last executing test programs: 25.880844515s ago: executing program 3 (id=15390): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1c) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000040)={0x0, 0x8, 0x5c}) 25.540586071s ago: executing program 3 (id=15397): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x985}], @NL80211_ATTR_BSS_BASIC_RATES={0x5, 0x24, [{0x16}]}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x38}}, 0x40840) 25.187717224s ago: executing program 3 (id=15403): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) ppoll(&(0x7f0000000000)=[{r1}], 0x1, 0x0, 0x0, 0x0) close(r0) 24.090076006s ago: executing program 3 (id=15414): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000007d00000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4) sendmsg$nl_netfilter(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="14000000000601"], 0x2a}}, 0x0) 23.744855971s ago: executing program 3 (id=15418): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000009c0)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_ACK_FILTER={0x8}, @TCA_CAKE_INGRESS={0x8}]}}]}, 0x44}}, 0x0) 23.216745451s ago: executing program 3 (id=15421): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_io_uring_setup(0x24f5, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)) io_uring_enter(r0, 0x0, 0x400000, 0x1, 0x0, 0x0) io_uring_enter(r0, 0x52e, 0x0, 0x0, 0x0, 0x0) 2.55496354s ago: executing program 4 (id=15645): setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040), 0x10) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc) syz_clone(0x1108, 0x0, 0x0, 0x0, 0x0, 0x0) 2.174336851s ago: executing program 1 (id=15649): r0 = fsopen(&(0x7f0000000580)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x11) openat(r1, &(0x7f0000000540)='./bus/file0\x00', 0x40, 0x0) 2.130386592s ago: executing program 4 (id=15650): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x11}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={0x0, 0x4e, &(0x7f0000001840)=[{&(0x7f0000000580)="6700000011008188040f56ecdb4cb9cca7480ef434000000e3bd6efb440009000e000a0010000000ba80010000005a8c3774fa0af3dc59a933c1e7a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e90f09cdc2649f", 0x67}], 0x246}, 0x0) 1.921464307s ago: executing program 1 (id=15652): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r0 = syz_open_dev$loop(&(0x7f0000000380), 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, "4874ef0904271a78949178fd825b775b5e55210c4037a557f88c97b6097ea4e9fdd1d167064e969100ff97aa6b42687995845c8c3ce42e76d6db19d5f4f5f283", "eba9d749fdc2dedff9641c2773c54efce1fa87820dae06070446988b8770438b12e6b80c265fdce83841f0f230d1f4fe7b5ba021316c17fb5112d7d0f278e48a", "c41751ca16a23f839af552fb8500010000000000003203a6c188ec22bd7c4549"}}) 1.877200569s ago: executing program 2 (id=15653): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$kcm(0x2, 0x0, 0x2) r0 = socket(0x15, 0x5, 0x0) getsockopt$nfc_llcp(r0, 0x114, 0x2721, 0x0, 0x20000000) 1.687753873s ago: executing program 4 (id=15655): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000000c0)=0x1) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffd, 0x0, "9e000000f7ffffff000100"}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x400, 0x0, 0x0, 0x0, 0x0, "4415264a88b82c522013fb235902af2556c6b6"}) 1.686966285s ago: executing program 1 (id=15656): r0 = openat$random(0xffffffffffffff9c, &(0x7f0000002c00), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) readv(r0, &(0x7f0000005200)=[{&(0x7f0000002f40)=""/4096, 0x1000}, {&(0x7f0000003f40)=""/4096, 0x1000}], 0x2) 1.462233667s ago: executing program 2 (id=15658): r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040), &(0x7f0000000080)) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) 1.392972526s ago: executing program 4 (id=15659): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x2e) 1.366401749s ago: executing program 1 (id=15660): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001e40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000002400048020000180080001"], 0x78}}, 0x0) writev(r0, &(0x7f0000000040), 0x2) 1.309921473s ago: executing program 0 (id=15661): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000040)=0x4083, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r0, &(0x7f0000000140)="eb", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) 1.185932173s ago: executing program 2 (id=15662): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x123}, 0x10, 0x0) landlock_restrict_self(r1, 0x0) linkat(r0, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1400) 1.185607919s ago: executing program 4 (id=15663): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0xe39, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000040)=0x92c, 0x4) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.12911955s ago: executing program 2 (id=15664): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x48, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16fd}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x30}]]}, 0x48}}, 0x0) 1.061224794s ago: executing program 0 (id=15665): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="b4b4d6788fe75ef892da03", 0xb}], 0x1}}], 0x1, 0x0) 866.304388ms ago: executing program 0 (id=15666): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030033000b63d25a80648c2594f91224fc60100c214002000003050582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 842.205148ms ago: executing program 2 (id=15667): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)) r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xa) setresgid(0x0, 0xffffffffffffffff, r1) 635.590714ms ago: executing program 2 (id=15668): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect$hid(0xa72e9a0a0d949c1c, 0x36, &(0x7f0000000340)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x4004550d, 0x0) 421.679308ms ago: executing program 0 (id=15669): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x231, &(0x7f0000000380)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 324.048648ms ago: executing program 1 (id=15670): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0x6}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x48}}, 0x0) 183.068197ms ago: executing program 0 (id=15671): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x14, r2, 0x1, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) 107.647659ms ago: executing program 4 (id=15672): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x804, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f00000000c0), 0x4) 6.819068ms ago: executing program 0 (id=15673): mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0xc1c0, 0x0) r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000800)='./file3\x00', 0xffffffffffffff9c, &(0x7f0000000840)='./file7\x00', 0x0) 0s ago: executing program 1 (id=15674): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fchmod(r0, 0x0) kernel console output (not intermixed with test programs): in process `syz.4.13856'. [ 974.650482][ T29] audit: type=1400 audit(2000000416.803:3965): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=2602 comm="syz.4.13862" daddr=fe80:: [ 974.721064][ T25] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 974.922543][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 974.931057][ T25] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 974.941704][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 974.986151][ T25] usb 3-1: config 0 descriptor?? [ 975.079890][ T2615] veth1_macvtap: left promiscuous mode [ 975.100894][ T2615] macsec0: entered allmulticast mode [ 975.124566][ T2615] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 975.200637][T22882] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 975.424993][T22882] usb 2-1: Using ep0 maxpacket: 8 [ 975.432278][T22882] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 975.446803][T22882] usb 2-1: New USB device found, idVendor=13d3, idProduct=3340, bcdDevice=ab.0b [ 975.466169][T22882] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 975.482166][T22882] usb 2-1: config 0 descriptor?? [ 975.493057][T22882] r8712u: register rtl8712_netdev_ops to netdev_ops [ 975.503176][T22882] usb 2-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 975.904481][ T25] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 975.922961][T22882] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 975.948791][ T25] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 975.959858][T22882] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 975.967363][T22882] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 976.026579][ T25] asix 3-1:0.0: probe with driver asix failed with error -71 [ 976.045228][ T25] usb 3-1: USB disconnect, device number 44 [ 976.168085][ T8] usb 2-1: USB disconnect, device number 20 [ 976.890708][ T2650] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:00, vlan:0) [ 977.319008][ T2667] netlink: 'syz.4.13890': attribute type 1 has an invalid length. [ 977.371377][ T2667] netlink: 9360 bytes leftover after parsing attributes in process `syz.4.13890'. [ 977.426441][ T2667] netlink: 22 bytes leftover after parsing attributes in process `syz.4.13890'. [ 978.375706][ T25] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 978.579256][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 978.587553][ T25] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 978.607256][ T25] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 978.635110][ T25] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 978.664362][ T25] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 978.696507][ T25] usb 2-1: config 0 interface 0 has no altsetting 0 [ 978.716936][ T25] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 978.734688][ T25] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 978.755471][ T25] usb 2-1: Product: syz [ 978.765702][ T25] usb 2-1: Manufacturer: syz [ 978.770467][ T25] usb 2-1: SerialNumber: syz [ 978.783086][ T25] usb 2-1: config 0 descriptor?? [ 978.795432][ T25] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 978.817098][ T25] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 979.052706][ T25] usb 2-1: USB disconnect, device number 21 [ 979.062497][ T25] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 979.085611][ T29] audit: type=1400 audit(2000000420.956:3966): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=2722 comm="syz.4.13917" daddr=fe80::bb [ 979.903162][ T29] audit: type=1400 audit(2000000421.714:3967): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=2736 comm="syz.4.13924" daddr=fe80::1c dest=16385 [ 980.416783][ T2754] netlink: 'syz.1.13930': attribute type 10 has an invalid length. [ 980.480437][ T2754] team0: Port device netdevsim0 added [ 980.554492][ T2759] netlink: 'syz.1.13930': attribute type 10 has an invalid length. [ 980.678625][ T2759] team0: Port device netdevsim0 removed [ 980.704888][ T2759] : (slave netdevsim0): Enslaving as an active interface with an up link [ 980.991547][ T2773] netlink: 372 bytes leftover after parsing attributes in process `syz.4.13938'. [ 981.808027][T22882] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 982.000470][T22882] usb 5-1: Using ep0 maxpacket: 8 [ 982.012024][T22882] usb 5-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=14.ec [ 982.032541][T22882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 982.065730][T22882] usb 5-1: config 0 descriptor?? [ 982.086665][T22882] ttusb_dec_send_command: command bulk message failed: error -22 [ 982.095531][T22882] ttusb-dec 5-1:0.0: probe with driver ttusb-dec failed with error -22 [ 982.166642][ T2800] netlink: 40 bytes leftover after parsing attributes in process `syz.2.13952'. [ 982.317672][ T25] usb 5-1: USB disconnect, device number 60 [ 982.598362][ T5362] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 982.621846][ T2815] sp0: Synchronizing with TNC [ 982.797545][ T5362] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 982.820386][ T5362] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 982.842633][ T5362] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 982.853146][ T5362] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 982.864841][ T5362] usb 3-1: SerialNumber: syz [ 982.870645][ T29] audit: type=1400 audit(2000000424.492:3968): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=2821 comm="syz.1.13961" daddr=2001::1 [ 983.120188][ T5362] usb 3-1: 0:2 : does not exist [ 983.175588][ T5362] usb 3-1: USB disconnect, device number 45 [ 983.486475][ T2841] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.13969'. [ 983.815130][ T29] audit: type=1400 audit(2000000425.362:3969): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=2851 comm="syz.4.13974" daddr=2001::1 [ 984.390973][ T29] audit: type=1400 audit(2000000425.914:3970): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=2871 comm="syz.3.13980" dest=20001 [ 985.624406][ T25] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 985.718690][ T54] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 985.739145][ T54] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 985.750309][ T54] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 985.761043][ T54] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 985.769905][ T54] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 985.779438][ T54] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 985.840098][ T25] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 985.850020][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 985.871317][ T25] usb 5-1: config 0 descriptor?? [ 985.879157][ T25] cp210x 5-1:0.0: cp210x converter detected [ 985.931729][ T2908] lo speed is unknown, defaulting to 1000 [ 985.964808][ T2908] lo speed is unknown, defaulting to 1000 [ 986.044664][ T29] audit: type=1400 audit(2000000427.467:3971): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=2916 comm="syz.3.14002" daddr=::ffff:0.0.0.0 [ 986.113926][ T29] audit: type=1400 audit(2000000427.467:3972): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=2916 comm="syz.3.14002" dest=20001 [ 986.341706][ T2922] netem: incorrect ge model size [ 986.534379][ T25] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 986.542154][ T25] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 986.575668][ T25] usb 5-1: cp210x converter now attached to ttyUSB0 [ 986.610401][ T25] usb 5-1: USB disconnect, device number 61 [ 986.636747][ T25] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 986.691737][ T25] cp210x 5-1:0.0: device disconnected [ 987.062742][ T2908] chnl_net:caif_netlink_parms(): no params data found [ 987.475134][ T2908] bridge0: port 1(bridge_slave_0) entered blocking state [ 987.497840][ T2908] bridge0: port 1(bridge_slave_0) entered disabled state [ 987.512999][ T2908] bridge_slave_0: entered allmulticast mode [ 987.531847][ T2954] delete_channel: no stack [ 987.547278][ T2908] bridge_slave_0: entered promiscuous mode [ 987.560578][ T2953] delete_channel: no stack [ 987.573110][ T2908] bridge0: port 2(bridge_slave_1) entered blocking state [ 987.599905][ T2908] bridge0: port 2(bridge_slave_1) entered disabled state [ 987.625680][ T2908] bridge_slave_1: entered allmulticast mode [ 987.657345][ T2908] bridge_slave_1: entered promiscuous mode [ 987.817184][ T2908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 987.866071][ T2908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 987.962836][ T2971] netlink: 1024 bytes leftover after parsing attributes in process `syz.2.14022'. [ 987.976198][ T5243] Bluetooth: hci7: command tx timeout [ 987.985967][ T29] audit: type=1400 audit(2000000429.272:3973): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=2968 comm="syz.3.14024" daddr=fe80:: [ 988.015759][ T2971] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 988.207268][ T2908] team0: Port device team_slave_0 added [ 988.277907][ T2908] team0: Port device team_slave_1 added [ 988.603438][ T2990] netlink: 'syz.3.14032': attribute type 12 has an invalid length. [ 988.638093][ T2990] netlink: 'syz.3.14032': attribute type 11 has an invalid length. [ 988.673609][ T2990] netlink: 190580 bytes leftover after parsing attributes in process `syz.3.14032'. [ 989.012815][ T25] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 989.038648][ T2985] netlink: 28 bytes leftover after parsing attributes in process `syz.2.14031'. [ 989.075366][ T2985] netlink: 28 bytes leftover after parsing attributes in process `syz.2.14031'. [ 989.121800][ T2908] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 989.128897][ T2908] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 