parsing attributes in process `syz.5.18348'. [ 1124.465586][ T66] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1126.883525][T13040] tmpfs: Cannot retroactively limit size [ 1127.551459][T13078] bpf: Bad value for 'gid' [ 1127.647795][T13073] bond1: entered promiscuous mode [ 1127.749285][T13082] netlink: 28 bytes leftover after parsing attributes in process `syz.7.18419'. [ 1127.893866][T13094] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1127.928764][T13096] sctp: [Deprecated]: syz.3.18423 (pid 13096) Use of int in maxseg socket option. [ 1127.928764][T13096] Use struct sctp_assoc_value instead [ 1129.099241][ T5505] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 1129.282933][ T5505] usb 4-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1129.282961][ T5505] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1129.285795][ T5505] usb 4-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1129.285821][ T5505] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1129.285840][ T5505] usb 4-1: Product: syz [ 1129.285853][ T5505] usb 4-1: Manufacturer: syz [ 1129.285866][ T5505] usb 4-1: SerialNumber: syz [ 1129.362611][ T5505] usb 4-1: config 0 descriptor?? [ 1129.396765][ T5505] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1130.247314][ T5505] gspca_sunplus: reg_r err -71 [ 1130.247413][ T5505] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 1130.253209][T13197] netlink: 52 bytes leftover after parsing attributes in process `syz.5.18475'. [ 1130.255358][ T5505] usb 4-1: USB disconnect, device number 3 [ 1131.878870][T13278] usb usb9: usbfs: process 13278 (syz.5.18513) did not claim interface 24 before use [ 1132.602660][ T95] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1133.173235][T13341] netlink: 8 bytes leftover after parsing attributes in process `syz.5.18544'. [ 1133.848139][T13374] netlink: 'syz.3.18561': attribute type 9 has an invalid length. [ 1133.848162][T13374] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.18561'. [ 1134.833635][ T37] audit: type=1326 audit(1778268490.467:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13418 comm="syz.7.18580" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f167f8bcdd9 code=0x7ffc0000 [ 1134.833793][ T37] audit: type=1326 audit(1778268490.476:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13418 comm="syz.7.18580" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f167f8bcdd9 code=0x7ffc0000 [ 1134.843662][ T37] audit: type=1326 audit(1778268490.495:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13418 comm="syz.7.18580" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f167f87d60e code=0x7ffc0000 [ 1134.844408][ T37] audit: type=1326 audit(1778268490.495:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13418 comm="syz.7.18580" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f167f8bcdd9 code=0x7ffc0000 [ 1134.848881][ T37] audit: type=1326 audit(1778268490.495:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13418 comm="syz.7.18580" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f167f8bcdd9 code=0x7ffc0000 [ 1134.849026][ T37] audit: type=1326 audit(1778268490.495:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13418 comm=C1 exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f167f8bcdd9 code=0x7ffc0000 [ 1134.849377][ T37] audit: type=1326 audit(1778268490.495:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13418 comm=C1 exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f167f8bcdd9 code=0x7ffc0000 [ 1134.849661][ T37] audit: type=1326 audit(1778268490.495:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13418 comm=C1 exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f167f8bcdd9 code=0x7ffc0000 [ 1135.053945][T13425] netlink: 332 bytes leftover after parsing attributes in process `syz.5.18582'. [ 1135.054001][T13425] netlink: 'syz.5.18582': attribute type 9 has an invalid length. [ 1135.054014][T13425] netlink: 108 bytes leftover after parsing attributes in process `syz.5.18582'. [ 1135.054027][T13425] netlink: 32 bytes leftover after parsing attributes in process `syz.5.18582'. [ 1135.236981][T13433] netlink: 8 bytes leftover after parsing attributes in process `syz.6.18586'. [ 1135.237014][T13433] netlink: 4 bytes leftover after parsing attributes in process `syz.6.18586'. [ 1135.237030][T13433] netlink: 2 bytes leftover after parsing attributes in process `syz.6.18586'. [ 1135.237053][T13433] veth1_to_bridge: entered allmulticast mode [ 1135.237592][T13433] netlink: 4 bytes leftover after parsing attributes in process `syz.6.18586'. [ 1135.237611][T13433] netlink: 2 bytes leftover after parsing attributes in process `syz.6.18586'. [ 1135.319247][ T37] audit: type=1400 audit(1778268490.841:1018): lsm=SMACK fn=smack_inode_permission action=denied subject="y" object="_" requested=wx pid=13428 comm="syz.7.18585" name="/" dev="mqueue" ino=112439 [ 1136.722967][ T5501] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 1136.886884][ T5501] usb 6-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1136.886913][ T5501] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1136.889853][ T5501] usb 6-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1136.889879][ T5501] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1136.889898][ T5501] usb 6-1: Product: syz [ 1136.889911][ T5501] usb 6-1: Manufacturer: syz [ 1136.889924][ T5501] usb 6-1: SerialNumber: syz [ 1136.909117][ T5501] usb 6-1: config 0 descriptor?? [ 1136.954047][ T5501] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1137.808785][ T5723] usb 6-1: USB disconnect, device number 31 [ 1138.180282][T13553] ptrace attach of "ci-upstream-kasan-gce-smack-root/syz-executor exec"[5622] was attempted by "\x22"[13553] [ 1138.270563][ C1] [drm:vkms_crtc_handle_vblank_timeout] *ERROR* vkms failure on handling vblank [ 1139.082555][T13593] Bluetooth: hci1: Frame reassembly failed (-84) [ 1139.120209][T13597] __nla_validate_parse: 2 callbacks suppressed [ 1139.120231][T13597] netlink: 8 bytes leftover after parsing attributes in process `syz.7.18665'. [ 1139.120259][T13597] netlink: 20 bytes leftover after parsing attributes in process `syz.7.18665'. [ 1139.799953][T13615] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 1139.801398][T13615] syzkaller1: linktype set to 773 [ 1140.082573][ T7406] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 1140.243307][ T7406] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1140.246513][ T7406] usb 6-1: New USB device found, idVendor=0763, idProduct=200d, bcdDevice= 0.40 [ 1140.246539][ T7406] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1140.246558][ T7406] usb 6-1: Product: syz [ 1140.246571][ T7406] usb 6-1: Manufacturer: syz [ 1140.246584][ T7406] usb 6-1: SerialNumber: syz [ 1140.524926][ T7406] usb 6-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1140.527802][ T7406] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1140.529457][ T7406] usb 6-1: unit 2: unexpected type 0x0d [ 1140.664265][ T7406] usb 6-1: USB disconnect, device number 32 [ 1140.750626][T26958] udevd[26958]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1141.245917][T13675] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1141.805380][T13710] loop14: detected capacity change from 0 to 524288000 [ 1141.991302][ T37] audit: type=1400 audit(1778268497.173:1019): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=13718 comm="syz.7.18725" dest=20000 netif=wpan0 [ 1142.040006][ T4752] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1143.160652][T13746] netlink: 8 bytes leftover after parsing attributes in process `syz.7.18738'. [ 1143.348699][T13756] netlink: 48 bytes leftover after parsing attributes in process `syz.3.18742'. [ 1143.666914][T13770] tmpfs: Too few inodes for current use [ 1144.011710][T13786] netlink: 7 bytes leftover after parsing attributes in process `syz.5.18758'. [ 1144.011756][T13786] netlink: 28 bytes leftover after parsing attributes in process `syz.5.18758'. [ 1144.011775][T13786] netlink: 28 bytes leftover after parsing attributes in process `syz.5.18758'. [ 1144.624081][T13768] comedi comedi0: reset error (fatal) [ 1145.089006][T13839] netlink: 104 bytes leftover after parsing attributes in process `syz.5.18781'. [ 1145.188037][T13843] program syz.6.18783 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1145.666148][T13864] netlink: 4 bytes leftover after parsing attributes in process `syz.7.18794'. [ 1148.303665][T13995] A link change request failed with some changes committed already. Interface 26±ÿ may have been left with an inconsistent configuration, please check. [ 1148.716453][ T5501] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 1148.879162][ T5501] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 1148.879203][ T5501] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1148.879221][ T5501] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1148.879239][ T5501] usb 6-1: config 220 has no interface number 2 [ 1148.879317][ T5501] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1148.879343][ T5501] usb 6-1: config 220 interface 0 has no altsetting 0 [ 1148.879359][ T5501] usb 6-1: config 220 interface 76 has no altsetting 0 [ 1148.879376][ T5501] usb 6-1: config 220 interface 1 has no altsetting 0 [ 1148.883303][ T5501] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1148.883329][ T5501] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1148.883348][ T5501] usb 6-1: Product: syz [ 1148.883361][ T5501] usb 