989.171866][ T2908] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 989.206584][ T2908] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 989.213611][ T2908] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 989.216551][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 989.301522][ T2908] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 989.304571][ T25] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 989.333566][ T25] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 989.353493][ T25] usb 2-1: config 1 has no interface number 1 [ 989.372805][ T25] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 989.387805][ T3000] VFS: could not find a valid V7 on nullb0. [ 989.401784][ T25] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 989.429923][ T3000] VFS: unable to find oldfs superblock on device nullb0 [ 989.447804][ T25] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 989.473138][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 989.481192][ T25] usb 2-1: Product: syz [ 989.487550][ T2908] hsr_slave_0: entered promiscuous mode [ 989.509033][ T25] usb 2-1: Manufacturer: syz [ 989.517012][ T25] usb 2-1: SerialNumber: syz [ 989.536492][ T2908] hsr_slave_1: entered promiscuous mode [ 989.553147][ T2908] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 989.579556][ T2908] Cannot create hsr debugfs directory [ 989.786368][ T25] usb 2-1: 2:1 : invalid channels 0 [ 989.837398][ T25] usb 2-1: USB disconnect, device number 22 [ 989.861051][ T5279] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 990.017997][ T2908] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 990.088726][ T5279] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 990.098243][ T5279] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 990.121339][ T5279] usb 3-1: config 0 descriptor?? [ 990.200614][ T5243] Bluetooth: hci7: command tx timeout [ 990.214762][ T2908] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 990.396231][ T2908] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 990.634189][ T5279] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 990.644166][ T2908] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 990.655766][ T5279] [drm] Initialized udl on minor 2 [ 990.738715][ T29] audit: type=1400 audit(2000000431.854:3974): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=3027 comm="syz.3.14048" daddr=fe80::bb dest=20004 [ 990.829770][ T5279] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 990.851763][ T5279] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 990.855311][ T8] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 990.893911][ T5279] usb 3-1: USB disconnect, device number 46 [ 990.900158][ T8] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 990.926398][ T8] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 990.951044][ T3031] option changes via remount are deprecated (pid=3029 comm=syz.1.14051) [ 991.167670][ T2908] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 991.205291][ T2908] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 991.233738][ T2908] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 991.292262][ T2908] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 991.564393][ T2908] 8021q: adding VLAN 0 to HW filter on device bond0 [ 991.680856][ T2908] 8021q: adding VLAN 0 to HW filter on device team0 [ 991.718593][ T3047] netlink: 64 bytes leftover after parsing attributes in process `syz.2.14059'. [ 991.762084][T12413] bridge0: port 1(bridge_slave_0) entered blocking state [ 991.769290][T12413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 991.826773][T12413] bridge0: port 2(bridge_slave_1) entered blocking state [ 991.833965][T12413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 992.012986][ T3052] netlink: 'syz.2.14061': attribute type 21 has an invalid length. [ 992.050145][ T3052] netlink: 'syz.2.14061': attribute type 1 has an invalid length. [ 992.423253][ T5243] Bluetooth: hci7: command tx timeout [ 992.451853][ T29] audit: type=1400 audit(2000000433.453:3975): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=3060 comm="syz.2.14064" dest=20003 [ 992.505523][ T29] audit: type=1400 audit(2000000433.453:3976): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=3060 comm="syz.2.14064" daddr=fe80:: dest=5 [ 992.668336][ T2908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 992.834635][ T2908] veth0_vlan: entered promiscuous mode [ 992.907309][ T2908] veth1_vlan: entered promiscuous mode [ 993.032169][ T2908] veth0_macvtap: entered promiscuous mode [ 993.055919][ T3076] netlink: 68 bytes leftover after parsing attributes in process `syz.3.14070'. [ 993.079276][ T2908] veth1_macvtap: entered promiscuous mode [ 993.119988][ T3079] netlink: 20 bytes leftover after parsing attributes in process `syz.2.14072'. [ 993.170877][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.211108][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.227224][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.239654][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.250615][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.268184][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.301791][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.321131][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.342160][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.356323][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.367431][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.380114][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.393591][ T2908] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 993.468478][ T3088] netlink: 48 bytes leftover after parsing attributes in process `syz.3.14075'. [ 993.509497][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.542158][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.587475][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.620503][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.630380][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.669340][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.695362][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.707136][ T29] audit: type=1326 audit(2000000434.623:3977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3098 comm="syz.3.14080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1a417def9 code=0x7ffc0000 [ 993.738904][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.749833][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.761899][ T29] audit: type=1326 audit(2000000434.623:3978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3098 comm="syz.3.14080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1a417def9 code=0x7ffc0000 [ 993.784327][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.804911][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.815554][ T29] audit: type=1326 audit(2000000434.641:3979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3098 comm="syz.3.14080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc1a417def9 code=0x7ffc0000 [ 993.837531][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.856013][ T2908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.867562][ T29] audit: type=1326 audit(2000000434.641:3980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3098 comm="syz.3.14080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1a417def9 code=0x7ffc0000 [ 993.876842][ T2908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.923206][ T29] audit: type=1326 audit(2000000434.641:3981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3098 comm="syz.3.14080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1a417def9 code=0x7ffc0000 [ 993.929573][ T2908] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 993.960484][ T29] audit: type=1326 audit(2000000434.641:3982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3098 comm="syz.3.14080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc1a417def9 code=0x7ffc0000 [ 994.023999][ T2908] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.032263][ T29] audit: type=1326 audit(2000000434.651:3983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3098 comm="syz.3.14080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1a417def9 code=0x7ffc0000 [ 994.047936][ T2908] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.057486][ T29] audit: type=1326 audit(2000000434.651:3984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3098 comm="syz.3.14080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1a4174ea7 code=0x7ffc0000 [ 994.089352][ T2908] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.098311][ T2908] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.408064][ T1125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 994.433686][ T1125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 994.553058][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 994.565316][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 994.649583][ T5243] Bluetooth: hci7: command tx timeout [ 995.550578][ T3147] A link change request failed with some changes committed already. Interface veth0_to_bridge may have been left with an inconsistent configuration, please check. [ 997.101155][ T3210] sch_tbf: burst 4 is lower than device lo mtu (65550) ! [ 997.931535][ T29] kauditd_printk_skb: 44 callbacks suppressed [ 997.931555][ T29] audit: type=1326 audit(2000000438.589:4029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3240 comm="syz.3.14144" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc1a417def9 code=0x0 [ 998.625506][ T5362] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 998.857956][ T5362] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 998.880116][ T5362] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 998.903752][ T5362] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 998.934515][ T5362] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 998.942582][ T5362] usb 5-1: SerialNumber: syz [ 998.947479][ T29] audit: type=1400 audit(2000000439.515:4030): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=3262 comm="syz.1.14154" daddr=fc01::1 dest=20000 [ 999.226587][ T5362] usb 5-1: 0:2 : does not exist [ 999.259177][ T5362] usb 5-1: USB disconnect, device number 62 [ 999.342437][ T3274] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.14159'. [ 999.365370][ T3274] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 999.576156][ T29] audit: type=1400 audit(2000000440.123:4031): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=3278 comm="syz.2.14162" dest=20000 netif=wpan0 [ 1000.254597][ T3305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14174'. [ 1000.649998][ T3324] netlink: 'syz.2.14182': attribute type 11 has an invalid length. [ 1001.031125][ T3336] netlink: 'syz.0.14188': attribute type 13 has an invalid length. [ 1001.104018][ T3336] veth0_macvtap: left promiscuous mode [ 1001.124010][ T3336] macvtap0: entered allmulticast mode [ 1001.153740][ T3336] macvtap0: refused to change device tx_queue_len [ 1001.597295][ T29] audit: type=1400 audit(2000000442.003:4032): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=3359 comm="syz.2.14200" daddr=fe80::bb [ 1001.662910][ T29] audit: type=1400 audit(2000000442.031:4033): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=3361 comm="syz.4.14201" dest=20002 netif=wpan0 [ 1001.777007][ T3366] QAT: Device 1 not found [ 1001.921853][ T3373] tap0: tun_chr_ioctl cmd 1074025677 [ 1001.938756][ T3373] tap0: linktype set to 804 [ 1001.972656][ T3379] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 1002.225598][ T3387] netlink: 210620 bytes leftover after parsing attributes in process `syz.4.14212'. [ 1002.255591][ T3387] openvswitch: netlink: ufid size 2296 bytes exceeds the range (1, 16) [ 1002.816612][ T3416] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1003.092551][ T3427] netlink: 68 bytes leftover after parsing attributes in process `syz.1.14232'. [ 1003.924601][ T8] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1004.149198][ T29] audit: type=1400 audit(2000000444.398:4034): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=3466 comm="syz.0.14251" src=512 dest=20000 netif=wpan0 [ 1004.172498][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 1004.182343][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1004.228255][ T8] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 1004.265960][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 1004.283714][ T8] usb 5-1: SerialNumber: syz [ 1004.301455][ T8] usb 5-1: config 0 descriptor?? [ 1004.317921][ T8] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 1004.343117][ T8] usb 5-1: Failed to create links for entity 255 [ 1004.361665][ T8] usb 5-1: Failed to register entities (-22). [ 1004.646070][T26157] usb 5-1: USB disconnect, device number 63 [ 1005.143617][ T3494] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.14261'. [ 1005.298073][ T3496] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 1006.103489][ T3523] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14275'. [ 1006.134955][ T3523] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14275'. [ 1006.160668][ T3525] netlink: 'syz.0.14276': attribute type 1 has an invalid length. [ 1006.194324][ T3525] netlink: 9328 bytes leftover after parsing attributes in process `syz.0.14276'. [ 1006.215423][ T3525] netlink: 'syz.0.14276': attribute type 1 has an invalid length. [ 1007.466459][ T3565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14294'. [ 1007.487862][ T29] audit: type=1400 audit(2000000447.512:4035): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=3566 comm="syz.0.14295" daddr=fe80::bb [ 1007.765109][ T3576] netlink: 'syz.4.14299': attribute type 14 has an invalid length. [ 1008.020713][T26157] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1008.069596][ T3584] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1008.103990][ T3588] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14305'. [ 1008.129740][ T3588] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14305'. [ 1008.256651][T26157] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1008.293532][T26157] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1008.319915][T26157] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1008.352667][T26157] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1008.392434][T26157] usb 3-1: config 0 descriptor?? [ 1008.587260][ T54] Bluetooth: hci6: command 0x0405 tx timeout [ 1008.929734][ T3606] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14313'. [ 1008.934184][T26157] cp2112 0003:10C4:EA90.00AB: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 1008.989540][ T3606] netlink: 24 bytes leftover after parsing attributes in process `syz.4.14313'. [ 1009.115347][T26157] cp2112 0003:10C4:EA90.00AB: error requesting version [ 1009.165773][T26157] cp2112 0003:10C4:EA90.00AB: probe with driver cp2112 failed with error -71 [ 1009.209756][T26157] usb 3-1: USB disconnect, device number 47 [ 1009.583763][ T3625] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.14320'. [ 1009.915094][ T3634] input: syz1 as /devices/virtual/input/input135 [ 1010.155335][ T3643] vlan0: entered allmulticast mode [ 1010.205134][ T3643] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 1010.348722][ T3643] mac80211_hwsim hwsim6 wlan1: left allmulticast mode [ 1010.365449][ T3656] netlink: 'syz.0.14336': attribute type 1 has an invalid length. [ 1010.699210][ T3664] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1010.725454][ T3664] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1010.751340][ T3664] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1010.789964][ T3664] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1011.045218][ T29] audit: type=1400 audit(2000000450.842:4036): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=3673 comm="syz.1.14343" daddr=fc02:: [ 1011.100735][ T3680] __nla_validate_parse: 1 callbacks suppressed [ 1011.100760][ T3680] netlink: 40 bytes leftover after parsing attributes in process `syz.2.14346'. [ 1011.866839][ T8] kernel write not supported for file /media0 (pid: 8 comm: kworker/0:0) [ 1012.023806][ T3718] Invalid ELF section header overflow [ 1012.116537][T22882] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1012.288905][ T3722] Process accounting resumed [ 1012.318594][T22882] usb 5-1: Using ep0 maxpacket: 16 [ 1012.349581][T22882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1012.401211][T22882] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1012.422306][T22882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1012.446668][T22882] usb 5-1: Product: syz [ 1012.450905][T22882] usb 5-1: Manufacturer: syz [ 1012.477706][T22882] usb 5-1: SerialNumber: syz [ 1012.491296][T22882] usb 5-1: config 0 descriptor?? [ 1012.511961][T22882] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 1012.545300][T22882] usb 5-1: Detected FT232R [ 1012.767588][T22882] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1012.868090][ T3747] netlink: 48 bytes leftover after parsing attributes in process `syz.0.14378'. [ 1013.029261][T22882] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1013.280466][ T25] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1013.292551][ T8] usb 5-1: USB disconnect, device number 64 [ 1013.325870][ T8] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1013.342709][ T8] ftdi_sio 5-1:0.0: device disconnected [ 1013.474914][ T25] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1013.489498][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1013.516604][ T25] usb 2-1: config 0 descriptor?? [ 1013.526871][ T29] audit: type=1400 audit(2000000000.916:4037): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=3767 comm="syz.0.14388" daddr=255.255.255.255 netif=wpan0 [ 1013.559678][ T25] cp210x 2-1:0.0: cp210x converter detected [ 1013.941951][ T3778] netlink: 60 bytes leftover after parsing attributes in process `syz.0.14393'. [ 1014.179532][ T29] audit: type=1400 audit(2000000001.534:4038): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=3784 comm="syz.0.14397" dest=20000 netif=wpan0 [ 1014.219544][ T25] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 1014.246280][ T25] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 1014.265964][ T25] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1014.278470][ T25] usb 2-1: USB disconnect, device number 23 [ 1014.307340][ T25] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1014.339318][ T25] cp210x 2-1:0.0: device disconnected [ 1014.703503][ T3797] tap0: tun_chr_ioctl cmd 1074812118 [ 1015.156375][ T3820] team0: entered promiscuous mode [ 1015.170238][ T3820] team_slave_0: entered promiscuous mode [ 1015.194279][ T3820] team_slave_1: entered promiscuous mode [ 1015.226358][ T3820] team0: left promiscuous mode [ 1015.231196][ T3820] team_slave_0: left promiscuous mode [ 1015.259011][ T3820] team_slave_1: left promiscuous mode [ 1015.288250][ T3826] netlink: 104 bytes leftover after parsing attributes in process `syz.2.14414'. [ 1015.579666][ T3838] program syz.1.14419 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1016.000345][ T3853] netlink: 'syz.2.14426': attribute type 10 has an invalid length. [ 1016.060606][ T29] audit: type=1400 audit(2000000003.283:4039): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=3860 comm="syz.0.14430" daddr=ff01::1 [ 1016.100645][ T3853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1016.123747][ T3853] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1016.241778][ T25] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1016.435563][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 1016.448195][ T25] usb 2-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76 [ 1016.485755][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1016.509660][ T25] usb 2-1: Product: syz [ 1016.513889][ T25] usb 2-1: Manufacturer: syz [ 1016.529421][ T25] usb 2-1: SerialNumber: syz [ 1016.544124][ T25] usb 2-1: config 0 descriptor?? [ 1016.553458][ T25] gspca_main: ALi m5602-2.14.0 probing 0402:5602 [ 1017.019952][ T25] gspca_m5602: Failed to find a sensor [ 1017.043547][ T25] ALi m5602 2-1:0.0: ALi m5602 webcam failed [ 1017.066098][ T25] usb 2-1: USB disconnect, device number 24 [ 1017.143718][ T29] audit: type=1400 audit(2000000004.302:4040): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=3893 comm="syz.0.14446" daddr=::ffff:100.1.1.0 [ 1017.393517][ T29] audit: type=1400 audit(2000000004.536:4041): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=3902 comm="syz.2.14449" daddr=ff02::1 dest=20004 [ 1017.655299][ T3909] netlink: 16 bytes leftover after parsing attributes in process `syz.0.14453'. [ 1017.945789][ T3923] openvswitch: netlink: Message has 4 unknown bytes. [ 1018.507882][ T3944] netlink: 9 bytes leftover after parsing attributes in process `syz.4.14470'. [ 1018.531543][ T3944] netlink: 56 bytes leftover after parsing attributes in process `syz.4.14470'. [ 1018.564147][ T3944] netlink: 9 bytes leftover after parsing attributes in process `syz.4.14470'. [ 1018.658533][ T3946] netlink: 'syz.3.14469': attribute type 1 has an invalid length. [ 1018.694334][ T3946] netlink: 9372 bytes leftover after parsing attributes in process `syz.3.14469'. [ 1018.743505][ T3946] netlink: 'syz.3.14469': attribute type 1 has an invalid length. [ 1020.176343][ T25] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1020.392839][ T25] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1020.425601][ T25] usb 3-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00 [ 1020.460781][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1020.547948][ T25] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 1020.664273][ T29] audit: type=1400 audit(2000000007.595:4042): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4001 comm="syz.3.14496" daddr=::ffff:172.20.20.187 [ 1020.793858][ T25] usb 3-1: USB disconnect, device number 48 [ 1020.882050][ T29] audit: type=1400 audit(2000000007.791:4043): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4006 comm="syz.3.14497" daddr=::ffff:0.0.0.0 [ 1020.930761][ T29] audit: type=1400 audit(2000000007.829:4044): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4006 comm="syz.3.14497" dest=20001 [ 1021.367120][ T29] audit: type=1400 audit(2000000008.259:4045): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4012 comm="syz.3.14500" daddr=::ffff:172.20.20.32 dest=65532 [ 1022.673992][ T4059] IPVS: persistence engine module ip_vs_pe_@ not found [ 1022.718177][ T4067] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1022.795913][ T4067] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 1022.805402][ T4067] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1022.825979][ T4067] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 1023.485231][ T29] audit: type=1400 audit(2000000010.233:4046): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4089 comm="syz.2.14534" daddr=fe80::1c dest=16385 [ 1023.872781][ T29] audit: type=1326 audit(2000000010.598:4047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4104 comm="syz.0.14540" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efdead7def9 code=0x0 [ 1024.003276][ T4110] netlink: 'syz.4.14542': attribute type 10 has an invalid length. [ 1024.025845][ T4110] netlink: 152 bytes leftover after parsing attributes in process `syz.4.14542'. [ 1024.884923][ T29] audit: type=1400 audit(2000000011.542:4048): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4132 comm="syz.0.14552" daddr=fe80:: [ 1026.180992][ T29] audit: type=1400 audit(2000000012.758:4049): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4178 comm="syz.4.14574" daddr=ff02::1 [ 1026.187380][ T4183] sp0: Synchronizing with TNC [ 1026.227381][ T4177] netlink: 20 bytes leftover after parsing attributes in process `syz.3.14573'. [ 1026.507848][ T29] audit: type=1400 audit(2000000013.067:4050): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4187 comm="syz.2.14578" daddr=fe80::aa [ 1026.738274][ T4198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14583'. [ 1027.157355][ T29] audit: type=1400 audit(2000000013.666:4051): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=4212 comm="syz.4.14589" saddr=::ffff:224.0.0.1 daddr=fe80::aa dest=20002 netif=wpan0 [ 1027.173685][ T4215] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1027.360591][ T4220] netlink: 60 bytes leftover after parsing attributes in process `syz.3.14591'. [ 1027.585129][ T5321] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1027.789444][ T5321] usb 2-1: Using ep0 maxpacket: 32 [ 1027.796957][ T5321] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1027.819835][ T5321] usb 2-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 1027.851633][ T5321] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1027.865098][ T5321] usb 2-1: config 0 descriptor?? [ 1027.872532][ T5321] usb 2-1: bad CDC descriptors [ 1027.916284][ T4236] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1028.091911][ T5362] usb 2-1: USB disconnect, device number 25 [ 1028.539894][ T29] audit: type=1400 audit(2000000014.966:4052): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4246 comm="syz.4.14604" daddr=::ffff:172.20.20.187 [ 1028.892774][ T4264] netlink: 2060 bytes leftover after parsing attributes in process `syz.3.14610'. [ 1028.911028][ T4264] netlink: 'syz.3.14610': attribute type 1 has an invalid length. [ 1028.919116][ T4264] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.14610'. [ 1028.996070][ T4270] netlink: 'syz.2.14614': attribute type 4 has an invalid length. [ 1029.219264][ T4279] netlink: 32 bytes leftover after parsing attributes in process `syz.2.14618'. [ 1029.249282][ T29] audit: type=1400 audit(2000000015.621:4053): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=4276 comm="syz.3.14617" dest=20002 netif=wpan0 [ 1029.265201][ T4279] netlink: 32 bytes leftover after parsing attributes in process `syz.2.14618'. [ 1029.359278][ T4279] netlink: 32 bytes leftover after parsing attributes in process `syz.2.14618'. [ 1029.421300][ T4284] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14620'. [ 1029.788749][ T4300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1029.829949][ T4300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.861711][ T4300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1029.894022][ T4300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.906278][ T4300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1029.959860][ T4300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.979381][ T4300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1030.000553][ T4300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.020184][ T4300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1030.041429][ T4300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.066421][ T4300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1030.089586][ T4300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.107194][ T4310] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) ! [ 1030.292558][ T29] audit: type=1326 audit(2000000016.603:4054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4315 comm="syz.2.14634" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f594a57def9 code=0x0 [ 1030.587769][ T4333] netlink: 'syz.4.14642': attribute type 6 has an invalid length. [ 1031.165263][ T4356] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14653'. [ 1031.832659][ T4387] netlink: 88 bytes leftover after parsing attributes in process `syz.4.14666'. [ 1031.863106][ T4387] netem: invalid attributes len -24 [ 1031.872936][ T4387] netem: change failed [ 1031.878141][ T4389] netlink: 12 bytes leftover after parsing attributes in process `syz.0.14667'. [ 1031.936334][ T5321] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1032.130164][ T5321] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1032.146658][ T5321] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1032.175325][ T5321] usb 3-1: config 1 has no interface number 0 [ 1032.199432][ T5321] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1032.244894][ T5321] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 1032.273294][ T5321] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1032.294006][ T5321] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1032.323512][ T5321] usb 3-1: Product: syz [ 1032.339843][ T5321] usb 3-1: Manufacturer: syz [ 1032.349435][ T5321] usb 3-1: SerialNumber: syz [ 1032.684183][ T29] audit: type=1400 audit(2000000018.848:4055): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4415 comm="syz.1.14678" daddr=2001::1 [ 1033.272974][ T5321] cdc_ncm 3-1:1.1: bind() failure [ 1033.299658][ T5321] usb 3-1: USB disconnect, device number 49 [ 1033.499436][ T8] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1033.721141][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 1033.741412][ T8] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1033.762276][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1033.779407][ T8] usb 5-1: Product: syz [ 1033.785740][ T8] usb 5-1: Manufacturer: syz [ 1033.790389][ T8] usb 5-1: SerialNumber: syz [ 1033.821304][ T8] usb 5-1: config 0 descriptor?? [ 1034.063410][ T8] usb 5-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 1034.619172][ T5279] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 1034.712093][ T8] usb write operation failed. (-71) [ 1034.730281][ T8] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1034.749950][ T8] dvbdev: DVB: registering new adapter (Terratec H7) [ 1034.756830][ T8] usb 5-1: media controller created [ 1034.773822][ T8] usb read operation failed. (-71) [ 1034.785704][ T8] usb write operation failed. (-71) [ 1034.799147][ T8] dvb_usb_az6007 5-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 1034.817119][ T8] usb 5-1: USB disconnect, device number 65 [ 1034.823539][ T5279] usb 4-1: Using ep0 maxpacket: 32 [ 1034.843803][ T5279] usb 4-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1034.878526][ T5279] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1034.905712][ T5279] usb 4-1: config 0 descriptor?? [ 1034.918525][ T5279] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1035.490670][ T29] audit: type=1400 audit(2000000021.467:4056): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4473 comm="syz.2.14703" daddr=fe80::aa [ 1035.842108][ T5279] gspca_sunplus: reg_w_riv err -71 [ 1035.847359][ T5279] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 1035.888016][ T5279] usb 4-1: USB disconnect, device number 52 [ 1036.245324][ T4498] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 1036.264877][ T4498] macvlan2: entered allmulticast mode [ 1036.275400][ T4498] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 1036.341521][ T4498] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 1036.353264][ T4498] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 1036.457772][ T4501] netlink: 12 bytes leftover after parsing attributes in process `syz.4.14716'. [ 1036.487894][ T4501] macsec1: entered promiscuous mode [ 1036.532898][ T4501] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode [ 1036.540231][ T4501] macsec1: entered allmulticast mode [ 1036.581307][ T4501] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode [ 1036.713874][ T4509] netlink: 'syz.0.14721': attribute type 1 has an invalid length. [ 1036.741786][ T4509] netlink: 9352 bytes leftover after parsing attributes in process `syz.0.14721'. [ 1036.763105][ T4509] netlink: 'syz.0.14721': attribute type 1 has an invalid length. [ 1036.780782][ T4509] netlink: 'syz.0.14721': attribute type 2 has an invalid length. [ 1036.864104][ T5362] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1037.056393][ T5321] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1037.069183][ T5362] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1037.088382][ T5362] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1037.113649][ T5362] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1037.131136][ T5362] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1037.142784][ T5362] usb 3-1: SerialNumber: syz [ 1037.250994][ T5321] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 1037.270465][ T5321] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1037.290804][ T5321] usb 2-1: config 0 descriptor?? [ 1037.303347][ T5321] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 1037.387508][ T5362] usb 3-1: 0:2 : does not exist [ 1037.439352][ T5362] usb 3-1: USB disconnect, device number 50 [ 1037.611480][ T4523] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 1038.164781][ T5321] gspca_cpia1: usb_control_msg 02, error -71 [ 1038.191805][ T5321] gspca_cpia1: usb_control_msg 05, error -71 [ 1038.199614][ T5321] gspca_cpia1: usb_control_msg 04, error -71 [ 1038.210389][ T5321] cpia1 2-1:0.0: probe with driver cpia1 failed with error -71 [ 1038.234766][ T5321] usb 2-1: USB disconnect, device number 26 [ 1038.417497][ T4545] netlink: 'syz.2.14736': attribute type 1 has an invalid length. [ 1038.434669][ T4545] netlink: 24 bytes leftover after parsing attributes in process `syz.2.14736'. [ 