6-1: Manufacturer: syz [ 1148.883374][ T5501] usb 6-1: SerialNumber: syz [ 1149.169426][ T5501] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 1149.169460][ T5501] uvcvideo 6-1:220.0: No valid video chain found. [ 1149.169522][ T5501] usb 6-1: selecting invalid altsetting 0 [ 1149.246880][ T5501] usb 6-1: selecting invalid altsetting 0 [ 1149.246917][ T5501] usbtest 6-1:220.1: probe with driver usbtest failed with error -22 [ 1149.325681][ T5501] usb 6-1: USB disconnect, device number 33 [ 1150.438885][ T37] audit: type=1400 audit(1778268505.078:1020): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=14107 comm="syz.6.18912" daddr=255.255.255.255 netif=gre0 [ 1150.610499][T14118] ptrace attach of "ci-upstream-kasan-gce-smack-root/syz-executor exec"[4717] was attempted by "ci-upstream-kasan-gce-smack-root/syz-executor exec"[14118] [ 1150.882944][ T4752] block nbd2: Receive control failed (result -107) [ 1150.954836][T14114] nbd2: detected capacity change from 0 to 63 [ 1150.973002][T26958] block nbd2: Dead connection, failed to find a fallback [ 1150.973034][T26958] block nbd2: shutting down sockets [ 1150.973047][T26958] blk_print_req_error: 138 callbacks suppressed [ 1150.973099][T26958] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1150.973121][T26958] buffer_io_error: 138 callbacks suppressed [ 1150.973130][T26958] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1150.980541][T26958] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1150.980570][T26958] Buffer I/O error on dev nbd2, logical block 1, async page read [ 1150.980711][T26958] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1150.980732][T26958] Buffer I/O error on dev nbd2, logical block 2, async page read [ 1150.980865][T26958] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1150.980885][T26958] Buffer I/O error on dev nbd2, logical block 3, async page read [ 1150.981046][T26958] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1150.981074][T26958] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1151.115772][T26958] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1151.115801][T26958] Buffer I/O error on dev nbd2, logical block 1, async page read [ 1151.115939][T26958] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1151.115958][T26958] Buffer I/O error on dev nbd2, logical block 2, async page read [ 1151.116075][T26958] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1151.116091][T26958] Buffer I/O error on dev nbd2, logical block 3, async page read [ 1151.116210][T26958] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1151.116226][T26958] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1151.116331][T26958] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1151.116349][T26958] Buffer I/O error on dev nbd2, logical block 1, async page read [ 1151.119141][T26958] ldm_validate_partition_table(): Disk read failed. [ 1151.121213][T26958] Dev nbd2: unable to read RDB block 0 [ 1151.294731][T26958] nbd2: unable to read partition table [ 1151.340184][T26958] ldm_validate_partition_table(): Disk read failed. [ 1151.342185][T26958] Dev nbd2: unable to read RDB block 0 [ 1151.344394][T26958] nbd2: unable to read partition table [ 1151.808333][ T5723] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1151.976809][ T5723] usb 4-1: Using ep0 maxpacket: 8 [ 1151.979443][ T5723] usb 4-1: config 0 has an invalid interface number: 239 but max is 0 [ 1151.979467][ T5723] usb 4-1: config 0 has no interface number 0 [ 1151.979512][ T5723] usb 4-1: config 0 interface 239 altsetting 0 has an endpoint descriptor with address 0x64, changing to 0x4 [ 1151.979535][ T5723] usb 4-1: config 0 interface 239 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 8 [ 1151.979558][ T5723] usb 4-1: config 0 interface 239 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1151.983391][ T5723] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=99.1a [ 1151.983417][ T5723] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1151.983436][ T5723] usb 4-1: Product: syz [ 1151.983450][ T5723] usb 4-1: Manufacturer: syz [ 1151.983463][ T5723] usb 4-1: SerialNumber: syz [ 1152.086109][ T5723] usb 4-1: config 0 descriptor?? [ 1152.087233][T14148] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1152.326533][ T5723] ath6kl: Failed to submit usb control message: -71 [ 1152.326584][ T5723] ath6kl: unable to send the bmi data to the device: -71 [ 1152.326599][ T5723] ath6kl: Unable to send get target info: -71 [ 1152.358319][ T5723] ath6kl: Failed to init ath6kl core: -71 [ 1152.360645][ T5723] ath6kl_usb 4-1:0.239: probe with driver ath6kl_usb failed with error -71 [ 1152.384374][ T5723] usb 4-1: USB disconnect, device number 4 [ 1153.201137][T14212] tipc: Bearer : already 2 bearers with priority 10 [ 1153.201155][T14212] tipc: Bearer : trying with adjusted priority [ 1153.527724][T14212] tipc: Enabled bearer , priority 9 [ 1153.691923][T14220] syz.7.18955 (14220) used greatest stack depth: 16968 bytes left [ 1153.739074][T14239] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18964'. [ 1154.414020][ T37] audit: type=1326 audit(1778268508.791:1021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14235 comm="syz.5.18962" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76a12dcdd9 code=0x7ffc0000 [ 1154.442706][ T37] audit: type=1326 audit(1778268508.819:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14235 comm="syz.5.18962" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f76a12dcdd9 code=0x7ffc0000 [ 1154.443560][ T37] audit: type=1326 audit(1778268508.819:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14235 comm="syz.5.18962" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76a12dcdd9 code=0x7ffc0000 [ 1154.444061][ T37] audit: type=1326 audit(1778268508.819:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14235 comm="syz.5.18962" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f76a12dcdd9 code=0x7ffc0000 [ 1154.444183][ T37] audit: type=1326 audit(1778268508.819:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14235 comm="syz.5.18962" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f76a12dcdd9 code=0x7ffc0000 [ 1154.467968][ T37] audit: type=1326 audit(1778268508.828:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14235 comm="syz.5.18962" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76a12dcdd9 code=0x7ffc0000 [ 1155.491412][T14311] netdevsim netdevsim7 : renamed from netdevsim1 (while UP) [ 1156.136668][ T37] audit: type=1400 audit(1778268510.409:1027): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=14347 comm="syz.3.19016" src=20001 dest=20000 netif=gretap0 [ 1157.273738][T14415] netlink: 44 bytes leftover after parsing attributes in process `syz.5.19046'. [ 1158.636626][ T151] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1158.946243][T14471] loop6: detected capacity change from 0 to 7 [ 1159.063050][T14471] Dev loop6: unable to read RDB block 7 [ 1159.063082][T14471] loop6: AHDI p1 p2 p3 [ 1159.063109][T14471] loop6: partition table partially beyond EOD, truncated [ 1159.063414][T14471] loop6: p3 start 335544320 is beyond EOD, truncated [ 1159.687992][T32086] bond0: (slave syz_tun): Releasing backup interface [ 1160.063928][T14501] input: syz0 as /devices/virtual/input/input58 [ 1160.064141][T14501] input: failed to attach handler leds to device input58, error: -6 [ 1160.635947][T14511] macsec2: entered allmulticast mode [ 1160.635974][T14511] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 1160.726964][T14511] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 1160.729674][T14511] 8021q: adding VLAN 0 to HW filter on device macsec2 [ 1160.773637][T14511] netdevsim netdevsim5 netdevsim0: left allmulticast mode [ 1160.848338][T22566] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1160.977655][T22566] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1160.979937][T22566] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1160.981316][T22566] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1160.982160][T22566] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1161.299677][ T5501] netdevsim netdevsim5 netdevsim0: left promiscuous mode [ 1162.298946][T14579] netlink: 12 bytes leftover after parsing attributes in process `syz.5.19106'. [ 1163.068983][T14611] syz.5.19119(14611): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1163.508150][T22566] Bluetooth: hci0: command tx timeout [ 1163.882538][T14521] bridge0: port 1(bridge_slave_0) entered blocking state [ 1163.882707][T14521] bridge0: port 1(bridge_slave_0) entered disabled state [ 1163.882852][T14521] bridge_slave_0: entered allmulticast mode [ 1163.884835][T14521] bridge_slave_0: entered promiscuous mode [ 1163.916249][T14521] bridge0: port 2(bridge_slave_1) entered blocking state [ 1163.916436][T14521] bridge0: port 2(bridge_slave_1) entered disabled state [ 1163.916650][T14521] bridge_slave_1: entered allmulticast mode [ 1163.944780][T14521] bridge_slave_1: entered promiscuous mode [ 1164.003163][T14521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1164.038562][T14521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1164.098533][T14521] team0: Port device team_slave_0 added [ 1164.111737][T14521] team0: Port device team_slave_1 added [ 1164.182596][T14521] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1164.182613][T14521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1164.182638][T14521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1164.184791][T14521] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1164.184807][T14521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1164.184829][T14521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1164.644806][T14521] hsr_slave_0: entered promiscuous mode [ 1164.646759][T14521] hsr_slave_1: entered promiscuous mode [ 1164.647645][T14521] debugfs: 'hsr0' already exists in 'hsr' [ 1164.647668][T14521] Cannot create hsr debugfs directory [ 1164.821001][ T5505] kernel write not supported for file /audio (pid: 5505 comm: kworker/0:6) [ 1165.021250][T14682] Invalid ELF header magic: != ELF [ 1165.666940][ T6158] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1165.725396][T22566] Bluetooth: hci0: command tx timeout [ 1166.179433][T14738] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1166.854203][T14521] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1167.957310][T22566] Bluetooth: hci0: command tx timeout [ 1167.969719][T14521] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1168.639420][T14835] Bluetooth: MGMT ver 1.23 [ 1168.704041][T22566] Bluetooth: hci5: unexpected event for opcode 0x1003 [ 1168.794545][T14521] team0: Port device netdevsim1 removed [ 1168.809656][T14521] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1170.174806][T22566] Bluetooth: hci0: command tx timeout [ 1170.313259][ T4752] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1170.441504][ T4752] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1170.443127][ T4752] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1170.446952][T14521] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1170.453870][ T4752] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1170.457570][ T4752] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1170.773847][T14875] netlink: 300 bytes leftover after parsing attributes in process `syz.7.19243'. [ 1171.624051][T14913] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1172.364977][T14938] serio: Serial port ptm0 [ 1172.929835][T22566] Bluetooth: hci1: command tx timeout [ 1173.790775][T14886] bridge0: port 1(bridge_slave_0) entered blocking state [ 1173.790944][T14886] bridge0: port 1(bridge_slave_0) entered disabled state [ 1173.791128][T14886] bridge_slave_0: entered allmulticast mode [ 1173.793369][T14886] bridge_slave_0: entered promiscuous mode [ 1173.833643][T14886] bridge0: port 2(bridge_slave_1) entered blocking state [ 1173.833845][T14886] bridge0: port 2(bridge_slave_1) entered disabled state [ 1173.834065][T14886] bridge_slave_1: entered allmulticast mode [ 1173.836518][T14886] bridge_slave_1: entered promiscuous mode [ 1173.891667][T14521] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1173.927779][T14521] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1173.962694][T14521] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1174.016182][T14521] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1174.069434][T14886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1174.070062][T14521] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1174.116310][T14521] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1174.127000][T14886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1174.128333][T14521] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1174.179031][T14521] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1174.318383][T14886] team0: Port device team_slave_0 added [ 1174.340162][T14886] team0: Port device team_slave_1 added [ 1174.424226][T14886] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1174.424243][T14886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1174.424267][T14886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1174.431439][T14886] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1174.431455][T14886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1174.431480][T14886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1174.665117][T14886] hsr_slave_0: entered promiscuous mode [ 1174.666123][T14886] hsr_slave_1: entered promiscuous mode [ 1174.667043][T14886] debugfs: 'hsr0' already exists in 'hsr' [ 1174.667064][T14886] Cannot create hsr debugfs directory [ 1175.133012][T22566] Bluetooth: hci1: command tx timeout [ 1175.615498][T14521] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1176.072364][T14886] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1176.072397][T14886] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.221832][T14521] 8021q: adding VLAN 0 to HW filter on device team0 [ 1176.260676][T14566] bridge0: port 1(bridge_slave_0) entered blocking state [ 1176.260866][T14566] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1176.463800][T14566] bridge0: port 2(bridge_slave_1) entered blocking state [ 1176.463952][T14566] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1177.030587][T14886] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1177.030622][T14886] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1177.356856][T22566] Bluetooth: hci1: command tx timeout [ 1177.466841][T15113] binder: 15109:15113 ioctl c0306201 0 returned -14 [ 1177.467195][T15113] binder: 15109:15113 ioctl c008aeb0 0 returned -22 [ 1177.622811][T15119] netlink: 24 bytes leftover after parsing attributes in process `syz.7.19346'. [ 1177.649571][T14886] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1177.649604][T14886] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1177.682351][T15121] netlink: 67 bytes leftover after parsing attributes in process `syz.7.19346'. [ 1178.572656][T14886] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1178.572689][T14886] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1179.400278][T14521] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1179.590959][T22566] Bluetooth: hci1: command tx timeout [ 1179.643330][T14521] veth0_vlan: entered promiscuous mode [ 1179.764201][T14521] veth1_vlan: entered promiscuous mode [ 1179.797233][T14521] veth0_macvtap: entered promiscuous mode [ 1179.854798][T14521] veth1_macvtap: entered promiscuous mode [ 1179.919028][T14521] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1179.960400][T14521] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1179.978680][ T1026] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1179.981450][ T6180] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1179.983310][ T6180] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1180.075722][ T6180] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1182.547798][ T1026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1182.547818][ T1026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1183.059910][ T6180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1183.059930][ T6180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1183.350284][T14886] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1183.447589][T14886] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1183.452563][T14886] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1183.708647][T14886] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1183.711364][T14886] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1183.791601][T14886] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1183.805397][T14886] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1183.891042][T14886] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1183.962438][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 1183.962507][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 1184.722698][T14886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1184.760966][T14886] 8021q: adding VLAN 0 to HW filter on device team0 [ 1184.786461][ T4832] bridge0: port 1(bridge_slave_0) entered blocking state [ 1184.786974][ T4832] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1184.910873][T15313] block nbd3: shutting down sockets [ 1185.256187][ T1181] bridge0: port 2(bridge_slave_1) entered blocking state [ 1185.256275][ T1181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1185.267404][ T820] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1185.438552][ T820] usb 4-1: Using ep0 maxpacket: 16 [ 1185.441411][ T820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1185.441440][ T820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1185.441460][ T820] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1185.441499][ T820] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1185.441521][ T820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1185.510146][ T820] usb 4-1: config 0 descriptor?? [ 1185.785797][T15345] loop5: detected capacity change from 0 to 7 [ 1185.892419][T15345] Dev loop5: unable to read RDB block 7 [ 1185.892463][T15345] loop5: unable to read partition table [ 1185.892873][T15345] loop5: partition table beyond EOD, truncated [ 1185.896576][T15345] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1185.973146][ T820] microsoft 0003:045E:07DA.002C: unbalanced delimiter at end of report description [ 1185.974593][ T820] microsoft 0003:045E:07DA.002C: parse failed [ 1185.974680][ T820] microsoft 0003:045E:07DA.002C: probe with driver microsoft failed with error -22 [ 1186.179487][ T5501] usb 4-1: USB disconnect, device number 5 [ 1187.179039][ T37] audit: type=1400 audit(1778268539.444:1028): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=15388 comm="syz.3.19458" dest=20000 netif=wpan0 [ 1187.445657][T14886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1187.819483][ T31] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1188.013612][ T31] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1188.013635][ T31] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1188.013666][ T31] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1188.013684][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1188.055157][ T31] usb 4-1: config 0 descriptor?? [ 1188.077518][ T5723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1188.304806][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1188.460244][T14886] veth0_vlan: entered promiscuous mode [ 1188.534401][T14886] veth1_vlan: entered promiscuous mode [ 1188.668361][ T5723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1188.723828][T14886] veth0_macvtap: entered promiscuous mode [ 1188.761364][T14886] veth1_macvtap: entered promiscuous mode [ 1188.847360][T14886] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1188.904692][T14886] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1188.929159][ T5501] usb 4-1: USB disconnect, device number 6 [ 1188.931621][ T1181] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1188.932344][ T3314] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1188.932384][ T3314] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1188.932416][ T3314] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1189.613932][ T7406] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1190.492930][ T1181] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1190.492948][ T1181] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1190.699937][ T7406] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1191.110229][ T1182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1191.110249][ T1182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1191.445324][T15470] QAT: Device 2 not found [ 1191.521434][ T5505] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1191.683513][ T5505] usb 4-1: Using ep0 maxpacket: 16 [ 1191.698642][ T5505] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 1191.698669][ T5505] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 1191.698688][ T5505] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 1191.698706][ T5505] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 1191.698723][ T5505] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1191.698743][ T5505] usb 4-1: config 0 has no interface number 0 [ 1191.698785][ T5505] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 1191.698810][ T5505] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 1191.698831][ T5505] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1191.698862][ T5505] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1191.698884][ T5505] usb 4-1: config 0 interface 125 has no altsetting 0 [ 1191.698900][ T5505] usb 4-1: config 0 interface 125 has no altsetting 2 [ 1191.709076][ T5505] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 1191.709104][ T5505] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1191.709122][ T5505] usb 4-1: Product: syz [ 1191.709135][ T5505] usb 4-1: Manufacturer: syz [ 1191.709148][ T5505] usb 4-1: SerialNumber: syz [ 1191.756257][ T5505] usb 4-1: config 0 descriptor?? [ 1191.811809][ T5505] usb 4-1: selecting invalid altsetting 2 [ 1191.836766][T32208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1191.930660][ T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1192.569985][T15493] TCP: TCP_TX_DELAY enabled [ 1192.926444][ T5505] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1192.932316][ T5505] usb 4-1: USB disconnect, device number 7 [ 1194.034329][ T5505] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1195.146022][T32208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1195.146190][ T5723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1195.535778][T15592] netlink: 32 bytes leftover after parsing attributes in process `syz.5.19547'. [ 1196.243540][T15608] netlink: 8 bytes leftover after parsing attributes in process `syz.6.19554'. [ 1196.272657][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1196.510228][ T5501] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 1196.543168][ T5501] hid-generic 0000:0000:0000.002D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1197.369744][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1197.899538][T15666] netlink: 12 bytes leftover after parsing attributes in process `syz.3.19579'. [ 1198.024902][T15668] trusted_key: syz.5.19581 sent an empty control message without MSG_MORE. [ 1198.122952][T15676] netlink: 'syz.3.19584': attribute type 15 has an invalid length. [ 1198.126622][T15676] netlink: 'syz.3.19584': attribute type 15 has an invalid length. [ 1198.311254][ T820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1198.407168][ T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1198.481406][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1198.829293][ T5009] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1199.596529][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1199.659145][T15740] netlink: 64 bytes leftover after parsing attributes in process `syz.5.19614'. [ 1200.366399][ T820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1200.707865][ T5505] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1201.072366][ T1181] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1201.816913][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1201.976930][ T5723] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 1202.152029][ T5723] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1202.152064][ T5723] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1202.152100][ T5723] usb 6-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 1202.152121][ T5723] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1202.177676][ T5723] usb 6-1: config 0 descriptor?? [ 1202.355450][ T31] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1202.532784][ T31] usb 4-1: Using ep0 maxpacket: 32 [ 1202.535404][ T31] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1202.535429][ T31] usb 4-1: config 0 has no interface number 0 [ 1202.535541][ T31] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1202.539259][ T31] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1202.539284][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1202.539363][ T31] usb 4-1: Product: syz [ 1202.539378][ T31] usb 4-1: Manufacturer: syz [ 1202.539391][ T31] usb 4-1: SerialNumber: syz [ 1202.564920][ T31] usb 4-1: config 0 descriptor?? [ 1202.690970][ T5723] razer 0003:1532:010E.002E: unknown main item tag 0x0 [ 1202.691059][ T5723] razer 0003:1532:010E.002E: unknown main item tag 0x0 [ 1202.691084][ T5723] razer 0003:1532:010E.002E: unknown main item tag 0x0 [ 1202.691109][ T5723] razer 0003:1532:010E.002E: unknown main item tag 0x0 [ 1202.691135][ T5723] razer 0003:1532:010E.002E: unknown main item tag 0x0 [ 1202.874392][ T5723] razer 0003:1532:010E.002E: failed to enable macro keys: -71 [ 1202.902361][ T5723] razer 0003:1532:010E.002E: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.5-1/input0 [ 1202.980943][ T5723] usb 6-1: USB disconnect, device number 34 [ 1202.990189][ T5505] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1203.287714][ T31] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 1203.287743][ T31] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1203.509457][ T31] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 1203.509487][ T31] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 1203.509505][ T31] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1203.509793][ T31] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 1203.572428][ T31] usb 4-1: USB disconnect, device number 8 [ 1203.614624][ T820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1203.984743][T15914] netlink: 4 bytes leftover after parsing attributes in process `syz.5.19697'. [ 1204.040894][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1205.166934][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1205.839106][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1206.272398][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1206.329818][T16013] binder: 16012:16013 ioctl c0306201 2000000003c0 returned -22 [ 1206.878044][ T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1207.228145][T16046] netlink: 8 bytes leftover after parsing attributes in process `syz.7.19758'. [ 1207.375910][T32208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1208.489044][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1208.585380][ T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1209.601517][T32208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1209.609619][T16153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1209.634735][T16153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1209.805633][T16159] netlink: 4 bytes leftover after parsing attributes in process `syz.5.19811'. [ 1210.711411][ T5501] net_ratelimit: 7 callbacks suppressed [ 1210.711431][ T5501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1210.859618][T16189] netlink: 44 bytes leftover after parsing attributes in process `syz.5.19826'. [ 1210.882961][T16189] netlink: 44 bytes leftover after parsing attributes in process `syz.5.19826'. [ 1210.975117][ T37] audit: type=1326 audit(1778268561.697:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16193 comm="syz.6.19825" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1210.975244][ T37] audit: type=1326 audit(1778268561.697:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16193 comm="syz.6.19825" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1210.975428][ T37] audit: type=1326 audit(1778268561.697:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16193 comm="syz.6.19825" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1210.975554][ T37] audit: type=1326 audit(1778268561.697:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16193 comm="syz.6.19825" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1211.312541][T32208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1211.312574][T32208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1211.785026][T16220] netlink: 28 bytes leftover after parsing attributes in process `syz.6.19838'. [ 1211.860299][T32208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1217.907796][T16484] netlink: 8 bytes leftover after parsing attributes in process `syz.6.19952'. [ 1218.650637][T16512] netlink: 12 bytes leftover after parsing attributes in process `syz.5.19966'. [ 1219.205685][T16508] netlink: 8 bytes leftover after parsing attributes in process `syz.7.19964'. [ 1219.468730][T16542] netlink: 112 bytes leftover after parsing attributes in process `syz.6.19980'. [ 1219.922285][T16558] input: syz1 as /devices/virtual/input/input60 [ 1219.940924][T16559] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.19988'. [ 1220.326003][T16575] netlink: 12 bytes leftover after parsing attributes in process `syz.7.19997'. [ 1220.922995][T16600] loop8: detected capacity change from 0 to 7 [ 1220.947060][T16600] Dev loop8: unable to read RDB block 7 [ 1220.947117][T16600] loop8: unable to read partition table [ 1220.948922][T16600] loop8: partition table beyond EOD, truncated [ 1220.948956][T16600] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 1221.191525][T16600] Dev loop8: unable to read RDB block 7 [ 1221.191569][T16600] loop8: unable to read partition table [ 1221.191788][T16600] loop8: partition table beyond EOD, truncated [ 1221.191806][T16600] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 1222.051699][ T5505] kernel read not supported for file /rfkill (pid: 5505 comm: kworker/0:6) [ 1222.220327][T16648] netlink: 16 bytes leftover after parsing attributes in process `syz.5.20032'. [ 1223.110490][T16671] netlink: 'syz.3.20043': attribute type 11 has an invalid length. [ 1223.332765][ T37] audit: type=1400 audit(1778268573.249:1033): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=16674 comm="syz.5.20045" src=1 dest=20000 netif=wpan0 [ 1223.737322][ T31] kernel write not supported for file bpf-prog (pid: 31 comm: kworker/1:0) [ 1224.383244][T16704] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 1225.403722][T16729] netlink: 'syz.7.20069': attribute type 2 has an invalid length. [ 1225.403741][T16729] netlink: 'syz.7.20069': attribute type 1 has an invalid length. [ 1225.586921][T16734] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1225.844251][T16743] netlink: 16 bytes leftover after parsing attributes in process `syz.7.20075'. [ 1227.191356][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802b596000: rx timeout, send abort [ 1227.197671][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802b596000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1231.683760][T32208] kernel read not supported for file [fscontext] (pid: 32208 comm: kworker/0:0) [ 1231.997985][T14566] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1232.335130][T16961] Invalid argument reading file caps for ./file0 [ 1233.362288][T16650] Set syz1 is full, maxelem 65536 reached [ 1233.583862][T17000] hugetlbfs: syz.5.20197 (17000): Using mlock ulimits for SHM_HUGETLB is obsolete [ 1234.675941][T17046] netlink: 'syz.6.20216': attribute type 1 has an invalid length. [ 1234.675963][T17046] netlink: 'syz.6.20216': attribute type 2 has an invalid length. [ 1235.750404][T17096] netlink: 28 bytes leftover after parsing attributes in process `syz.6.20240'. [ 1237.315298][T17159] loop8: detected capacity change from 0 to 7 [ 1237.551194][T17159] Dev loop8: unable to read RDB block 7 [ 1237.551248][T17159] loop8: unable to read partition table [ 1237.551751][T17159] loop8: partition table beyond EOD, truncated [ 1237.552775][T17159] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 1238.335807][ T820] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 1238.450978][T17202] netlink: 'syz.3.20290': attribute type 10 has an invalid length. [ 1238.495986][ T820] usb 6-1: Using ep0 maxpacket: 32 [ 1238.498171][ T820] usb 6-1: config 0 has an invalid interface number: 132 but max is 0 [ 1238.498195][ T820] usb 6-1: config 0 has no interface number 0 [ 1238.498238][ T820] usb 6-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1238.501118][ T820] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 1238.501144][ T820] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1238.501162][ T820] usb 6-1: Product: syz [ 1238.501176][ T820] usb 6-1: Manufacturer: syz [ 1238.501189][ T820] usb 6-1: SerialNumber: syz [ 1238.568658][ T820] usb 6-1: config 0 descriptor?? [ 1238.582927][ T820] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 1238.582969][ T820] em28xx 6-1:0.132: Video interface 132 found: [ 1239.059445][ T820] em28xx 6-1:0.132: unknown em28xx chip ID (0) [ 1239.491358][ T820] em28xx 6-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 1239.491411][ T820] em28xx 6-1:0.132: board has no eeprom [ 1239.567152][ T820] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 1239.567180][ T820] em28xx 6-1:0.132: analog set to bulk mode. [ 1239.606994][ T820] usb 6-1: USB disconnect, device number 35 [ 1239.613993][ T31] em28xx 6-1:0.132: Registering V4L2 extension [ 1239.633006][ T820] em28xx 6-1:0.132: Disconnecting em28xx [ 1239.843301][ T31] em28xx 6-1:0.132: Config register raw data: 0xffffffed [ 1239.843326][ T31] em28xx 6-1:0.132: AC97 chip type couldn't be determined [ 1239.843339][ T31] em28xx 6-1:0.132: No AC97 audio processor [ 1239.917351][ T31] usb 6-1: Decoder not found [ 1239.917373][ T31] em28xx 6-1:0.132: failed to create media graph [ 1239.934320][ T31] em28xx 6-1:0.132: V4L2 device video103 deregistered [ 1240.034738][ T31] em28xx 6-1:0.132: Remote control support is not available for this card. [ 1240.035057][ T820] em28xx 6-1:0.132: Closing input extension [ 1240.453118][T17253] netlink: 212340 bytes leftover after parsing attributes in process `syz.3.20313'. [ 1240.453222][T17253] openvswitch: netlink: Key type 255 is out of range max 32 [ 1240.624070][ T820] em28xx 6-1:0.132: Freeing device [ 1240.638338][T16681] udevd[16681]: setting owner of /dev/bus/usb/006/035 to uid=0, gid=0 failed: No such file or directory [ 1241.391054][ T37] audit: type=1326 audit(1778268590.152:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17278 comm="syz.5.20323" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff3b514cdd9 code=0x0 [ 1242.971266][T17344] netlink: 256 bytes leftover after parsing attributes in process `syz.5.20354'. [ 1242.971294][T17344] netlink: 16 bytes leftover after parsing attributes in process `syz.5.20354'. [ 1242.971312][T17344] netlink: 256 bytes leftover after parsing attributes in process `syz.5.20354'. [ 1243.550505][ T37] audit: type=1800 audit(1778268592.135:1035): pid=17367 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.20366" name="nullb0" dev="tmpfs" ino=740 res=0 errno=0 [ 1243.701210][T17366] netlink: 8 bytes leftover after parsing attributes in process `syz.7.20365'. [ 1243.722798][T17366] bond0: Unable to set up delay as MII monitoring is disabled [ 1245.640130][T17430] geneve2: entered promiscuous mode [ 1245.854270][T17447] vxcan1: tx address claim with different name [ 1247.759908][T17514] netlink: 20 bytes leftover after parsing attributes in process `syz.6.20438'. [ 1248.949912][T17548] netlink: 35 bytes leftover after parsing attributes in process `syz.7.20454'. [ 1248.949958][T17548] netlink: 16 bytes leftover after parsing attributes in process `syz.7.20454'. [ 1249.361678][T17568] netlink: 28 bytes leftover after parsing attributes in process `syz.3.20464'. [ 1249.643595][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 1249.643663][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 1251.211212][ T4752] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1251.241533][ T4752] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1251.253927][ T4752] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1251.287289][ T4752] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1251.288027][ T4752] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1251.804762][ T6158] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1252.330736][T17639] overlayfs: failed to clone lowerpath [ 1253.288835][ T6158] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1253.644906][T22566] Bluetooth: hci1: command tx timeout [ 1254.229690][T17706] netlink: 12 bytes leftover after parsing attributes in process `syz.7.20525'. [ 1254.410466][ T6158] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1254.416216][T17712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.20527'. [ 1255.275698][ T6158] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1255.470482][T17739] lo: Caught tx_queue_len zero misconfig [ 1255.868400][T22566] Bluetooth: hci1: command tx timeout [ 1255.974375][T17770] loop8: detected capacity change from 0 to 7 [ 1255.991898][T17770] Dev loop8: unable to read RDB block 7 [ 1255.991942][T17770] loop8: unable to read partition table [ 1255.992149][T17770] loop8: partition table beyond EOD, truncated [ 