1038.455420][ T4545] netlink: 68 bytes leftover after parsing attributes in process `syz.2.14736'. [ 1039.064919][ T4561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14742'. [ 1039.223993][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 1039.341163][ T4568] block nbd4: shutting down sockets [ 1040.309816][ T4602] netlink: 'syz.2.14762': attribute type 1 has an invalid length. [ 1040.338510][ T4602] netlink: 'syz.2.14762': attribute type 2 has an invalid length. [ 1040.379951][ T4602] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14762'. [ 1040.384338][ T29] audit: type=1400 audit(2000000026.032:4057): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4603 comm="syz.0.14765" daddr=fc00:: dest=20003 [ 1040.489551][ T29] audit: type=1400 audit(2000000026.144:4058): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4607 comm="syz.3.14763" daddr=fc01:: dest=20002 [ 1040.692544][ T4624] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 1040.699907][ T4624] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1040.725457][ T4624] vhci_hcd vhci_hcd.0: Device attached [ 1040.749518][ T4625] vhci_hcd: connection closed [ 1040.757753][ T11] vhci_hcd: stop threads [ 1040.813620][ T11] vhci_hcd: release socket [ 1040.828171][ T11] vhci_hcd: disconnect device [ 1040.905286][ T5362] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1041.019353][ T29] audit: type=1400 audit(2000000026.640:4059): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4638 comm="syz.2.14775" daddr=fc02:: [ 1041.110090][ T5362] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1041.129783][ T5362] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1041.159706][ T5362] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1041.182229][ T5362] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.80 [ 1041.204522][ T5362] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1041.232503][ T5362] usb 2-1: config 0 descriptor?? [ 1041.649895][ T4660] input: syz0 as /devices/virtual/input/input140 [ 1041.687930][ T5362] acrux 0003:1A34:0802.00AC: item fetching failed at offset 3/5 [ 1041.712658][ T5362] acrux 0003:1A34:0802.00AC: parse failed [ 1041.728268][ T5362] acrux 0003:1A34:0802.00AC: probe with driver acrux failed with error -22 [ 1041.906566][ T5362] usb 2-1: USB disconnect, device number 27 [ 1042.247558][ T4675] loop6: detected capacity change from 0 to 524287999 [ 1042.290724][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1042.300210][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1042.312095][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1042.321384][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1042.332296][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1042.342503][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1042.351755][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1042.362593][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1042.371850][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1042.381316][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1042.390519][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1042.398768][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1042.408118][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1042.417014][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1042.426275][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1042.428200][ T4678] netlink: 144316 bytes leftover after parsing attributes in process `syz.4.14791'. [ 1042.446311][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1042.455546][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1042.463534][ T4675] ldm_validate_partition_table(): Disk read failed. [ 1042.482700][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1042.492005][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1042.500207][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1042.512760][ T4675] Dev loop6: unable to read RDB block 0 [ 1042.562308][ T4675] loop6: unable to read partition table [ 1042.571917][ T4675] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1043.081692][ T4696] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1043.101351][ T4696] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 1043.119494][ T4696] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1043.127362][ T4696] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 1043.236375][ T8] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1043.407074][ T29] audit: type=1400 audit(2000000028.866:4060): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4707 comm="syz.2.14805" daddr=ff01::1 dest=20002 [ 1043.481900][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 1043.492152][ T8] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1043.501245][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1043.546556][ T4715] netlink: 32 bytes leftover after parsing attributes in process `syz.3.14807'. [ 1043.556302][ T8] usb 2-1: Product: syz [ 1043.566151][ T8] usb 2-1: Manufacturer: syz [ 1043.587759][ T8] usb 2-1: SerialNumber: syz [ 1043.606231][ T8] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1043.612753][ T8] r8152-cfgselector 2-1: config 0 descriptor?? [ 1043.650869][ T4719] batadv_slave_1: entered allmulticast mode [ 1043.668709][ T4719] batadv_slave_1: left allmulticast mode [ 1043.706206][ T4719] pim6reg: left allmulticast mode [ 1043.864084][ T8] r8152-cfgselector 2-1: Needed 2 retries to read version [ 1043.882248][ T8] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1043.894491][ T8] r8152-cfgselector 2-1: bad CDC descriptors [ 1044.034862][ T4729] tipc: Enabling of bearer rejected, already enabled [ 1044.130428][T26157] r8152-cfgselector 2-1: USB disconnect, device number 28 [ 1044.183444][ T29] audit: type=1400 audit(2000000029.596:4061): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4734 comm="syz.4.14817" [ 1044.318563][ T8] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 1044.546075][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 1044.563872][ T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 1044.597505][ T8] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 1044.615581][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1044.635196][ T8] usb 3-1: Product: syz [ 1044.646003][ T8] usb 3-1: Manufacturer: syz [ 1044.652303][ T8] usb 3-1: SerialNumber: syz [ 1044.670597][ T8] usb 3-1: config 0 descriptor?? [ 1044.687375][ T4727] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1044.704520][ T8] hub 3-1:0.0: bad descriptor, ignoring hub [ 1044.742600][ T8] hub 3-1:0.0: probe with driver hub failed with error -5 [ 1044.756873][ T8] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input141 [ 1044.929681][ T25] kernel read not supported for file /rfkill (pid: 25 comm: kworker/1:0) [ 1045.077806][ C0] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 1045.106306][ T8] usb 3-1: USB disconnect, device number 51 [ 1045.281040][ T4767] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1045.352140][ T4767] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 1045.399640][ T4767] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1045.453575][ T4767] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 1046.011843][ T4782] netlink: 'syz.4.14840': attribute type 8 has an invalid length. [ 1046.271041][ T4790] netlink: 20 bytes leftover after parsing attributes in process `syz.1.14844'. [ 1046.321492][ T4790] veth1_macvtap: left promiscuous mode [ 1046.355371][ T4790] netlink: 20 bytes leftover after parsing attributes in process `syz.1.14844'. [ 1046.495610][ T4798] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1046.518943][ T4798] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 1046.550588][ T4798] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1046.566650][ T4798] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 1047.299461][ T4827] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1047.456245][ T4831] netlink: 'syz.3.14863': attribute type 11 has an invalid length. [ 1047.695738][ T4839] netlink: 100 bytes leftover after parsing attributes in process `syz.0.14867'. [ 1047.824939][ T4841] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14870'. [ 1048.347501][ T4861] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14877'. [ 1048.381630][ T4861] netlink: 20 bytes leftover after parsing attributes in process `syz.3.14877'. [ 1048.886028][ T4876] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1049.132708][ T4881] netlink: 24 bytes leftover after parsing attributes in process `syz.2.14886'. [ 1049.168947][ T4881] netlink: 24 bytes leftover after parsing attributes in process `syz.2.14886'. [ 1049.344069][ T29] audit: type=1326 audit(2000000034.422:4062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4894 comm="syz.0.14890" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efdead7def9 code=0x0 [ 1049.492946][ T4904] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 1050.475253][ T29] audit: type=1400 audit(2000000035.489:4063): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4940 comm="syz.4.14910" daddr=::ffff:172.20.20.61 dest=20001 [ 1051.114055][ T29] audit: type=1400 audit(2000000036.078:4064): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4955 comm="syz.0.14918" daddr=fe80:: [ 1051.179314][ T54] Bluetooth: hci7: command 0x0405 tx timeout [ 1051.393277][ T29] audit: type=1400 audit(2000000036.349:4065): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=4968 comm="syz.4.14923" daddr=fe80::bb [ 1051.649302][ T5362] usb 3-1: new full-speed USB device number 52 using dummy_hcd [ 1051.843430][ T5362] usb 3-1: config 0 has no interfaces? [ 1051.851470][ T5362] usb 3-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62 [ 1051.873425][ T5362] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1051.881471][ T5362] usb 3-1: Product: syz [ 1051.888448][ T5362] usb 3-1: Manufacturer: syz [ 1051.893131][ T5362] usb 3-1: SerialNumber: syz [ 1051.905188][ T5362] usb 3-1: config 0 descriptor?? [ 1052.149254][ T5321] usb 3-1: USB disconnect, device number 52 [ 1052.263960][ T4981] loop6: detected capacity change from 0 to 524287999 [ 1052.270806][ T4983] program syz.0.14928 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1052.281886][ C0] blk_print_req_error: 8 callbacks suppressed [ 1052.281925][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1052.297194][ C0] buffer_io_error: 7 callbacks suppressed [ 1052.297211][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1052.322825][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1052.332065][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1052.340169][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1052.349460][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1052.362454][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1052.371739][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1052.382975][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1052.401489][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1052.410725][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1052.420901][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1052.430142][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1052.439284][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1052.448518][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1052.457094][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1052.466356][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1052.474299][ T4981] ldm_validate_partition_table(): Disk read failed. [ 1052.503784][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1052.513090][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1052.526062][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1052.534741][ T4981] Dev loop6: unable to read RDB block 0 [ 1052.592583][ T4981] loop6: unable to read partition table [ 1052.598851][ T4981] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1052.954120][ T29] audit: type=1400 audit(2000000037.799:4066): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5000 comm="syz.3.14934" daddr=fe80:: [ 1053.017654][ T29] audit: type=1400 audit(2000000037.818:4067): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5000 comm="syz.3.14934" daddr=fc00:: dest=52769 [ 1053.250367][ T29] audit: type=1400 audit(2000000038.080:4068): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5015 comm="syz.0.14943" daddr=2001::2 [ 1054.448642][ T29] audit: type=1400 audit(2000000039.193:4069): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5055 comm="syz.2.14960" daddr=fe80::bb [ 1055.479280][ T5088] netlink: 'syz.0.14974': attribute type 2 has an invalid length. [ 1055.599115][ T5090] netlink: 104 bytes leftover after parsing attributes in process `syz.0.14975'. [ 1055.863744][ T5100] vcan0: entered allmulticast mode [ 1057.126271][ T29] audit: type=1400 audit(2000000041.700:4070): lsm=SMACK fn=smack_inode_permission action=denied subject="I" object="_" requested=wx pid=5136 comm="syz.0.14998" name="229" dev="tmpfs" ino=1169 [ 1057.219113][ T5362] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1057.274323][ T5243] Bluetooth: hci7: link tx timeout [ 1057.280464][ T5243] Bluetooth: hci7: killing stalled connection 11:aa:aa:aa:aa:aa [ 1057.423124][ T5362] usb 5-1: Using ep0 maxpacket: 32 [ 1057.430332][ T5362] usb 5-1: config 0 has an invalid interface number: 219 but max is 0 [ 1057.440186][ T5362] usb 5-1: config 0 has no interface number 0 [ 1057.453467][ T5362] usb 5-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1057.477064][ T5362] usb 5-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 1057.501125][ T5362] usb 5-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 1057.527332][ T5362] usb 5-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1057.558199][ T5362] usb 5-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023 [ 1057.580054][ T5362] usb 5-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1057.611551][ T5362] usb 5-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 1057.621205][ T5362] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1057.637674][ T5362] usb 5-1: Product: syz [ 1057.645451][ T5362] usb 5-1: Manufacturer: syz [ 1057.654994][ T5362] usb 5-1: SerialNumber: syz [ 1057.671047][ T5362] usb 5-1: config 0 descriptor?? [ 1057.702429][ T5129] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1057.721565][ T5129] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1057.970092][ T5362] etas_es58x 5-1:0.219: Starting syz syz (Serial Number syz) [ 1057.987993][ T5362] etas_es58x 5-1:0.219: could not retrieve the product info string [ 1058.041971][ T5362] usb 5-1: USB disconnect, device number 66 [ 1058.051237][ T5362] etas_es58x 5-1:0.219: Disconnecting syz syz [ 1058.688988][ T2676] bridge0: port 3(syz_tun) entered disabled state [ 1058.824003][T24224] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1058.836830][T24224] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1058.846290][T24224] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1058.854965][T24224] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1058.856678][ T2676] syz_tun (unregistering): left allmulticast mode [ 1058.863068][T24224] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1058.876510][T24224] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1058.916499][ T2676] syz_tun (unregistering): left promiscuous mode [ 1058.956784][ T2676] bridge0: port 3(syz_tun) entered disabled state [ 1059.105183][ T5173] lo speed is unknown, defaulting to 1000 [ 1059.133456][ T5173] lo speed is unknown, defaulting to 1000 [ 1059.477223][T24224] Bluetooth: hci7: command 0x0405 tx timeout [ 1060.031004][ T5173] chnl_net:caif_netlink_parms(): no params data found [ 1060.197054][ T5196] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1060.215919][ T5173] bridge0: port 1(bridge_slave_0) entered blocking state [ 1060.223324][ T5173] bridge0: port 1(bridge_slave_0) entered disabled state [ 1060.231082][ T5173] bridge_slave_0: entered allmulticast mode [ 1060.238948][ T5173] bridge_slave_0: entered promiscuous mode [ 1060.249086][ T5173] bridge0: port 2(bridge_slave_1) entered blocking state [ 1060.256418][ T5173] bridge0: port 2(bridge_slave_1) entered disabled state [ 1060.263833][ T5173] bridge_slave_1: entered allmulticast mode [ 1060.272750][ T5173] bridge_slave_1: entered promiscuous mode [ 1060.373835][ T5173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1060.405471][ T5173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1060.433343][ T5200] Process accounting resumed [ 1060.616001][ T5173] team0: Port device team_slave_0 added [ 1060.638923][ T5173] team0: Port device team_slave_1 added [ 1060.715325][ T5173] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1060.727405][ T5173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1060.777185][ T5173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1060.799012][ T5173] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1060.806217][ T5173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1060.883273][ T5173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1060.910774][ T5214] netlink: 'syz.4.15027': attribute type 1 has an invalid length. [ 1060.929323][ T5214] netlink: 9236 bytes leftover after parsing attributes in process `syz.4.15027'. [ 1060.953425][ T5214] netlink: 'syz.4.15027': attribute type 1 has an invalid length. [ 1060.971617][ T5214] netlink: 'syz.4.15027': attribute type 2 has an invalid length. [ 1061.019792][ T5173] hsr_slave_0: entered promiscuous mode [ 1061.042606][ T5173] hsr_slave_1: entered promiscuous mode [ 1061.057983][ T5173] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1061.076476][ T5173] Cannot create hsr debugfs directory [ 1061.103663][ T5243] Bluetooth: hci4: command tx timeout [ 1061.296730][ T5228] fuse: Bad value for 'user_id' [ 1061.324478][ T5228] fuse: Bad value for 'user_id' [ 1061.451447][ T5230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15034'. [ 1061.745590][ T5173] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.012941][ T5173] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.041134][T22882] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1062.219530][ T5173] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.243396][T22882] usb 4-1: Using ep0 maxpacket: 32 [ 1062.250821][T22882] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 1062.287316][T22882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1062.321287][T22882] usb 4-1: config 0 descriptor?? [ 1062.352864][T22882] gspca_main: sq930x-2.14.0 probing 041e:403c [ 1062.521897][ T5173] : (slave netdevsim0): Releasing backup interface [ 1062.566910][ T5173] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.629005][ T5264] netpci0: tun_chr_ioctl cmd 1074025677 [ 1062.650977][ T5264] netpci0: linktype set to 0 [ 1062.999949][ T5173] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1063.035174][ T5173] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1063.057600][ T29] audit: type=1400 audit(2000000047.247:4071): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5287 comm="syz.0.15053" daddr=fc01:: [ 1063.110718][ T5173] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1063.160501][ T5173] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1063.263028][T22882] gspca_sq930x: reg_w 0105 bf00 failed -71 [ 1063.333973][ T5243] Bluetooth: hci4: command tx timeout [ 1063.342868][T22882] sq930x 4-1:0.0: probe with driver sq930x failed with error -71 [ 1063.367988][T22882] usb 4-1: USB disconnect, device number 53 [ 1063.552818][ T5173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1063.620148][ T5173] 8021q: adding VLAN 0 to HW filter on device team0 [ 1063.642046][ T2536] bridge0: port 1(bridge_slave_0) entered blocking state [ 1063.649283][ T2536] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1063.697041][ T2536] bridge0: port 2(bridge_slave_1) entered blocking state [ 1063.704305][ T2536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1063.868813][ T5321] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1064.071543][ T5321] usb 5-1: Using ep0 maxpacket: 8 [ 1064.098371][ T5321] usb 5-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a [ 1064.114935][ T5321] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1064.123036][ T5321] usb 5-1: Product: syz [ 1064.146404][ T5321] usb 5-1: Manufacturer: syz [ 1064.161957][ T5321] usb 5-1: SerialNumber: syz [ 1064.189832][ T5321] usb 5-1: config 0 descriptor?? [ 1064.202896][ T5321] gspca_main: sn9c2028-2.14.0 probing 0458:7003 [ 1064.244043][ T5173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1064.385851][ T5173] veth0_vlan: entered promiscuous mode [ 1064.421826][ T5173] veth1_vlan: entered promiscuous mode [ 1064.432209][ T5321] gspca_sn9c2028: read1 error -32 [ 1064.478386][ T5321] gspca_sn9c2028: read1 error -32 [ 1064.539697][ T5173] veth0_macvtap: entered promiscuous mode [ 1064.575791][ T5173] veth1_macvtap: entered promiscuous mode [ 1064.648196][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1064.683107][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.723535][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1064.733730][ T5281] usb 5-1: USB disconnect, device number 67 [ 1064.734016][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.764062][ T5307] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1064.783936][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1064.795374][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.827527][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1064.838765][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.851914][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1064.867197][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.883941][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1064.894439][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.920948][ T5173] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1064.952590][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1064.971404][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.991202][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1065.009655][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.024263][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1065.043839][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.065708][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1065.076215][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.097818][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1065.120494][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.140521][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1065.160639][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.181070][ T5173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1065.202883][ T5173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.225868][ T5173] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1065.334327][ T5173] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.343116][ T5173] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.378667][ T5173] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.389839][ T5173] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.556090][ T5243] Bluetooth: hci4: command tx timeout [ 1065.659749][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1065.702743][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1065.737064][ T29] audit: type=1400 audit(2000000049.753:4072): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5313 comm="syz.4.15063" daddr=ff02::1 [ 1065.827146][ T2536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1065.845945][ T2536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1066.546306][ T29] audit: type=1400 audit(2000000050.511:4073): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5335 comm="syz.0.15073" daddr=ff02::1 dest=17954 [ 1067.140236][ T5360] netlink: 'syz.4.15083': attribute type 1 has an invalid length. [ 1067.148215][ T5360] netlink: 'syz.4.15083': attribute type 2 has an invalid length. [ 1067.195960][ T5360] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15083'. [ 1067.234598][ T5363] sch_tbf: peakrate 6 is lower than or equals to rate 705765376 ! [ 1067.643492][ T5375] netlink: 32 bytes leftover after parsing attributes in process `syz.0.15089'. [ 1067.774090][ T5243] Bluetooth: hci4: command tx timeout [ 1068.289728][ T5396] netlink: 104 bytes leftover after parsing attributes in process `syz.3.15098'. [ 1069.826353][ T29] audit: type=1400 audit(2000000053.589:4074): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5424 comm="syz.3.15113" daddr=ff01::1 dest=20002 [ 1070.316944][ T29] audit: type=1400 audit(2000000054.047:4075): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5444 comm="syz.0.15123" [ 1070.508260][ T5281] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 1070.518077][ T5452] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15127'. [ 1070.559482][ T5453] hsr0: Device is already in use. [ 1070.623586][ T29] audit: type=1326 audit(2000000054.328:4076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5454 comm="syz.0.15128" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efdead7def9 code=0x0 [ 1070.730175][ T5281] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1070.747764][ T5281] usb 2-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00 [ 1070.761839][ T5281] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1070.807625][ T5281] usb 2-1: config 0 descriptor?? [ 1070.846220][ T5460] netlink: 'syz.3.15130': attribute type 1 has an invalid length. [ 1070.855248][ T5460] netlink: 9116 bytes leftover after parsing attributes in process `syz.3.15130'. [ 1070.866184][ T5460] netlink: 'syz.3.15130': attribute type 1 has an invalid length. [ 1070.885393][ T5460] netlink: 209 bytes leftover after parsing attributes in process `syz.3.15130'. [ 1071.026642][ T5462] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1071.227398][ T5466] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1071.268588][ T5281] logitech 0003:046D:C626.00AD: unbalanced delimiter at end of report description [ 1071.303816][ T5281] logitech 0003:046D:C626.00AD: parse failed [ 1071.340268][ T5281] logitech 0003:046D:C626.00AD: probe with driver logitech failed with error -22 [ 1071.533343][ T5473] netlink: 28 bytes leftover after parsing attributes in process `syz.4.15137'. [ 1071.588592][ T5321] usb 2-1: USB disconnect, device number 29 [ 1072.317025][ T29] audit: type=1326 audit(2000000055.918:4077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5490 comm="syz.1.15144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17cb17def9 code=0x7ffc0000 [ 1072.376468][ T29] audit: type=1326 audit(2000000055.918:4078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5490 comm="syz.1.15144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17cb17def9 code=0x7ffc0000 [ 1072.424748][ T29] audit: type=1326 audit(2000000055.946:4079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5490 comm="syz.1.15144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f17cb17def9 code=0x7ffc0000 [ 1072.458844][ T29] audit: type=1326 audit(2000000055.946:4080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5490 comm="syz.1.15144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17cb17def9 code=0x7ffc0000 [ 1072.493942][ T29] audit: type=1326 audit(2000000055.946:4081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5490 comm="syz.1.15144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17cb17def9 code=0x7ffc0000 [ 1072.567536][ T29] audit: type=1326 audit(2000000055.946:4082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5490 comm="syz.1.15144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f17cb17def9 code=0x7ffc0000 [ 1072.663833][ T29] audit: type=1326 audit(2000000055.946:4083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5490 comm="syz.1.15144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17cb17def9 code=0x7ffc0000 [ 1074.124811][ T5243] Bluetooth: hci7: unexpected event for opcode 0x1003 [ 1074.356522][ T5520] netlink: 'syz.0.15157': attribute type 9 has an invalid length. [ 1074.411141][ T5520] bond_slave_0: entered promiscuous mode [ 1074.417679][ T5520] bond_slave_1: entered promiscuous mode [ 1074.457710][ T5520] macvlan2: entered promiscuous mode [ 1074.470505][ T5520] bond0: entered promiscuous mode [ 1074.481992][ T5520] macvlan2: entered allmulticast mode [ 1074.493589][ T5520] bond0: entered allmulticast mode [ 1074.504595][ T5520] bond_slave_0: entered allmulticast mode [ 1074.538109][ T5520] bond_slave_1: entered allmulticast mode [ 1074.559249][ T5520] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1074.664050][ T5524] bond0: option mode: unable to set because the bond device has slaves [ 1074.687038][T24224] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1074.700910][T24224] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1074.714971][T24224] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1074.750336][T24224] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1074.768384][T24224] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 1074.776594][T24224] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1075.042904][ T5525] lo speed is unknown, defaulting to 1000 [ 1075.067060][ T5525] lo speed is unknown, defaulting to 1000 [ 1075.258483][ T62] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.374405][ T5533] netlink: 'syz.1.15171': attribute type 2 has an invalid length. [ 1075.410468][ T5533] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 1075.668866][ T62] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.876826][ T62] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1076.067564][ T62] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1076.498488][ T5525] chnl_net:caif_netlink_parms(): no params data found [ 1076.521184][ T5564] program syz.1.15175 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1076.721332][ T62] bridge_slave_1: left allmulticast mode [ 1076.727158][ T62] bridge_slave_1: left promiscuous mode [ 1076.736114][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 1076.782425][ T62] bridge_slave_0: left allmulticast mode [ 1076.791293][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 1077.008369][ T5243] Bluetooth: hci8: command tx timeout [ 1077.663580][ T62] team0: Port device bridge1 removed [ 1077.760124][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1077.773849][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1077.803609][ T62] bond0 (unregistering): (slave team0): Releasing backup interface [ 1077.839994][ T62] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1077.870652][ T62] bond0 (unregistering): Released all slaves [ 1077.908096][ T62] bond1 (unregistering): Released all slaves [ 1078.180354][ T62] tipc: Disabling bearer [ 1078.195137][ T5525] bridge0: port 1(bridge_slave_0) entered blocking state [ 1078.217210][ T62] tipc: Left network mode [ 1078.224547][ T5525] bridge0: port 1(bridge_slave_0) entered disabled state [ 1078.247843][ T5525] bridge_slave_0: entered allmulticast mode [ 1078.269318][ T5525] bridge_slave_0: entered promiscuous mode [ 1078.291648][ T5525] bridge0: port 2(bridge_slave_1) entered blocking state [ 1078.309580][ T5525] bridge0: port 2(bridge_slave_1) entered disabled state [ 1078.330750][ T5525] bridge_slave_1: entered allmulticast mode [ 1078.365617][ T5525] bridge_slave_1: entered promiscuous mode [ 1078.462387][ T5243] Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0 [ 1078.471444][ T5243] Bluetooth: hci7: Injecting HCI hardware error event [ 1078.485705][ T5243] Bluetooth: hci7: hardware error 0x00 [ 1078.519010][ T5589] netlink: 28 bytes leftover after parsing attributes in process `syz.1.15184'. [ 1078.551584][ T5589] netlink: 184 bytes leftover after parsing attributes in process `syz.1.15184'. [ 1078.814587][ T5525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1078.860459][ T5525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1079.166795][T22882] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 1079.231258][T24224] Bluetooth: hci8: command tx timeout [ 1079.391319][T22882] usb 4-1: Using ep0 maxpacket: 8 [ 1079.402113][ T5609] netlink: 20 bytes leftover after parsing attributes in process `syz.1.15193'. [ 1079.451441][ T5609] netlink: 56 bytes leftover after parsing attributes in process `syz.1.15193'. [ 1079.460632][ T5525] team0: Port device team_slave_0 added [ 1079.497853][ T5525] team0: Port device team_slave_1 added [ 1079.544116][ T62] hsr_slave_0: left promiscuous mode [ 1079.551818][ T62] hsr_slave_1: left promiscuous mode [ 1079.557858][T22882] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 1079.575257][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1079.581874][T22882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1079.591976][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1079.616990][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1079.618056][T22882] usb 4-1: Product: syz [ 1079.628978][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1079.651418][T22882] usb 