1256.003124][T17770] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 1256.065473][T17775] vlan2: entered allmulticast mode [ 1256.065493][T17775] gretap0: entered allmulticast mode [ 1257.421360][T17607] bridge0: port 1(bridge_slave_0) entered blocking state [ 1257.422396][T17607] bridge0: port 1(bridge_slave_0) entered disabled state [ 1257.422643][T17607] bridge_slave_0: entered allmulticast mode [ 1257.449897][T17607] bridge_slave_0: entered promiscuous mode [ 1257.511306][T17607] bridge0: port 2(bridge_slave_1) entered blocking state [ 1257.511426][T17607] bridge0: port 2(bridge_slave_1) entered disabled state [ 1257.511629][T17607] bridge_slave_1: entered allmulticast mode [ 1257.528902][T17607] bridge_slave_1: entered promiscuous mode [ 1257.717269][T17607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1257.779377][T17607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1258.092066][T22566] Bluetooth: hci1: command tx timeout [ 1258.210520][ T6158] bridge_slave_1: left allmulticast mode [ 1258.210553][ T6158] bridge_slave_1: left promiscuous mode [ 1258.210920][ T6158] bridge0: port 2(bridge_slave_1) entered disabled state [ 1258.372051][ T6158] bridge_slave_0: left allmulticast mode [ 1258.372086][ T6158] bridge_slave_0: left promiscuous mode [ 1258.372322][ T6158] bridge0: port 1(bridge_slave_0) entered disabled state [ 1260.124162][ T6158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1260.231650][ T6158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1260.285430][ T6158] bond0 (unregistering): Released all slaves [ 1260.315785][T22566] Bluetooth: hci1: command tx timeout [ 1260.551062][ T5262] 8021q: adding VLAN 0 to HW filter on device eth13 [ 1260.742793][T17607] team0: Port device team_slave_0 added [ 1260.771028][T17607] team0: Port device team_slave_1 added [ 1261.124195][T17970] netlink: 16186 bytes leftover after parsing attributes in process `syz.7.20642'. [ 1261.127726][T17607] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1261.127740][T17607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1261.127762][T17607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1261.134067][T17607] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1261.134081][T17607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1261.134102][T17607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1261.631833][T17607] hsr_slave_0: entered promiscuous mode [ 1261.638289][T17607] hsr_slave_1: entered promiscuous mode [ 1261.656449][T17607] debugfs: 'hsr0' already exists in 'hsr' [ 1261.656476][T17607] Cannot create hsr debugfs directory [ 1262.196423][T18001] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.20653'. [ 1263.244264][T18038] netlink: 88 bytes leftover after parsing attributes in process `syz.7.20665'. [ 1263.244306][T18038] netlink: 48 bytes leftover after parsing attributes in process `syz.7.20665'. [ 1264.737480][ T5262] 8021q: adding VLAN 0 to HW filter on device eth14 [ 1264.896551][ T37] audit: type=1800 audit(1778268612.142:1036): pid=18075 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.20681" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 1265.169129][ T3314] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1265.888558][T18108] netlink: 'syz.3.20690': attribute type 3 has an invalid length. [ 1265.888580][T18108] netlink: 64 bytes leftover after parsing attributes in process `syz.3.20690'. [ 1266.238217][ T6158] hsr_slave_0: left promiscuous mode [ 1266.283390][ T6158] hsr_slave_1: left promiscuous mode [ 1266.284465][ T6158] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1266.284489][ T6158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1266.428414][ T6158] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1266.428441][ T6158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1266.735024][ T151] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1266.942626][ T6158] veth1_macvtap: left promiscuous mode [ 1266.942726][ T6158] veth0_macvtap: left promiscuous mode [ 1266.942991][ T6158] veth1_vlan: left promiscuous mode [ 1266.980938][ T6158] veth0_vlan: left promiscuous mode [ 1269.253844][ T6158] team0 (unregistering): Port device team_slave_1 removed [ 1269.310234][ T6158] team0 (unregistering): Port device team_slave_0 removed [ 1269.987137][ T5262] 8021q: adding VLAN 0 to HW filter on device eth15 [ 1269.987725][T18129] bridge_slave_1: default FDB implementation only supports local addresses [ 1270.106152][T17607] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1270.157539][T17607] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1270.166000][T17607] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1270.282968][T17607] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1270.291937][T18268] netlink: 16 bytes leftover after parsing attributes in process `syz.6.20767'. [ 1270.292909][T17607] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1270.488601][T17607] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1270.489194][T18277] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20769'. [ 1270.489225][T18277] netlink: 'syz.3.20769': attribute type 30 has an invalid length. [ 1270.534075][T17607] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1270.544645][T18277] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20769'. [ 1270.544680][T18277] netlink: 'syz.3.20769': attribute type 30 has an invalid length. [ 1270.630068][T17607] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1270.630452][T14566] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1270.667703][T14566] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1270.674449][T14566] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1270.680045][T14566] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1271.389545][T17607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1271.694079][T17607] 8021q: adding VLAN 0 to HW filter on device team0 [ 1271.784096][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 1271.784227][ T3314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1271.814480][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 1271.814641][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1271.974856][ T5262] 8021q: adding VLAN 0 to HW filter on device eth16 [ 1272.433194][T18335] vlan3: entered allmulticast mode [ 1272.433215][T18335] bond0: entered allmulticast mode [ 1272.433229][T18335] bond_slave_0: entered allmulticast mode [ 1272.433253][T18335] bond_slave_1: entered allmulticast mode [ 1272.433275][T18335] syz_tun: entered allmulticast mode [ 1272.663173][ T37] audit: type=1400 audit(1778268619.400:1037): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=18345 comm="syz.3.20795" src=1 dest=20000 netif=wpan0 [ 1273.121857][T18344] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1274.392431][T17607] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1276.018212][T17607] veth0_vlan: entered promiscuous mode [ 1276.123218][T17607] veth1_vlan: entered promiscuous mode [ 1276.221782][T17607] veth0_macvtap: entered promiscuous mode [ 1276.262913][T17607] veth1_macvtap: entered promiscuous mode [ 1276.493465][T17607] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1276.663628][T17607] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1276.717567][ T151] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1276.719464][ T151] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1276.720548][ T151] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1276.720773][ T151] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1276.921673][T18476] netlink: 'syz.3.20842': attribute type 4 has an invalid length. [ 1278.231087][ T3314] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1278.231108][ T3314] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1278.461876][ T1026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1278.461896][ T1026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1279.054719][T18524] netlink: 252 bytes leftover after parsing attributes in process `syz.8.20480'. [ 1283.185237][T18640] netlink: 'syz.7.20910': attribute type 10 has an invalid length. [ 1283.359506][T18640] syz_tun: entered promiscuous mode [ 1283.377068][T18640] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1283.492856][ T7406] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 1283.653059][ T7406] usb 9-1: Using ep0 maxpacket: 32 [ 1283.655241][ T7406] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1283.655267][ T7406] usb 9-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 1283.655290][ T7406] usb 9-1: config 0 interface 0 has no altsetting 0 [ 1283.657964][ T7406] usb 9-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1283.657991][ T7406] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1283.658008][ T7406] usb 9-1: Product: syz [ 1283.658021][ T7406] usb 9-1: Manufacturer: syz [ 1283.658033][ T7406] usb 9-1: SerialNumber: syz [ 1283.747376][ T7406] usb 9-1: config 0 descriptor?? [ 1283.906601][T18663] batadv_slave_1: entered promiscuous mode [ 1283.908993][T18662] batadv_slave_1: left promiscuous mode [ 1284.199420][ T7406] gs_usb 9-1:0.0: Configuring for 1 interfaces [ 1284.630044][ T7406] gs_usb 9-1:0.0: Disabling termination support for channel 0 (-EPIPE) [ 1284.921647][ T7406] usb 9-1: USB disconnect, device number 2 [ 1286.197902][ T5501] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 1286.365511][ T5501] usb 9-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 1286.365540][ T5501] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1286.365559][ T5501] usb 9-1: Product: syz [ 1286.365572][ T5501] usb 9-1: Manufacturer: syz [ 1286.365586][ T5501] usb 9-1: SerialNumber: syz [ 1286.414824][T18768] loop2: detected capacity change from 0 to 7 [ 1286.511712][T18768] Dev loop2: unable to read RDB block 7 [ 1286.511766][T18768] loop2: unable to read partition table [ 1286.515035][T18768] loop2: partition table beyond EOD, truncated [ 1286.515076][T18768] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5) [ 1286.757064][ T5501] rtl8150 9-1:1.0: couldn't reset the device [ 1286.757416][ T5501] rtl8150 9-1:1.0: probe with driver rtl8150 failed with error -5 [ 1286.801026][ T5501] usb 9-1: USB disconnect, device number 3 [ 1287.669849][T18818] netlink: 'syz.7.20977': attribute type 1 has an invalid length. [ 1288.051626][T18818] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1288.205242][T18821] bond1: (slave geneve2): making interface the new active one [ 1288.306560][T18821] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 1290.028570][T18900] netlink: 'syz.6.21007': attribute type 15 has an invalid length. [ 1290.028593][T18900] netlink: 4 bytes leftover after parsing attributes in process `syz.6.21007'. [ 1290.095493][T18900] netlink: 'syz.6.21007': attribute type 15 has an invalid length. [ 1290.095515][T18900] netlink: 4 bytes leftover after parsing attributes in process `syz.6.21007'. [ 1290.098549][ T6180] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0 [ 1290.099080][ T6180] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0 [ 1290.099123][ T6180] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0 [ 1290.099157][ T6180] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0 [ 1290.544290][T18915] tipc: Started in network mode [ 1290.544319][T18915] tipc: Node identity ac14140f, cluster identity 4711 [ 1290.544611][T18915] tipc: New replicast peer: 255.255.255.255 [ 1290.544994][T18915] tipc: Enabled bearer , priority 10 [ 1291.735328][ T10] tipc: Node number set to 2886997007 [ 1293.297342][T18993] netlink: 'syz.6.21046': attribute type 21 has an invalid length. [ 1293.297363][T18993] netlink: 4 bytes leftover after parsing attributes in process `syz.6.21046'. [ 1293.297639][T18993] netlink: 'syz.6.21046': attribute type 21 has an invalid length. [ 1293.297654][T18993] netlink: 4 bytes leftover after parsing attributes in process `syz.6.21046'. [ 1295.443920][T19077] netlink: 12 bytes leftover after parsing attributes in process `syz.3.21084'. [ 1295.637279][T22566] Bluetooth: hci0: command 0x0406 tx timeout [ 1295.750663][T19088] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.21085'. [ 1297.431276][T19158] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1297.431689][T19158] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1298.166239][T19195] netlink: 132 bytes leftover after parsing attributes in process `syz.8.21132'. [ 1298.178676][ T1026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1298.178704][ T1026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1298.339865][ T6164] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1298.410440][T19211] netlink: 176 bytes leftover after parsing attributes in process `syz.7.21137'. [ 1298.410551][T19211] ip6gretap0: entered promiscuous mode [ 1298.410870][T19211] netlink: 176 bytes leftover after parsing attributes in process `syz.7.21137'. [ 1299.505373][ T37] audit: type=1326 audit(1778268644.516:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19253 comm="syz.6.21153" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1299.505518][ T37] audit: type=1326 audit(1778268644.516:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19253 comm="syz.6.21153" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1299.505901][ T37] audit: type=1326 audit(1778268644.516:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19253 comm="syz.6.21153" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1299.506277][ T37] audit: type=1326 audit(1778268644.516:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19253 comm="syz.6.21153" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1299.506770][ T37] audit: type=1326 audit(1778268644.516:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19253 comm="syz.6.21153" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1299.937003][ T37] audit: type=1326 audit(1778268644.918:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19253 comm="syz.6.21153" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1299.937360][ T37] audit: type=1326 audit(1778268644.918:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19253 comm="syz.6.21153" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb10ecdd9 code=0x7ffc0000 [ 1303.082096][T19331] ceph: No mds server is up or the cluster is laggy [ 1305.427227][T19451] netlink: 'syz.8.21240': attribute type 4 has an invalid length. [ 1305.573115][T19456] fuse: Bad value for 'fd' [ 1307.296737][T19431] ================================================================== [ 1307.296753][T19431] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x92/0x190 [ 1307.296794][T19431] Read of size 8 at addr ffff88803bfd9780 by task syz.7.21231/19431 [ 1307.296810][T19431] [ 1307.296823][T19431] CPU: 1 UID: 0 PID: 19431 Comm: syz.7.21231 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1307.296851][T19431] Tainted: [L]=SOFTLOCKUP [ 1307.296858][T19431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1307.296869][T19431] Call Trace: [ 1307.296877][T19431] [ 1307.296885][T19431] dump_stack_lvl+0xe8/0x150 [ 1307.296907][T19431] print_address_description+0x55/0x1e0 [ 1307.296927][T19431] ? __list_del_entry_valid_or_report+0x92/0x190 [ 1307.296951][T19431] print_report+0x58/0x70 [ 1307.296969][T19431] kasan_report+0x117/0x150 [ 1307.296991][T19431] ? __list_del_entry_valid_or_report+0x92/0x190 [ 1307.297020][T19431] __list_del_entry_valid_or_report+0x92/0x190 [ 1307.297046][T19431] bt_accept_unlink+0x39/0x260 [ 1307.297071][T19431] l2cap_sock_teardown_cb+0x17e/0x490 [ 1307.297094][T19431] l2cap_chan_del+0xb5/0x610 [ 1307.297113][T19431] ? l2cap_conn_del+0x331/0x570 [ 1307.297131][T19431] l2cap_conn_del+0x33d/0x570 [ 1307.297151][T19431] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 1307.297169][T19431] hci_conn_hash_flush+0x10d/0x260 [ 1307.297190][T19431] hci_dev_close_sync+0x821/0x10e0 [ 1307.297217][T19431] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 1307.297240][T19431] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1307.297267][T19431] ? hci_unregister_dev+0x212/0x5a0 [ 1307.297294][T19431] hci_unregister_dev+0x21a/0x5a0 [ 1307.297316][T19431] vhci_release+0x155/0x1b0 [ 1307.297341][T19431] ? __pfx_vhci_release+0x10/0x10 [ 1307.297364][T19431] __fput+0x461/0xa70 [ 1307.297393][T19431] task_work_run+0x1d9/0x270 [ 1307.297419][T19431] ? __pfx_task_work_run+0x10/0x10 [ 1307.297442][T19431] ? do_exit+0x70a/0x22c0 [ 1307.297462][T19431] ? kmem_cache_free+0x187/0x6c0 [ 1307.297482][T19431] ? put_net+0x191/0x260 [ 1307.297499][T19431] ? do_exit+0x70a/0x22c0 [ 1307.297522][T19431] do_exit+0x70f/0x22c0 [ 1307.297545][T19431] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1307.297571][T19431] ? __pfx_do_exit+0x10/0x10 [ 1307.297591][T19431] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 1307.297611][T19431] ? reacquire_held_locks+0x104/0x190 [ 1307.297636][T19431] ? rt_spin_lock+0x1e0/0x400 [ 1307.297659][T19431] do_group_exit+0x21b/0x2d0 [ 1307.297680][T19431] ? rt_spin_unlock+0x160/0x200 [ 1307.297699][T19431] get_signal+0x125c/0x1310 [ 1307.297728][T19431] arch_do_signal_or_restart+0xbc/0x830 [ 1307.297753][T19431] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 1307.297779][T19431] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1307.297807][T19431] ? __se_sys_clock_nanosleep+0x35b/0x3b0 [ 1307.297831][T19431] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1307.297849][T19431] exit_to_user_mode_loop+0x86/0x480 [ 1307.297870][T19431] ? rcu_is_watching+0x15/0xb0 [ 1307.297894][T19431] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1307.297912][T19431] do_syscall_64+0x33e/0xf80 [ 1307.297932][T19431] ? trace_irq_disable+0x3b/0x140 [ 1307.297952][T19431] ? clear_bhb_loop+0x40/0x90 [ 1307.297973][T19431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1307.297990][T19431] RIP: 0033:0x7f167f87d60e [ 1307.298007][T19431] Code: Unable to access opcode bytes at 0x7f167f87d5e4. [ 1307.298016][T19431] RSP: 002b:00007f167db0df58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 1307.298037][T19431] RAX: fffffffffffffdfc RBX: 00007f167db0e6c0 RCX: 00007f167f87d60e [ 1307.298051][T19431] RDX: 00007f167db0dfb0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1307.298061][T19431] RBP: 00007f167f952d69 R08: 0000000000000000 R09: 0000000000000000 [ 1307.298073][T19431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1307.298085][T19431] R13: 00007f167fb36038 R14: 00007f167fb35fa0 R15: 00007ffca80504c8 [ 1307.298107][T19431] [ 1307.298114][T19431] [ 1307.298125][T19431] Allocated by task 31: [ 1307.298134][T19431] kasan_save_track+0x3e/0x80 [ 1307.298149][T19431] __kasan_kmalloc+0x93/0xb0 [ 1307.298164][T19431] __kmalloc_node_track_caller_noprof+0x372/0x7e0 [ 1307.298181][T19431] __alloc_skb+0x2c1/0x7d0 [ 1307.298197][T19431] mld_newpack+0x14c/0xc90 [ 1307.298214][T19431] add_grhead+0x5a/0x2a0 [ 1307.298230][T19431] add_grec+0x1452/0x1740 [ 1307.298246][T19431] mld_ifc_work+0x6e6/0xe70 [ 1307.298263][T19431] process_scheduled_works+0xb5d/0x1860 [ 1307.298277][T19431] worker_thread+0xa53/0xfc0 [ 1307.298291][T19431] kthread+0x388/0x470 [ 1307.298308][T19431] ret_from_fork+0x514/0xb70 [ 1307.298324][T19431] ret_from_fork_asm+0x1a/0x30 [ 1307.298342][T19431] [ 1307.298347][T19431] Freed by task 31: [ 1307.298355][T19431] kasan_save_track+0x3e/0x80 [ 1307.298368][T19431] kasan_save_free_info+0x46/0x50 [ 1307.298387][T19431] __kasan_slab_free+0x5c/0x80 [ 1307.298400][T19431] kfree+0x1c5/0x6c0 [ 1307.298413][T19431] skb_release_data+0x828/0xa60 [ 1307.298429][T19431] __kfree_skb+0x5d/0x210 [ 1307.298445][T19431] ip6_mc_input+0x8de/0xbd0 [ 1307.298459][T19431] NF_HOOK+0x336/0x3c0 [ 1307.298480][T19431] process_backlog+0x3ce/0xc60 [ 1307.298495][T19431] __napi_poll+0xab/0x550 [ 1307.298508][T19431] net_rx_action+0x696/0xe00 [ 1307.298522][T19431] handle_softirqs+0x1de/0x6d0 [ 1307.298537][T19431] __local_bh_enable_ip+0x170/0x2b0 [ 1307.298553][T19431] __dev_queue_xmit+0x1eaf/0x3900 [ 1307.298572][T19431] ip6_output+0x340/0x550 [ 1307.298588][T19431] NF_HOOK+0x177/0x4f0 [ 1307.298606][T19431] mld_sendpack+0x8b4/0xe40 [ 1307.298623][T19431] mld_ifc_work+0x835/0xe70 [ 1307.298640][T19431] process_scheduled_works+0xb5d/0x1860 [ 1307.298653][T19431] worker_thread+0xa53/0xfc0 [ 1307.298667][T19431] kthread+0x388/0x470 [ 1307.298684][T19431] ret_from_fork+0x514/0xb70 [ 1307.298700][T19431] ret_from_fork_asm+0x1a/0x30 [ 1307.298716][T19431] [ 1307.298720][T19431] The buggy address belongs to the object at ffff88803bfd9000 [ 1307.298720][T19431] which belongs to the cache kmalloc-2k of size 2048 [ 1307.298736][T19431] The buggy address is located 1920 bytes inside of [ 1307.298736][T19431] freed 2048-byte region [ffff88803bfd9000, ffff88803bfd9800) [ 1307.298753][T19431] [ 1307.298758][T19431] The buggy address belongs to the physical page: [ 1307.298767][T19431] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803bfdc000 pfn:0x3bfd8 [ 1307.298791][T19431] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1307.298806][T19431] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 1307.298821][T19431] page_type: f5(slab) [ 1307.298836][T19431] raw: 0080000000000240 ffff88801a011000 ffffea00006bc610 ffffea0000d1ce10 [ 1307.298851][T19431] raw: ffff88803bfdc000 0000000800080003 00000000f5000000 0000000000000000 [ 1307.298866][T19431] head: 0080000000000240 ffff88801a011000 ffffea00006bc610 ffffea0000d1ce10 [ 1307.298879][T19431] head: ffff88803bfdc000 0000000800080003 00000000f5000000 0000000000000000 [ 1307.298894][T19431] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 1307.298907][T19431] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 1307.298916][T19431] page dumped because: kasan: bad access detected [ 1307.298931][T19431] page_owner tracks the page as allocated [ 1307.298939][T19431] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5626, tgid 5626 (syz-executor), ts 94389072713, free_ts 94309308561 [ 1307.298970][T19431] post_alloc_hook+0x231/0x280 [ 1307.298986][T19431] get_page_from_freelist+0x27c8/0x2840 [ 1307.299005][T19431] __alloc_frozen_pages_noprof+0x18d/0x380 [ 1307.299023][T19431] allocate_slab+0x77/0x660 [ 1307.299042][T19431] refill_objects+0x33c/0x3d0 [ 1307.299060][T19431] __pcs_replace_empty_main+0x373/0x720 [ 1307.299080][T19431] __kmalloc_cache_noprof+0x44e/0x690 [ 1307.299095][T19431] rtnl_newlink+0x136/0x1bb0 [ 1307.299111][T19431] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1307.299127][T19431] netlink_rcv_skb+0x232/0x4b0 [ 1307.299144][T19431] netlink_unicast+0x780/0x920 [ 1307.299158][T19431] netlink_sendmsg+0x813/0xb40 [ 1307.299176][T19431] __sys_sendto+0x67f/0x710 [ 1307.299193][T19431] __x64_sys_sendto+0xde/0x100 [ 1307.299209][T19431] do_syscall_64+0x15f/0xf80 [ 1307.299227][T19431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1307.299243][T19431] page last free pid 5626 tgid 5626 stack trace: [ 1307.299254][T19431] __free_frozen_pages+0xfa6/0x10f0 [ 1307.299271][T19431] __slab_free+0x252/0x2a0 [ 1307.299286][T19431] qlist_free_all+0x99/0x100 [ 1307.299301][T19431] kasan_quarantine_reduce+0x148/0x160 [ 1307.299315][T19431] __kasan_slab_alloc+0x22/0x80 [ 1307.299330][T19431] kmem_cache_alloc_node_noprof+0x22a/0x6e0 [ 1307.299346][T19431] __alloc_skb+0x27d/0x7d0 [ 1307.299362][T19431] netlink_sendmsg+0x5d4/0xb40 [ 1307.299380][T19431] __sys_sendto+0x67f/0x710 [ 1307.299395][T19431] __x64_sys_sendto+0xde/0x100 [ 1307.299410][T19431] do_syscall_64+0x15f/0xf80 [ 1307.299426][T19431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1307.299441][T19431] [ 1307.299446][T19431] Memory state around the buggy address: [ 1307.299455][T19431] ffff88803bfd9680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1307.299467][T19431] ffff88803bfd9700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1307.299477][T19431] >ffff88803bfd9780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1307.299486][T19431] ^ [ 1307.299494][T19431] ffff88803bfd9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1307.299505][T19431] ffff88803bfd9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1307.299514][T19431] ================================================================== [ 1307.300299][T19431] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1307.300319][T19431] CPU: 1 UID: 0 PID: 19431 Comm: syz.7.21231 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1307.300345][T19431] Tainted: [L]=SOFTLOCKUP [ 1307.300353][T19431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1307.300364][T19431] Call Trace: [ 1307.300371][T19431] [ 1307.300380][T19431] vpanic+0x56c/0xa60 [ 1307.300405][T19431] ? __pfx_vpanic+0x10/0x10 [ 1307.300430][T19431] panic+0xc5/0xd0 [ 1307.300449][T19431] ? __pfx_panic+0x10/0x10 [ 1307.300470][T19431] ? preempt_schedule_thunk+0x16/0x30 [ 1307.300506][T19431] ? __list_del_entry_valid_or_report+0x92/0x190 [ 1307.300528][T19431] ? preempt_schedule_thunk+0x16/0x30 [ 1307.300553][T19431] ? __list_del_entry_valid_or_report+0x92/0x190 [ 1307.300594][T19431] check_panic_on_warn+0x89/0xb0 [ 1307.300614][T19431] ? __list_del_entry_valid_or_report+0x92/0x190 [ 1307.300637][T19431] end_report+0x73/0x170 [ 1307.300655][T19431] ? __list_del_entry_valid_or_report+0x92/0x190 [ 1307.300681][T19431] kasan_report+0x128/0x150 [ 1307.300718][T19431] ? __list_del_entry_valid_or_report+0x92/0x190 [ 1307.300745][T19431] __list_del_entry_valid_or_report+0x92/0x190 [ 1307.300770][T19431] bt_accept_unlink+0x39/0x260 [ 1307.300799][T19431] l2cap_sock_teardown_cb+0x17e/0x490 [ 1307.300820][T19431] l2cap_chan_del+0xb5/0x610 [ 1307.300838][T19431] ? l2cap_conn_del+0x331/0x570 [ 1307.300855][T19431] l2cap_conn_del+0x33d/0x570 [ 1307.300874][T19431] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 1307.300891][T19431] hci_conn_hash_flush+0x10d/0x260 [ 1307.300917][T19431] hci_dev_close_sync+0x821/0x10e0 [ 1307.300945][T19431] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 1307.300968][T19431] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1307.300990][T19431] ? hci_unregister_dev+0x212/0x5a0 [ 1307.301013][T19431] hci_unregister_dev+0x21a/0x5a0 [ 1307.301035][T19431] vhci_release+0x155/0x1b0 [ 1307.301060][T19431] ? __pfx_vhci_release+0x10/0x10 [ 1307.301083][T19431] __fput+0x461/0xa70 [ 1307.301113][T19431] task_work_run+0x1d9/0x270 [ 1307.301137][T19431] ? __pfx_task_work_run+0x10/0x10 [ 1307.301160][T19431] ? do_exit+0x70a/0x22c0 [ 1307.301181][T19431] ? kmem_cache_free+0x187/0x6c0 [ 1307.301205][T19431] ? put_net+0x191/0x260 [ 1307.301222][T19431] ? do_exit+0x70a/0x22c0 [ 1307.301245][T19431] do_exit+0x70f/0x22c0 [ 1307.301268][T19431] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1307.301290][T19431] ? __pfx_do_exit+0x10/0x10 [ 1307.301309][T19431] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 1307.301325][T19431] ? reacquire_held_locks+0x104/0x190 [ 1307.301349][T19431] ? rt_spin_lock+0x1e0/0x400 [ 1307.301371][T19431] do_group_exit+0x21b/0x2d0 [ 1307.301393][T19431] ? rt_spin_unlock+0x160/0x200 [ 1307.301411][T19431] get_signal+0x125c/0x1310 [ 1307.301440][T19431] arch_do_signal_or_restart+0xbc/0x830 [ 1307.301466][T19431] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 1307.301487][T19431] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1307.301513][T19431] ? __se_sys_clock_nanosleep+0x35b/0x3b0 [ 1307.301535][T19431] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1307.301552][T19431] exit_to_user_mode_loop+0x86/0x480 [ 1307.301572][T19431] ? rcu_is_watching+0x15/0xb0 [ 1307.301594][T19431] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1307.301612][T19431] do_syscall_64+0x33e/0xf80 [ 1307.301630][T19431] ? trace_irq_disable+0x3b/0x140 [ 1307.301649][T19431] ? clear_bhb_loop+0x40/0x90 [ 1307.301667][T19431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1307.301684][T19431] RIP: 0033:0x7f167f87d60e [ 1307.301699][T19431] Code: Unable to access opcode bytes at 0x7f167f87d5e4. [ 1307.301709][T19431] RSP: 002b:00007f167db0df58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 1307.301728][T19431] RAX: fffffffffffffdfc RBX: 00007f167db0e6c0 RCX: 00007f167f87d60e [ 1307.301742][T19431] RDX: 00007f167db0dfb0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1307.301754][T19431] RBP: 00007f167f952d69 R08: 0000000000000000 R09: 0000000000000000 [ 1307.301765][T19431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1307.301782][T19431] R13: 00007f167fb36038 R14: 00007f167fb35fa0 R15: 00007ffca80504c8 [ 1307.301803][T19431] [ 1307.302345][T19431] Kernel Offset: disabled