4-1: Manufacturer: syz [ 1079.666936][T22882] usb 4-1: SerialNumber: syz [ 1079.691493][T22882] usb 4-1: config 0 descriptor?? [ 1079.717984][ T62] veth1_macvtap: left promiscuous mode [ 1079.738015][ T62] veth0_macvtap: left promiscuous mode [ 1079.743806][ T62] veth1_vlan: left promiscuous mode [ 1079.777409][ T62] veth0_vlan: left promiscuous mode [ 1079.953088][T22882] dvb_usb_rtl28xxu 4-1:0.0: chip type detection failed -71 [ 1079.974227][T22882] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1080.015332][T22882] usb 4-1: USB disconnect, device number 54 [ 1080.686250][ T5243] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 1081.339700][ T62] team0 (unregistering): Port device team_slave_1 removed [ 1081.455943][ T5243] Bluetooth: hci8: command tx timeout [ 1081.479690][ T62] team0 (unregistering): Port device team_slave_0 removed [ 1082.574740][ T5609] netlink: 20 bytes leftover after parsing attributes in process `syz.1.15193'. [ 1082.701571][ T5525] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1082.716921][ T5525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1082.776325][ T5525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1082.820265][ T5649] netlink: 'syz.0.15209': attribute type 10 has an invalid length. [ 1082.914846][ T5649] team0: Port device wlan1 added [ 1082.936186][ T5647] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1082.952925][ T5525] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1082.959934][ T5525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1083.032110][ T5525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1083.331588][ T5525] hsr_slave_0: entered promiscuous mode [ 1083.358855][ T5525] hsr_slave_1: entered promiscuous mode [ 1083.569532][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 1083.569553][ T29] audit: type=1400 audit(2000000066.422:4087): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5669 comm="syz.3.15219" daddr=2001:: dest=513 [ 1083.628038][ T29] audit: type=1400 audit(2000000066.460:4088): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5670 comm="syz.4.15220" daddr=fc01:: [ 1083.679536][ T5243] Bluetooth: hci8: command tx timeout [ 1083.863639][ T5679] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15224'. [ 1084.340954][ T5321] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1084.458967][T22882] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 1084.534375][ T5321] usb 5-1: Using ep0 maxpacket: 16 [ 1084.544547][ T5321] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1084.587258][ T5321] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1084.611796][ T5321] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1084.629627][ T5321] usb 5-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 1084.659228][ T5525] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1084.659835][ T5321] usb 5-1: Product: syz [ 1084.683500][T22882] usb 4-1: Using ep0 maxpacket: 32 [ 1084.688837][ T5321] usb 5-1: Manufacturer: syz [ 1084.707358][ T5525] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1084.721204][ T5321] usb 5-1: config 0 descriptor?? [ 1084.735158][T22882] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1084.739160][ T5525] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1084.747480][T22882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1084.779760][T22882] usb 4-1: Product: syz [ 1084.784193][T22882] usb 4-1: Manufacturer: syz [ 1084.788857][T22882] usb 4-1: SerialNumber: syz [ 1084.812286][ T5525] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1084.812878][T22882] usb 4-1: config 0 descriptor?? [ 1084.848169][T22882] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1085.203450][ T5321] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 1085.209517][ T5525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1085.233375][ T5321] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 1085.265883][ T5525] 8021q: adding VLAN 0 to HW filter on device team0 [ 1085.266233][ T5321] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 1085.320923][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 1085.328241][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1085.356823][ T5321] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 1085.364142][ T5321] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 1085.402504][ T5321] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 1085.414301][ T5321] kovaplus 0003:1E7D:2D50.00AE: unknown main item tag 0x0 [ 1085.450204][ T1125] bridge0: port 2(bridge_slave_1) entered blocking state [ 1085.457479][ T1125] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1085.480175][ T5321] kovaplus 0003:1E7D:2D50.00AE: hidraw0: USB HID v0.07 Device [syz syz] on usb-dummy_hcd.4-1/input0 [ 1085.500671][ T5704] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1085.658520][T22882] gspca_ov534_9: reg_w failed -110 [ 1085.852237][ T5321] kovaplus 0003:1E7D:2D50.00AE: couldn't init struct kovaplus_device [ 1085.865655][ T5321] kovaplus 0003:1E7D:2D50.00AE: couldn't install mouse [ 1085.903675][ T5321] kovaplus 0003:1E7D:2D50.00AE: probe with driver kovaplus failed with error -71 [ 1085.940388][ T5321] usb 5-1: USB disconnect, device number 68 [ 1086.078381][ T5525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1086.169655][ T29] audit: type=1400 audit(2000000068.873:4089): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5718 comm="syz.1.15240" daddr=fc00:: dest=20001 [ 1086.211957][T22882] gspca_ov534_9: Unknown sensor 0000 [ 1086.212064][T22882] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22 [ 1086.290350][ T5525] veth0_vlan: entered promiscuous mode [ 1086.353635][ T5525] veth1_vlan: entered promiscuous mode [ 1086.378538][ T5723] kAFS: unable to lookup cell 'onstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 1086.378538][ T5723] vmx flags ' [ 1086.498492][ T5525] veth0_macvtap: entered promiscuous mode [ 1086.533967][ T5525] veth1_macvtap: entered promiscuous mode [ 1086.622378][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1086.650285][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1086.671049][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1086.731236][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1086.754392][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1086.756769][ T29] audit: type=1400 audit(2000000069.416:4090): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5729 comm="syz.0.15245" [ 1086.803517][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1086.835974][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1086.870809][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1086.898530][T22882] usb 4-1: USB disconnect, device number 55 [ 1086.902655][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1086.938254][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1086.962392][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1086.984048][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1087.004962][ T5525] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1087.066040][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1087.086251][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1087.106478][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1087.134940][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1087.151485][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1087.169752][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1087.190398][ T29] audit: type=1400 audit(2000000069.827:4091): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5737 comm="syz.4.15249" daddr=fe80::aa [ 1087.195584][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1087.252140][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1087.273245][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1087.296427][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1087.317471][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1087.329199][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1087.340899][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1087.351833][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1087.366949][ T5525] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1087.382440][ T5525] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.391702][ T5525] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.414442][ T5525] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.433858][ T5525] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.821083][ T29] audit: type=1400 audit(2000000070.416:4092): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5745 comm="syz.0.15252" daddr=fe80:: dest=20000 [ 1087.836963][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1087.878790][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1087.965246][ T1125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1087.973210][ T1125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1088.425953][ T5759] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1088.503083][ T5764] netlink: 'syz.0.15258': attribute type 49 has an invalid length. [ 1088.831115][ T29] audit: type=1400 audit(2000000071.342:4093): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5775 comm="syz.3.15263" daddr=fe80:: [ 1089.047052][ T5783] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1089.317594][ T5796] option changes via remount are deprecated (pid=5794 comm=syz.2.15270) [ 1089.476754][ T5803] input: syz0 as /devices/virtual/input/input143 [ 1089.919415][ T29] audit: type=1400 audit(2000000072.371:4094): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=5824 comm="syz.0.15283" saddr=fe80::aa daddr=fe80::aa dest=20002 netif=wpan0 [ 1090.400717][ T29] audit: type=1400 audit(2000000072.830:4095): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5839 comm="syz.1.15289" daddr=fe88::2 [ 1090.456270][ T29] audit: type=1400 audit(2000000072.830:4096): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5839 comm="syz.1.15289" daddr=ff02::1 dest=20005 [ 1090.991274][ T5854] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15295'. [ 1092.663790][ T29] audit: type=1400 audit(2000000074.944:4097): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=5881 comm="syz.2.15309" dest=20002 netif=wpan0 [ 1092.685433][ T5279] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1092.751718][ T29] audit: type=1400 audit(2000000074.972:4098): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5886 comm="syz.1.15311" daddr=fe80:: [ 1092.860994][ T29] audit: type=1326 audit(2000000075.121:4099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5892 comm="syz.2.15313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3596d7def9 code=0x7ffc0000 [ 1092.925581][ T29] audit: type=1326 audit(2000000075.159:4100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5892 comm="syz.2.15313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3596d7def9 code=0x7ffc0000 [ 1092.959784][ T5279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1092.977428][ T29] audit: type=1326 audit(2000000075.168:4101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5892 comm="syz.2.15313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f3596d7def9 code=0x7ffc0000 [ 1092.994824][ T5279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1093.046092][ T29] audit: type=1326 audit(2000000075.168:4102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5892 comm="syz.2.15313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3596d7def9 code=0x7ffc0000 [ 1093.052057][ T5279] usb 5-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 1093.136317][ T5279] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1093.150220][ T29] audit: type=1326 audit(2000000075.168:4103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5892 comm="syz.2.15313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3596d7def9 code=0x7ffc0000 [ 1093.208512][ T5279] usb 5-1: config 0 descriptor?? [ 1093.673117][ T5279] sony 0003:1345:3008.00AF: unknown main item tag 0x0 [ 1093.705595][ T5279] sony 0003:1345:3008.00AF: unknown main item tag 0x0 [ 1093.718364][ T5279] sony 0003:1345:3008.00AF: unknown main item tag 0x0 [ 1093.732869][ T5279] sony 0003:1345:3008.00AF: unknown main item tag 0x0 [ 1093.759487][ T5279] sony 0003:1345:3008.00AF: hiddev0,hidraw0: USB HID v80.00 Device [HID 1345:3008] on usb-dummy_hcd.4-1/input0 [ 1093.791341][ T5279] sony 0003:1345:3008.00AF: failed to claim input [ 1093.996659][ T5321] usb 5-1: USB disconnect, device number 69 [ 1094.788345][ T5944] netlink: 56 bytes leftover after parsing attributes in process `syz.4.15337'. [ 1095.261334][ T5964] netlink: 148 bytes leftover after parsing attributes in process `syz.3.15345'. [ 1095.385590][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 1095.385623][ T29] audit: type=1400 audit(2000000077.497:4109): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5965 comm="syz.4.15348" daddr=::ffff:0.0.0.0 dest=20001 [ 1096.587794][ T29] audit: type=1400 audit(2000000078.620:4110): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=5982 comm="syz.4.15356" daddr=2001::1 [ 1097.148491][ T6002] input: syz1 as /devices/virtual/input/input144 [ 1097.170261][T22882] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1097.392308][T22882] usb 3-1: config index 0 descriptor too short (expected 106, got 36) [ 1097.401121][T22882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 1097.447694][T22882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33295, setting to 1024 [ 1097.479826][T22882] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 1097.499437][T22882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1097.524907][T22882] usb 3-1: config 0 descriptor?? [ 1097.985716][T22882] corsair 0003:1B1C:1B3E.00B0: hidraw0: USB HID v0.00 Device [HID 1b1c:1b3e] on usb-dummy_hcd.2-1/input0 [ 1098.236546][ T5279] usb 3-1: USB disconnect, device number 53 [ 1098.293998][ T6014] netem: incorrect ge model size [ 1098.354954][ T6014] netem: change failed [ 1099.181248][ T6048] netlink: 120 bytes leftover after parsing attributes in process `syz.0.15388'. [ 1099.190204][T22882] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1099.403962][T22882] usb 2-1: Using ep0 maxpacket: 32 [ 1099.427157][T22882] usb 2-1: config 0 has no interfaces? [ 1099.428065][ T29] audit: type=1400 audit(2000000081.276:4111): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=6059 comm="syz.0.15393" daddr=fe80::bb [ 1099.444669][T22882] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1099.502688][T22882] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1099.535009][T22882] usb 2-1: config 0 descriptor?? [ 1099.608314][ T6066] devtmpfs: Cannot change global quota limit on remount [ 1099.764455][ T6036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1099.832068][ T6036] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1099.853182][ T5279] usb 2-1: USB disconnect, device number 30 [ 1100.494474][ T5279] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1100.743422][ T5279] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1100.763368][ T5279] usb 2-1: config 0 interface 0 has no altsetting 1 [ 1100.823252][ T5279] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=25.e8 [ 1100.856393][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1100.878688][ T5279] usb 2-1: Product: syz [ 1100.883302][ T5279] usb 2-1: Manufacturer: syz [ 1100.887940][ T5279] usb 2-1: SerialNumber: syz [ 1100.923125][ T5279] usb 2-1: config 0 descriptor?? [ 1100.935028][ T5279] ttusbir 2-1:0.0: cannot find expected altsetting [ 1101.162339][T22882] usb 2-1: USB disconnect, device number 31 [ 1102.299585][ T29] audit: type=1400 audit(2000000083.952:4112): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=6134 comm="syz.0.15425" src=1280 dest=20002 netif=wpan0 [ 1103.349535][ T6146] vxcan1: tx address claim with dest, not broadcast [ 1103.478856][ T6149] ptrace attach of "./syz-executor exec"[5173] was attempted by "./syz-executor exec"[6149] [ 1104.044654][ T5321] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 1104.236395][ T5321] usb 2-1: Using ep0 maxpacket: 8 [ 1104.259603][ T5321] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 1104.290179][ T5321] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 1104.298269][ T5321] usb 2-1: Product: syz [ 1104.337129][ T5321] usb 2-1: Manufacturer: syz [ 1104.341849][ T5321] usb 2-1: SerialNumber: syz [ 1104.367266][ T5321] usb 2-1: config 0 descriptor?? [ 1104.389367][ T5321] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 1104.902172][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 1105.047937][ T5321] input: gspca_zc3xx as /devices/platform/dummy_hcd.1/usb2/2-1/input/input146 [ 1105.081096][ T6187] delete_channel: no stack [ 1105.294056][ T5279] usb 2-1: USB disconnect, device number 32 [ 1106.001217][ T6211] netlink: 'syz.2.15462': attribute type 1 has an invalid length. [ 1106.038884][ T6211] netlink: 9320 bytes leftover after parsing attributes in process `syz.2.15462'. [ 1106.076631][ T6211] netlink: 'syz.2.15462': attribute type 1 has an invalid length. [ 1106.117644][ T6211] netlink: 'syz.2.15462': attribute type 2 has an invalid length. [ 1106.911452][ T29] audit: type=1400 audit(2000000088.273:4113): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=6238 comm="syz.2.15475" daddr=ff01::1 [ 1108.086282][ T6270] Falling back ldisc for ptm0. [ 1108.612258][ T6291] netlink: 'syz.4.15499': attribute type 4 has an invalid length. [ 1108.908360][ T5321] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 1109.026930][ T6307] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1109.047722][ T6305] block nbd4: NBD_DISCONNECT [ 1109.105113][ T5321] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 1109.121732][ T5321] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1109.142761][ T5321] usb 3-1: Product: syz [ 1109.153738][ T5321] usb 3-1: Manufacturer: syz [ 1109.158407][ T5321] usb 3-1: SerialNumber: syz [ 1109.197228][ T5321] usb 3-1: config 0 descriptor?? [ 1109.236618][ T29] audit: type=1400 audit(2000000090.443:4114): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=6309 comm="syz.4.15508" daddr=fe80:: [ 1109.292521][ T29] audit: type=1400 audit(2000000090.443:4115): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=6309 comm="syz.4.15508" daddr=::ffff:172.20.20.170 dest=20002 [ 1109.492237][ T29] audit: type=1400 audit(2000000090.687:4116): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=6316 comm="syz.1.15512" daddr=ff01::1 [ 1109.511170][ T5321] usb 3-1: USB disconnect, device number 54 [ 1109.837959][T22882] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 1109.838652][ T6326] lo speed is unknown, defaulting to 1000 [ 1109.885715][ T6326] lo speed is unknown, defaulting to 1000 [ 1110.030651][T22882] usb 5-1: Using ep0 maxpacket: 16 [ 1110.042757][T22882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1110.073205][T22882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1110.103762][T22882] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1110.158521][T22882] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1110.167848][T22882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1110.202488][T22882] usb 5-1: config 0 descriptor?? [ 1110.540780][ T6338] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15522'. [ 1110.606686][ T6338] geneve2: entered promiscuous mode [ 1110.652747][T22882] microsoft 0003:045E:07DA.00B1: unknown main item tag 0x0 [ 1110.660127][T22882] microsoft 0003:045E:07DA.00B1: unknown main item tag 0x0 [ 1110.703526][T22882] microsoft 0003:045E:07DA.00B1: unknown main item tag 0x0 [ 1110.713257][T22882] microsoft 0003:045E:07DA.00B1: unknown main item tag 0x0 [ 1110.727151][T22882] microsoft 0003:045E:07DA.00B1: unknown main item tag 0x0 [ 1110.746839][T22882] microsoft 0003:045E:07DA.00B1: unknown main item tag 0x0 [ 1110.754273][T22882] microsoft 0003:045E:07DA.00B1: unknown main item tag 0x0 [ 1110.762266][T22882] microsoft 0003:045E:07DA.00B1: unknown main item tag 0x0 [ 1110.806055][T22882] microsoft 0003:045E:07DA.00B1: unknown main item tag 0x0 [ 1110.837612][T22882] microsoft 0003:045E:07DA.00B1: unknown main item tag 0x0 [ 1110.848482][T22882] microsoft 0003:045E:07DA.00B1: No inputs registered, leaving [ 1110.897814][T22882] microsoft 0003:045E:07DA.00B1: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 1110.939131][T22882] microsoft 0003:045E:07DA.00B1: no inputs found [ 1110.945639][T22882] microsoft 0003:045E:07DA.00B1: could not initialize ff, continuing anyway [ 1110.992519][T22882] usb 5-1: USB disconnect, device number 70 [ 1111.794927][ T6357] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1111.838695][ T5279] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 1111.848317][ T6357] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1111.984435][ T29] audit: type=1400 audit(2000000093.016:4117): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=6360 comm="syz.0.15531" daddr=255.255.255.255 dest=20002 netif=wpan0 [ 1112.053120][ T5279] usb 3-1: Using ep0 maxpacket: 32 [ 1112.075271][ T5279] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1112.106300][ T5279] usb 3-1: config 0 has no interface number 0 [ 1112.112476][ T5279] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1112.188136][ T5279] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1112.221411][ T5279] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1112.241551][ T5279] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1112.312359][ T5279] usb 3-1: config 0 descriptor?? [ 1112.404779][ T29] audit: type=1326 audit(2000000093.418:4118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6370 comm="syz.0.15537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdead7def9 code=0x7ffc0000 [ 1112.498502][ T29] audit: type=1326 audit(2000000093.446:4119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6370 comm="syz.0.15537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdead7def9 code=0x7ffc0000 [ 1112.564275][ T29] audit: type=1326 audit(2000000093.465:4120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6370 comm="syz.0.15537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7efdead7def9 code=0x7ffc0000 [ 1112.660301][ T29] audit: type=1326 audit(2000000093.465:4121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6370 comm="syz.0.15537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdead7def9 code=0x7ffc0000 [ 1112.753911][ T29] audit: type=1326 audit(2000000093.465:4122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6370 comm="syz.0.15537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7efdead7def9 code=0x7ffc0000 [ 1112.854718][ T29] audit: type=1326 audit(2000000093.465:4123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6370 comm="syz.0.15537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdead7def9 code=0x7ffc0000 [ 1113.065237][ T5279] input: HID 28bd:0094 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0094.00B2/input/input150 [ 1113.208322][ T5279] uclogic 0003:28BD:0094.00B2: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.2-1/input1 [ 1113.267438][ T5279] usb 3-1: USB disconnect, device number 55 [ 1113.586612][T24224] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1113.602148][T24224] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1113.612468][T24224] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1113.622899][T24224] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1113.631400][T24224] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1113.639080][T24224] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1113.844804][ T6396] lo speed is unknown, defaulting to 1000 [ 1113.911127][ T6396] lo speed is unknown, defaulting to 1000 [ 1114.088799][ T6408] netlink: 40 bytes leftover after parsing attributes in process `syz.1.15552'. [ 1114.606912][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 1114.606932][ T29] audit: type=1400 audit(2000000095.466:4129): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=6426 comm="syz.4.15561" daddr=fe80:: [ 1114.653228][ T6429] netlink: 'syz.1.15562': attribute type 2 has an invalid length. [ 1114.983911][ T6436] netlink: 188 bytes leftover after parsing attributes in process `syz.4.15565'. [ 1115.133934][ T6444] netlink: 632 bytes leftover after parsing attributes in process `syz.2.15568'. [ 1115.215100][ T6396] chnl_net:caif_netlink_parms(): no params data found [ 1115.711793][ T6396] bridge0: port 1(bridge_slave_0) entered blocking state [ 1115.730257][ T6396] bridge0: port 1(bridge_slave_0) entered disabled state [ 1115.757722][ T6396] bridge_slave_0: entered allmulticast mode [ 1115.783973][ T6396] bridge_slave_0: entered promiscuous mode [ 1115.846331][T24224] Bluetooth: hci0: command tx timeout [ 1115.910574][ T6396] bridge0: port 2(bridge_slave_1) entered blocking state [ 1115.950282][ T6396] bridge0: port 2(bridge_slave_1) entered disabled state [ 1115.994382][ T6396] bridge_slave_1: entered allmulticast mode [ 1116.041360][ T6396] bridge_slave_1: entered promiscuous mode [ 1116.288184][ T6396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1116.341173][ T6396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1116.593130][ T6396] team0: Port device team_slave_0 added [ 1116.641221][ T6396] team0: Port device team_slave_1 added [ 1116.896493][ T6396] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1116.930303][ T6396] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1117.011341][ T6396] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1117.051880][ T6396] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1117.078536][ T6396] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1117.180723][ T6396] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1117.547259][ T6396] hsr_slave_0: entered promiscuous mode [ 1117.565695][ T6396] hsr_slave_1: entered promiscuous mode [ 1117.587138][ T6396] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1117.627752][ T6396] Cannot create hsr debugfs directory [ 1117.644879][ T6495] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15590'. [ 1118.059313][ T5243] Bluetooth: hci0: command tx timeout [ 1118.381480][ T6396] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1118.440386][ T6396] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1118.633807][ T6396] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1118.668945][ T6396] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1118.920220][ T6396] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1118.968130][ T6396] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1119.265068][ T6396] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1119.317400][ T6396] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1119.710236][ T6556] Process accounting resumed [ 1119.904202][ T6396] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1119.966718][ T6396] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1120.014543][ T6396] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1120.057081][ T6396] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1120.257469][ T6568] netlink: 'syz.2.15625': attribute type 10 has an invalid length. [ 1120.283043][ T5243] Bluetooth: hci0: command tx timeout [ 1120.340183][ T6568] team0: Port device netdevsim0 added [ 1120.379600][ T6570] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15624'. [ 1120.403418][ T6573] netlink: 'syz.2.15625': attribute type 10 has an invalid length. [ 1120.534467][ T6573] team0: Port device netdevsim0 removed [ 1120.560202][ T6573] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1120.704352][ T6559] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1120.733583][ T6559] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1120.769220][ T6396] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1120.954642][ T6559] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1121.003619][ T6396] 8021q: adding VLAN 0 to HW filter on device team0 [ 1121.009680][ T6559] Bluetooth: hci6: Error when powering off device on rfkill (-4) [ 1121.033316][ T29] audit: type=1400 audit(2000000101.481:4130): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=6585 comm="syz.4.15631" daddr=ff02::1 [ 1121.181866][ T6589] 9p: Unknown access argument 18446744073709551615: -34 [ 1121.206788][T12413] bridge0: port 1(bridge_slave_0) entered blocking state [ 1121.214141][T12413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1121.406032][ T6559] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1121.412009][ T6559] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1121.412809][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 1121.427046][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1121.819942][ T6559] Bluetooth: hci8: Opcode 0x0c1a failed: -4 [ 1121.843177][ T6559] Bluetooth: hci8: Error when powering off device on rfkill (-4) [ 1122.223100][ T6559] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1122.268956][ T6559] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 1122.653302][ T6619] program syz.1.15644 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1122.794194][ T6624] netlink: 28 bytes leftover after parsing attributes in process `syz.2.15646'. [ 1122.818401][ T6396] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1122.827306][ T6624] netlink: 28 bytes leftover after parsing attributes in process `syz.2.15646'. [ 1123.098973][ T6396] veth0_vlan: entered promiscuous mode [ 1123.131419][ T6632] netlink: 'syz.4.15650': attribute type 10 has an invalid length. [ 1123.169249][ T6632] netlink: 55 bytes leftover after parsing attributes in process `syz.4.15650'. [ 1123.317295][ T6396] veth1_vlan: entered promiscuous mode [ 1123.491574][ T6396] veth0_macvtap: entered promiscuous mode [ 1123.544965][ T6396] veth1_macvtap: entered promiscuous mode [ 1123.603975][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1123.666163][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1123.698115][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1123.727051][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1123.775657][ T6652] Invalid/unusable pipe [ 1123.778459][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1123.844566][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1123.858864][ T6656] netlink: 20 bytes leftover after parsing attributes in process `syz.1.15660'. [ 1123.869310][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1123.896709][ T6656] netlink: 20 bytes leftover after parsing attributes in process `syz.1.15660'. [ 1123.917518][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1123.973150][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.003106][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.024375][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.034919][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.075947][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.093180][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.128035][ T6396] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1124.195183][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.238153][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.250993][ T6656] netlink: 20 bytes leftover after parsing attributes in process `syz.1.15660'. [ 1124.270570][ T6656] netlink: 20 bytes leftover after parsing attributes in process `syz.1.15660'. [ 1124.279835][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.303157][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.324824][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.345385][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.376893][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.389656][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.411037][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.432959][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.455209][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.481861][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.503347][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.524900][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.546965][ T6396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.567079][ T6396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.591630][ T6396] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1124.620054][ T6396] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.640440][ T6396] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.662112][ T6396] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.683702][ T6396] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1125.082867][ T1125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1125.090755][ T1125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1125.202886][ T2536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1125.213061][ T2536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1125.213377][ T6687] [ 1125.222734][ T6687] ===================================================== [ 1125.229695][ T6687] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1125.237181][ T6687] 6.11.0-rc7-syzkaller-00039-g77f587896757 #0 Not tainted [ 1125.244312][ T6687] ----------------------------------------------------- [ 1125.251276][ T6687] syz.1.15674/6687 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1125.259038][ T6687] ffffffff8e40a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xfc/0x360 [ 1125.267635][ T6687] [ 1125.267635][ T6687] and this task is already holding: [ 1125.275022][ T6687] ffff888077acfa18 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x33/0x360 [ 1125.283864][ T6687] which would create a new lock dependency: [ 1125.289774][ T6687] (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 1125.297584][ T6687] [ 1125.297584][ T6687] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1125.307052][ T6687] (&dev->event_lock#2){..-.}-{2:2} [ 1125.307103][ T6687] [ 1125.307103][ T6687] ... which became SOFTIRQ-irq-safe at: [ 1125.320022][ T6687] lock_acquire+0x1ed/0x550 [ 1125.324630][ T6687] _raw_spin_lock_irqsave+0xd5/0x120 [ 1125.330016][ T6687] input_inject_event+0xc5/0x340 [ 1125.335056][ T6687] led_trigger_event+0x138/0x210 [ 1125.340090][ T6687] kbd_bh+0x1b5/0x290 [ 1125.344167][ T6687] tasklet_action_common+0x321/0x4d0 [ 1125.349555][ T6687] handle_softirqs+0x2c4/0x970 [ 1125.354419][ T6687] __irq_exit_rcu+0xf4/0x1c0 [ 1125.359104][ T6687] irq_exit_rcu+0x9/0x30 [ 1125.363443][ T6687] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1125.369181][ T6687] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1125.375258][ T6687] __tasklet_schedule_common+0x1fd/0x270 [ 1125.380989][ T6687] vt_set_leds_compute_shiftstate+0x68/0x90 [ 1125.386982][ T6687] redraw_screen+0x97c/0xe90 [ 1125.391666][ T6687] complete_change_console+0xd1/0x730 [ 1125.397137][ T6687] console_callback+0x17b/0x460 [ 1125.402098][ T6687] process_scheduled_works+0xa2c/0x1830 [ 1125.407744][ T6687] worker_thread+0x86d/0xd10 [ 1125.412606][ T6687] kthread+0x2f0/0x390 [ 1125.416781][ T6687] ret_from_fork+0x4b/0x80 [ 1125.421301][ T6687] ret_from_fork_asm+0x1a/0x30 [ 1125.426170][ T6687] [ 1125.426170][ T6687] to a SOFTIRQ-irq-unsafe lock: [ 1125.433187][ T6687] (tasklist_lock){.+.+}-{2:2} [ 1125.433217][ T6687] [ 1125.433217][ T6687] ... which became SOFTIRQ-irq-unsafe at: [ 1125.445853][ T6687] ... [ 1125.445861][ T6687] lock_acquire+0x1ed/0x550 [ 1125.453042][ T6687] _raw_read_lock+0x36/0x50 [ 1125.457650][ T6687] __do_wait+0x12d/0x850 [ 1125.461991][ T6687] do_wait+0x1e9/0x560 [ 1125.466149][ T6687] kernel_wait+0xe9/0x240 [ 1125.470574][ T6687] call_usermodehelper_exec_work+0xbd/0x230 [ 1125.476562][ T6687] process_scheduled_works+0xa2c/0x1830 [ 1125.482207][ T6687] worker_thread+0x86d/0xd10 [ 1125.486892][ T6687] kthread+0x2f0/0x390 [ 1125.491063][ T6687] ret_from_fork+0x4b/0x80 [ 1125.495582][ T6687] ret_from_fork_asm+0x1a/0x30 [ 1125.500466][ T6687] [ 1125.500466][ T6687] other info that might help us debug this: [ 1125.500466][ T6687] [ 1125.510700][ T6687] Chain exists of: [ 1125.510700][ T6687] &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock [ 1125.510700][ T6687] [ 1125.523934][ T6687] Possible interrupt unsafe locking scenario: [ 1125.523934][ T6687] [ 1125.532252][ T6687] CPU0 CPU1 [ 1125.537615][ T6687] ---- ---- [ 1125.542979][ T6687] lock(tasklist_lock); [ 1125.547227][ T6687] local_irq_disable(); [ 1125.553980][ T6687] lock(&dev->event_lock#2); [ 1125.561190][ T6687] lock(&f->f_owner.lock); [ 1125.568217][ T6687] [ 1125.571668][ T6687] lock(&dev->event_lock#2); [ 1125.576533][ T6687] [ 1125.576533][ T6687] *** DEADLOCK *** [ 1125.576533][ T6687] [ 1125.584679][ T6687] 5 locks held by syz.1.15674/6687: [ 1125.589877][ T6687] #0: ffff88805dad4420 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 1125.599044][ T6687] #1: ffff88805db37858 (&type->i_mutex_dir_key#5){++++}-{3:3}, at: chmod_common+0x1bb/0x4c0 [ 1125.609253][ T6687] #2: ffffffff9a16ea70 (&fsnotify_mark_srcu){.+.+}-{0:0}, at: fsnotify+0x53d/0x1f70 [ 1125.618768][ T6687] #3: ffff88807c02d1c8 (&mark->lock){+.+.}-{2:2}, at: dnotify_handle_event+0x61/0x440 [ 1125.628457][ T6687] #4: ffff888077acfa18 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x33/0x360 [ 1125.637719][ T6687] [ 1125.637719][ T6687] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1125.648144][ T6687] -> (&dev->event_lock#2){..-.}-{2:2} { [ 1125.653920][ T6687] IN-SOFTIRQ-W at: [ 1125.658078][ T6687] lock_acquire+0x1ed/0x550 [ 1125.664601][ T6687] _raw_spin_lock_irqsave+0xd5/0x120 [ 1125.671906][ T6687] input_inject_event+0xc5/0x340 [ 1125.678847][ T6687] led_trigger_event+0x138/0x210 [ 1125.685788][ T6687] kbd_bh+0x1b5/0x290 [ 1125.691806][ T6687] tasklet_action_common+0x321/0x4d0 [ 1125.699109][ T6687] handle_softirqs+0x2c4/0x970 [ 1125.705883][ T6687] __irq_exit_rcu+0xf4/0x1c0 [ 1125.712563][ T6687] irq_exit_rcu+0x9/0x30 [ 1125.718815][ T6687] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1125.726463][ T6687] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1125.734457][ T6687] __tasklet_schedule_common+0x1fd/0x270 [ 1125.742102][ T6687] vt_set_leds_compute_shiftstate+0x68/0x90 [ 1125.750004][ T6687] redraw_screen+0x97c/0xe90 [ 1125.756605][ T6687] complete_change_console+0xd1/0x730 [ 1125.763994][ T6687] console_callback+0x17b/0x460 [ 1125.770869][ T6687] process_scheduled_works+0xa2c/0x1830 [ 1125.778418][ T6687] worker_thread+0x86d/0xd10 [ 1125.785011][ T6687] kthread+0x2f0/0x390 [ 1125.791097][ T6687] ret_from_fork+0x4b/0x80 [ 1125.797522][ T6687] ret_from_fork_asm+0x1a/0x30 [ 1125.804301][ T6687] INITIAL USE at: [ 1125.808377][ T6687] lock_acquire+0x1ed/0x550 [ 1125.814799][ T6687] _raw_spin_lock_irqsave+0xd5/0x120 [ 1125.822004][ T6687] input_inject_event+0xc5/0x340 [ 1125.828865][ T6687] kbd_led_trigger_activate+0xb8/0x100 [ 1125.836240][ T6687] led_trigger_set+0x582/0x9c0 [ 1125.842920][ T6687] led_trigger_set_default+0x229/0x260 [ 1125.850321][ T6687] led_classdev_register_ext+0x6e6/0x8a0 [ 1125.857880][ T6687] input_leds_connect+0x489/0x630 [ 1125.864821][ T6687] input_register_device+0xd3b/0x1110 [ 1125.872107][ T6687] atkbd_connect+0x752/0xa00 [ 1125.878617][ T6687] serio_driver_probe+0x7f/0xa0 [ 1125.885391][ T6687] really_probe+0x2b8/0xad0 [ 1125.891812][ T6687] __driver_probe_device+0x1a2/0x390 [ 1125.899011][ T6687] driver_probe_device+0x50/0x430 [ 1125.905952][ T6687] __driver_attach+0x45f/0x710 [ 1125.912628][ T6687] bus_for_each_dev+0x239/0x2b0 [ 1125.919398][ T6687] serio_handle_event+0x1c7/0x920 [ 1125.926345][ T6687] process_scheduled_works+0xa2c/0x1830 [ 1125.933817][ T6687] worker_thread+0x86d/0xd10 [ 1125.940332][ T6687] kthread+0x2f0/0x390 [ 1125.946330][ T6687] ret_from_fork+0x4b/0x80 [ 1125.952675][ T6687] ret_from_fork_asm+0x1a/0x30 [ 1125.959369][ T6687] } [ 1125.962051][ T6687] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 1125.971349][ T6687] -> (&new->fa_lock){....}-{2:2} { [ 1125.976576][ T6687] INITIAL USE at: [ 1125.980585][ T6687] lock_acquire+0x1ed/0x550 [ 1125.986841][ T6687] _raw_write_lock_irq+0xd3/0x120 [ 1125.993616][ T6687] fasync_remove_entry+0xff/0x1d0 [ 1126.000392][ T6687] __fput+0x73e/0x8a0 [ 1126.006118][ T6687] task_work_run+0x24f/0x310 [ 1126.012453][ T6687] syscall_exit_to_user_mode+0x168/0x370 [ 1126.019851][ T6687] do_syscall_64+0x100/0x230 [ 1126.026202][ T6687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.033854][ T6687] INITIAL READ USE at: [ 1126.038280][ T6687] lock_acquire+0x1ed/0x550 [ 1126.044973][ T6687] _raw_read_lock_irqsave+0xdd/0x130 [ 1126.052476][ T6687] kill_fasync+0x19e/0x4d0 [ 1126.059081][ T6687] sock_wake_async+0x147/0x170 [ 1126.066037][ T6687] sock_def_write_space+0x384/0x420 [ 1126.073423][ T6687] kcm_sendmsg+0x2709/0x29a0 [ 1126.080198][ T6687] __sock_sendmsg+0x221/0x270 [ 1126.087075][ T6687] ____sys_sendmsg+0x525/0x7d0 [ 1126.094043][ T6687] __sys_sendmsg+0x2b0/0x3a0 [ 1126.100830][ T6687] do_syscall_64+0xf3/0x230 [ 1126.107520][ T6687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.115600][ T6687] } [ 1126.118187][ T6687] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1126.126959][ T6687] ... acquired at: [ 1126.130850][ T6687] lock_acquire+0x1ed/0x550 [ 1126.135539][ T6687] _raw_read_lock_irqsave+0xdd/0x130 [ 1126.141015][ T6687] kill_fasync+0x19e/0x4d0 [ 1126.145618][ T6687] mousedev_notify_readers+0x719/0xc80 [ 1126.151257][ T6687] mousedev_event+0x5d9/0x1390 [ 1126.156205][ T6687] input_handler_events_default+0x107/0x1c0 [ 1126.162284][ T6687] input_pass_values+0x286/0x860 [ 1126.167404][ T6687] input_event_dispose+0x30f/0x600 [ 1126.172710][ T6687] input_handle_event+0xa71/0xbe0 [ 1126.177916][ T6687] input_inject_event+0x22f/0x340 [ 1126.183116][ T6687] evdev_write+0x672/0x7c0 [ 1126.187716][ T6687] vfs_write+0x2a2/0xc90 [ 1126.192145][ T6687] ksys_write+0x1a0/0x2c0 [ 1126.196662][ T6687] do_syscall_64+0xf3/0x230 [ 1126.201344][ T6687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.207421][ T6687] [ 1126.209757][ T6687] -> (&f->f_owner.lock){....}-{2:2} { [ 1126.215164][ T6687] INITIAL USE at: [ 1126.219070][ T6687] lock_acquire+0x1ed/0x550 [ 1126.225157][ T6687] _raw_write_lock_irq+0xd3/0x120 [ 1126.231773][ T6687] f_modown+0x38/0x340 [ 1126.237413][ T6687] tty_fasync+0x250/0x340 [ 1126.243306][ T6687] do_vfs_ioctl+0x19c8/0x2e50 [ 1126.249555][ T6687] __se_sys_ioctl+0x81/0x170 [ 1126.255716][ T6687] do_syscall_64+0xf3/0x230 [ 1126.261787][ T6687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.269252][ T6687] INITIAL READ USE at: [ 1126.273619][ T6687] lock_acquire+0x1ed/0x550 [ 1126.280158][ T6687] _raw_read_lock_irqsave+0xdd/0x130 [ 1126.287482][ T6687] send_sigurg+0x29/0x3c0 [ 1126.293836][ T6687] sk_send_sigurg+0x75/0x2f0 [ 1126.300437][ T6687] queue_oob+0x572/0x730 [ 1126.306684][ T6687] unix_stream_sendmsg+0xd24/0xf80 [ 1126.313808][ T6687] __sock_sendmsg+0x221/0x270 [ 1126.320489][ T6687] ____sys_sendmsg+0x525/0x7d0 [ 1126.327260][ T6687] __sys_sendmsg+0x2b0/0x3a0 [ 1126.333860][ T6687] do_syscall_64+0xf3/0x230 [ 1126.340366][ T6687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.348270][ T6687] } [ 1126.350767][ T6687] ... key at: [] init_file.__key+0x0/0x20 [ 1126.358580][ T6687] ... acquired at: [ 1126.362380][ T6687] lock_acquire+0x1ed/0x550 [ 1126.367069][ T6687] _raw_read_lock_irqsave+0xdd/0x130 [ 1126.372540][ T6687] send_sigio+0x33/0x360 [ 1126.376963][ T6687] kill_fasync+0x23a/0x4d0 [ 1126.381559][ T6687] sock_wake_async+0x147/0x170 [ 1126.386502][ T6687] sock_def_write_space+0x384/0x420 [ 1126.391891][ T6687] kcm_sendmsg+0x2709/0x29a0 [ 1126.396666][ T6687] __sock_sendmsg+0x221/0x270 [ 1126.401519][ T6687] ____sys_sendmsg+0x525/0x7d0 [ 1126.406463][ T6687] __sys_sendmsg+0x2b0/0x3a0 [ 1126.411241][ T6687] do_syscall_64+0xf3/0x230 [ 1126.415923][ T6687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.421994][ T6687] [ 1126.424314][ T6687] [ 1126.424314][ T6687] the dependencies between the lock to be acquired [ 1126.424324][ T6687] and SOFTIRQ-irq-unsafe lock: [ 1126.437843][ T6687] -> (tasklist_lock){.+.+}-{2:2} { [ 1126.442987][ T6687] HARDIRQ-ON-R at: [ 1126.446971][ T6687] lock_acquire+0x1ed/0x550 [ 1126.453142][ T6687] _raw_read_lock+0x36/0x50 [ 1126.459309][ T6687] __do_wait+0x12d/0x850 [ 1126.465204][ T6687] do_wait+0x1e9/0x560 [ 1126.470925][ T6687] kernel_wait+0xe9/0x240 [ 1126.476907][ T6687] call_usermodehelper_exec_work+0xbd/0x230 [ 1126.484469][ T6687] process_scheduled_works+0xa2c/0x1830 [ 1126.491682][ T6687] worker_thread+0x86d/0xd10 [ 1126.497951][ T6687] kthread+0x2f0/0x390 [ 1126.503684][ T6687] ret_from_fork+0x4b/0x80 [ 1126.509763][ T6687] ret_from_fork_asm+0x1a/0x30 [ 1126.516187][ T6687] SOFTIRQ-ON-R at: [ 1126.520171][ T6687] lock_acquire+0x1ed/0x550 [ 1126.526340][ T6687] _raw_read_lock+0x36/0x50 [ 1126.532504][ T6687] __do_wait+0x12d/0x850 [ 1126.538398][ T6687] do_wait+0x1e9/0x560 [ 1126.544121][ T6687] kernel_wait+0xe9/0x240 [ 1126.550105][ T6687] call_usermodehelper_exec_work+0xbd/0x230 [ 1126.557655][ T6687] process_scheduled_works+0xa2c/0x1830 [ 1126.564872][ T6687] worker_thread+0x86d/0xd10 [ 1126.571125][ T6687] kthread+0x2f0/0x390 [ 1126.576855][ T6687] ret_from_fork+0x4b/0x80 [ 1126.582935][ T6687] ret_from_fork_asm+0x1a/0x30 [ 1126.589368][ T6687] INITIAL USE at: [ 1126.593267][ T6687] lock_acquire+0x1ed/0x550 [ 1126.599345][ T6687] _raw_write_lock_irq+0xd3/0x120 [ 1126.605953][ T6687] copy_process+0x228b/0x3dc0 [ 1126.612204][ T6687] kernel_clone+0x223/0x880 [ 1126.618283][ T6687] user_mode_thread+0x132/0x1a0 [ 1126.624714][ T6687] rest_init+0x23/0x300 [ 1126.630446][ T6687] start_kernel+0x47a/0x500 [ 1126.636528][ T6687] x86_64_start_reservations+0x2a/0x30 [ 1126.643563][ T6687] x86_64_start_kernel+0x9f/0xa0 [ 1126.650157][ T6687] common_startup_64+0x13e/0x147 [ 1126.656680][ T6687] INITIAL READ USE at: [ 1126.661010][ T6687] lock_acquire+0x1ed/0x550 [ 1126.667525][ T6687] _raw_read_lock+0x36/0x50 [ 1126.674054][ T6687] __do_wait+0x12d/0x850 [ 1126.680325][ T6687] do_wait+0x1e9/0x560 [ 1126.686396][ T6687] kernel_wait+0xe9/0x240 [ 1126.692726][ T6687] call_usermodehelper_exec_work+0xbd/0x230 [ 1126.700623][ T6687] process_scheduled_works+0xa2c/0x1830 [ 1126.708177][ T6687] worker_thread+0x86d/0xd10 [ 1126.714777][ T6687] kthread+0x2f0/0x390 [ 1126.720877][ T6687] ret_from_fork+0x4b/0x80 [ 1126.727310][ T6687] ret_from_fork_asm+0x1a/0x30 [ 1126.734086][ T6687] } [ 1126.736586][ T6687] ... key at: [] tasklist_lock+0x18/0x40 [ 1126.744311][ T6687] ... acquired at: [ 1126.748110][ T6687] lock_acquire+0x1ed/0x550 [ 1126.752798][ T6687] _raw_read_lock+0x36/0x50 [ 1126.757485][ T6687] send_sigio+0xfc/0x360 [ 1126.761911][ T6687] dnotify_handle_event+0x13c/0x440 [ 1126.767293][ T6687] fsnotify+0x18ab/0x1f70 [ 1126.771808][ T6687] fsnotify_change+0x24f/0x2a0 [ 1126.776756][ T6687] notify_change+0xc0c/0xe90 [ 1126.781529][ T6687] chmod_common+0x2ab/0x4c0 [ 1126.786214][ T6687] __x64_sys_fchmod+0xf8/0x160 [ 1126.791161][ T6687] do_syscall_64+0xf3/0x230 [ 1126.795849][ T6687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.801927][ T6687] [ 1126.804281][ T6687] [ 1126.804281][ T6687] stack backtrace: [ 1126.810168][ T6687] CPU: 0 UID: 0 PID: 6687 Comm: syz.1.15674 Not tainted 6.11.0-rc7-syzkaller-00039-g77f587896757 #0 [ 1126.820980][ T6687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1126.831045][ T6687] Call Trace: [ 1126.834332][ T6687] [ 1126.837269][ T6687] dump_stack_lvl+0x241/0x360 [ 1126.841963][ T6687] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1126.847168][ T6687] ? __pfx__printk+0x10/0x10 [ 1126.851768][ T6687] ? print_shortest_lock_dependencies+0xf2/0x160 [ 1126.858113][ T6687] validate_chain+0x4de0/0x5900 [ 1126.862982][ T6687] ? __pfx_validate_chain+0x10/0x10 [ 1126.868189][ T6687] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.874278][ T6687] ? __lock_acquire+0x137a/0x2040 [ 1126.879317][ T6687] ? mark_lock+0x9a/0x350 [ 1126.883664][ T6687] __lock_acquire+0x137a/0x2040 [ 1126.888535][ T6687] lock_acquire+0x1ed/0x550 [ 1126.893054][ T6687] ? send_sigio+0xfc/0x360 [ 1126.897484][ T6687] ? __pfx_lock_acquire+0x10/0x10 [ 1126.902525][ T6687] ? do_raw_read_lock+0x3c/0x90 [ 1126.907383][ T6687] ? _raw_read_lock_irqsave+0xe9/0x130 [ 1126.912855][ T6687] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1126.918850][ T6687] _raw_read_lock+0x36/0x50 [ 1126.923366][ T6687] ? send_sigio+0xfc/0x360 [ 1126.927790][ T6687] send_sigio+0xfc/0x360 [ 1126.932057][ T6687] dnotify_handle_event+0x13c/0x440 [ 1126.937291][ T6687] fsnotify+0x18ab/0x1f70 [ 1126.941643][ T6687] ? fsnotify+0x53d/0x1f70 [ 1126.946070][ T6687] ? __pfx_fsnotify+0x10/0x10 [ 1126.950764][ T6687] ? shmem_setattr+0x912/0xee0 [ 1126.955534][ T6687] fsnotify_change+0x24f/0x2a0 [ 1126.960318][ T6687] notify_change+0xc0c/0xe90 [ 1126.964928][ T6687] chmod_common+0x2ab/0x4c0 [ 1126.969451][ T6687] ? __pfx_chmod_common+0x10/0x10 [ 1126.974500][ T6687] __x64_sys_fchmod+0xf8/0x160 [ 1126.979272][ T6687] do_syscall_64+0xf3/0x230 [ 1126.983787][ T6687] ? clear_bhb_loop+0x35/0x90 [ 1126.988483][ T6687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.994415][ T6687] RIP: 0033:0x7f17cb17def9 [ 1126.998845][ T6687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1127.018491][ T6687] RSP: 002b:00007f17cbfb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000005b [ 1127.026913][ T6687] RAX: ffffffffffffffda RBX: 00007f17cb335f80 RCX: 00007f17cb17def9 [ 1127.034904][ T6687] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1127.042879][ T6687] RBP: 00007f17cb1f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 1127.050859][ T6687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1127.058831][ T6687] R13: 0000000000000000 R14: 00007f17cb335f80 R15: 00007ffd0fbf8608 [ 1127.066817][ T6687]